Votre question

[Résolu]Pube qui s'affiche

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
13 Août 2008 13:09:21

Salut à tous,
Alor voila j'ai des pube qui s'affiche de ten en ten... et sa ralenti mon ordinateur énormément, donc je voudrait savoir comment faire pour arrété tout sa. Merci

Autres pages sur : resolu pube affiche

13 Août 2008 13:11:40

Bonjour,

Je vais m'occuper de toi. Merci de prendre en compte que je suis bénévole, que j'ai une vie privée et que j'aide plusieurs internautes à la fois, donc merci d'être patient. Cependant, je ne lâche jamais un internaute tant que son PC n'est pas propre ;) 

Evite les couleurs stp.

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
  • Accepte la licence en cliquant sur Yes.
  • Clique sur "Do a system scan and save a logfile".
  • Poste ici[ le rapport généré.

    Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

    Aide : Comment utiliser HijackThis.

    ;) 
    13 Août 2008 13:41:15

    Ok merci beaucoup de ton aide.

    Voici le rapport:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:39:46, on 13/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Opera\opera.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Cursed IE
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [8437bbdf] rundll32.exe "C:\WINDOWS\system32\yamicgny.dll",b
    O4 - HKLM\..\Run: [BM87048843] Rundll32.exe "C:\WINDOWS\system32\lfpskfoh.dll",s
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
    O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
    O4 - HKCU\..\Run: [cgmay] c:\documents and settings\administrateur\local settings\application data\cgmay.exe cgmay
    O4 - HKCU\..\Run: [66212837257627709874847017059337] C:\Program Files\Antivirus 2009\av2009.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID....
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

    --
    End of file - 5072 bytes
    Contenus similaires
    13 Août 2008 23:13:36

    Re,

    Tu sembles ne pas avoir d'antivirus installé sur ton PC. On va donc commencer par ça, car c'est primordial !

    Télécharge AntiVir sur ton Bureau.

  • Double clique sur l'exécutable téléchargé pour lancer l'installation.
  • A la fin de l'installation, clique sur Finish.
  • Ouvre Antivir, assure-toi qu'il soit bien à jour !
  • Dans l'onglet Local Protection, choisis Scanner.
  • Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
  • Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
  • Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..

    Note : Pour une éradication des menaces plus efficaces, lance le scan en mode sans échec.

    Aide : Comment installer et utiliser AntiVir.

    ;) 
    14 Août 2008 14:55:44

    Voici le rapport avec Antivir:



    Avira AntiVir Personal
    Report file date: jeudi 14 août 2008 13:49

    Scanning for 1551910 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: OXIDIUM

    Version information:
    BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.6.10 2587136 Bytes 14/08/2008 11:02:26
    ANTIVIR3.VDF : 7.0.6.13 10240 Bytes 14/08/2008 11:02:27
    Engineversion : 8.1.1.19
    AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50
    AESCRIPT.DLL : 8.1.0.63 311673 Bytes 14/08/2008 11:02:39
    AESCN.DLL : 8.1.0.23 119156 Bytes 14/08/2008 11:02:38
    AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50
    AEPACK.DLL : 8.1.2.1 364917 Bytes 14/08/2008 11:02:37
    AEOFFICE.DLL : 8.1.0.21 192891 Bytes 14/08/2008 11:02:36
    AEHEUR.DLL : 8.1.0.47 1368437 Bytes 14/08/2008 11:02:35
    AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50
    AEGEN.DLL : 8.1.0.35 315764 Bytes 14/08/2008 11:02:30
    AEEMU.DLL : 8.1.0.7 430452 Bytes 14/08/2008 11:02:29
    AECORE.DLL : 8.1.1.8 172406 Bytes 14/08/2008 11:02:28
    AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 14/08/2008 11:02:27
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 14 août 2008 13:49

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'opera.exe' - '1' Module(s) have been scanned
    Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
    Scan process 'daemon.exe' - '1' Module(s) have been scanned
    Scan process 'CamTray.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
    Scan process 'VTTimer.exe' - '1' Module(s) have been scanned
    Scan process 'soundman.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    31 processes with 31 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    C:\WINDOWS\system32\fccaYqQh.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING] The file could not be deleted!
    [NOTE] Attempting to perform action using the ARK lib.
    [NOTE] The file was moved to '4b357491.qua'!
    C:\WINDOWS\system32\aljttatv.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] TR/Crypt.XPACK.Gen:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<8437bbdf>=sz:aljttatv.dll
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING] The file could not be deleted!
    [NOTE] Attempting to perform action using the ARK lib.
    [NOTE] The file was moved to '4b3c748e.qua'!
    C:\WINDOWS\system32\odfihkct.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING] The file could not be deleted!
    [NOTE] Attempting to perform action using the ARK lib.
    [NOTE] The file was moved to '4b387489.qua'!

    The registry was scanned ( '53' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\ARK107.tmp
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING] The file could not be deleted!
    [NOTE] Attempting to perform action using the ARK lib.
    [NOTE] The file was moved to '4adba485.qua'!
    C:\ARK108.tmp
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING] The file could not be deleted!
    [NOTE] Attempting to perform action using the ARK lib.
    [NOTE] The file was moved to '4adba486.qua'!
    C:\ARK109.tmp
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING] The file could not be deleted!
    [NOTE] Attempting to perform action using the ARK lib.
    [NOTE] The file was moved to '4adba488.qua'!
    C:\ARK10A.tmp
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING] The file could not be deleted!
    [NOTE] Attempting to perform action using the ARK lib.
    [NOTE] The file was moved to '4adba48a.qua'!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Administrateur\Local Settings\Temp\.tt201.tmp.vbs
    [DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
    [NOTE] The file was moved to '49181d7c.qua'!
    C:\Documents and Settings\Administrateur\Local Settings\Temp\sta1F3.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '49051d97.qua'!
    C:\Documents and Settings\Administrateur\Local Settings\Temp\~nsu.tmp\Au_.exe
    [DETECTION] Contains recognition pattern of the DR/Dldr.FraudLoad.vaxg.1 dropper
    [NOTE] The file was moved to '49031dee.qua'!
    C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\ELSJUHS9\kb671231[1]
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '48da1ded.qua'!
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\APPLIC~1\OPENLO~1\Bone beep ford.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '49121e3e.qua'!
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\APPLIC~1\OPENLO~1\INSIDE DRAW GREAT MANAGER.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '48f71e21.qua'!
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\APPLIC~1\OPENLO~1\pollwindowlicense.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '49101e47.qua'!
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\APPLIC~1\OPENLO~1\ximmikdj.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '49111e43.qua'!
    C:\System Volume Information\_restore{9BBB0333-A003-4908-9C5E-FA4463DABC20}\RP111\A0041999.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '48d42144.qua'!
    C:\System Volume Information\_restore{9BBB0333-A003-4908-9C5E-FA4463DABC20}\RP111\A0042000.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '48d42146.qua'!
    C:\System Volume Information\_restore{9BBB0333-A003-4908-9C5E-FA4463DABC20}\RP111\A0042003.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '48d4214a.qua'!
    C:\System Volume Information\_restore{9BBB0333-A003-4908-9C5E-FA4463DABC20}\RP111\A0042006.exe
    [DETECTION] Is the TR/Dldr.Agent.xao.2 Trojan
    [NOTE] The file was moved to '48d4214d.qua'!
    C:\System Volume Information\_restore{9BBB0333-A003-4908-9C5E-FA4463DABC20}\RP111\A0042011.exe
    [DETECTION] Is the TR/Fraud.AV2008 Trojan
    [NOTE] The file was moved to '48d4214f.qua'!
    C:\System Volume Information\_restore{9BBB0333-A003-4908-9C5E-FA4463DABC20}\RP111\A0042012.exe
    [DETECTION] Contains recognition pattern of the DR/Dldr.FraudLoad.vaxg.1 dropper
    [NOTE] The file was moved to '48d42151.qua'!
    C:\System Volume Information\_restore{9BBB0333-A003-4908-9C5E-FA4463DABC20}\RP111\A0042014.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '48d42155.qua'!
    C:\System Volume Information\_restore{9BBB0333-A003-4908-9C5E-FA4463DABC20}\RP111\A0042016.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '48d42157.qua'!
    C:\System Volume Information\_restore{9BBB0333-A003-4908-9C5E-FA4463DABC20}\RP111\A0042018.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '48d42159.qua'!
    C:\System Volume Information\_restore{9BBB0333-A003-4908-9C5E-FA4463DABC20}\RP111\A0042019.exe
    [DETECTION] Is the TR/Dldr.FraudLoa.NC Trojan
    [NOTE] The file was moved to '48d4215b.qua'!
    C:\System Volume Information\_restore{9BBB0333-A003-4908-9C5E-FA4463DABC20}\RP112\A0042076.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '48d4215e.qua'!
    C:\System Volume Information\_restore{9BBB0333-A003-4908-9C5E-FA4463DABC20}\RP112\A0042097.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '48d42160.qua'!
    C:\System Volume Information\_restore{9BBB0333-A003-4908-9C5E-FA4463DABC20}\RP114\A0045138.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '48d42164.qua'!
    C:\System Volume Information\_restore{9BBB0333-A003-4908-9C5E-FA4463DABC20}\RP114\A0045139.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '48d42166.qua'!
    C:\System Volume Information\_restore{9BBB0333-A003-4908-9C5E-FA4463DABC20}\RP114\A0045140.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '48d42167.qua'!
    C:\System Volume Information\_restore{9BBB0333-A003-4908-9C5E-FA4463DABC20}\RP114\A0045141.exe
    [DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
    [NOTE] The file was moved to '48d42169.qua'!
    C:\WINDOWS\system32\ahjvks.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '490e2276.qua'!
    C:\WINDOWS\system32\dhpnmbbt.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '49142280.qua'!
    C:\WINDOWS\system32\ekcfxr.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '49072288.qua'!
    C:\WINDOWS\system32\emtsbghs.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '4918228c.qua'!
    C:\WINDOWS\system32\ffpqckpy.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '49142287.qua'!
    C:\WINDOWS\system32\ffxhasvi.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '491c2289.qua'!
    C:\WINDOWS\system32\gcljyb.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '49102288.qua'!
    C:\WINDOWS\system32\gtnwmiwk.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '4912229b.qua'!
    C:\WINDOWS\system32\iufxosyn.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING] The file could not be deleted!
    [NOTE] Attempting to perform action using the ARK lib.
    [NOTE] The file was moved to '4b4f982b.qua'!
    C:\WINDOWS\system32\jakpiqxy.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '490f2290.qua'!
    C:\WINDOWS\system32\kpvvnjjx.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING] The file could not be deleted!
    [NOTE] Attempting to perform action using the ARK lib.
    [NOTE] The file was moved to '4b5f982b.qua'!
    C:\WINDOWS\system32\lfpskfoh.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4914229b.qua'!
    C:\WINDOWS\system32\lknfkc.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '491222a2.qua'!
    C:\WINDOWS\system32\lnaleflb.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '490522a6.qua'!
    C:\WINDOWS\system32\lyioffxb.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '490d22b4.qua'!
    C:\WINDOWS\system32\mnajkrcm.dll
    [DETECTION] Is the TR/Vundo.fcf.3 Trojan
    [NOTE] The file was moved to '490522ac.qua'!
    C:\WINDOWS\system32\mumbrkks.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '491122bd.qua'!
    C:\WINDOWS\system32\pgvbvevu.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '491a22b7.qua'!
    C:\WINDOWS\system32\qnpoigye.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '491422c1.qua'!
    C:\WINDOWS\system32\sewbbsou.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '491b22bd.qua'!
    C:\WINDOWS\system32\skniyi.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '491222c5.qua'!
    C:\WINDOWS\system32\wlkpajcv.dll
    [DETECTION] Is the TR/Vundo.fcf.2 Trojan
    [NOTE] The file was moved to '490f22d2.qua'!
    C:\WINDOWS\system32\wsjmrz.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '490e22dd.qua'!
    C:\WINDOWS\system32\xojqfi.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '490e22e4.qua'!
    C:\WINDOWS\system32\yayyaxwV.dll
    [DETECTION] Is the TR/Monder.emk Trojan
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING] The file could not be deleted!
    [NOTE] Attempting to perform action using the ARK lib.
    [NOTE] The file was moved to '4b589851.qua'!
    C:\WINDOWS\system32\ysaiki.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '490522ec.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <stockage>


    End of the scan: jeudi 14 août 2008 14:20
    Used time: 30:50 Minute(s)

    The scan has been done completely.

    4137 Scanning directories
    246283 Files were scanned
    57 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    57 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    246224 Files not concerned
    2608 Archives were scanned
    16 Warnings
    57 Notes

    15 Août 2008 01:14:07

    Re,

    Télécharge Combofix à partir d'**ICI** ou bien **ICI** et enregistre-le sur ton bureau.

    **Note 1 : Dans le cas où tu aurais déjà une version de combofix, il faudra que tu en télécharges une autre, la toute dernière. De plus il est très important de le sauvegarder directement sur ton bureau.**

  • Merci de ne jamais renommer Combofix, sauf si cela t'es expressément demandé.
  • Ferme toutes les fenêtres en cours, sans exception.
  • Désactive toutes les protections résidentes de tous tes logiciels antivirus, antispyware etc. afin que ces derniers n'interfèrent pas avec le bonfonctionnement de Combofix.
    Très important : Désactive temporairement toutes tes protections résidentes de tous tes logiciels de sécurité avant de lancer un scan avec Combofix. Ils risqueraient d'altérer le bon déroulement du scan de Combofix, ce qui pourrait avoir des conséquences imprévues et désastreuses.
  • Clique sur ce lien pour voir une liste de programmes qui devraient systématiquement être désactivés avant l'utilisation de combofix. A noter que la liste n'est pas exhaustive. Si ton logiciel de sécurité n'est pas dans cette liste et que tu ne sais pas comment le désactiver, ou que tu ne comprends pas l'anglais :p  , merci de me poser la question.
  • ATTENTION : Combofix va automatiquement te déconnecter d'internet dès que le scan débute.
  • Merci ne pas essayer de reconnecter ta machine à internet tant que combofix n'a pas fini son travail.
  • Si jamais tu n'arrives plus à te connecter à internet après l'utilisation de combofix, redémarre ton PC pour restaurer la connexion à internet.
  • Double clique sur combofix.exe et suis les instructions qui s'affichent.
  • Quand le scan sera fini, un rapport devrait normalement s'afficher à l'écran.
  • Merci de poster le rapport suivant, "C:\ComboFix.txt" , dans votre prochaine réponse, accompagné d'un nouveau rapport HiJackThis.

