Interprétation LOG Hijackthis
Résolu/Fermé
A voir également:
- Interprétation LOG Hijackthis
- Hijackthis windows 10 - Télécharger - Antivirus & Antimalwares
- View rescue log - Guide
- Hijackthis log analyzer ✓ - Forum Virus
- Log base 2 calculatrice casio - Forum Windows
- 0.log miui - Forum Logiciels
29 réponses
Utilisateur anonyme
13 avril 2010 à 18:37
13 avril 2010 à 18:37
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
▶ Télécharge List_Kill'em et enregistre le sur ton bureau
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
un autre rouge et noir te servira a desinstaller le prog a la fin de la desinfection.
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
▶ Télécharge List_Kill'em et enregistre le sur ton bureau
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
un autre rouge et noir te servira a desinstaller le prog a la fin de la desinfection.
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
Utilisateur anonyme
13 avril 2010 à 20:25
13 avril 2010 à 20:25
je n'arrives pas à télécharger List_Kill'em
explique stp
explique stp
quand je clic sur ton lien il met un temps fou à charger et ensuite le navigateur me dit que le délais est dépassé, pour info j'utilise firefox, et je suis sur un netbook ... j'ai aussi un problème avec ie8 qui se lance ensuite la fenêtre saute et disparait ... c'est depuis que j'ai installé comodo internet security, j'ai dû bloquer un processus sans faire attention
merci pour ton aide
merci pour ton aide
Utilisateur anonyme
13 avril 2010 à 22:02
13 avril 2010 à 22:02
vire comodo.....
Au fait, détails important cet aprèm j'ai passé un coup de RegCleaner, il m'a viré plus d'une centaine de clé de registre ... c'est depuis que mon ie8 saute, voici la liste de ce qu'il a viré (elle est bien longue, je sais pas si ça va servir) :
KEY_LOCAL_MACHINE Software\Microsoft\COM3\Setup 15/04/2009 03:36:13 Source Path C:\$WIN_NT$.~LS
HKEY_LOCAL_MACHINE Software\Microsoft\MSDTC\Setup 21/05/2009 03:08:33 Source Path C:\$WIN_NT$.~LS
HKEY_LOCAL_MACHINE Software\Microsoft\Transaction Server\Setup(OCM) 15/04/2009 03:36:13 Source Path C:\$WIN_NT$.~LS
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\0D756077321A70C3E844C138CE981581\SourceList\Net 13/11/2009 17:15:56 1 c:\2b063fdf6865c262a1471306\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0D756077321A70C3E844C138CE981581\InstallProperties 13/11/2009 17:15:55 InstallSource c:\2b063fdf6865c262a1471306\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118} 13/11/2009 17:15:55 InstallSource c:\2b063fdf6865c262a1471306\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\9E0DE89293FE9BB33898F24ED18CCF08\SourceList\Net 16/10/2009 22:45:23 1 c:\2d9306c06950df831277e4910c45\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\CD9B5C7DC4E6EED4A9B71438ADD41C2C\SourceList\Net 11/11/2009 20:39:12 1 c:\2e3edd33c2a182b0527af5fa7628e4\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\SourceList\Net 11/11/2009 20:39:00 1 c:\2e3edd33c2a182b0527af5fa7628e4\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\InstallProperties 21/01/2010 20:02:46 InstallSource c:\2e3edd33c2a182b0527af5fa7628e4\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} 21/01/2010 20:02:46 InstallSource c:\2e3edd33c2a182b0527af5fa7628e4\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\1F83F2B8C3D678D4DAF259A46F498200\SourceList\Net 13/11/2009 17:17:43 1 c:\3fadb3975514c0f073c5187eeb99e999\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\6E8A266FCD4F2A1409E1C8110F44DBCE\SourceList\Net 26/11/2009 15:50:14 1 c:\563a2a9ccfdc01f6def09b032afcf7\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E8A266FCD4F2A1409E1C8110F44DBCE\InstallProperties 26/11/2009 15:50:13 InstallSource c:\563a2a9ccfdc01f6def09b032afcf7\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} 26/11/2009 15:50:13 InstallSource c:\563a2a9ccfdc01f6def09b032afcf7\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\C3CFBEEB1B8483A43A5C18AB91FDF504\SourceList\Net 26/06/2009 21:43:11 1 c:\566bdf987005ec177bf803f167805f\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\E54DA494170E9184E8511E40F1FB0F37\SourceList\Net 26/06/2009 21:44:45 1 c:\57f50a2b81451a9981d7adf651e4c46c\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\8D81D36F6C56F404CB6CCB6111055157\SourceList\Net 21/01/2010 20:02:47 1 c:\66af4a67e505bd9e0fc2894c48cfaa\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\2F2AEE7ADCFB45A45A57B7187A686E85\SourceList\Net 26/06/2009 21:45:29 1 c:\72470c3ddf5015ce06033d\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\28C9EA2BB7CD1463FB8C7872C5F46370\SourceList\Net 28/06/2009 10:53:09 1 c:\88499605e7c49a8aa6\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E} 21/05/2009 03:12:51 InstallSource C:\acernb\APR\setup.exe
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\000021090200C0400000000000F01FEC\SourceList\Net 15/04/2009 05:00:27 1 c:\ACERSW\SE\MSWorks\redist\ocp\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021090200C0400000000000F01FEC\InstallProperties 11/03/2010 20:38:16 InstallSource c:\ACERSW\SE\MSWorks\redist\ocp\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0020-040C-0000-0000000FF1CE} 11/03/2010 20:38:16 InstallSource c:\ACERSW\SE\MSWorks\redist\ocp\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\1FDE42FC632E233438BCC407A1B9BC0F\SourceList\Net 26/06/2009 21:31:14 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\2451D69CF585D214C8A52004DB1A469B\SourceList\Net 26/06/2009 21:31:14 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\256917180E811B74A9218FB20F574DBD\SourceList\Net 26/06/2009 21:31:14 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\484CA1D2615EC8048852CA1B3C65CAA7\SourceList\Net 26/06/2009 21:31:15 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\4C9878626E35BDD4F833D8F0E900B0AE\SourceList\Net 26/06/2009 21:31:15 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\5E903427217EC6249BD46B4B52112CF9\SourceList\Net 26/06/2009 21:31:14 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\82B28DCEEB84C6245BB5E60C22162658\SourceList\Net 26/06/2009 21:31:13 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\BE7C28545F39D804F992A5B51E7E8654\SourceList\Net 26/06/2009 21:31:14 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\DE6BA3F2C1597EC4A89C5864DFFCF1A5\SourceList\Net 26/06/2009 21:31:14 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\DC3BF90CC0D3D2F398A9A6D1762F70F3\SourceList\Net 26/06/2009 21:31:15 