    **Note 2 : Ne pas cliquer dans la fenêtre de combofix pendant qu'il travaille. Tu risquerais de planter le PC et de causer d'importants dommages.**

    ;) 
    15 Août 2008 13:53:03

    re

    Voici le rapport avec Combofix:

    ComboFix 08-08-14.03 - Administrateur 2008-08-15 13:30:57.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.81 [GMT 2:00]
    Endroit: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrateur\Cookies\administrateur@ad.yieldmanager[1].txt
    C:\Documents and Settings\Administrateur\Cookies\administrateur@casinotropez[3].txt
    C:\Documents and Settings\Administrateur\Cookies\administrateur@casinotropez[4].txt
    C:\Documents and Settings\Administrateur\Cookies\administrateur@erreurchasseur[2].txt
    C:\Documents and Settings\Administrateur\Cookies\administrateur@europacasino[2].txt
    C:\Documents and Settings\Administrateur\Cookies\administrateur@metaffiliation[2].txt
    C:\Documents and Settings\Administrateur\Cookies\administrateur@titanpoker[2].txt
    C:\Documents and Settings\Administrateur\Cookies\administrateur@tradedoubler[5].txt
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk
    C:\WINDOWS\BM87048843.txt
    C:\WINDOWS\BM87048843.xml
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\abfgjdyk.dll
    C:\WINDOWS\system32\aiagrtvg.ini
    C:\WINDOWS\system32\AutoRun.inf
    C:\WINDOWS\system32\bjywmeqp.dll
    C:\WINDOWS\system32\btplgqup.dll
    C:\WINDOWS\system32\btqsomaq.exe
    C:\WINDOWS\system32\bwajrysl.exe
    C:\WINDOWS\system32\cpkqkatk.ini
    C:\WINDOWS\system32\cvqpufwt.exe
    C:\WINDOWS\system32\dewhbh.dll
    C:\WINDOWS\system32\ewfqigoe.ini
    C:\WINDOWS\system32\hxkrsyux.dll
    C:\WINDOWS\system32\icdnbtwa.ini
    C:\WINDOWS\system32\ikqrbbof.ini
    C:\WINDOWS\system32\jsagmz.dll
    C:\WINDOWS\system32\kmnthn.dll
    C:\WINDOWS\system32\kqbcgwdn.ini
    C:\WINDOWS\system32\ktpbkcer.exe
    C:\WINDOWS\system32\lplkoxgq.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mfwiybvk.ini
    C:\WINDOWS\system32\midwyomy.dll
    C:\WINDOWS\system32\mtvqru.dll
    C:\WINDOWS\system32\nraliedk.ini
    C:\WINDOWS\system32\nripumui.dll
    C:\WINDOWS\system32\ntliopkw.dll
    C:\WINDOWS\system32\nxeyta.dll
    C:\WINDOWS\system32\ocbkkuxy.dll
    C:\WINDOWS\system32\paubilhd.dll
    C:\WINDOWS\system32\pfeacvdb.ini
    C:\WINDOWS\system32\pmjdquqp.dll
    C:\WINDOWS\system32\pntgxhmj.dll
    C:\WINDOWS\system32\scrpfosf.ini
    C:\WINDOWS\system32\svqqgigd.dll
    C:\WINDOWS\system32\svunlz.dll
    C:\WINDOWS\system32\ufspdqqh.dll
    C:\WINDOWS\system32\vbcyrixt.ini
    C:\WINDOWS\system32\vtattjla.ini
    C:\WINDOWS\system32\Vwxayyay.ini
    C:\WINDOWS\system32\Vwxayyay.ini2
    C:\WINDOWS\system32\whsfgbti.ini
    C:\WINDOWS\system32\wpjzbe.dll
    C:\WINDOWS\system32\xbbhoxie.exe
    C:\WINDOWS\system32\xjjnvvpk.ini
    C:\WINDOWS\temp\perflib_perfdata_1cc.dat

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-15 to 2008-08-15 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-15 13:35 . 2008-08-15 13:35 <REP> d-------- C:\WINDOWS\system32\xircom
    2008-08-15 13:35 . 2008-08-15 13:35 <REP> d-------- C:\WINDOWS\srchasst
    2008-08-15 13:35 . 2008-08-15 13:35 <REP> d-------- C:\Program Files\microsoft frontpage
    2008-08-14 13:00 . 2008-08-14 13:00 <REP> d-------- C:\Program Files\Avira
    2008-08-14 13:00 . 2008-08-14 13:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-08-12 13:53 . 2008-08-12 13:53 1,503,891 --ahs---- C:\WINDOWS\system32\yngcimay.tmp
    2008-08-05 19:56 . 2008-08-05 20:24 <REP> d-------- C:\Program Files\PhotoFiltre
    2008-08-05 18:40 . 2008-08-05 18:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Leadertech
    2008-08-05 18:17 . 2008-08-05 18:17 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-08-02 00:02 . 2008-08-02 00:02 <REP> d-------- C:\Program Files\DAEMON Tools Lite
    2008-08-01 23:46 . 2008-08-02 00:02 <REP> d-------- C:\Program Files\DAEMON Tools Toolbar
    2008-08-01 23:19 . 2003-05-28 01:11 110,592 --a------ C:\WINDOWS\system32\tsccvid.dll
    2008-08-01 15:43 . 2008-08-01 15:43 1,486,848 --a------ C:\WINDOWS\system32\igpcvypx.tmp
    2008-08-01 15:37 . 2008-08-01 15:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-01 15:37 . 2008-08-01 15:37 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-07-31 22:32 . 2008-08-02 13:31 <REP> d-------- C:\Lop SD

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-11 16:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent
    2008-08-05 11:22 --------- d-----w C:\Program Files\Google
    2008-08-03 16:24 --------- d-----w C:\Program Files\uTorrent
    2008-07-31 15:15 --------- d-----w C:\Program Files\Maxis
    2008-07-25 11:05 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
    2008-07-15 08:41 --------- d-----w C:\Program Files\Opera
    2008-07-14 10:06 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-07-14 10:06 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\DAEMON Tools
    2008-07-10 11:13 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
    2008-07-03 05:51 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\HPAppData
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-02-02 18:47 126 ----a-w C:\Documents and Settings\Administrateur\patching.reg
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2005-10-27 12:00 299008]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 17:02 490952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
    "SoundMan"="SOUNDMAN.EXE" [2006-11-17 06:42 577536 C:\WINDOWS\soundman.exe]
    "VTTimer"="VTTimer.exe" [2003-08-20 05:56 45056 C:\WINDOWS\system32\VTTimer.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMConfigurePrograms"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoSMHelp"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "ClearDocsOnExit"= 64 (0x40)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoAutoUpdate"= 0 (0x0)
    "LockTaskbar"= 0 (0x0)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoSMHelp"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
    "Enabled"= 1 (0x1)

    R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 00:45]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    *Newly Created Service* - HELPSVC
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{0f01ce62-78e6-49ec-a663-2da69e63a21f} - C:\WINDOWS\system32\ysaiki.dll
    BHO-{38B9D19D-021A-4282-A2BD-F9E40DCBA8C9} - C:\WINDOWS\system32\fccaYqQh.dll
    BHO-{54A0D8BE-38CD-495F-BFC5-3AD015BE368B} - C:\WINDOWS\system32\yayyaxwV.dll
    Toolbar-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
    WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
    HKCU-Run-WINSOS VERIFY - C:\Program Files\Winsos\WINSOS.EXE
    HKLM-Run-BM87048843 - C:\WINDOWS\system32\iufxosyn.dll
    HKLM-Run-8437bbdf - C:\WINDOWS\system32\kpvvnjjx.dll
    ShellExecuteHooks-{833AE189-F38C-46B6-B02A-18DBEBB50349} - (no file)
    ShellExecuteHooks-{38B9D19D-021A-4282-A2BD-F9E40DCBA8C9} - C:\WINDOWS\system32\fccaYqQh.dll
    Notify-awtqQKBR - awtqQKBR.dll
    Notify-fccaYqQh - fccaYqQh.dll


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.daemon-search.com/startpage
    R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-15 13:35:50
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...


    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-15 13:48:08 - machine was rebooted [Administrateur]
    ComboFix-quarantined-files.txt 2008-08-15 11:46:55

    Pre-Run: 26,890,403,840 octets libres
    Post-Run: 27,306,266,624 octets libres

    204 --- E O F --- 2008-07-09 20:56:00
    15 Août 2008 13:55:23

    Voici le rapport avec Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:54, on 15/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\ComboFix\psexec.cfexe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: {f12a36e9-6ad2-366a-ce94-6e8726ec10f0} - {0f01ce62-78e6-49ec-a663-2da69e63a21f} - C:\WINDOWS\system32\ysaiki.dll (file missing)
    O2 - BHO: (no name) - {38B9D19D-021A-4282-A2BD-F9E40DCBA8C9} - C:\WINDOWS\system32\fccaYqQh.dll (file missing)
    O2 - BHO: (no name) - {54A0D8BE-38CD-495F-BFC5-3AD015BE368B} - C:\WINDOWS\system32\yayyaxwV.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [BM87048843] Rundll32.exe "C:\WINDOWS\system32\iufxosyn.dll",s
    O4 - HKLM\..\Run: [8437bbdf] rundll32.exe "C:\WINDOWS\system32\kpvvnjjx.dll",b
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
    O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID....
    O20 - Winlogon Notify: awtqQKBR - awtqQKBR.dll (file missing)
    O20 - Winlogon Notify: fccaYqQh - fccaYqQh.dll (file missing)
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Indexing Service (cisvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

    --
    End of file - 6827 bytes
    16 Août 2008 12:10:10

    :hello:  Bonjour,

    1) Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !

    Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )

    Citation :
    File::
    C:\WINDOWS\system32\yngcimay.tmp
    C:\WINDOWS\system32\igpcvypx.tmp

    Folder::
    C:\Lop SD

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000000
    "AntiVirusDisableNotify"=dword:00000000


    => Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

    - Colles y le texte (CTRL + V)
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer
    - Quitte le Bloc Notes

    Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



    * Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
    * Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
    Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    2) Télécharge ZebRestore
    Dézippe-le. Ouvre le dossier, lance le en double cliquant sur l’exe.
    Coche :
    - RegEdit
    - Clés RUN
    - Bouton Arrêter
    - Windows Update
    - Gestionnaire des tâches
    - Panneau de configuration
    - Ajout/Suppression de programmes
    - Policies
    - Bureau
    - Réparation IE
    - Extension des fichiers
    - Sites de confiance et sensibles
    - Préfixes et Protocoles Internet
    Clique sur Restaurer. Ferme le programme.

    3) Ta console JAVA n'est pas à jour. Désinstalle ta console Java via Ajout/Suppression de programmes. Puis installe la dernière version :
    http://www.java.com/fr/download/manual.js

    4) Poste un nouveau rapport HijackThis et dis-moi comment va le PC.

    ;) 
    16 Août 2008 15:45:52

    1)Voici le rapport:

    ComboFix 08-08-15.04 - Administrateur 2008-08-16 15:35:25.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.52 [GMT 2:00]
    Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\igpcvypx.tmp
    C:\WINDOWS\system32\yngcimay.tmp
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Lop SD
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@32vegas[1].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@32vegas[2].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@32vegas[3].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@adin.bigpoint[1].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@adin.bigpoint[3].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@adopt.euroclick[1].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@adultfriendfinder[1].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@advertising[1].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@advertising[2].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@advertising[3].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@advertising[4].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@advertising[5].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@advertising[6].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@banner.32vegas[1].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@banner.32vegas[2].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@banner.32vegas[3].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@banner.casinoking[2].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@banner.cotedazurpalace[2].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@bigpoint[1].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@bigpoint[2].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@bigpoint[3].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@bigpoint[4].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@bigpoint[5].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@bigpoint[6].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@bigpoint[7].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@casinoking[1].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[1].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[10].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[11].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[12].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[13].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[14].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[15].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[16].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[17].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[18].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[19].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[2].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[20].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[21].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[22].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[23].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[24].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[25].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[26].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[27].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[28].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[29].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[3].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[30].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[4].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[5].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[6].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[7].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[8].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@cotedazurpalace[9].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@es.bigpoint[1].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@fr1.darkorbit.bigpoint[2].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@pacificpoker[1].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@www.bigpoint[1].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@www.bigpoint[10].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@www.bigpoint[2].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@www.bigpoint[3].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@www.bigpoint[4].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@www.bigpoint[5].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@www.bigpoint[6].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@www.bigpoint[7].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@www.bigpoint[8].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ADMINI~1\Cookies\administrateur@www.bigpoint[9].txt
    C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\Audio 4 part browse\More bone.exe
    C:\Lop SD\Backup-Lop\Hosts\hosts
    C:\Lop SD\Backup-Lop\Reg\HKCU_Run.reg
    C:\Lop SD\Backup-Lop\Reg\HKLM_Run.reg
    C:\Lop SD\Backup-Lop\Reg\HKLM_Uninstall.reg
    C:\Lop SD\Backup-Lop\WINDOWS\Tasks\A788CFFD906F434D.job
    C:\Lop SD\egd1.egd
    C:\Lop SD\egd2.egd
    C:\Lop SD\exist.txt
    C:\Lop SD\Proc.txt
    C:\Lop SD\Rapport-Lop.txt
    C:\Lop SD\task.txt
    C:\WINDOWS\system32\igpcvypx.tmp
    C:\WINDOWS\system32\yngcimay.tmp