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DC3BF90CC0D3D2F398A9A6D1762F70F3\InstallProperties 16/10/2009 22:45:22 InstallSource c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} 16/10/2009 22:45:22 InstallSource c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\17AFD8C1970420F48BBB741BC2A165F5\SourceList\Net 26/06/2009 21:34:51 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\3D90EFE177C6D6E478F667BC032D50C6\SourceList\Net 26/06/2009 21:34:51 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\4152E9034D92C5043B1B417D32B1AF61\SourceList\Net 26/06/2009 21:34:51 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\43F3D5FAA348FB140A3FF2BB0AB09A9B\SourceList\Net 26/06/2009 21:34:51 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\881B67FDBD11CD343A98012492599A97\SourceList\Net 26/06/2009 21:34:52 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\91C30D4F0ACD90B4387EEBB3608C4DCD\SourceList\Net 26/06/2009 21:34:52 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\B8F6D1795C8E4A94E93D980C010B8D2D\SourceList\Net 26/06/2009 21:34:51 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\E0337B0F8B42AE34C86D1D4124A8C1CE\SourceList\Net 26/06/2009 21:34:52 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\E6C461BDA4E80374796CED4868BE63F7\SourceList\Net 26/06/2009 21:34:52 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\E9030CAD6F70DA545BFBB5D0FE17FFEE\SourceList\Net 26/06/2009 21:34:51 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\0DC1503A46F231838AD88BCDDC8E8F7C\SourceList\Net 26/06/2009 21:34:53 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0DC1503A46F231838AD88BCDDC8E8F7C\InstallProperties 26/06/2009 21:44:44 InstallSource c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} 26/06/2009 21:44:44 InstallSource c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{F5346614-B7C4-4E94-826A-E2363155233D} 13/04/2010 15:16:35 InstallSource C:\DOCUME~1\Mohsen\LOCALS~1\Temp\bye109.tmp\Disk1\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\021F033465BE66149987734284584938 09/04/2010 20:57:50 4BB1B6CC60E4B5A41A663B175B1523B4 C:\DOCUME~1\Mohsen\LOCALS~1\Temp\cmddns.tmp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2EDDFBD3F5F071E4790A108A2806D7CA 09/04/2010 20:57:50 4BB1B6CC60E4B5A41A663B175B1523B4 C:\DOCUME~1\Mohsen\LOCALS~1\Temp\crtman.tmp
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\26DDC2EC4210AC63483DF9D4FCC5B59D\SourceList\Net 26/06/2009 21:37:34 1 C:\DOCUME~1\Mohsen\LOCALS~1\Temp\IXP04411.tmp\dotnetfx35\x86\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\26DDC2EC4210AC63483DF9D4FCC5B59D\InstallProperties 28/06/2009 10:53:09 InstallSource C:\DOCUME~1\Mohsen\LOCALS~1\Temp\IXP04411.tmp\dotnetfx35\x86\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} 28/06/2009 10:53:09 InstallSource C:\DOCUME~1\Mohsen\LOCALS~1\Temp\IXP04411.tmp\dotnetfx35\x86\
HKEY_CURRENT_USER Software\WinRAR\ArcHistory 04/03/2010 17:29:42 0 C:\DOCUME~1\Mohsen\LOCALS~1\Temp\rav.zip
HKEY_USERS S-1-5-21-3168066103-1421531899-4282951562-1005\Software\WinRAR\ArcHistory 04/03/2010 17:29:42 0 C:\DOCUME~1\Mohsen\LOCALS~1\Temp\rav.zip
HKEY_LOCAL_MACHINE Software\Microsoft\Advanced INF Setup\IE40.UserAgent 18/07/2009 17:16:35 InstallINFFile C:\DOCUME~1\Mohsen\LOCALS~1\Temp\RGI1.tmp
HKEY_LOCAL_MACHINE Software\Microsoft\Advanced INF Setup\IE.HKCUZoneInfo 18/07/2009 17:16:35 InstallINFFile C:\DOCUME~1\Mohsen\LOCALS~1\Temp\RGI2.tmp
HKEY_LOCAL_MACHINE Software\Microsoft\Advanced INF Setup\IE40.BrowseUI 21/05/2009 03:11:19 InstallINFFile C:\DOCUME~1\Mohsen\LOCALS~1\Temp\RGI283.tmp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110186437} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111125700} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11231247} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113784233} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11386547} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Net 15/04/2009 04:57:15 1 C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\b25099274a207264182f8181add555d0\InstallProperties 15/04/2009 04:57:15 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d} 15/04/2009 04:57:15 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\487EA05EEBAFAD641A8FB7B665CD2BE2\SourceList\Net 15/04/2009 05:07:47 1 C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\{74023BD2-F102-4114-A1BD-FF7646390401}\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\487EA05EEBAFAD641A8FB7B665CD2BE2\InstallProperties 15/04/2009 05:07:47 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\{74023BD2-F102-4114-A1BD-FF7646390401}\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E} 15/04/2009 05:07:47 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\{74023BD2-F102-4114-A1BD-FF7646390401}\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\5B769D51EB4AEA24E94846DC60B252AA\SourceList\Net 15/04/2009 05:45:22 1 C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\{A36A9401-C63D-4E9C-92E6-F5FCC3D9F304}\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5B769D51EB4AEA24E94846DC60B252AA\InstallProperties 15/04/2009 05:45:22 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\{A36A9401-C63D-4E9C-92E6-F5FCC3D9F304}\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\{A36A9401-C63D-4E9C-92E6-F5FCC3D9F304}\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D967B5-A4BE-42AE-9E84-64CD062B25AA} 15/04/2009 05:45:22 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\{A36A9401-C63D-4E9C-92E6-F5FCC3D9F304}\
HKEY_CURRENT_USER Software\ODBC\ODBC.INI\Excel Files 22/05/2009 11:47:52 Driver C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\ACEODBC.DLL
HKEY_USERS S-1-5-21-3168066103-1421531899-4282951562-1005\Software\ODBC\ODBC.INI\Excel Files 22/05/2009 11:47:52 Driver C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\ACEODBC.DLL
HKEY_CURRENT_USER Software\Microsoft\Office\Common\Smart Tag\Actions\{16A933D2-A296-49D5-96FC-C7C2DAEE88B4} 26/05/2009 20:37:42 filename C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\LISTS\BASMLA.XSL
HKEY_USERS S-1-5-21-3168066103-1421531899-4282951562-1005\Software\Microsoft\Office\Common\Smart Tag\Actions\{16A933D2-A296-49D5-96FC-C7C2DAEE88B4} 26/05/2009 20:37:42 filename C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\LISTS\BASMLA.XSL
HKEY_LOCAL_MACHINE Software\Microsoft\Works\9.0\Proofing Tools\Grammar\1043\Normal 15/04/2009 05:00:01 Engine c:\PROGRA~1\FICHIE~1\MICROS~1\WORKSS~1\1043\MSGRNL32.DLL
HKEY_LOCAL_MACHINE Software\Microsoft\Works\9.0\Proofing Tools\Grammar\1043\Normal 15/04/2009 05:00:01 Dictionary c:\PROGRA~1\FICHIE~1\MICROS~1\WORKSS~1\MSGR_NL.LEX
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{EB1358E3-48FD-469E-B075-C539955E40C2}\InprocServer32 21/05/2009 03:03:31 c:\PROGRA~1\mcafee\msc\mcndsv.dll
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{FF0F1C05-6135-424B-8EFD-3DBCDA7063FB}\InprocServer32 21/05/2009 03:03:31 c:\PROGRA~1\mcafee\msc\mcndsv.dll
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{16EC136D-A6F0-4833-8FE1-ECA50DE15F5E}\1.0\0\win32 21/05/2009 03:03:34 c:\PROGRA~1\mcafee\msc\mcndsv.dll
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{19F4CECD-60C0-49D3-86F9-839544C513CF}\1.0\0\win32 21/05/2009 03:03:34 c:\PROGRA~1\mcafee\msc\mcoemmgr.exe
HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Extensions 09/06/2009 20:29:53 xlsx C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE
HKEY_USERS S-1-5-21-3168066103-1421531899-4282951562-1005\Software\Microsoft\Windows\CurrentVersion\Extensions 09/06/2009 20:29:53 xlsx C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE
HKEY_CURRENT_USER Software\Microsoft\Web Service Providers\WebDrive\www.msnusers.com 28/06/2009 15:44:40 Icon C:\PROGRA~1\MICROS~2\Office12\MSN.ICO
HKEY_USERS S-1-5-21-3168066103-1421531899-4282951562-1005\Software\Microsoft\Web Service Providers\WebDrive\www.msnusers.com 28/06/2009 15:44:40 Icon C:\PROGRA~1\MICROS~2\Office12\MSN.ICO
HKEY_CURRENT_USER Software\Gabest\vsfilter\DefTextPathes 29/05/2009 16:13:19 Path1 c:\subtitles
HKEY_USERS S-1-5-21-3168066103-1421531899-4282951562-1005\Software\Gabest\vsfilter\DefTextPathes 29/05/2009 16:13:19 Path1 c:\subtitles
HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Run 06/03/2010 10:41:19 QReboot C:\Sysprep\ODM\QReboot.exe
HKEY_USERS S-1-5-21-3168066103-1421531899-4282951562-1005\Software\Microsoft\Windows\CurrentVersion\Run 06/03/2010 10:41:19 QReboot C:\Sysprep\ODM\QReboot.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\129FF6F12BEFED446A6B76B64A909244 27/05/2009 09:23:00 00000000000000000000000000000000 c:\WINDOWS\Fonts\REFSAN.TTF
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D8E448C6E7D49C443A9DB1450D094A55 27/05/2009 09:23:00 00000000000000000000000000000000 c:\WINDOWS\Fonts\REFSPCL.TTF
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History 13/04/2010 15:09:00 Directory C:\WINDOWS\History
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\Help 07/12/2009 19:30:04 en.hlp C:\WINDOWS\ime\Shared\imepad
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\0CAED145D3F56E547BBC49CE3F9B7684 11/02/2010 17:20:08 ProductIcon C:\WINDOWS\Installer\{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}\IconUninstallIco
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\04DE0F7511F8AA149B62A4660D1D9ACC 11/11/2009 20:38:52 ProductIcon C:\WINDOWS\Installer\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}\ProductIcon
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100 21/01/2010 20:02:48 ProductIcon c:\WINDOWS\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ARPIcon
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\CFD5A13A9343CF8499BB154761A84E17 09/04/2010 20:47:58 ProductIcon C:\WINDOWS\Installer\{A31A5DFC-3439-48FC-99BB-5174168AE471}\IconDesktop
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\1D034B0FAA6BD374B960AAD30DF10D8B 15/04/2009 05:06:12 ProductIcon C:\WINDOWS\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}\ProductIcon
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Active Setup Temp Folders 13/04/2010 15:08:54 Folder C:\WINDOWS\msdownld.tmp|?:\msdownld.tmp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4 21/05/2009 03:03:35 Codebase C:\WINDOWS\ServicePackFiles\i386/gdiplus.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\Codebases\U_KB938464 21/05/2009 03:03:35 URL C:\WINDOWS\ServicePackFiles\i386/gdiplus.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df 16/10/2009 22:40:35 Codebase C:\WINDOWS\ServicePackFiles\i386/gdiplus.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\Codebases\U_KB958869 16/10/2009 22:40:35 URL C:\WINDOWS\ServicePackFiles\i386/gdiplus.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_ed83e624 21/05/2009 03:03:35 Codebase C:\WINDOWS\ServicePackFiles\i386/gdiplus.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_ed83e624\Codebases\U_KB938464 21/05/2009 03:03:35 URL C:\WINDOWS\ServicePackFiles\i386/gdiplus.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_fe7c593f 16/10/2009 22:40:35 Codebase C:\WINDOWS\ServicePackFiles\i386/gdiplus.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_fe7c593f\Codebases\U_KB958869 16/10/2009 22:40:35 URL C:\WINDOWS\ServicePackFiles\i386/gdiplus.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Setup 13/04/2010 15:26:28 ServicePackCachePath c:\windows\ServicePackFiles\ServicePackCache
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\WU 26/06/2009 19:50:44 CurrentCacheFile C:\WINDOWS\SoftwareDistribution\EventCache\{4C016E47-2E3F-426F-8C0D-E90F22455225}.bin
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\Sus 26/06/2009 19:50:40 CurrentCacheFile C:\WINDOWS\SoftwareDistribution\EventCache\{8589AC94-A5F4-4721-8420-7FF3DE729B09}.bin
HKEY_CURRENT_USER Software\Microsoft\Internet Explorer\Main 10/04/2010 21:58:19 Local Page C:\WINDOWS\system32\blank.htm
HKEY_USERS S-1-5-21-3168066103-1421531899-4282951562-1005\Software\Microsoft\Internet Explorer\Main 10/04/2010 21:58:19 Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE Software\Microsoft\Internet Explorer\Main 13/04/2010 15:09:48 Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe 15/04/2009 03:34:00 C:\WINDOWS\system32\cmmgr32.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Multimedia\WMPlayer\Groups\Video\DVD 12/08/2009 14:29:13 RequiredFile C:\WINDOWS\system32\enable.dvd
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{87099223-C7AF-11D0-B225-00C04FB6C2F5}\1.0\0\win32 15/04/2009 03:34:55 C:\WINDOWS\system32\fxscom.dll
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{88895560-9AA2-1069-930E-00AA0030EBC8}\InProcServer32 15/04/2009 03:34:59 C:\WINDOWS\system32\hticons.dll
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{1B53F360-9A1B-1069-930C-00AA0030EBC8}\InProcServer32 15/04/2009 03:34:59 C:\WINDOWS\system32\hypertrm.dll
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.0\HELPDIR 15/04/2009 03:36:57 C:\WINDOWS\system32\macromed\flash\flash.ocx\