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-15 14:03 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
    2008-08-15 13:35 . 2008-08-15 13:35 <REP> d-------- C:\WINDOWS\system32\xircom
    2008-08-15 13:35 . 2008-08-15 13:35 <REP> d-------- C:\WINDOWS\srchasst
    2008-08-15 13:35 . 2008-08-15 13:35 <REP> d-------- C:\Program Files\microsoft frontpage
    2008-08-14 13:00 . 2008-08-14 13:00 <REP> d-------- C:\Program Files\Avira
    2008-08-14 13:00 . 2008-08-14 13:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-08-05 19:56 . 2008-08-05 20:24 <REP> d-------- C:\Program Files\PhotoFiltre
    2008-08-05 18:40 . 2008-08-05 18:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Leadertech
    2008-08-05 18:17 . 2008-08-05 18:17 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-08-02 00:02 . 2008-08-02 00:02 <REP> d-------- C:\Program Files\DAEMON Tools Lite
    2008-08-01 23:46 . 2008-08-02 00:02 <REP> d-------- C:\Program Files\DAEMON Tools Toolbar
    2008-08-01 23:19 . 2003-05-28 01:11 110,592 --a------ C:\WINDOWS\system32\tsccvid.dll
    2008-08-01 15:37 . 2008-08-01 15:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-01 15:37 . 2008-08-01 15:37 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-15 15:10 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent
    2008-08-05 11:22 --------- d-----w C:\Program Files\Google
    2008-08-03 16:24 --------- d-----w C:\Program Files\uTorrent
    2008-07-31 15:15 --------- d-----w C:\Program Files\Maxis
    2008-07-15 08:41 --------- d-----w C:\Program Files\Opera
    2008-07-14 10:06 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-07-14 10:06 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\DAEMON Tools
    2008-07-10 11:13 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
    2008-07-03 05:51 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\HPAppData
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-02-02 18:47 126 ----a-w C:\Documents and Settings\Administrateur\patching.reg
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-15_13.45.13.98 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-05-31 11:35:22 6,420,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
    - 2008-07-09 20:54:55 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2008-08-15 20:55:38 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
    - 2008-07-09 20:54:55 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2008-08-15 20:55:38 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2008-07-09 20:54:55 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
    + 2008-08-15 20:55:38 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
    - 2008-07-09 20:54:54 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2008-08-15 20:55:38 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2008-07-09 20:54:55 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2008-08-15 20:55:38 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2008-07-09 20:54:55 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2008-08-15 20:55:38 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2008-07-09 20:54:56 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2008-08-15 20:55:38 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2008-07-09 20:54:56 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2008-08-15 20:55:38 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2008-07-09 20:54:55 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2008-08-15 20:55:38 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2008-07-09 20:54:54 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
    + 2008-08-15 20:55:38 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2008-07-09 20:54:56 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2008-08-15 20:55:38 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2008-07-09 20:54:54 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2008-08-15 20:55:38 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2008-07-09 20:54:54 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2008-08-15 20:55:38 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2008-04-21 07:02:27 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
    + 2008-06-23 15:39:58 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
    - 2008-04-21 07:02:27 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
    + 2008-06-23 15:39:58 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
    - 2008-04-21 07:02:28 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
    + 2008-06-23 15:39:59 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
    - 2008-04-21 07:02:27 1,024,000 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
    + 2008-06-23 15:39:58 1,024,000 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
    - 2008-04-21 07:02:27 152,064 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
    + 2008-06-23 15:39:58 152,064 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
    - 2008-04-21 07:02:28 1,056,768 -c----w C:\WINDOWS\system32\dllcache\danim.dll
    + 2008-06-23 15:39:59 1,056,768 -c----w C:\WINDOWS\system32\dllcache\danim.dll
    - 2008-04-21 07:02:28 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    + 2008-06-23 15:40:00 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    - 2008-04-21 07:02:28 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
    + 2008-06-23 15:40:00 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
    + 2008-07-07 20:31:48 253,952 -c----w C:\WINDOWS\system32\dllcache\es.dll
    - 2008-04-21 07:02:28 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
    + 2008-06-23 15:40:00 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
    - 2008-04-17 10:52:54 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
    + 2008-06-23 09:49:29 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
    - 2008-04-21 07:02:29 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
    + 2008-06-23 15:40:00 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
    - 2007-08-21 06:17:23 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
    + 2008-04-11 18:51:06 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
    - 2008-04-21 07:02:29 96,768 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
    + 2008-06-23 15:40:00 96,768 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
    - 2008-04-21 07:02:29 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2008-06-23 15:40:00 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2008-06-24 16:23:56 74,240 -c----w C:\WINDOWS\system32\dllcache\mscms.dll
    - 2008-04-21 07:02:34 3,080,704 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
    + 2008-06-23 15:40:02 3,080,704 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
    - 2008-04-21 07:02:34 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
    + 2008-06-23 15:40:03 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
    - 2008-04-21 07:02:34 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
    + 2008-06-23 15:40:03 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
    - 2008-04-21 07:02:35 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
    + 2008-06-23 15:40:04 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
    - 2008-04-21 07:02:35 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
    + 2008-06-23 15:40:04 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
    - 2008-04-21 07:02:37 1,495,040 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
    + 2008-06-23 15:40:05 1,495,040 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
    - 2008-04-21 07:02:38 474,624 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
    + 2008-06-23 15:40:06 474,624 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
    - 2008-04-21 07:02:39 617,984 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
    + 2008-06-23 15:40:06 617,984 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
    - 2008-04-21 07:02:40 663,552 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
    + 2008-06-23 15:40:08 663,552 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
    - 2008-04-21 07:02:28 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    + 2008-06-23 15:40:00 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    - 2008-04-21 07:02:28 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
    + 2008-06-23 15:40:00 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
    - 2005-07-26 04:39:57 243,200 ----a-w C:\WINDOWS\system32\es.dll
    + 2008-07-07 20:31:48 253,952 ----a-w C:\WINDOWS\system32\es.dll
    - 2008-04-21 07:02:28 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
    + 2008-06-23 15:40:00 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
    - 2008-04-21 07:02:29 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
    + 2008-06-23 15:40:00 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
    - 2007-08-21 06:17:23 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    + 2008-04-11 18:51:06 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    - 2008-04-21 07:02:29 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
    + 2008-06-23 15:40:00 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
    - 2008-04-21 07:02:29 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
    + 2008-06-23 15:40:00 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
    - 2005-06-29 01:49:41 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    + 2008-06-24 16:23:56 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    - 2008-04-21 07:02:34 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
    + 2008-06-23 15:40:02 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
    - 2008-04-21 07:02:34 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
    + 2008-06-23 15:40:03 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
    - 2008-04-21 07:02:34 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
    + 2008-06-23 15:40:03 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
    - 2008-04-21 07:02:35 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
    + 2008-06-23 15:40:04 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
    - 2008-03-30 09:47:56 38,722 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-08-15 11:40:41 38,722 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-03-30 09:47:56 46,920 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-08-15 11:40:41 46,920 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-03-30 09:47:56 309,094 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-08-15 11:40:41 309,094 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-03-30 09:47:56 364,792 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-08-15 11:40:41 364,792 ----a-w C:\WINDOWS\system32\perfh00C.dat
    - 2008-04-21 07:02:35 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
    + 2008-06-23 15:40:04 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
    - 2008-04-21 07:02:37 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
    + 2008-06-23 15:40:05 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
    - 2008-04-21 07:02:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
    + 2008-06-23 15:40:06 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
    - 2007-11-30 12:39:29 18,296 ------w C:\WINDOWS\system32\spmsg.dll
    + 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
    - 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
    + 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe
    - 2008-04-21 07:02:39 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
    + 2008-06-23 15:40:06 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
    - 2008-04-21 07:02:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    + 2008-06-23 15:40:08 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    - 2008-04-17 11:03:45 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll
    + 2008-07-03 09:42:35 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0f01ce62-78e6-49ec-a663-2da69e63a21f}]
    C:\WINDOWS\system32\ysaiki.dll [BU]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38B9D19D-021A-4282-A2BD-F9E40DCBA8C9}]
    C:\WINDOWS\system32\fccaYqQh.dll [BU]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54A0D8BE-38CD-495F-BFC5-3AD015BE368B}]
    C:\WINDOWS\system32\yayyaxwV.dll [BU]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2005-10-27 12:00 299008]
    "WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.EXE" [BU]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 17:02 490952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
    "BM87048843"="C:\WINDOWS\system32\iufxosyn.dll" [BU]
    "8437bbdf"="C:\WINDOWS\system32\kpvvnjjx.dll" [BU]
    "SoundMan"="SOUNDMAN.EXE" [2006-11-17 06:42 577536 C:\WINDOWS\soundman.exe]
    "VTTimer"="VTTimer.exe" [2003-08-20 05:56 45056 C:\WINDOWS\system32\VTTimer.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMConfigurePrograms"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoSMHelp"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "ClearDocsOnExit"= 64 (0x40)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoAutoUpdate"= 0 (0x0)
    "LockTaskbar"= 0 (0x0)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoSMHelp"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{38B9D19D-021A-4282-A2BD-F9E40DCBA8C9}"= "C:\WINDOWS\system32\fccaYqQh.dll" [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqQKBR]
    awtqQKBR.dll [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaYqQh]
    fccaYqQh.dll [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
    "Enabled"= 1 (0x1)

    R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 00:45]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-16 15:37:45
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...


    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-16 15:43:08
    ComboFix-quarantined-files.txt 2008-08-16 13:42:05
    ComboFix2.txt 2008-08-15 11:48:10

    Pre-Run: 27,023,577,088 octets libres
    Post-Run: 27,013,861,376 octets libres

    342 --- E O F --- 2008-08-15 20:56:03
    16 Août 2008 15:57:21

    re,
    Par contre j'ai supprimer Java met je n'arrive pas à télécgargé la derniére version, sa me dit:

    Sorry! We couldn't find the document requested.

    The file that you requested could not be found on this server. If you provided the URL, please check to ensure that it is correct.
    16 Août 2008 15:59:12

    4) Voici le rapport Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:58, on 16/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Opera\opera.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: {f12a36e9-6ad2-366a-ce94-6e8726ec10f0} - {0f01ce62-78e6-49ec-a663-2da69e63a21f} - C:\WINDOWS\system32\ysaiki.dll (file missing)
    O2 - BHO: (no name) - {38B9D19D-021A-4282-A2BD-F9E40DCBA8C9} - C:\WINDOWS\system32\fccaYqQh.dll (file missing)
    O2 - BHO: (no name) - {54A0D8BE-38CD-495F-BFC5-3AD015BE368B} - C:\WINDOWS\system32\yayyaxwV.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [BM87048843] Rundll32.exe "C:\WINDOWS\system32\iufxosyn.dll",s
    O4 - HKLM\..\Run: [8437bbdf] rundll32.exe "C:\WINDOWS\system32\kpvvnjjx.dll",b
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
    O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID....
    O20 - Winlogon Notify: awtqQKBR - awtqQKBR.dll (file missing)
    O20 - Winlogon Notify: fccaYqQh - fccaYqQh.dll (file missing)
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Indexing Service (cisvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

    --
    End of file - 6014 bytes
    16 Août 2008 23:24:32

    Re,

    1) Suis ces étapes pour désinstaller proprement combofix et les tools que nous avons utilisés pendant la désinfection

  • Menu démarrer puis exécuter
  • Tape maintenant Combofix /u dans la fenêtre que apparaît puis valide par OK. Veille à bien laisser un espace entre le X et le /U, car cela est nécessaire ici.


    2) => Utilise ERUNT pour sauvegarder ton registre
    http://www.zebulon.fr/dossiers/57-6-sauvegarder-base-de...
    En cas de problème, il te sera ainsi possible d'annuler la manipulation,
    /!\ Etape importante à ne pas sauter ! /!\

    3) Crée un fichier Bloc Notes avec le texte qui se trouve dans l'espace ci-dessous (copie/colle) :

    Citation :
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0f01ce62-78e6-49ec-a663-2da69e63a21f}]

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38B9D19D-021A-4282-A2BD-F9E40DCBA8C9}]

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54A0D8BE-38CD-495F-BFC5-3AD015BE368B}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BM87048843"=-
    "8437bbdf"=-

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{38B9D19D-021A-4282-A2BD-F9E40DCBA8C9}"=-

    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqQKBR]

    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaYqQh]


    -Enregistrer ce fichier dans : Bureau
    -Nom du fichier : fix.reg
    -Type : tous les fichiers !!!
    -cliquer sur Enregistrer
    -quitter le Bloc Notes

    Utilisation du fichier: fix.reg
    - double cliquer sur le fichier (Bureau) / Accepter l'avertissement concernant la fusion / ne pas s'étonner de ne rien voir / valider le message disant que la fusion est terminée.

    4) Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    ;) 
    17 Août 2008 14:06:20

    re

    Alors j'ai tout fait sauf sa:

    Utilisation du fichier: fix.reg
    - double cliquer sur le fichier (Bureau) / Accepter l'avertissement concernant la fusion / ne pas s'étonner de ne rien voir / valider le message disant que la fusion est terminée.

    Sa m'affiche pas l'acceptation a faire concernan la fusion...



    Si non voici le rapport avec Malwarebyte's:

    Malwarebytes' Anti-Malware 1.24
    Version de la base de données: 1060
    Windows 5.1.2600 Service Pack 2

    13:56:28 17/08/2008
    mbam-log-8-17-2008 (13-56-28).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 84926
    Temps écoulé: 1 hour(s), 53 minute(s), 23 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f01ce62-78e6-49ec-a663-2da69e63a21f} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0f01ce62-78e6-49ec-a663-2da69e63a21f} (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm87048843 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8437bbdf (Trojan.Vundo) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\ysaiki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    17 Août 2008 23:42:06

    Re,

    On va vérifier que tout est ok. Comment ça va de ton côté ?

    Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
    NB : Tu dois être connecté avec des droits d'Administrateur.
  • ferme toutes les applications et fenêtres
  • double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
    Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
  • s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
  • tu devras cliquer 2 fois sur le OK des boîtes de dialogue
    Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
  • quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
    main.txt <- ouvert en premier plan et en plein écran
    extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
    S'il s'agit d'une utilisation supplémentaire de DSS :
  • tu n'auras pas de boîte de dialogue (pas de OK)
  • quand le traitement est terminé, un fichier texte s'affiche :
    main.txt <- ouvert en premier plan et en plein écran

  • copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
  • copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
  • n'oublie pas de réactiver les protections si elles ont été stoppées.



    Ce que fait DSS :
  • crée un point de restauration dans Windows XP et Vista
  • nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
  • vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

    ;) 
    18 Août 2008 12:11:22

    re

    Je n'arive pas a télécharger "Deckard's System Scanner (DSS)" sa me met page Not Found.
    18 Août 2008 22:28:29

    :hello:  Bonsoir,

    C'est normal, l'outil a été retiré momentanément car il rencontre un problème avec un rootkit.

    On va utiliser un autre outil ;) 

    1) Téléchargez ATF Cleaner sur votre Bureau.

  • Faites un double clic sur ATF-Cleaner.exe pour lancer le programme.
  • Cliquez sur Select All situé en bas de la liste.
  • Cliquez sur le bouton Empty Selected.

    Si vous utilisez le navigateur Firefox, faites aussi ceci :
  • Cliquez sur Firefox en haut et choisissez Select All dans la liste.
  • Cliquez sur le bouton Empty Selected.
  • NOTE : Si vous désirez conserver vos mots de passe enregistrés, cliquez sur No dans le message d'avertissement.

    Si vous utilisez le navigateur Opera, faites aussi ceci :
  • Cliquez sur Opera en haut et choisissez Select All dans la liste.
  • Fermez TOUS les navigateurs Internet (très important).
  • Cliquez sur le bouton Empty Selected.
  • NOTE : Si vous désirez conserver vos mots de passe enregistrés, cliquez sur No dans le message d'avertissement.
    Cliquez sur Exit dans le menu principal pour fermer le programme.

    2) Ensuite, téléchargez OTScanIt.exe sur votre Bureau, et faites un double clic dessus pour extraire les fichiers. Ceci va créer un dossier nommé OTScanIt sur votre Bureau.

    N.B : Si pendant le téléchargement et/ou l’installation tu reçois une alerte de ton antivirus, ignore-là. Certains composants de OTscanIT peuvent être détectés comme un virus par certains antivirus. Pense aussi à désactiver tes protections résidentes durant la procédure.

    Note : Vous devez avoir ouvert une session avec un compte ayant les droits Administrateur pour exécuter ce programme.

  • Fermez TOUS LES AUTRES PROGRAMMES.
  • Ouvrez le dossier OTScanIt et faites un double clic sur OTScanIt.exe pour lancer le programme (si vous êtes sous Windows Vista, faites un clic droit sur le programme et choisissez Exécuter en tant qu'Administrateur).
  • Dans la section Drivers cliquez sur Non-Microsoft.
  • Sous Additional Scans cochez la case située devant les éléments suivants afin de les sélectionner :

    Reg - BotCheck
    File - Additional Folder Scans


  • Ne modifiez aucun autre paramètre.
  • Ensuite, cliquez sur le bouton Run Scan dans la barre d'outils.
  • Laissez le programme tourner sans intervenir.
  • Lorsque l'analyse est terminée le Bloc-notes va s'ouvrir pour afficher le fichier rapport.
  • Cliquez sur le menu Format et vérifiez que Retour automatique à la ligne n'est pas coché. S'il l'est, cliquez dessus afin de le décocher.
    Utilisez le bouton Répondre et faites un copier/coller de ces informations ici. Je les examinerai dès leur arrivée. Vérifiez que la première ligne est code entouré de crochets [] et que la dernière ligne est /code entouré de crochets [].