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.0\0\win32 15/04/2009 03:36:57 C:\WINDOWS\system32\macromed\flash\flash.ocx\2
HKEY_CURRENT_USER Software\RealNetworks\RealPlayer\12.0\Preferences\SystemCookiesPath 19/09/2009 14:02:25 C:\WINDOWS\system32\syscookies.txt
HKEY_USERS S-1-5-21-3168066103-1421531899-4282951562-1005\Software\RealNetworks\RealPlayer\12.0\Preferences\SystemCookiesPath 19/09/2009 14:02:25 C:\WINDOWS\system32\syscookies.txt
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{CC2C83A6-9BE4-11D0-98E7-00C04FC2CAF5}\InprocServer32 15/04/2009 03:37:17 SystemDB C:\WINDOWS\system32\system.mdw
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{07340190-BCE0-11D1-BD7E-00207812DE95}\InprocServer32 21/05/2009 03:03:30 C:\Windows\system\aceapctl.ocx
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{A92757C4-BE3F-11D1-BD7E-00207812DE95}\1.0\0\win32 21/05/2009 03:03:34 C:\Windows\system\aceapctl.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{3895DD35-7573-11D2-8FED-00606730D3AA}\InprocServer32 21/05/2009 03:03:30 C:\Windows\system\acerctrl.ocx
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{3895DD37-7573-11D2-8FED-00606730D3AA}\1.0\0\win32 21/05/2009 03:03:34 C:\Windows\system\acerctrl.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{D9998BD0-7957-11D2-8FED-00606730D3AA}\InprocServer32 21/05/2009 03:03:31 C:\Windows\system\LUNCHAPP.OCX
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{D9998BD2-7957-11D2-8FED-00606730D3AA}\1.0\0\win32 21/05/2009 03:03:34 C:\Windows\system\LUNCHAPP.OCX
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{932BF86C-2BAB-11D2-8EA2-0080C82D82A9}\InprocServer32 21/05/2009 03:03:31 C:\Windows\system\scaxbtns.ocx
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{932BF86E-2BAB-11D2-8EA2-0080C82D82A9}\1.0\0\win32 21/05/2009 03:03:34 C:\Windows\system\scaxbtns.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{5A9D8748-FB00-11D1-8EA2-0080C82D82A9}\InprocServer32 21/05/2009 03:03:31 C:\Windows\system\scdiags.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{F6940BDC-E4EB-11D1-8EA2-0080C82D82A9}\InprocServer32 21/05/2009 03:03:31 C:\Windows\system\scintro.ocx
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{F6940BE0-E4EB-11D1-8EA2-0080C82D82A9}\1.0\0\win32 21/05/2009 03:03:34 C:\Windows\system\scintro.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{FD748A48-FB00-11D1-8EA2-0080C82D82A9}\InprocServer32 21/05/2009 03:03:31 C:\Windows\system\scmaint.ocx
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{1D676278-D6DF-11D1-90DC-0000C03DCA0D}\21.0\0\win32 21/05/2009 03:03:34 C:\Windows\system\scmaint.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{EC3A38E8-FB02-11D1-8EA2-0080C82D82A9}\InprocServer32 21/05/2009 03:03:31 C:\Windows\system\scsupt.ocx
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{1D676278-D6DF-11D1-90DC-0000C03DCA0D}\22.0\0\win32 21/05/2009 03:03:34 C:\Windows\system\scsupt.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{2037E3A0-18D6-101C-8158-221E4B551F8E}\InprocServer32 21/05/2009 03:03:30 C:\Windows\system\vsocx32.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{2037E3A5-18D6-101C-8158-221E4B551F8E}\InprocServer32 21/05/2009 03:03:30 C:\Windows\system\vsocx32.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{2037E3AA-18D6-101C-8158-221E4B551F8E}\InprocServer32 21/05/2009 03:03:30 C:\Windows\system\vsocx32.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{3977B422-192C-101C-8158-221E4B551F8E}\InprocServer32 21/05/2009 03:03:30 C:\Windows\system\vsocx32.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{3977B425-192C-101C-8158-221E4B551F8E}\InprocServer32 21/05/2009 03:03:30 C:\Windows\system\vsocx32.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{3977B428-192C-101C-8158-221E4B551F8E}\InprocServer32 21/05/2009 03:03:30 C:\Windows\system\vsocx32.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{3A5BFE00-CD78-11CE-AAE4-CE6AC0F06E88}\InprocServer32 21/05/2009 03:03:30 C:\Windows\system\vsocx32.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{3A5BFE01-CD78-11CE-AAE4-CE6AC0F06E88}\InprocServer32 21/05/2009 03:03:30 C:\Windows\system\vsocx32.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{3A5BFE02-CD78-11CE-AAE4-CE6AC0F06E88}\InprocServer32 21/05/2009 03:03:30 C:\Windows\system\vsocx32.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{9DB03561-CCDE-11CE-AAE4-CE6AC0F06E88}\InprocServer32 21/05/2009 03:03:31 C:\Windows\system\vsocx32.ocx
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{2037E3AD-18D6-101C-8158-221E4B551F8E}\5.0\0\win32 21/05/2009 03:03:34 C:\Windows\system\vsocx32.ocx
KEY_LOCAL_MACHINE Software\Microsoft\COM3\Setup 15/04/2009 03:36:13 Source Path C:\$WIN_NT$.~LS
HKEY_LOCAL_MACHINE Software\Microsoft\MSDTC\Setup 21/05/2009 03:08:33 Source Path C:\$WIN_NT$.~LS
HKEY_LOCAL_MACHINE Software\Microsoft\Transaction Server\Setup(OCM) 15/04/2009 03:36:13 Source Path C:\$WIN_NT$.~LS
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\0D756077321A70C3E844C138CE981581\SourceList\Net 13/11/2009 17:15:56 1 c:\2b063fdf6865c262a1471306\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0D756077321A70C3E844C138CE981581\InstallProperties 13/11/2009 17:15:55 InstallSource c:\2b063fdf6865c262a1471306\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118} 13/11/2009 17:15:55 InstallSource c:\2b063fdf6865c262a1471306\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\9E0DE89293FE9BB33898F24ED18CCF08\SourceList\Net 16/10/2009 22:45:23 1 c:\2d9306c06950df831277e4910c45\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\CD9B5C7DC4E6EED4A9B71438ADD41C2C\SourceList\Net 11/11/2009 20:39:12 1 c:\2e3edd33c2a182b0527af5fa7628e4\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\SourceList\Net 11/11/2009 20:39:00 1 c:\2e3edd33c2a182b0527af5fa7628e4\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\InstallProperties 21/01/2010 20:02:46 InstallSource c:\2e3edd33c2a182b0527af5fa7628e4\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} 21/01/2010 20:02:46 InstallSource c:\2e3edd33c2a182b0527af5fa7628e4\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\1F83F2B8C3D678D4DAF259A46F498200\SourceList\Net 13/11/2009 17:17:43 1 c:\3fadb3975514c0f073c5187eeb99e999\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\6E8A266FCD4F2A1409E1C8110F44DBCE\SourceList\Net 26/11/2009 15:50:14 1 c:\563a2a9ccfdc01f6def09b032afcf7\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E8A266FCD4F2A1409E1C8110F44DBCE\InstallProperties 26/11/2009 15:50:13 InstallSource c:\563a2a9ccfdc01f6def09b032afcf7\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} 26/11/2009 15:50:13 InstallSource c:\563a2a9ccfdc01f6def09b032afcf7\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\C3CFBEEB1B8483A43A5C18AB91FDF504\SourceList\Net 26/06/2009 21:43:11 1 c:\566bdf987005ec177bf803f167805f\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\E54DA494170E9184E8511E40F1FB0F37\SourceList\Net 26/06/2009 21:44:45 1 c:\57f50a2b81451a9981d7adf651e4c46c\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\8D81D36F6C56F404CB6CCB6111055157\SourceList\Net 21/01/2010 20:02:47 1 c:\66af4a67e505bd9e0fc2894c48cfaa\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\2F2AEE7ADCFB45A45A57B7187A686E85\SourceList\Net 26/06/2009 21:45:29 1 c:\72470c3ddf5015ce06033d\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\28C9EA2BB7CD1463FB8C7872C5F46370\SourceList\Net 28/06/2009 10:53:09 1 c:\88499605e7c49a8aa6\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E} 21/05/2009 03:12:51 InstallSource C:\acernb\APR\setup.exe
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\000021090200C0400000000000F01FEC\SourceList\Net 15/04/2009 05:00:27 1 c:\ACERSW\SE\MSWorks\redist\ocp\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021090200C0400000000000F01FEC\InstallProperties 11/03/2010 20:38:16 InstallSource c:\ACERSW\SE\MSWorks\redist\ocp\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0020-040C-0000-0000000FF1CE} 11/03/2010 20:38:16 InstallSource c:\ACERSW\SE\MSWorks\redist\ocp\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\1FDE42FC632E233438BCC407A1B9BC0F\SourceList\Net 26/06/2009 21:31:14 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\2451D69CF585D214C8A52004DB1A469B\SourceList\Net 26/06/2009 21:31:14 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\256917180E811B74A9218FB20F574DBD\SourceList\Net 26/06/2009 21:31:14 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\484CA1D2615EC8048852CA1B3C65CAA7\SourceList\Net 26/06/2009 21:31:15 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\4C9878626E35BDD4F833D8F0E900B0AE\SourceList\Net 26/06/2009 21:31:15 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\5E903427217EC6249BD46B4B52112CF9\SourceList\Net 26/06/2009 21:31:14 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\82B28DCEEB84C6245BB5E60C22162658\SourceList\Net 26/06/2009 21:31:13 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\BE7C28545F39D804F992A5B51E7E8654\SourceList\Net 26/06/2009 21:31:14 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\DE6BA3F2C1597EC4A89C5864DFFCF1A5\SourceList\Net 26/06/2009 21:31:14 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\DC3BF90CC0D3D2F398A9A6D1762F70F3\SourceList\Net 26/06/2009 21:31:15 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DC3BF90CC0D3D2F398A9A6D1762F70F3\InstallProperties 16/10/2009 22:45:22 InstallSource c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} 16/10/2009 22:45:22 InstallSource c:\d93a9eb35a8f3bcc8b28\dotnetfx20\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\17AFD8C1970420F48BBB741BC2A165F5\SourceList\Net 26/06/2009 21:34:51 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\3D90EFE177C6D6E478F667BC032D50C6\SourceList\Net 26/06/2009 21:34:51 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\4152E9034D92C5043B1B417D32B1AF61\SourceList\Net 26/06/2009 21:34:51 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\43F3D5FAA348FB140A3FF2BB0AB09A9B\SourceList\Net 26/06/2009 21:34:51 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\881B67FDBD11CD343A98012492599A97\SourceList\Net 26/06/2009 21:34:52 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\91C30D4F0ACD90B4387EEBB3608C4DCD\SourceList\Net 26/06/2009 21:34:52 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\B8F6D1795C8E4A94E93D980C010B8D2D\SourceList\Net 26/06/2009 21:34:51 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\E0337B0F8B42AE34C86D1D4124A8C1CE\SourceList\Net 26/06/2009 21:34:52 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\E6C461BDA4E80374796CED4868BE63F7\SourceList\Net 26/06/2009 21:34:52 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Patches\E9030CAD6F70DA545BFBB5D0FE17FFEE\SourceList\Net 26/06/2009 21:34:51 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\0DC1503A46F231838AD88BCDDC8E8F7C\SourceList\Net 26/06/2009 21:34:53 1 c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0DC1503A46F231838AD88BCDDC8E8F7C\InstallProperties 26/06/2009 21:44:44 InstallSource c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} 26/06/2009 21:44:44 InstallSource c:\d93a9eb35a8f3bcc8b28\dotnetfx30\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{F5346614-B7C4-4E94-826A-E2363155233D} 13/04/2010 15:16:35 InstallSource C:\DOCUME~1\Mohsen\LOCALS~1\Temp\bye109.tmp\Disk1\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\021F033465BE66149987734284584938 09/04/2010 20:57:50 4BB1B6CC60E4B5A41A663B175B1523B4 C:\DOCUME~1\Mohsen\LOCALS~1\Temp\cmddns.tmp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2EDDFBD3F5F071E4790A108A2806D7CA 09/04/2010 20:57:50 4BB1B6CC60E4B5A41A663B175B1523B4 C:\DOCUME~1\Mohsen\LOCALS~1\Temp\crtman.tmp
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\26DDC2EC4210AC63483DF9D4FCC5B59D\SourceList\Net 26/06/2009 21:37:34 1 C:\DOCUME~1\Mohsen\LOCALS~1\Temp\IXP04411.tmp\dotnetfx35\x86\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\26DDC2EC4210AC63483DF9D4FCC5B59D\InstallProperties 28/06/2009 10:53:09 InstallSource C:\DOCUME~1\Mohsen\LOCALS~1\Temp\IXP04411.tmp\dotnetfx35\x86\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} 28/06/2009 10:53:09 InstallSource C:\DOCUME~1\Mohsen\LOCALS~1\Temp\IXP04411.tmp\dotnetfx35\x86\
HKEY_CURRENT_USER Software\WinRAR\ArcHistory 04/03/2010 17:29:42 0 C:\DOCUME~1\Mohsen\LOCALS~1\Temp\rav.zip
HKEY_USERS S-1-5-21-3168066103-1421531899-4282951562-1005\Software\WinRAR\ArcHistory 04/03/2010 17:29:42 0 C:\DOCUME~1\Mohsen\LOCALS~1\Temp\rav.zip
HKEY_LOCAL_MACHINE Software\Microsoft\Advanced INF Setup\IE40.UserAgent 18/07/2009 17:16:35 InstallINFFile C:\DOCUME~1\Mohsen\LOCALS~1\Temp\RGI1.tmp
HKEY_LOCAL_MACHINE Software\Microsoft\Advanced INF Setup\IE.HKCUZoneInfo 18/07/2009 17:16:35 InstallINFFile C:\DOCUME~1\Mohsen\LOCALS~1\Temp\RGI2.tmp