    Si, après avoir envoyé votre message, la dernière ligne n'est pas <End of Report> cela signifie que le rapport est trop long pour tenir dans un seul message, et vous devez dans ce cas le découper en plusieurs messages, ou le mettre sur Mediafire : http://www.mediafire.com

    ;) 
    19 Août 2008 13:50:21

    re

    [code]
    OTScanIt logfile created on: 19/08/2008 13:46:18
    OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Administrateur\Bureau\OTScanIt
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    223,48 Mb Total Physical Memory | 117,04 Mb Available Physical Memory | 52,37% Memory free
    978,03 Mb Paging File | 733,20 Mb Available in Paging File | 74,97% Paging File free
    Paging file location(s): C:\pagefile.sys 768 768;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 34,18 Gb Total Space | 24,59 Gb Free Space | 71,93% Space Free | Partition Type: NTFS
    Drive D: | 42,50 Gb Total Space | 6,00 Gb Free Space | 14,13% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: OXIDIUM
    Current User Name: Administrateur
    Logged in as Administrator.
    Current Boot Mode: Normal
    Scan Mode: Current user

    [Processes - Non-Microsoft Only]
    sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 8.00.00.16 | Size = 68865 bytes | Modified Date = 12/06/2008 14:46:25 | Attr = ]
    avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 8.00.01.27 | Size = 149761 bytes | Modified Date = 15/08/2008 14:01:32 | Attr = ]
    cdac11ba.exe -> %SystemRoot%\system32\drivers\CDAC11BA.EXE -> C-Dilla Ltd [Ver = 4.11.050 | Size = 39936 bytes | Modified Date = 24/02/2008 12:55:23 | Attr = ]
    soundman.exe -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 58 | Size = 577536 bytes | Modified Date = 17/11/2006 06:42:52 | Attr = ]
    vttimer.exe -> %SystemRoot%\system32\VTTimer.exe -> S3 Graphics, Inc. [Ver = 1.03.00.0820 | Size = 45056 bytes | Modified Date = 20/08/2003 05:56:14 | Attr = R ]
    hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 90.0.43.000 | Size = 49152 bytes | Modified Date = 11/03/2007 21:34:40 | Attr = ]
    avgnt.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 8.00.70.02 | Size = 266497 bytes | Modified Date = 12/06/2008 14:28:45 | Attr = ]
    hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 90.0.146.000 | Size = 210520 bytes | Modified Date = 11/03/2007 21:26:24 | Attr = ]
    hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Co. [Ver = 90.0.146.000 | Size = 151552 bytes | Modified Date = 11/03/2007 21:32:42 | Attr = ]
    otscanit.exe -> %UserProfile%\Bureau\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 12/07/2008 09:29:54 | Attr = ]

    [Win32 Services - Non-Microsoft Only]
    (AntiVirScheduler) Avira AntiVir Personal - Free Antivirus Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 8.00.00.16 | Size = 68865 bytes | Modified Date = 12/06/2008 14:46:25 | Attr = ]
    (AntiVirService) Avira AntiVir Personal - Free Antivirus Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 8.00.01.27 | Size = 149761 bytes | Modified Date = 15/08/2008 14:01:32 | Attr = ]
    (C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\drivers\CDAC11BA.EXE -> C-Dilla Ltd [Ver = 4.11.050 | Size = 39936 bytes | Modified Date = 24/02/2008 12:55:23 | Attr = ]
    (cisvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\cisvc.exe -> File not found
    (dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 03/08/2004 16:54:50 | Attr = ]

    [Driver Services - Non-Microsoft Only]
    (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alcxwdm.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.6220 built by: WinDDK | Size = 4027456 bytes | Modified Date = 25/01/2007 17:37:16 | Attr = ]
    (avgio) avgio [Kernel | System | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgio.sys -> Avira GmbH [Ver = 1.0.0.30 | Size = 11840 bytes | Modified Date = 27/02/2007 15:25:01 | Attr = ]
    (avgntflt) avgntflt [File_System | On_Demand | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -> Avira GmbH [Ver = 7.00.02.06 | Size = 52032 bytes | Modified Date = 20/05/2008 16:29:41 | Attr = ]
    (avipbb) avipbb [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avipbb.sys -> Avira GmbH [Ver = 1.00.2.31 | Size = 75072 bytes | Modified Date = 27/06/2008 15:03:55 | Attr = ]
    (CdaC15BA) CdaC15BA [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\CDAC15BA.SYS -> [Ver = | Size = 8864 bytes | Modified Date = 03/03/2008 21:52:35 | Attr = ]
    (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800256 bytes | Modified Date = 03/08/2004 16:46:08 | Attr = ]
    (dmio) Pilote de Gestionnaire de disque logique [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 154496 bytes | Modified Date = 03/08/2004 16:46:20 | Attr = ]
    (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 28/08/2001 08:00:00 | Attr = ]
    (FETNDIS) Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\fetnd5.sys -> VIA Technologies, Inc. [Ver = 2.66 | Size = 27165 bytes | Modified Date = 08/09/2004 19:41:44 | Attr = ]
    (HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZid412.sys -> HP [Ver = 10, 1, 0, 3 | Size = 49920 bytes | Modified Date = 08/03/2007 06:20:48 | Attr = R ]
    (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> HP [Ver = 10, 1, 0, 3 | Size = 16496 bytes | Modified Date = 08/03/2007 06:20:49 | Attr = R ]
    (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZius12.sys -> HP [Ver = 10, 1, 0, 3 | Size = 21568 bytes | Modified Date = 08/03/2007 06:20:50 | Attr = R ]
    (Ptilink) Pilote de liaison parallèle directe [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 28/08/2001 08:00:00 | Attr = ]
    (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 12:25:54 | Attr = ]
    (sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys -> [Ver = | Size = 717296 bytes | Modified Date = 14/07/2008 12:06:27 | Attr = ]
    (ssmdrv) ssmdrv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Modified Date = 01/03/2007 10:34:22 | Attr = ]
    (V0260VID) Live! Cam Vista IM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\V0260Vid.sys -> Creative Technology Ltd. [Ver = 1, 1, 3, 0 | Size = 178913 bytes | Modified Date = 04/11/2006 00:45:48 | Attr = R ]
    (viaagp1) VIA AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\VIAAGP1.SYS -> VIA Technologies, Inc. [Ver = 5.1.0.3442 built by: VIA | Size = 27904 bytes | Modified Date = 02/07/2003 05:42:00 | Attr = ]
    (viagfx) viagfx [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\vtmini.sys -> Copyright (C) VIA/S3 Graphics, Inc. [Ver = 6.14.10.0103-16.94.35.04 | Size = 133632 bytes | Modified Date = 19/12/2003 08:47:08 | Attr = R ]
    (viamraid) viamraid [Kernel | Boot | Stopped] -> %SystemRoot%\System32\drivers\viamraid.sys -> VIA Technologies inc,.ltd [Ver = 5.1.2600.300 | Size = 73600 bytes | Modified Date = 08/09/2004 12:07:10 | Attr = ]

    [Registry - Non-Microsoft Only]
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 11/01/2008 23:16:38 | Attr = ]
    avgnt -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe ["C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min] -> Avira GmbH [Ver = 8.00.70.02 | Size = 266497 bytes | Modified Date = 12/06/2008 14:28:45 | Attr = ]
    HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard Co. [Ver = 90.0.43.000 | Size = 49152 bytes | Modified Date = 11/03/2007 21:34:40 | Attr = ]
    SoundMan -> %SystemRoot%\soundman.exe [SOUNDMAN.EXE] -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 58 | Size = 577536 bytes | Modified Date = 17/11/2006 06:42:52 | Attr = ]
    VTTimer -> %SystemRoot%\system32\VTTimer.exe [VTTimer.exe] -> S3 Graphics, Inc. [Ver = 1.03.00.0820 | Size = 45056 bytes | Modified Date = 20/08/2003 05:56:14 | Attr = R ]
    < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
    IMAIL-> Installed = 1 ->
    MAPI-> Installed = 1 ->
    MSFS-> Installed = 1 ->
    < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    Creative WebCam Tray -> %ProgramFiles%\Creative\Shared Files\CamTray.exe ["C:\Program Files\Creative\Shared Files\CamTray.exe"] -> Creative Technology Ltd [Ver = 3.60.07 | Size = 299008 bytes | Modified Date = 27/10/2005 12:00:22 | Attr = ]
    DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe ["C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun] -> DT Soft Ltd [Ver = 4.30.1.0 | Size = 490952 bytes | Modified Date = 24/07/2008 17:02:06 | Attr = ]
    WINSOS VERIFY -> %ProgramFiles%\Winsos\WINSOS.EXE ["C:\Program Files\Winsos\WINSOS.EXE" MINI] -> File not found
    < Administrateur Startup Folder > -> C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage ->
    %UserProfile%\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [Ver = | Size = 38912 bytes | Modified Date = 20/10/2005 12:04:08 | Attr = ]
    < All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage ->
    %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 90.0.146.000 | Size = 210520 bytes | Modified Date = 11/03/2007 21:26:24 | Attr = ]
    < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
    {38B9D19D-021A-4282-A2BD-F9E40DCBA8C9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\fccaYqQh.dll [] -> File not found
    < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
    Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1037312 bytes | Modified Date = 13/06/2007 15:22:28 | Attr = ]
    *MultiFile Done* -> ->
    *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
    C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25088 bytes | Modified Date = 03/08/2004 16:55:02 | Attr = ]
    *MultiFile Done* -> ->
    *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
    logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 2767360 bytes | Modified Date = 09/06/2006 11:09:53 | Attr = ]
    *MultiFile Done* -> ->
    *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
    rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8510976 bytes | Modified Date = 25/10/2007 18:56:24 | Attr = ]
    Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 305152 bytes | Modified Date = 03/08/2004 16:55:04 | Attr = ]
    *MultiFile Done* -> ->
    < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
    awtqQKBR -> -> File not found
    fccaYqQh -> -> File not found
    WgaLogon -> %SystemRoot%\system32\WgaLogon.dll -> Microsoft Corp. [Ver = 1.5.0532.0 | Size = 3584 bytes | Modified Date = 26/10/2001 21:27:00 | Attr = ]
    < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\NoChooseProgramsPage -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RUN\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\UNINSTALL\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WINDOWSUPDATE\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\ -> ->
    < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\NoChooseProgramsPage -> 1 ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\HideZoneInfoOnProperties -> 1 ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\SaveZoneInformation -> 1 ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoDriveTypeAutoRun -> 145 ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\DISALLOWCPL\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\DISALLOWRUN\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RESTRICTCPL\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RESTRICTRUN\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RUN\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\disableregistrytools -> 0 ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\UNINSTALL\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WINDOWSUPDATE\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\ -> ->
    < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
    *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
    SCSI miniport -> -> File not found
    *MultiFile Done* -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> Pilote de CD-ROM ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 08/09/2004 17:41:20 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
    *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
    NEC MBR-7 -> -> File not found
    NEC MBR-7.4 -> -> File not found
    PIONEER CHANGR DRM-1804X -> -> File not found
    PIONEER CD-ROM DRM-6324X -> -> File not found
    PIONEER CD-ROM DRM-624X -> -> File not found
    TORiSAN CD-ROM CDR_C36 -> -> File not found
    *MultiFile Done* -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_CD/DVDW_SH-W162C_______________TS09____\5&180c8b53&0&0.0.0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> SCSI\CdRom&Ven_LALIXUF&Prod_9UF8P2N89YN4&Rev_1.03\5&36e5972&0&000 ->
    < Drives - Autoruns > -> ->
    AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 02/02/2008 20:45:17 | Attr = ]
    < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
    HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
    HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
    HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
    HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese... ->
    HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
    HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese... ->
    HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
    < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
    HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.google.com/ie ->
    HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
    HKEY_CURRENT_USER\: Main\\Search Bar -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese... ->
    HKEY_CURRENT_USER\: Main\\Start Page -> http://www.daemon-search.com/startpage ->
    HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[gogl] ->
    HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
    < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
    {053F9267-DC04-4294-A72C-58F732D338C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_framework.dll [HP Print Clips] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 177768 bytes | Modified Date = 02/03/2007 16:52:08 | Attr = R ]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Aide pour le lien d'Adobe PDF Reader] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 23/10/2006 00:08:42 | Attr = ]
    {38B9D19D-021A-4282-A2BD-F9E40DCBA8C9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\fccaYqQh.dll [Reg Error: Value does not exist or could not be read.] -> File not found
    {54A0D8BE-38CD-495F-BFC5-3AD015BE368B} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\yayyaxwV.dll [Reg Error: Value does not exist or could not be read.] -> File not found
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
    {58ECB495-38F0-49cb-A538-10282ABF65E7}:{E763472E-A716-4CD9-89BD-DBDA6122F741} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [Livre de reliures HP] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 02/03/2007 16:53:20 | Attr = R ]
    {700259D7-1666-479a-93B1-3250410481E8}:{A93C41D8-01F8-4F8B-B14C-DE20B117E636} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [Sélection intelligente HP] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 02/03/2007 16:53:20 | Attr = R ]
    < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
    CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found
    CmdMapping\\{58ECB495-38F0-49cb-A538-10282ABF65E7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [Livre de reliures HP] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 02/03/2007 16:53:20 | Attr = R ]
    CmdMapping\\{700259D7-1666-479a-93B1-3250410481E8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [Sélection intelligente HP] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 02/03/2007 16:53:20 | Attr = R ]
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
    PluginsPageFriendlyName -> Bibliothèque de contrôles ActiveX Microsoft ->
    PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&m... ->
    < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
    {20FE3997-4CBC-400E-9A5A-996DF47050A7} -> (Carte VIA PCI 10/100Mo Fast Ethernet) ->
    {D01C40C5-F728-4FF5-B1F9-B27EE1D2A90B} -> () ->
    < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
    msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
    {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/direc...[Shockwave ActiveX Control] ->
    {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash...[Shockwave Flash Object] ->
    {F6ACF75C-C32C-447B-9BEF-46B766368D29}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID....[Creative Software AutoUpdate Support Package] ->
    < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\\.Owner -> Unknown Owner ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\\{F6ACF75C-C32C-447B-9BEF-46B766368D29} -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> ->


    [Registry - Additional Scans - Non-Microsoft Only]
    < BotCheck > -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\NoAuto Update -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
    *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
    msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 03/08/2004 16:54:36 | Attr = ]
    *MultiFile Done* -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
    *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
    kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 19:50:31 | Attr = ]
    msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 03/08/2004 16:54:36 | Attr = ]
    schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 16:22:35 | Attr = ]
    wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 03/08/2004 16:54:46 | Attr = ]
    *MultiFile Done* -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1296 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
    *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
    scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 186368 bytes | Modified Date = 03/08/2004 16:54:38 | Attr = ]
    *MultiFile Done* -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
    *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
    Windows NT Access Provider -> -> File not found
    *MultiFile Done* -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 119808 bytes | Modified Date = 03/08/2004 16:54:36 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 56 80 63 E7 F3 D9 FF F8 31 E4 8A 08 CB 7B 01 16 66 31 35 37 33 65 61 38 00 FD 07 00 2A 3A 00 00 34 FA 07 00 56 82 74 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 68 06 0F F9 07 EB 57 07 46 3A B7 F1 [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 0F 19 DF A2 8A 39 FB 83 A8 [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 1A 89 95 FA 9A 55 [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 28/08/2001 08:00:00 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 13 AE EC 86 1C C8 DA 33 63 A4 61 DA 44 51 B8 78 [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 56 30 99 87 60 00 C9 01 [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 D0 FE C3 69 79 C4 01 [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 84 C3 C8 69 79 C4 01 [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 B1 F4 C9 69 79 C4 01 [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique. ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Pare-feu Windows / Partage de connexion Internet ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 03/08/2004 16:55:02 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11482 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 332800 bytes | Modified Date = 03/08/2004 16:54:30 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142336 bytes | Modified Date = 03/08/2004 16:55:02 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18/10/2007 12:34:04 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142336 bytes | Modified Date = 03/08/2004 16:55:02 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18/10/2007 12:34:04 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 17/04/2008 23:11:42 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\RemoteAdminSettings\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\RemoteAdminSettings\\Enabled -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 03/08/2004 16:55:02 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Mises à jour automatiques ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Active le téléchargement et l'installation des mises à jour Windows. Si ce service est désactivé, cet ordinateur ne pourra pas utiliser la fonctionnalité des mises à jour automatiques ou le site Windows Update. ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 03/08/2004 16:54:48 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 4 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 75264 bytes | Modified Date = 03/08/2004 16:55:02 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
    *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService ->
    RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 06:40:00 | Attr = ]
    TCPIP -> -> File not found
    NTLMSSP -> -> File not found
    *MultiFile Done* -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Permet à un utilisateur distant de se connecter au système et d'exécuter des programmes, et prend en charge divers clients Telnet TCP/IP dont les ordinateurs sous UNIX et sous Windows. Si ce service est arrêté, l'utilisateur peut ne plus avoir accès à distance aux programmes. Si ce service est désactivé, les services qui en dépendent explicitement ne pourront pas démarrer. ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->


    [Files/Folders - Created Within 30 days]
    ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 17/08/2008 11:32:32 | Attr = ]
    Erunt -> %SystemDrive%\Erunt -> [Folder | Created Date = 17/08/2008 11:44:16 | Attr = ]
    RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 16/08/2008 15:52:37 | Attr = HS]
    avgntdd.sys -> %SystemRoot%\System32\drivers\avgntdd.sys -> Avira GmbH [Ver = 7.00.00.02 | Size = 45376 bytes | Created Date = 14/08/2008 13:00:41 | Attr = ]
    avgntmgr.sys -> %SystemRoot%\System32\drivers\avgntmgr.sys -> Avira GmbH [Ver = 6.37.01.02 | Size = 22336 bytes | Created Date = 14/08/2008 13:00:41 | Attr = ]
    avipbb.sys -> %SystemRoot%\System32\drivers\avipbb.sys -> Avira GmbH [Ver = 1.00.2.31 | Size = 75072 bytes | Created Date = 14/08/2008 13:00:38 | Attr = ]
    mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 17/08/2008 11:57:09 | Attr = ]
    mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 17/08/2008 11:57:08 | Attr = ]
    ssmdrv.sys -> %SystemRoot%\System32\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Created Date = 14/08/2008 13:00:41 | Attr = ]
    CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak -> [Folder | Created Date = 17/08/2008 19:16:26 | Attr = ]
    5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
    tsccvid.dll -> %SystemRoot%\System32\tsccvid.dll -> TechSmith Corporation [Ver = 2.0.4 | Size = 110592 bytes | Created Date = 01/08/2008 23:19:40 | Attr = ]
    xircom -> %SystemRoot%\System32\xircom -> [Folder | Created Date = 15/08/2008 13:35:21 | Attr = ]
    Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Created Date = 05/08/2008 18:17:57 | Attr = ]
    3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
    erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 15/08/2008 13:30:41 | Attr = ]
    LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 19/08/2008 12:40:29 | Attr = ]
    srchasst -> %SystemRoot%\srchasst -> [Folder | Created Date = 15/08/2008 13:35:21 | Attr = ]
    temp -> %SystemRoot%\temp -> [Folder | Created Date = 16/08/2008 15:43:13 | Attr = ]
    [Files Created - Additional Folder Scans - Non-Microsoft Only]
    Avira -> %AllUsersProfile%\Application Data\Avira -> [Folder | Created Date = 14/08/2008 13:00:36 | Attr = ]
    Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 01/08/2008 15:37:33 | Attr = ]
    Leadertech -> %AppData%\Leadertech -> [Folder | Created Date = 05/08/2008 18:40:07 | Attr = ]
    Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 01/08/2008 15:37:49 | Attr = ]
    Sun -> %AppData%\Sun -> [Folder | Created Date = 15/08/2008 14:10:25 | Attr = ]
    le royaume-french dvdrip _xvid[1].avi [mininova].torrent -> %UserProfile%\Mes documents\le royaume-french dvdrip _xvid[1].avi [mininova].torrent -> [Ver = | Size = 28458 bytes | Created Date = 02/08/2008 19:16:24 | Attr = ]
    Mes dossiers de partage.lnk -> %UserProfile%\Mes documents\Mes dossiers de partage.lnk -> [Ver = | Size = 583 bytes | Created Date = 21/07/2008 12:22:49 | Attr = ]
    Mes Historiques de Conversation -> %UserProfile%\Mes documents\Mes Historiques de Conversation -> [Folder | Created Date = 15/08/2008 12:55:59 | Attr = ]
    AntiVir PE Classic.lnk -> %AllUsersProfile%\Bureau\AntiVir PE Classic.lnk -> [Ver = | Size = 1851 bytes | Created Date = 14/08/2008 13:00:58 | Attr = ]
    DAEMON Tools Lite.lnk -> %AllUsersProfile%\Bureau\DAEMON Tools Lite.lnk -> [Ver = | Size = 733 bytes | Created Date = 02/08/2008 00:02:31 | Attr = ]
    Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Bureau\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 17/08/2008 11:57:10 | Attr = ]
    ATF-Cleaner.exe -> %UserProfile%\Bureau\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 18/08/2008 22:50:03 | Attr = ]
    ERUNT.lnk -> %UserProfile%\Bureau\ERUNT.lnk -> [Ver = | Size = 592 bytes | Created Date = 17/08/2008 11:36:27 | Attr = ]
    fix.reg -> %UserProfile%\Bureau\fix.reg -> [Ver = | Size = 737 bytes | Created Date = 17/08/2008 11:53:09 | Attr = ]
    HijackThis.lnk -> %UserProfile%\Bureau\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 13/08/2008 13:38:08 | Attr = ]
    NTREGOPT.lnk -> %UserProfile%\Bureau\NTREGOPT.lnk -> [Ver = | Size = 611 bytes | Created Date = 17/08/2008 11:36:27 | Attr = ]
    OTScanIt -> %UserProfile%\Bureau\OTScanIt -> [Folder | Created Date = 18/08/2008 23:15:27 | Attr = ]
    OTScanIt.exe -> %UserProfile%\Bureau\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 18/08/2008 23:11:15 | Attr = ]
    PhotoFiltre.lnk -> %UserProfile%\Bureau\PhotoFiltre.lnk -> [Ver = | Size = 718 bytes | Created Date = 05/08/2008 19:56:17 | Attr = ]
    Thumbs.db -> %UserProfile%\Bureau\Thumbs.db -> [Ver = | Size = 10752 bytes | Created Date = 06/08/2008 11:58:41 | Attr = HS]
    @Alternate Data Stream - 0 bytes -> %UserProfile%\Bureau\Thumbs.db:encryptable
    ERUNT AutoBackup.lnk -> %UserProfile%\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk -> [Ver = | Size = 767 bytes | Created Date = 17/08/2008 11:36:30 | Attr = ]
    speechengines -> %CommonProgramFiles%\speechengines -> [Folder | Created Date = 15/08/2008 13:35:21 | Attr = ]
    Avira -> %ProgramFiles%\Avira -> [Folder | Created Date = 14/08/2008 13:00:36 | Attr = ]
    DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite -> [Folder | Created Date = 02/08/2008 00:02:31 | Attr = ]
    DAEMON Tools Toolbar -> %ProgramFiles%\DAEMON Tools Toolbar -> [Folder | Created Date = 01/08/2008 23:46:30 | Attr = ]
    ERUNT -> %ProgramFiles%\ERUNT -> [Folder | Created Date = 17/08/2008 11:36:27 | Attr = ]
    Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 17/08/2008 11:57:06 | Attr = ]
    microsoft frontpage -> %ProgramFiles%\microsoft frontpage -> [Folder | Created Date = 15/08/2008 13:35:20 | Attr = ]
    movie maker -> %ProgramFiles%\movie maker -> [Folder | Created Date = 15/08/2008 13:35:21 | Attr = ]
    msn gaming zone -> %ProgramFiles%\msn gaming zone -> [Folder | Created Date = 15/08/2008 13:35:20 | Attr = ]
    netmeeting -> %ProgramFiles%\netmeeting -> [Folder | Created Date = 15/08/2008 13:35:20 | Attr = ]
    PhotoFiltre -> %ProgramFiles%\PhotoFiltre -> [Folder | Created Date = 05/08/2008 19:56:13 | Attr = ]
    xerox -> %ProgramFiles%\xerox -> [Folder | Created Date = 15/08/2008 13:35:21 | Attr = ]

    [Files/Folders - Modified Within 30 days]
    ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 17/08/2008 11:32:55 | Attr = ]
    Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 16/08/2008 15:54:04 | Attr = H ]
    Erunt -> %SystemDrive%\Erunt -> [Folder | Modified Date = 17/08/2008 11:44:16 | Attr = ]
    Program Files -> %ProgramFiles% -> [Folder | Modified Date = 19/08/2008 12:17:43 | Attr = R ]
    RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 16/08/2008 15:52:37 | Attr = HS]
    System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 17/08/2008 11:47:55 | Attr = HS]
    WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 19/08/2008 12:40:29 | Attr = ]
    etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 15/08/2008 13:35:36 | Attr = ]
    hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 15/08/2008 13:35:36 | Attr = ]
    hosts.msn -> %SystemRoot%\System32\drivers\etc\hosts.msn -> [Ver = | Size = 27 bytes | Modified Date = 15/08/2008 13:35:36 | Attr = ]
    mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 30/07/2008 20:07:52 | Attr = ]
    mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 30/07/2008 20:07:56 | Attr = ]
    CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 17/08/2008 20:19:58 | Attr = ]
    5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
    CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 19/08/2008 12:40:38 | Attr = ]
    CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak -> [Folder | Modified Date = 17/08/2008 20:19:58 | Attr = ]
    config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 17/08/2008 11:44:43 | Attr = ]
    CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 3072 bytes | Modified Date = 01/08/2008 15:30:30 | Attr = ]
    dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 15/08/2008 22:56:02 | Attr = RHS]
    drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 17/08/2008 11:57:09 | Attr = ]
    FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 192976 bytes | Modified Date = 05/08/2008 18:35:01 | Attr = ]
    perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 38722 bytes | Modified Date = 15/08/2008 13:40:41 | Attr = ]
    perfc00C.dat -> %SystemRoot%\System32\perfc00C.dat -> [Ver = | Size = 46920 bytes | Modified Date = 15/08/2008 13:40:41 | Attr = ]
    perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 309094 bytes | Modified Date = 15/08/2008 13:40:41 | Attr = ]
    perfh00C.dat -> %SystemRoot%\System32\perfh00C.dat -> [Ver = | Size = 364792 bytes | Modified Date = 15/08/2008 13:40:41 | Attr = ]
    PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 766082 bytes | Modified Date = 15/08/2008 13:40:38 | Attr = ]
    Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 17/08/2008 11:47:55 | Attr = ]
    wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 15/08/2008 13:35:21 | Attr = ]
    wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2278 bytes | Modified Date = 19/08/2008 11:58:28 | Attr = ]
    xircom -> %SystemRoot%\System32\xircom -> [Folder | Modified Date = 15/08/2008 13:35:21 | Attr = ]
    $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 15/08/2008 22:55:54 | Attr = H ]
    3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
    AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 16/08/2008 15:36:54 | Attr = ]
    avisplitter.INI -> %SystemRoot%\avisplitter.INI -> [Ver = | Size = 38 bytes | Modified Date = 31/07/2008 21:30:28 | Attr = ]
    bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 19/08/2008 11:58:24 | Attr = S]
    Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 17/08/2008 19:16:26 | Attr = ]
    Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 05/08/2008 18:17:57 | Attr = ]
    erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 17/08/2008 11:47:57 | Attr = ]
    Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 05/08/2008 18:19:38 | Attr = R S]
    ime -> %SystemRoot%\ime -> [Folder | Modified Date = 15/08/2008 13:35:21 | Attr = ]
    imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 15/08/2008 22:55:58 | Attr = ]
    inf -> %SystemRoot%\inf -> [Folder | Modified Date = 19/08/2008 12:43:14 | Attr = H ]
    Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 16/08/2008 15:54:05 | Attr = HS]
    LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 19/08/2008 12:40:30 | Attr = ]
    pchealth -> %SystemRoot%\pchealth -> [Folder | Modified Date = 15/08/2008 13:35:21 | Attr = ]
    Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 18/08/2008 22:50:51 | Attr = ]
    srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 15/08/2008 13:35:21 | Attr = ]
    system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 16/08/2008 15:37:43 | Attr = ]
    system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 17/08/2008 19:16:26 | Attr = ]
    Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 01/08/2008 14:44:01 | Attr = S]
    temp -> %SystemRoot%\temp -> [Folder | Modified Date = 19/08/2008 12:43:31 | Attr = ]
    win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 634 bytes | Modified Date = 15/08/2008 22:51:53 | Attr = ]
    C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [Folder | Modified Date = 27/04/2008 19:26:10 | Attr = ]
    hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 2315 bytes | Modified Date = 13/08/2008 18:16:12 | Attr = ]
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 03/02/2008 12:09:28 | Attr = ]
    qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5494 bytes | Modified Date = 19/08/2008 11:59:43 | Attr = ]
    qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5494 bytes | Modified Date = 19/08/2008 11:59:43 | Attr = ]
    C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Us
    19 Août 2008 17:37:33

    Alor je vien de me rencontre que le rapport n'ait pas en entier donc je recommence depui le début et je met petit bout par petit bou.