HKEY_LOCAL_MACHINE Software\Microsoft\Advanced INF Setup\IE40.BrowseUI 21/05/2009 03:11:19 InstallINFFile C:\DOCUME~1\Mohsen\LOCALS~1\Temp\RGI283.tmp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110186437} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111125700} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11231247} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113784233} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11386547} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\b25099274a207264182f8181add555d0\SourceList\Net 15/04/2009 04:57:15 1 C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\b25099274a207264182f8181add555d0\InstallProperties 15/04/2009 04:57:15 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d} 15/04/2009 04:57:15 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\IXP000.TMP\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\487EA05EEBAFAD641A8FB7B665CD2BE2\SourceList\Net 15/04/2009 05:07:47 1 C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\{74023BD2-F102-4114-A1BD-FF7646390401}\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\487EA05EEBAFAD641A8FB7B665CD2BE2\InstallProperties 15/04/2009 05:07:47 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\{74023BD2-F102-4114-A1BD-FF7646390401}\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E} 15/04/2009 05:07:47 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\{74023BD2-F102-4114-A1BD-FF7646390401}\
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\5B769D51EB4AEA24E94846DC60B252AA\SourceList\Net 15/04/2009 05:45:22 1 C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\{A36A9401-C63D-4E9C-92E6-F5FCC3D9F304}\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5B769D51EB4AEA24E94846DC60B252AA\InstallProperties 15/04/2009 05:45:22 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\{A36A9401-C63D-4E9C-92E6-F5FCC3D9F304}\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA} 21/05/2009 03:03:35 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\{A36A9401-C63D-4E9C-92E6-F5FCC3D9F304}\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D967B5-A4BE-42AE-9E84-64CD062B25AA} 15/04/2009 05:45:22 InstallSource C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\{A36A9401-C63D-4E9C-92E6-F5FCC3D9F304}\
HKEY_CURRENT_USER Software\ODBC\ODBC.INI\Excel Files 22/05/2009 11:47:52 Driver C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\ACEODBC.DLL
HKEY_USERS S-1-5-21-3168066103-1421531899-4282951562-1005\Software\ODBC\ODBC.INI\Excel Files 22/05/2009 11:47:52 Driver C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\ACEODBC.DLL
HKEY_CURRENT_USER Software\Microsoft\Office\Common\Smart Tag\Actions\{16A933D2-A296-49D5-96FC-C7C2DAEE88B4} 26/05/2009 20:37:42 filename C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\LISTS\BASMLA.XSL
HKEY_USERS S-1-5-21-3168066103-1421531899-4282951562-1005\Software\Microsoft\Office\Common\Smart Tag\Actions\{16A933D2-A296-49D5-96FC-C7C2DAEE88B4} 26/05/2009 20:37:42 filename C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\LISTS\BASMLA.XSL
HKEY_LOCAL_MACHINE Software\Microsoft\Works\9.0\Proofing Tools\Grammar\1043\Normal 15/04/2009 05:00:01 Engine c:\PROGRA~1\FICHIE~1\MICROS~1\WORKSS~1\1043\MSGRNL32.DLL
HKEY_LOCAL_MACHINE Software\Microsoft\Works\9.0\Proofing Tools\Grammar\1043\Normal 15/04/2009 05:00:01 Dictionary c:\PROGRA~1\FICHIE~1\MICROS~1\WORKSS~1\MSGR_NL.LEX
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{EB1358E3-48FD-469E-B075-C539955E40C2}\InprocServer32 21/05/2009 03:03:31 c:\PROGRA~1\mcafee\msc\mcndsv.dll
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{FF0F1C05-6135-424B-8EFD-3DBCDA7063FB}\InprocServer32 21/05/2009 03:03:31 c:\PROGRA~1\mcafee\msc\mcndsv.dll
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{16EC136D-A6F0-4833-8FE1-ECA50DE15F5E}\1.0\0\win32 21/05/2009 03:03:34 c:\PROGRA~1\mcafee\msc\mcndsv.dll
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{19F4CECD-60C0-49D3-86F9-839544C513CF}\1.0\0\win32 21/05/2009 03:03:34 c:\PROGRA~1\mcafee\msc\mcoemmgr.exe
HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Extensions 09/06/2009 20:29:53 xlsx C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE
HKEY_USERS S-1-5-21-3168066103-1421531899-4282951562-1005\Software\Microsoft\Windows\CurrentVersion\Extensions 09/06/2009 20:29:53 xlsx C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE
HKEY_CURRENT_USER Software\Microsoft\Web Service Providers\WebDrive\www.msnusers.com 28/06/2009 15:44:40 Icon C:\PROGRA~1\MICROS~2\Office12\MSN.ICO
HKEY_USERS S-1-5-21-3168066103-1421531899-4282951562-1005\Software\Microsoft\Web Service Providers\WebDrive\www.msnusers.com 28/06/2009 15:44:40 Icon C:\PROGRA~1\MICROS~2\Office12\MSN.ICO
HKEY_CURRENT_USER Software\Gabest\vsfilter\DefTextPathes 29/05/2009 16:13:19 Path1 c:\subtitles
HKEY_USERS S-1-5-21-3168066103-1421531899-4282951562-1005\Software\Gabest\vsfilter\DefTextPathes 29/05/2009 16:13:19 Path1 c:\subtitles
HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Run 06/03/2010 10:41:19 QReboot C:\Sysprep\ODM\QReboot.exe
HKEY_USERS S-1-5-21-3168066103-1421531899-4282951562-1005\Software\Microsoft\Windows\CurrentVersion\Run 06/03/2010 10:41:19 QReboot C:\Sysprep\ODM\QReboot.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\129FF6F12BEFED446A6B76B64A909244 27/05/2009 09:23:00 00000000000000000000000000000000 c:\WINDOWS\Fonts\REFSAN.TTF
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D8E448C6E7D49C443A9DB1450D094A55 27/05/2009 09:23:00 00000000000000000000000000000000 c:\WINDOWS\Fonts\REFSPCL.TTF
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History 13/04/2010 15:09:00 Directory C:\WINDOWS\History
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\Help 07/12/2009 19:30:04 en.hlp C:\WINDOWS\ime\Shared\imepad
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\0CAED145D3F56E547BBC49CE3F9B7684 11/02/2010 17:20:08 ProductIcon C:\WINDOWS\Installer\{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}\IconUninstallIco
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\04DE0F7511F8AA149B62A4660D1D9ACC 11/11/2009 20:38:52 ProductIcon C:\WINDOWS\Installer\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}\ProductIcon
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100 21/01/2010 20:02:48 ProductIcon c:\WINDOWS\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ARPIcon
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\CFD5A13A9343CF8499BB154761A84E17 09/04/2010 20:47:58 ProductIcon C:\WINDOWS\Installer\{A31A5DFC-3439-48FC-99BB-5174168AE471}\IconDesktop