    [code]
    OTScanIt logfile created on: 19/08/2008 13:46:18
    OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Administrateur\Bureau\OTScanIt
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    223,48 Mb Total Physical Memory | 117,04 Mb Available Physical Memory | 52,37% Memory free
    978,03 Mb Paging File | 733,20 Mb Available in Paging File | 74,97% Paging File free
    Paging file location(s): C:\pagefile.sys 768 768;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 34,18 Gb Total Space | 24,59 Gb Free Space | 71,93% Space Free | Partition Type: NTFS
    Drive D: | 42,50 Gb Total Space | 6,00 Gb Free Space | 14,13% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: OXIDIUM
    Current User Name: Administrateur
    Logged in as Administrator.
    Current Boot Mode: Normal
    Scan Mode: Current user

    [Processes - Non-Microsoft Only]
    sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 8.00.00.16 | Size = 68865 bytes | Modified Date = 12/06/2008 14:46:25 | Attr = ]
    avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 8.00.01.27 | Size = 149761 bytes | Modified Date = 15/08/2008 14:01:32 | Attr = ]
    cdac11ba.exe -> %SystemRoot%\system32\drivers\CDAC11BA.EXE -> C-Dilla Ltd [Ver = 4.11.050 | Size = 39936 bytes | Modified Date = 24/02/2008 12:55:23 | Attr = ]
    soundman.exe -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 58 | Size = 577536 bytes | Modified Date = 17/11/2006 06:42:52 | Attr = ]
    vttimer.exe -> %SystemRoot%\system32\VTTimer.exe -> S3 Graphics, Inc. [Ver = 1.03.00.0820 | Size = 45056 bytes | Modified Date = 20/08/2003 05:56:14 | Attr = R ]
    hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 90.0.43.000 | Size = 49152 bytes | Modified Date = 11/03/2007 21:34:40 | Attr = ]
    avgnt.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 8.00.70.02 | Size = 266497 bytes | Modified Date = 12/06/2008 14:28:45 | Attr = ]
    hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 90.0.146.000 | Size = 210520 bytes | Modified Date = 11/03/2007 21:26:24 | Attr = ]
    hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Co. [Ver = 90.0.146.000 | Size = 151552 bytes | Modified Date = 11/03/2007 21:32:42 | Attr = ]
    otscanit.exe -> %UserProfile%\Bureau\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 12/07/2008 09:29:54 | Attr = ]

    [Win32 Services - Non-Microsoft Only]
    (AntiVirScheduler) Avira AntiVir Personal - Free Antivirus Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 8.00.00.16 | Size = 68865 bytes | Modified Date = 12/06/2008 14:46:25 | Attr = ]
    (AntiVirService) Avira AntiVir Personal - Free Antivirus Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 8.00.01.27 | Size = 149761 bytes | Modified Date = 15/08/2008 14:01:32 | Attr = ]
    (C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\drivers\CDAC11BA.EXE -> C-Dilla Ltd [Ver = 4.11.050 | Size = 39936 bytes | Modified Date = 24/02/2008 12:55:23 | Attr = ]
    (cisvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\cisvc.exe -> File not found
    (dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 03/08/2004 16:54:50 | Attr = ]

    [Driver Services - Non-Microsoft Only]
    (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alcxwdm.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.6220 built by: WinDDK | Size = 4027456 bytes | Modified Date = 25/01/2007 17:37:16 | Attr = ]
    (avgio) avgio [Kernel | System | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgio.sys -> Avira GmbH [Ver = 1.0.0.30 | Size = 11840 bytes | Modified Date = 27/02/2007 15:25:01 | Attr = ]
    (avgntflt) avgntflt [File_System | On_Demand | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -> Avira GmbH [Ver = 7.00.02.06 | Size = 52032 bytes | Modified Date = 20/05/2008 16:29:41 | Attr = ]
    (avipbb) avipbb [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avipbb.sys -> Avira GmbH [Ver = 1.00.2.31 | Size = 75072 bytes | Modified Date = 27/06/2008 15:03:55 | Attr = ]
    (CdaC15BA) CdaC15BA [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\CDAC15BA.SYS -> [Ver = | Size = 8864 bytes | Modified Date = 03/03/2008 21:52:35 | Attr = ]
    (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800256 bytes | Modified Date = 03/08/2004 16:46:08 | Attr = ]
    (dmio) Pilote de Gestionnaire de disque logique [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 154496 bytes | Modified Date = 03/08/2004 16:46:20 | Attr = ]
    (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 28/08/2001 08:00:00 | Attr = ]
    (FETNDIS) Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\fetnd5.sys -> VIA Technologies, Inc. [Ver = 2.66 | Size = 27165 bytes | Modified Date = 08/09/2004 19:41:44 | Attr = ]
    (HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZid412.sys -> HP [Ver = 10, 1, 0, 3 | Size = 49920 bytes | Modified Date = 08/03/2007 06:20:48 | Attr = R ]
    (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> HP [Ver = 10, 1, 0, 3 | Size = 16496 bytes | Modified Date = 08/03/2007 06:20:49 | Attr = R ]
    (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZius12.sys -> HP [Ver = 10, 1, 0, 3 | Size = 21568 bytes | Modified Date = 08/03/2007 06:20:50 | Attr = R ]
    (Ptilink) Pilote de liaison parallèle directe [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 28/08/2001 08:00:00 | Attr = ]
    (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 12:25:54 | Attr = ]
    (sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys -> [Ver = | Size = 717296 bytes | Modified Date = 14/07/2008 12:06:27 | Attr = ]
    (ssmdrv) ssmdrv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Modified Date = 01/03/2007 10:34:22 | Attr = ]
    (V0260VID) Live! Cam Vista IM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\V0260Vid.sys -> Creative Technology Ltd. [Ver = 1, 1, 3, 0 | Size = 178913 bytes | Modified Date = 04/11/2006 00:45:48 | Attr = R ]
    (viaagp1) VIA AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\VIAAGP1.SYS -> VIA Technologies, Inc. [Ver = 5.1.0.3442 built by: VIA | Size = 27904 bytes | Modified Date = 02/07/2003 05:42:00 | Attr = ]
    (viagfx) viagfx [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\vtmini.sys -> Copyright (C) VIA/S3 Graphics, Inc. [Ver = 6.14.10.0103-16.94.35.04 | Size = 133632 bytes | Modified Date = 19/12/2003 08:47:08 | Attr = R ]
    (viamraid) viamraid [Kernel | Boot | Stopped] -> %SystemRoot%\System32\drivers\viamraid.sys -> VIA Technologies inc,.ltd [Ver = 5.1.2600.300 | Size = 73600 bytes | Modified Date = 08/09/2004 12:07:10 | Attr = ]

    [Registry - Non-Microsoft Only]
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 11/01/2008 23:16:38 | Attr = ]
    avgnt -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe ["C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min] -> Avira GmbH [Ver = 8.00.70.02 | Size = 266497 bytes | Modified Date = 12/06/2008 14:28:45 | Attr = ]
    HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard Co. [Ver = 90.0.43.000 | Size = 49152 bytes | Modified Date = 11/03/2007 21:34:40 | Attr = ]
    SoundMan -> %SystemRoot%\soundman.exe [SOUNDMAN.EXE] -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 58 | Size = 577536 bytes | Modified Date = 17/11/2006 06:42:52 | Attr = ]
    VTTimer -> %SystemRoot%\system32\VTTimer.exe [VTTimer.exe] -> S3 Graphics, Inc. [Ver = 1.03.00.0820 | Size = 45056 bytes | Modified Date = 20/08/2003 05:56:14 | Attr = R ]
    < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
    IMAIL-> Installed = 1 ->
    MAPI-> Installed = 1 ->
    MSFS-> Installed = 1 ->
    < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    Creative WebCam Tray -> %ProgramFiles%\Creative\Shared Files\CamTray.exe ["C:\Program Files\Creative\Shared Files\CamTray.exe"] -> Creative Technology Ltd [Ver = 3.60.07 | Size = 299008 bytes | Modified Date = 27/10/2005 12:00:22 | Attr = ]
    DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe ["C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun] -> DT Soft Ltd [Ver = 4.30.1.0 | Size = 490952 bytes | Modified Date = 24/07/2008 17:02:06 | Attr = ]
    WINSOS VERIFY -> %ProgramFiles%\Winsos\WINSOS.EXE ["C:\Program Files\Winsos\WINSOS.EXE" MINI] -> File not found
    < Administrateur Startup Folder > -> C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage ->
    %UserProfile%\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [Ver = | Size = 38912 bytes | Modified Date = 20/10/2005 12:04:08 | Attr = ]
    < All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage ->
    %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 90.0.146.000 | Size = 210520 bytes | Modified Date = 11/03/2007 21:26:24 | Attr = ]
    < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
    {38B9D19D-021A-4282-A2BD-F9E40DCBA8C9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\fccaYqQh.dll [] -> File not found
    < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
    Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1037312 bytes | Modified Date = 13/06/2007 15:22:28 | Attr = ]
    *MultiFile Done* -> ->
    *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
    C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25088 bytes | Modified Date = 03/08/2004 16:55:02 | Attr = ]
    *MultiFile Done* -> ->
    *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
    logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 2767360 bytes | Modified Date = 09/06/2006 11:09:53 | Attr = ]
    *MultiFile Done* -> ->
    *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
    rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8510976 bytes | Modified Date = 25/10/2007 18:56:24 | Attr = ]
    Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 305152 bytes | Modified Date = 03/08/2004 16:55:04 | Attr = ]
    *MultiFile Done* -> ->
    < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
    awtqQKBR -> -> File not found
    fccaYqQh -> -> File not found
    WgaLogon -> %SystemRoot%\system32\WgaLogon.dll -> Microsoft Corp. [Ver = 1.5.0532.0 | Size = 3584 bytes | Modified Date = 26/10/2001 21:27:00 | Attr = ]
    < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\NoChooseProgramsPage -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RUN\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\UNINSTALL\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WINDOWSUPDATE\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\ -> ->
    < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\NoChooseProgramsPage -> 1 ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\HideZoneInfoOnProperties -> 1 ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\SaveZoneInformation -> 1 ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoDriveTypeAutoRun -> 145 ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\DISALLOWCPL\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\DISALLOWRUN\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RESTRICTCPL\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RESTRICTRUN\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RUN\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\disableregistrytools -> 0 ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\UNINSTALL\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WINDOWSUPDATE\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\ -> ->
    < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
    *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
    SCSI miniport -> -> File not found
    *MultiFile Done* -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> Pilote de CD-ROM ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 08/09/2004 17:41:20 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
    *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
    NEC MBR-7 -> -> File not found
    NEC MBR-7.4 -> -> File not found
    PIONEER CHANGR DRM-1804X -> -> File not found
    PIONEER CD-ROM DRM-6324X -> -> File not found
    PIONEER CD-ROM DRM-624X -> -> File not found
    TORiSAN CD-ROM CDR_C36 -> -> File not found
    *MultiFile Done* -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_CD/DVDW_SH-W162C_______________TS09____\5&180c8b53&0&0.0.0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> SCSI\CdRom&Ven_LALIXUF&Prod_9UF8P2N89YN4&Rev_1.03\5&36e5972&0&000 ->
    < Drives - Autoruns > -> ->
    AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 02/02/2008 20:45:17 | Attr = ]
    < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
    HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
    HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
    HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
    HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese... ->
    HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
    HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese... ->
    HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
    < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
    HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.google.com/ie ->
    HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
    HKEY_CURRENT_USER\: Main\\Search Bar -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese... ->
    HKEY_CURRENT_USER\: Main\\Start Page -> http://www.daemon-search.com/startpage ->
    HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[gogl] ->
    HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
    < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
    {053F9267-DC04-4294-A72C-58F732D338C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_framework.dll [HP Print Clips] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 177768 bytes | Modified Date = 02/03/2007 16:52:08 | Attr = R ]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Aide pour le lien d'Adobe PDF Reader] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 23/10/2006 00:08:42 | Attr = ]
    {38B9D19D-021A-4282-A2BD-F9E40DCBA8C9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\fccaYqQh.dll [Reg Error: Value does not exist or could not be read.] -> File not found
    {54A0D8BE-38CD-495F-BFC5-3AD015BE368B} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\yayyaxwV.dll [Reg Error: Value does not exist or could not be read.] -> File not found
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
    {58ECB495-38F0-49cb-A538-10282ABF65E7}:{E763472E-A716-4CD9-89BD-DBDA6122F741} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [Livre de reliures HP] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 02/03/2007 16:53:20 | Attr = R ]
    {700259D7-1666-479a-93B1-3250410481E8}:{A93C41D8-01F8-4F8B-B14C-DE20B117E636} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [Sélection intelligente HP] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 02/03/2007 16:53:20 | Attr = R ]
    < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
    CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found
    CmdMapping\\{58ECB495-38F0-49cb-A538-10282ABF65E7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [Livre de reliures HP] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 02/03/2007 16:53:20 | Attr = R ]
    CmdMapping\\{700259D7-1666-479a-93B1-3250410481E8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [Sélection intelligente HP] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 02/03/2007 16:53:20 | Attr = R ]
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
    PluginsPageFriendlyName -> Bibliothèque de contrôles ActiveX Microsoft ->
    PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&m... ->
    < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
    {20FE3997-4CBC-400E-9A5A-996DF47050A7} -> (Carte VIA PCI 10/100Mo Fast Ethernet) ->
    {D01C40C5-F728-4FF5-B1F9-B27EE1D2A90B} -> () ->
    < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
    msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
    {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/direc...[Shockwave ActiveX Control] ->
    {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash...[Shockwave Flash Object] ->
    {F6ACF75C-C32C-447B-9BEF-46B766368D29}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID....[Creative Software AutoUpdate Support Package] ->
    < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\\.Owner -> Unknown Owner ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Creative/Shared Files/Software Update/CTPID.ocx\\{F6ACF75C-C32C-447B-9BEF-46B766368D29} -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> ->
    19 Août 2008 17:40:30

    Suite:




    [Registry - Additional Scans - Non-Microsoft Only]
    < BotCheck > -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\NoAuto Update -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
    *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
    msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 03/08/2004 16:54:36 | Attr = ]
    *MultiFile Done* -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
    *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
    kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 19:50:31 | Attr = ]
    msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 03/08/2004 16:54:36 | Attr = ]
    schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 16:22:35 | Attr = ]
    wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 03/08/2004 16:54:46 | Attr = ]
    *MultiFile Done* -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1296 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
    *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
    scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 186368 bytes | Modified Date = 03/08/2004 16:54:38 | Attr = ]
    *MultiFile Done* -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
    *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
    Windows NT Access Provider -> -> File not found
    *MultiFile Done* -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 119808 bytes | Modified Date = 03/08/2004 16:54:36 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 56 80 63 E7 F3 D9 FF F8 31 E4 8A 08 CB 7B 01 16 66 31 35 37 33 65 61 38 00 FD 07 00 2A 3A 00 00 34 FA 07 00 56 82 74 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 68 06 0F F9 07 EB 57 07 46 3A B7 F1 [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 0F 19 DF A2 8A 39 FB 83 A8 [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 1A 89 95 FA 9A 55 [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 28/08/2001 08:00:00 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 13 AE EC 86 1C C8 DA 33 63 A4 61 DA 44 51 B8 78 [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 56 30 99 87 60 00 C9 01 [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 D0 FE C3 69 79 C4 01 [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 84 C3 C8 69 79 C4 01 [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 B1 F4 C9 69 79 C4 01 [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique. ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Pare-feu Windows / Partage de connexion Internet ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 03/08/2004 16:55:02 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11482 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 332800 bytes | Modified Date = 03/08/2004 16:54:30 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142336 bytes | Modified Date = 03/08/2004 16:55:02 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18/10/2007 12:34:04 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142336 bytes | Modified Date = 03/08/2004 16:55:02 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18/10/2007 12:34:04 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 17/04/2008 23:11:42 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\RemoteAdminSettings\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\RemoteAdminSettings\\Enabled -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 03/08/2004 16:55:02 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Mises à jour automatiques ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Active le téléchargement et l'installation des mises à jour Windows. Si ce service est désactivé, cet ordinateur ne pourra pas utiliser la fonctionnalité des mises à jour automatiques ou le site Windows Update. ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 03/08/2004 16:54:48 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 4 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 75264 bytes | Modified Date = 03/08/2004 16:55:02 | Attr = ]
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
    *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService ->
    RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 06:40:00 | Attr = ]
    TCPIP -> -> File not found
    NTLMSSP -> -> File not found
    *MultiFile Done* -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Permet à un utilisateur distant de se connecter au système et d'exécuter des programmes, et prend en charge divers clients Telnet TCP/IP dont les ordinateurs sous UNIX et sous Windows. Si ce service est arrêté, l'utilisateur peut ne plus avoir accès à distance aux programmes. Si ce service est désactivé, les services qui en dépendent explicitement ne pourront pas démarrer. ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
    19 Août 2008 18:21:23

    Puis la derniere partit:




    [Files/Folders - Created Within 30 days]
    ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 17/08/2008 11:32:32 | Attr = ]
    Erunt -> %SystemDrive%\Erunt -> [Folder | Created Date = 17/08/2008 11:44:16 | Attr = ]
    RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 16/08/2008 15:52:37 | Attr = HS]
    avgntdd.sys -> %SystemRoot%\System32\drivers\avgntdd.sys -> Avira GmbH [Ver = 7.00.00.02 | Size = 45376 bytes | Created Date = 14/08/2008 13:00:41 | Attr = ]
    avgntmgr.sys -> %SystemRoot%\System32\drivers\avgntmgr.sys -> Avira GmbH [Ver = 6.37.01.02 | Size = 22336 bytes | Created Date = 14/08/2008 13:00:41 | Attr = ]
    avipbb.sys -> %SystemRoot%\System32\drivers\avipbb.sys -> Avira GmbH [Ver = 1.00.2.31 | Size = 75072 bytes | Created Date = 14/08/2008 13:00:38 | Attr = ]
    mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 17/08/2008 11:57:09 | Attr = ]
    mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 17/08/2008 11:57:08 | Attr = ]
    ssmdrv.sys -> %SystemRoot%\System32\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Created Date = 14/08/2008 13:00:41 | Attr = ]
    CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak -> [Folder | Created Date = 17/08/2008 19:16:26 | Attr = ]
    5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
    tsccvid.dll -> %SystemRoot%\System32\tsccvid.dll -> TechSmith Corporation [Ver = 2.0.4 | Size = 110592 bytes | Created Date = 01/08/2008 23:19:40 | Attr = ]
    xircom -> %SystemRoot%\System32\xircom -> [Folder | Created Date = 15/08/2008 13:35:21 | Attr = ]
    Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Created Date = 05/08/2008 18:17:57 | Attr = ]
    3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
    erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 15/08/2008 13:30:41 | Attr = ]
    LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 19/08/2008 12:40:29 | Attr = ]
    srchasst -> %SystemRoot%\srchasst -> [Folder | Created Date = 15/08/2008 13:35:21 | Attr = ]
    temp -> %SystemRoot%\temp -> [Folder | Created Date = 16/08/2008 15:43:13 | Attr = ]
    [Files Created - Additional Folder Scans - Non-Microsoft Only]
    Avira -> %AllUsersProfile%\Application Data\Avira -> [Folder | Created Date = 14/08/2008 13:00:36 | Attr = ]
    Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 01/08/2008 15:37:33 | Attr = ]
    Leadertech -> %AppData%\Leadertech -> [Folder | Created Date = 05/08/2008 18:40:07 | Attr = ]
    Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 01/08/2008 15:37:49 | Attr = ]
    Sun -> %AppData%\Sun -> [Folder | Created Date = 15/08/2008 14:10:25 | Attr = ]
    le royaume-french dvdrip _xvid[1].avi [mininova].torrent -> %UserProfile%\Mes documents\le royaume-french dvdrip _xvid[1].avi [mininova].torrent -> [Ver = | Size = 28458 bytes | Created Date = 02/08/2008 19:16:24 | Attr = ]
    Mes dossiers de partage.lnk -> %UserProfile%\Mes documents\Mes dossiers de partage.lnk -> [Ver = | Size = 583 bytes | Created Date = 21/07/2008 12:22:49 | Attr = ]
    Mes Historiques de Conversation -> %UserProfile%\Mes documents\Mes Historiques de Conversation -> [Folder | Created Date = 15/08/2008 12:55:59 | Attr = ]
    AntiVir PE Classic.lnk -> %AllUsersProfile%\Bureau\AntiVir PE Classic.lnk -> [Ver = | Size = 1851 bytes | Created Date = 14/08/2008 13:00:58 | Attr = ]
    DAEMON Tools Lite.lnk -> %AllUsersProfile%\Bureau\DAEMON Tools Lite.lnk -> [Ver = | Size = 733 bytes | Created Date = 02/08/2008 00:02:31 | Attr = ]
    Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Bureau\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 17/08/2008 11:57:10 | Attr = ]
    ATF-Cleaner.exe -> %UserProfile%\Bureau\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 18/08/2008 22:50:03 | Attr = ]
    ERUNT.lnk -> %UserProfile%\Bureau\ERUNT.lnk -> [Ver = | Size = 592 bytes | Created Date = 17/08/2008 11:36:27 | Attr = ]
    fix.reg -> %UserProfile%\Bureau\fix.reg -> [Ver = | Size = 737 bytes | Created Date = 17/08/2008 11:53:09 | Attr = ]
    HijackThis.lnk -> %UserProfile%\Bureau\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 13/08/2008 13:38:08 | Attr = ]
    NTREGOPT.lnk -> %UserProfile%\Bureau\NTREGOPT.lnk -> [Ver = | Size = 611 bytes | Created Date = 17/08/2008 11:36:27 | Attr = ]
    OTScanIt -> %UserProfile%\Bureau\OTScanIt -> [Folder | Created Date = 18/08/2008 23:15:27 | Attr = ]
    OTScanIt.exe -> %UserProfile%\Bureau\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 18/08/2008 23:11:15 | Attr = ]
    PhotoFiltre.lnk -> %UserProfile%\Bureau\PhotoFiltre.lnk -> [Ver = | Size = 718 bytes | Created Date = 05/08/2008 19:56:17 | Attr = ]
    Thumbs.db -> %UserProfile%\Bureau\Thumbs.db -> [Ver = | Size = 10752 bytes | Created Date = 06/08/2008 11:58:41 | Attr = HS]
    @Alternate Data Stream - 0 bytes -> %UserProfile%\Bureau\Thumbs.db:encryptable
    ERUNT AutoBackup.lnk -> %UserProfile%\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk -> [Ver = | Size = 767 bytes | Created Date = 17/08/2008 11:36:30 | Attr = ]
    speechengines -> %CommonProgramFiles%\speechengines -> [Folder | Created Date = 15/08/2008 13:35:21 | Attr = ]
    Avira -> %ProgramFiles%\Avira -> [Folder | Created Date = 14/08/2008 13:00:36 | Attr = ]
    DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite -> [Folder | Created Date = 02/08/2008 00:02:31 | Attr = ]
    DAEMON Tools Toolbar -> %ProgramFiles%\DAEMON Tools Toolbar -> [Folder | Created Date = 01/08/2008 23:46:30 | Attr = ]
    ERUNT -> %ProgramFiles%\ERUNT -> [Folder | Created Date = 17/08/2008 11:36:27 | Attr = ]
    Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 17/08/2008 11:57:06 | Attr = ]
    microsoft frontpage -> %ProgramFiles%\microsoft frontpage -> [Folder | Created Date = 15/08/2008 13:35:20 | Attr = ]
    movie maker -> %ProgramFiles%\movie maker -> [Folder | Created Date = 15/08/2008 13:35:21 | Attr = ]
    msn gaming zone -> %ProgramFiles%\msn gaming zone -> [Folder | Created Date = 15/08/2008 13:35:20 | Attr = ]
    netmeeting -> %ProgramFiles%\netmeeting -> [Folder | Created Date = 15/08/2008 13:35:20 | Attr = ]
    PhotoFiltre -> %ProgramFiles%\PhotoFiltre -> [Folder | Created Date = 05/08/2008 19:56:13 | Attr = ]
    xerox -> %ProgramFiles%\xerox -> [Folder | Created Date = 15/08/2008 13:35:21 | Attr = ]

    [Files/Folders - Modified Within 30 days]
    ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 17/08/2008 11:32:55 | Attr = ]
    Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 16/08/2008 15:54:04 | Attr = H ]
    Erunt -> %SystemDrive%\Erunt -> [Folder | Modified Date = 17/08/2008 11:44:16 | Attr = ]
    Program Files -> %ProgramFiles% -> [Folder | Modified Date = 19/08/2008 12:17:43 | Attr = R ]
    RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 16/08/2008 15:52:37 | Attr = HS]
    System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 17/08/2008 11:47:55 | Attr = HS]
    WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 19/08/2008 12:40:29 | Attr = ]
    etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 15/08/2008 13:35:36 | Attr = ]
    hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 15/08/2008 13:35:36 | Attr = ]
    hosts.msn -> %SystemRoot%\System32\drivers\etc\hosts.msn -> [Ver = | Size = 27 bytes | Modified Date = 15/08/2008 13:35:36 | Attr = ]
    mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 30/07/2008 20:07:52 | Attr = ]
    mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 30/07/2008 20:07:56 | Attr = ]
    CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 17/08/2008 20:19:58 | Attr = ]
    5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
    CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 19/08/2008 12:40:38 | Attr = ]
    CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak -> [Folder | Modified Date = 17/08/2008 20:19:58 | Attr = ]
    config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 17/08/2008 11:44:43 | Attr = ]
    CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 3072 bytes | Modified Date = 01/08/2008 15:30:30 | Attr = ]
    dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 15/08/2008 22:56:02 | Attr = RHS]
    drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 17/08/2008 11:57:09 | Attr = ]
    FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 192976 bytes | Modified Date = 05/08/2008 18:35:01 | Attr = ]
    perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 38722 bytes | Modified Date = 15/08/2008 13:40:41 | Attr = ]
    perfc00C.dat -> %SystemRoot%\System32\perfc00C.dat -> [Ver = | Size = 46920 bytes | Modified Date = 15/08/2008 13:40:41 | Attr = ]
    perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 309094 bytes | Modified Date = 15/08/2008 13:40:41 | Attr = ]
    perfh00C.dat -> %SystemRoot%\System32\perfh00C.dat -> [Ver = | Size = 364792 bytes | Modified Date = 15/08/2008 13:40:41 | Attr = ]
    PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 766082 bytes | Modified Date = 15/08/2008 13:40:38 | Attr = ]
    Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 17/08/2008 11:47:55 | Attr = ]
    wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 15/08/2008 13:35:21 | Attr = ]
    wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2278 bytes | Modified Date = 19/08/2008 11:58:28 | Attr = ]
    xircom -> %SystemRoot%\System32\xircom -> [Folder | Modified Date = 15/08/2008 13:35:21 | Attr = ]
    $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 15/08/2008 22:55:54 | Attr = H ]
    3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
    AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 16/08/2008 15:36:54 | Attr = ]
    avisplitter.INI -> %SystemRoot%\avisplitter.INI -> [Ver = | Size = 38 bytes | Modified Date = 31/07/2008 21:30:28 | Attr = ]
    bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 19/08/2008 11:58:24 | Attr = S]
    Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 17/08/2008 19:16:26 | Attr = ]
    Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 05/08/2008 18:17:57 | Attr = ]
    erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 17/08/2008 11:47:57 | Attr = ]
    Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 05/08/2008 18:19:38 | Attr = R S]
    ime -> %SystemRoot%\ime -> [Folder | Modified Date = 15/08/2008 13:35:21 | Attr = ]
    imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 15/08/2008 22:55:58 | Attr = ]
    inf -> %SystemRoot%\inf -> [Folder | Modified Date = 19/08/2008 12:43:14 | Attr = H ]
    Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 16/08/2008 15:54:05 | Attr = HS]
    LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 19/08/2008 12:40:30 | Attr = ]
    pchealth -> %SystemRoot%\pchealth -> [Folder | Modified Date = 15/08/2008 13:35:21 | Attr = ]
    Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 18/08/2008 22:50:51 | Attr = ]
    srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 15/08/2008 13:35:21 | Attr = ]
    system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 16/08/2008 15:37:43 | Attr = ]
    system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 17/08/2008 19:16:26 | Attr = ]
    Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 01/08/2008 14:44:01 | Attr = S]
    temp -> %SystemRoot%\temp -> [Folder | Modified Date = 19/08/2008 12:43:31 | Attr = ]
    win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 634 bytes | Modified Date = 15/08/2008 22:51:53 | Attr = ]
    C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [Folder | Modified Date = 27/04/2008 19:26:10 | Attr = ]
    hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 2315 bytes | Modified Date = 13/08/2008 18:16:12 | Attr = ]
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 03/02/2008 12:09:28 | Attr = ]
    qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5494 bytes | Modified Date = 19/08/2008 11:59:43 | Attr = ]
    qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5494 bytes | Modified Date = 19/08/2008 11:59:43 | Attr = ]
    C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 02/02/2008 23:32:32 | Attr = ]
    opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 02/02/2008 23:32:32 | Attr = ]
    [Files Modified - Additional Folder Scans - Non-Microsoft Only]
    Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 05/08/2008 18:19:36 | Attr = ]
    Avira -> %AllUsersProfile%\Application Data\Avira -> [Folder | Modified Date = 14/08/2008 13:00:36 | Attr = ]
    Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 01/08/2008 15:37:33 | Attr = ]
    HPAppData -> %AppData%\HPAppData -> [Folder | Modified Date = 19/08/2008 12:18:26 | Attr = ]
    Leadertech -> %AppData%\Leadertech -> [Folder | Modified Date = 05/08/2008 18:40:08 | Attr = ]
    Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 01/08/2008 15:37:49 | Attr = ]
    Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 11/08/2008 11:50:24 | Attr = S]
    Sun -> %AppData%\Sun -> [Folder | Modified Date = 15/08/2008 14:10:25 | Attr = ]
    uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 18/08/2008 23:27:24 | Attr = ]
    DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 6144 bytes | Modified Date = 05/08/2008 18:47:54 | Attr = ]
    GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 40160 bytes | Modified Date = 05/08/2008 18:35:47 | Attr = ]
    Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Modified Date = 05/08/2008 20:10:47 | Attr = ]
    IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4235368 bytes | Modified Date = 18/08/2008 23:27:16 | Attr = H ]
    Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 17/08/2008 11:24:55 | Attr = ]
    le royaume-french dvdrip _xvid[1].avi [mininova].torrent -> %UserProfile%\Mes documents\le royaume-french dvdrip _xvid[1].avi [mininova].torrent -> [Ver = | Size = 28458 bytes | Modified Date = 02/08/2008 19:16:24 | Attr = ]
    Mes dossiers de partage.lnk -> %UserProfile%\Mes documents\Mes dossiers de partage.lnk -> [Ver = | Size = 583 bytes | Modified Date = 19/08/2008 12:11:28 | Attr = ]
    Mes fichiers reçus -> %UserProfile%\Mes documents\Mes fichiers reçus -> [Folder | Modified Date = 12/08/2008 12:57:25 | Attr = ]
    Mes Historiques de Conversation -> %UserProfile%\Mes documents\Mes Historiques de Conversation -> [Folder | Modified Date = 15/08/2008 12:55:59 | Attr = ]
    Mes images -> %UserProfile%\Mes documents\Mes images -> [Folder | Modified Date = 05/08/2008 13:30:39 | Attr = R ]
    AntiVir PE Classic.lnk -> %AllUsersProfile%\Bureau\AntiVir PE Classic.lnk -> [Ver = | Size = 1851 bytes | Modified Date = 14/08/2008 13:00:58 | Attr = ]
    DAEMON Tools Lite.lnk -> %AllUsersProfile%\Bureau\DAEMON Tools Lite.lnk -> [Ver = | Size = 733 bytes | Modified Date = 02/08/2008 00:02:32 | Attr = ]
    Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Bureau\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 17/08/2008 11:57:10 | Attr = ]
    Alex -> %UserProfile%\Bureau\Alex -> [Folder | Modified Date = 18/08/2008 21:54:43 | Attr = R ]
    ATF-Cleaner.exe -> %UserProfile%\Bureau\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 18/08/2008 22:50:04 | Attr = ]
    Christelle -> %UserProfile%\Bureau\Christelle -> [Folder | Modified Date = 18/08/2008 22:32:58 | Attr = R ]
    ERUNT.lnk -> %UserProfile%\Bureau\ERUNT.lnk -> [Ver = | Size = 592 bytes | Modified Date = 17/08/2008 11:36:27 | Attr = ]
    fix.reg -> %UserProfile%\Bureau\fix.reg -> [Ver = | Size = 737 bytes | Modified Date = 17/08/2008 11:53:20 | Attr = ]
    HijackThis.lnk -> %UserProfile%\Bureau\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 13/08/2008 13:38:24 | Attr = ]
    NTREGOPT.lnk -> %UserProfile%\Bureau\NTREGOPT.lnk -> [Ver = | Size = 611 bytes | Modified Date = 17/08/2008 11:36:27 | Attr = ]
    OTScanIt -> %UserProfile%\Bureau\OTScanIt -> [Folder | Modified Date = 18/08/2008 23:15:27 | Attr = ]
    OTScanIt.exe -> %UserProfile%\Bureau\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 18/08/2008 23:11:18 | Attr = ]
    PhotoFiltre.lnk -> %UserProfile%\Bureau\PhotoFiltre.lnk -> [Ver = | Size = 718 bytes | Modified Date = 05/08/2008 19:56:17 | Attr = ]
    Thumbs.db -> %UserProfile%\Bureau\Thumbs.db -> [Ver = | Size = 10752 bytes | Modified Date = 11/08/2008 14:17:54 | Attr = HS]
    @Alternate Data Stream - 0 bytes -> %UserProfile%\Bureau\Thumbs.db:encryptable
    ERUNT AutoBackup.lnk -> %UserProfile%\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk -> [Ver = | Size = 767 bytes | Modified Date = 17/08/2008 11:36:30 | Attr = ]
    Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 15/08/2008 13:35:21 | Attr = ]
    speechengines -> %CommonProgramFiles%\speechengines -> [Folder | Modified Date = 15/08/2008 13:35:21 | Attr = ]