HKEY_LOCAL_MACHINE Software\Classes\Installer\Products\1D034B0FAA6BD374B960AAD30DF10D8B 15/04/2009 05:06:12 ProductIcon C:\WINDOWS\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}\ProductIcon
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Active Setup Temp Folders 13/04/2010 15:08:54 Folder C:\WINDOWS\msdownld.tmp|?:\msdownld.tmp
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4 21/05/2009 03:03:35 Codebase C:\WINDOWS\ServicePackFiles\i386/gdiplus.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\Codebases\U_KB938464 21/05/2009 03:03:35 URL C:\WINDOWS\ServicePackFiles\i386/gdiplus.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df 16/10/2009 22:40:35 Codebase C:\WINDOWS\ServicePackFiles\i386/gdiplus.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\Codebases\U_KB958869 16/10/2009 22:40:35 URL C:\WINDOWS\ServicePackFiles\i386/gdiplus.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_ed83e624 21/05/2009 03:03:35 Codebase C:\WINDOWS\ServicePackFiles\i386/gdiplus.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_ed83e624\Codebases\U_KB938464 21/05/2009 03:03:35 URL C:\WINDOWS\ServicePackFiles\i386/gdiplus.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_fe7c593f 16/10/2009 22:40:35 Codebase C:\WINDOWS\ServicePackFiles\i386/gdiplus.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_fe7c593f\Codebases\U_KB958869 16/10/2009 22:40:35 URL C:\WINDOWS\ServicePackFiles\i386/gdiplus.man
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Setup 13/04/2010 15:26:28 ServicePackCachePath c:\windows\ServicePackFiles\ServicePackCache
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\WU 26/06/2009 19:50:44 CurrentCacheFile C:\WINDOWS\SoftwareDistribution\EventCache\{4C016E47-2E3F-426F-8C0D-E90F22455225}.bin
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\Sus 26/06/2009 19:50:40 CurrentCacheFile C:\WINDOWS\SoftwareDistribution\EventCache\{8589AC94-A5F4-4721-8420-7FF3DE729B09}.bin
HKEY_CURRENT_USER Software\Microsoft\Internet Explorer\Main 10/04/2010 21:58:19 Local Page C:\WINDOWS\system32\blank.htm
HKEY_USERS S-1-5-21-3168066103-1421531899-4282951562-1005\Software\Microsoft\Internet Explorer\Main 10/04/2010 21:58:19 Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE Software\Microsoft\Internet Explorer\Main 13/04/2010 15:09:48 Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe 15/04/2009 03:34:00 C:\WINDOWS\system32\cmmgr32.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Multimedia\WMPlayer\Groups\Video\DVD 12/08/2009 14:29:13 RequiredFile C:\WINDOWS\system32\enable.dvd
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{87099223-C7AF-11D0-B225-00C04FB6C2F5}\1.0\0\win32 15/04/2009 03:34:55 C:\WINDOWS\system32\fxscom.dll
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{88895560-9AA2-1069-930E-00AA0030EBC8}\InProcServer32 15/04/2009 03:34:59 C:\WINDOWS\system32\hticons.dll
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{1B53F360-9A1B-1069-930C-00AA0030EBC8}\InProcServer32 15/04/2009 03:34:59 C:\WINDOWS\system32\hypertrm.dll
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.0\HELPDIR 15/04/2009 03:36:57 C:\WINDOWS\system32\macromed\flash\flash.ocx\
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.0\0\win32 15/04/2009 03:36:57 C:\WINDOWS\system32\macromed\flash\flash.ocx\2
HKEY_CURRENT_USER Software\RealNetworks\RealPlayer\12.0\Preferences\SystemCookiesPath 19/09/2009 14:02:25 C:\WINDOWS\system32\syscookies.txt
HKEY_USERS S-1-5-21-3168066103-1421531899-4282951562-1005\Software\RealNetworks\RealPlayer\12.0\Preferences\SystemCookiesPath 19/09/2009 14:02:25 C:\WINDOWS\system32\syscookies.txt
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{CC2C83A6-9BE4-11D0-98E7-00C04FC2CAF5}\InprocServer32 15/04/2009 03:37:17 SystemDB C:\WINDOWS\system32\system.mdw
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{07340190-BCE0-11D1-BD7E-00207812DE95}\InprocServer32 21/05/2009 03:03:30 C:\Windows\system\aceapctl.ocx
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{A92757C4-BE3F-11D1-BD7E-00207812DE95}\1.0\0\win32 21/05/2009 03:03:34 C:\Windows\system\aceapctl.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{3895DD35-7573-11D2-8FED-00606730D3AA}\InprocServer32 21/05/2009 03:03:30 C:\Windows\system\acerctrl.ocx
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{3895DD37-7573-11D2-8FED-00606730D3AA}\1.0\0\win32 21/05/2009 03:03:34 C:\Windows\system\acerctrl.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{D9998BD0-7957-11D2-8FED-00606730D3AA}\InprocServer32 21/05/2009 03:03:31 C:\Windows\system\LUNCHAPP.OCX
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{D9998BD2-7957-11D2-8FED-00606730D3AA}\1.0\0\win32 21/05/2009 03:03:34 C:\Windows\system\LUNCHAPP.OCX
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{932BF86C-2BAB-11D2-8EA2-0080C82D82A9}\InprocServer32 21/05/2009 03:03:31 C:\Windows\system\scaxbtns.ocx
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{932BF86E-2BAB-11D2-8EA2-0080C82D82A9}\1.0\0\win32 21/05/2009 03:03:34 C:\Windows\system\scaxbtns.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{5A9D8748-FB00-11D1-8EA2-0080C82D82A9}\InprocServer32 21/05/2009 03:03:31 C:\Windows\system\scdiags.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{F6940BDC-E4EB-11D1-8EA2-0080C82D82A9}\InprocServer32 21/05/2009 03:03:31 C:\Windows\system\scintro.ocx
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{F6940BE0-E4EB-11D1-8EA2-0080C82D82A9}\1.0\0\win32 21/05/2009 03:03:34 C:\Windows\system\scintro.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{FD748A48-FB00-11D1-8EA2-0080C82D82A9}\InprocServer32 21/05/2009 03:03:31 C:\Windows\system\scmaint.ocx
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{1D676278-D6DF-11D1-90DC-0000C03DCA0D}\21.0\0\win32 21/05/2009 03:03:34 C:\Windows\system\scmaint.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{EC3A38E8-FB02-11D1-8EA2-0080C82D82A9}\InprocServer32 21/05/2009 03:03:31 C:\Windows\system\scsupt.ocx
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{1D676278-D6DF-11D1-90DC-0000C03DCA0D}\22.0\0\win32 21/05/2009 03:03:34 C:\Windows\system\scsupt.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{2037E3A0-18D6-101C-8158-221E4B551F8E}\InprocServer32 21/05/2009 03:03:30 C:\Windows\system\vsocx32.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{2037E3A5-18D6-101C-8158-221E4B551F8E}\InprocServer32 21/05/2009 03:03:30 C:\Windows\system\vsocx32.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{2037E3AA-18D6-101C-8158-221E4B551F8E}\InprocServer32 21/05/2009 03:03:30 C:\Windows\system\vsocx32.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{3977B422-192C-101C-8158-221E4B551F8E}\InprocServer32 21/05/2009 03:03:30 C:\Windows\system\vsocx32.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{3977B425-192C-101C-8158-221E4B551F8E}\InprocServer32 21/05/2009 03:03:30 C:\Windows\system\vsocx32.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{3977B428-192C-101C-8158-221E4B551F8E}\InprocServer32 21/05/2009 03:03:30 C:\Windows\system\vsocx32.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{3A5BFE00-CD78-11CE-AAE4-CE6AC0F06E88}\InprocServer32 21/05/2009 03:03:30 C:\Windows\system\vsocx32.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{3A5BFE01-CD78-11CE-AAE4-CE6AC0F06E88}\InprocServer32 21/05/2009 03:03:30 C:\Windows\system\vsocx32.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{3A5BFE02-CD78-11CE-AAE4-CE6AC0F06E88}\InprocServer32 21/05/2009 03:03:30 C:\Windows\system\vsocx32.ocx
HKEY_LOCAL_MACHINE Software\Classes\CLSID\{9DB03561-CCDE-11CE-AAE4-CE6AC0F06E88}\InprocServer32 21/05/2009 03:03:31 C:\Windows\system\vsocx32.ocx
HKEY_LOCAL_MACHINE Software\Classes\TypeLib\{2037E3AD-18D6-101C-8158-221E4B551F8E}\5.0\0\win32 21/05/2009 03:03:34 C:\Windows\system\vsocx32.ocx
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
14 avril 2010 à 08:36
14 avril 2010 à 08:36
quand tu essaies de telecharger , tu desactives bien toutes tes defenses ?
Utilisateur anonyme
14 avril 2010 à 19:21
14 avril 2010 à 19:21
tu as essayé avec un autre navigateur ?
Utilisateur anonyme
14 avril 2010 à 20:01
14 avril 2010 à 20:01
essaie ce lien-ci :
http://www.cijoint.fr/cjlink.php?file=cj201004/cijx3H1z1E.zip
http://www.cijoint.fr/cjlink.php?file=cj201004/cijx3H1z1E.zip
Salut, ton lien fonctionne bien, voici le rapport :
List'em by g3n-h@ckm@n 1.7.1.0
User : (Administrateurs)
Update on 13/04/2010 by g3n-h@ckm@n ::::: 17.10
Start at: 19:58:21 | 15/04/2010
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\PersistenceThread.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
ProductReg REG_SZ "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
RTHDCPL REG_SZ RTHDCPL.EXE
AzMixerSel REG_SZ C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
RemoteControl8 REG_SZ "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
PDVD8LanguageShortcut REG_SZ "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
MSPY2002 REG_SZ C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
snp2uvc REG_SZ rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS
PLFSetL REG_SZ C:\WINDOWS\PLFSetL.exe
LManager REG_SZ C:\Program Files\Launch Manager\LManager.exe
USB Antivirus REG_SZ C:\Program Files\USB Disk Security\USBGuard.exe
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
PersistenceThread REG_SZ C:\WINDOWS\system32\PersistenceThread.exe
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
COMODO Internet Security REG_SZ "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NofolderOptions REG_DWORD 0 (0x0)
NoFind REG_DWORD 0 (0x0)
NoRun REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
NoFolderOptions REG_DWORD 0 (0x0)
HonorAutoRunSetting REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ C:\WINDOWS\system32\guard32.dll
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ ACER-4228220248
DefaultUserName REG_SZ Mohsen
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Mohsen
AltDefaultDomainName REG_SZ ACER-4228220248
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\Skype\Plugin Manager\skypePM.exe REG_SZ C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
===
DNS
===
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.hopsurf.com
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
========
Safemode
========
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot" : OK !!
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal" : OK !!
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network" : OK !!
=========
Atapi.sys
=========
C:\WINDOWS\system32\drivers\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Documents and Settings\Mohsen\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\Mohsen\Application Data\wklnhst.dat
Present !! : C:\Documents and Settings\Mohsen\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\Mohsen\Application Data\wklnhst.dat
Present !! : C:\Documents and Settings\Mohsen\Local Settings\Temp\6.tmp
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\SkypeSetup.exe
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_480.dat
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_54c.dat
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_5e8.dat
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_638.dat
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_81c.dat
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_a20.dat
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_a7c.dat
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_f8c.dat
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\mpengine.dll
Present !! : C:\Documents and Settings\Mohsen\Local Settings\Temporary Internet Files\SuggestedSites.dat
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
Present !! : HKEY_USERS\S-1-5-21-3168066103-1421531899-4282951562-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind
Present !! : HKEY_USERS\S-1-5-21-3168066103-1421531899-4282951562-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
Present !! : HKEY_USERS\S-1-5-21-3168066103-1421531899-4282951562-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
Present !! : HKEY_USERS\S-1-5-21-3168066103-1421531899-4282951562-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind
Present !! : HKEY_USERS\S-1-5-21-3168066103-1421531899-4282951562-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
Present !! : HKEY_USERS\S-1-5-21-3168066103-1421531899-4282951562-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}
Present !! : HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
============
driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-15 21:17:08
Windows 5.1.2600 Service Pack 3 FAT NTAPI
detected NTDLL code modification:
ZwClose, ZwOpenFile
scanning hidden processes ...
IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: error reading MBR
kernel: error reading MBR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 21:17:10,60
List'em by g3n-h@ckm@n 1.7.1.0
User : (Administrateurs)
Update on 13/04/2010 by g