    < End of report >
    [/code]
    19 Août 2008 21:23:48

    Re,

    Regarde avec attention la fin de mon précédent message, je t'ai expliqué comment faire pour poster le rapport. Il faut le mettre sur mediafire.

    ;) 
    19 Août 2008 21:36:26

    re

    C'est bon je les mis sur mediafire, je dois faire quoi mintenan, vous envoyé l'adresse?
    19 Août 2008 22:36:13

    Oui :) 
    20 Août 2008 15:49:33

    Re,

    Le lien n'est pas bon, tu m'as donné celui de ton compte, et donc normal, je n'y ai pas accès.

    Tu dois me donner le lien de téléchargement public pour le fichier que je t'ai demandé d'uploader.

    ;) 
    20 Août 2008 22:27:59

    Re,

    1) => Utilise ERUNT pour sauvegarder ton registre
    http://www.zebulon.fr/dossiers/57-6-sauvegarder-base-de...
    En cas de problème, il te sera ainsi possible d'annuler la manipulation,
    /!\ Etape importante à ne pas sauter ! /!\

    2) Ouvrez le dossier OTScanIt et faites un double clic sur OTScanIt.exe pour lancer le programme (si vous êtes sous Windows Vista, faites un clic droit sur le programme et choisissez Exécuter en tant qu'Administrateur).

    Faites un copier/coller des informations de la zone Code ci-dessous dans la zone de saisie intitulée "Paste fix here" puis cliquez sur le bouton Run Fix.

    [Win32 Services - Non-Microsoft Only]
    YY -> (cisvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\cisvc.exe
    [Registry - Non-Microsoft Only]
    < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YN -> WINSOS VERIFY -> %ProgramFiles%\Winsos\WINSOS.EXE ["C:\Program Files\Winsos\WINSOS.EXE" MINI]
    < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    YN -> {38B9D19D-021A-4282-A2BD-F9E40DCBA8C9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\fccaYqQh.dll []
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    YN -> awtqQKBR ->
    YN -> fccaYqQh ->
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    YN -> {38B9D19D-021A-4282-A2BD-F9E40DCBA8C9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\fccaYqQh.dll [Reg Error: Value does not exist or could not be read.]
    YN -> {54A0D8BE-38CD-495F-BFC5-3AD015BE368B} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\yayyaxwV.dll [Reg Error: Value does not exist or could not be read.]
    < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
    YN -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.]
    [Files Created - Additional Folder Scans - Non-Microsoft Only]
    NY -> fix.reg -> %UserProfile%\Bureau\fix.reg
    [Files/Folders - Modified Within 30 days]
    NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    [Files Modified - Additional Folder Scans - Non-Microsoft Only]
    NY -> fix.reg -> %UserProfile%\Bureau\fix.reg


    L'exécution devrait être très rapide. Lorsque la correction est terminée, soit vous verrez un message vous annonçant que c'est fini (finished), soit vous serez invité à faire redémarrer le PC pour terminer l'exécution. Si c'est fini, cliquez sur le bouton Ok et le Bloc-notes va s'ouvrir pour afficher un rapport de toutes les actions réalisées. Envoyez ces informations en réponse.

    Si un redémarrage est nécessaire, cliquez sur le bouton "Yes" pour faire redémarrer la machine. Après ce redémarrage, OTScanIt va finir de déplacer les fichiers qui ne pouvaient pas l'être précédemment, puis le Bloc-notes va s'ouvrir et afficher à ce moment-là les résultats finaux. Envoyez ces informations en réponse.

    ;) 
    20 Août 2008 22:50:39

    re,

    Voici le rapport:

    [Win32 Services - Non-Microsoft Only]
    Service cisvc stopped successfully.
    Service cisvc deleted successfully.
    File C:\WINDOWS\system32\cisvc.exe not found.
    [Registry - Non-Microsoft Only]
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WINSOS VERIFY deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{38B9D19D-021A-4282-A2BD-F9E40DCBA8C9} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38B9D19D-021A-4282-A2BD-F9E40DCBA8C9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtqQKBR\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccaYqQh\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38B9D19D-021A-4282-A2BD-F9E40DCBA8C9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38B9D19D-021A-4282-A2BD-F9E40DCBA8C9}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54A0D8BE-38CD-495F-BFC5-3AD015BE368B}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54A0D8BE-38CD-495F-BFC5-3AD015BE368B}\ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
    [Files Created - Additional Folder Scans - Non-Microsoft Only]
    C:\Documents and Settings\Administrateur\Bureau\fix.reg moved successfully.
    [Files/Folders - Modified Within 30 days]
    File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
    [Files Modified - Additional Folder Scans - Non-Microsoft Only]
    File C:\Documents and Settings\Administrateur\Bureau\fix.reg not found!
    < End of fix log >
    OTScanIt by OldTimer - Version 1.0.16.2 fix logfile created on 08202008_224533

    Files moved on Reboot...
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat moved successfully.
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat moved successfully.
    20 Août 2008 22:52:45

    Re,

    Poste un nouveau rapport HijackThis.

    Comment va le PC ? Toujours des problèmes ?

    ;) 
    21 Août 2008 07:40:30

    re,

    Non, le PC marche tré tré bien, il y a plus aucun beug, plus rien, je te remerci beaucoup. Et es que mintenant toute les manipulation son faite?


    Voici le rapport:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:35, on 21/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID....
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

    --
    End of file - 5347 bytes
    21 Août 2008 11:46:34

    Re,

    Suis ces étapes pour désinstaller proprement combofix et les tools que nous avons utilisés pendant la désinfection

  • Menu démarrer puis exécuter
  • Tape maintenant Combofix /u dans la fenêtre que apparaît puis valide par OK. Veille à bien laisser un espace entre le X et le /U, car cela est nécessaire ici.


    Passe à la version 9.0 d'Adobe Acrobate Reader ;) 

    Si tu n'as pas de pare-feu :

    Installe un parefeu :
    Je t'en propose plusieurs (à toi de choisir!) :
    Sygate, Oupost, Kerio, ou encore Zone Alarm, etc ....
    Désactive le parefeu de Windows (tuto) après avoir installé un nouveau parefeu.

    ***

    Prévention :

    - Nettoyage des fichiers temporaires :

    Télécharge Ccleaner sur ton Bureau.

  • Clique sur "download the latest version"
  • Installe-le en laissant seulement les options suivantes cochées :
    - Ajouter un raccourci sur le Bureau
    - Contrôler automatiquement les mises à jour de CCleaner
  • Lance le Nettoyage
  • Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

    Aide : Comment utiliser CCleaner.


    Telecharge ATFcleaner sur ton Bureau.

  • Double-clique sur l'exécutable téléchargé.
  • Dans l'onglet Main, coche simplement la case Select All (toutes les cases vont se cocher) puis sur le bouton Empty Selected.
  • Si tu possèdes Firefox ou Opera comme navigateur, pense à choisir ton navigateur en haut a gauche avant de sélectionner Select All puis Empty Selected.
  • Puis réponds Non au message qui s'affiche, si tu ne souhaites pas perdre tes mots de passe.

    Aide : Comment utiliser AFTCleaner.

    -- Restauration Système :

    Désactive-Réactive la restauration système.

    Méthode XP :
    Clique sur Démarrer, fais un clique droit sur le Poste de travail puis clique sur Propiétés. Sélectionne l'onglet Restauration du Système.
    Dans cet onglet, coche la case Désactiver la Restauration du système sur tous les lecteurs.
    Un message de confirmation va apparaître. Clique sur Oui, puis OK. Fais redémarrer ton ordinateur pour que les changements soient bien pris en compte.
    Pour réactiver la restauration système, il suffit de décocher cette même case et de faire redémarrer ton ordinateur (en ayant suivi les mêmes étapes).

    Méthode Vista :
    Clique sur Démarrer, fais un clique droit sur Ordinateur, puis clique sur Propriétés. Clique à gauche sur Paramètres système avancés. Sélectionne l'onglet Protection du Système.
    Dans cet onglet, décoche (une par une) tes partitions, un message de confirmation va apparaître, clique sur Désactiver la protection du système, Clique sur Appliquer, puis OK.
    Fais redémarrer ton ordinateur pour que les changements soient bien pris en compte.
    Pour réactiver la restauration système, il suffit de décocher cette même case et de faire redémarrer ton ordinateur (en ayant suivi les mêmes étapes).

    Aide : Comment Désactiver-Réactiver la Restauration Système.

    --- Affichage normal des fichiers :

    Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
    - Décoche Afficher les fichiers et dossiers cachés
    - Coche Masquer les fichiers protégés du système d'exploitation (recommandé)
    clique sur Appliquer, puis OK.

    ---- Suppression des outils installés :

    Télécharge ToolsCleaner2 (de A.Rothstein)

  • Installe le sur ton Bureau.
  • Clique sur Recherche pour lancer le scan.
  • Clique sur Supprimer pour nettoyer les outils utilisés.
  • Clique sur Quitter.
  • Supprime maintenant ToolsCleaner.

    ----- Remise en place des protections, protection du système avec les Mises à Jour ! :

    Je t'invite maintenant à (ré)activer toutes tes protections résidentes (Antivirus, Antispyware, Firewall..).
    Tu dois avoir accès à tes protections dans la zone systray à côté de la barre des tâches. Si tu as des difficultés, n'hésite pas à me questionner !
    Si ce n'est pas fait, assure-toi que les Mises à jour Automatiques Windows soient activées !
    Mets tes Softwares correctement à jour (Java, Adobe, Flash ..) grâce à Sotware Inspector (chez Secunia)

    Un petit mot à propos de Java :

    Une fois la nouvelle version téléchargée, installe-la et fais redémarrer ton ordinateur.
    Hélas, les anciennes version de Java (qui contiennent des failles, donc dangereuses !) sont toujours présentes !
    C'est donc très important que tu désinstalles les anciennes versions de Java.

  • Va dans Démarrer, Panneau de Configuration, Ajout/Suppression de Programmes
  • Déinstalles toutes les versions de Java exceptée la plus récente.

    Aide : Comment utiliser Secunia Software Inspector.

    ------ Ton infection, tu la dénonces ? :

    Tu n'es pas obligé mais ce serait bien que tu rapportes ton infection sur Malware Complaints
  • Ton(tes) infection(s) : XP Antivirus 2008 + vundo.
  • Si tu ne la trouves pas dans la liste, poste dans Autres infections.

    Aide : Comment dénoncer mon infection sur Malware Complaints.

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Je t'invite maintenant à regarder ces dossiers très instructifs en terme de prévention !

    - Sécurité/Prévention
    - Conséquences de la multi-protection
    - Toolbars : Inutilité et ralentissements

    Bonne journée/soirée :) 

    (Merci à XmichouX pour ce message de fin de désinfection)
    21 Août 2008 20:23:22

    Merci beaucoup de m'avoir aidez à désinfecté mon PC, :D  , et bonne continuation pour les otre PC.
    21 Août 2008 20:29:54

    Re,

    De rien ce fut un plaisir !

    Rapporte ton infection sur malware complain si ce n'est pas fait, c'est important ;) 

    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Bonne continuation :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS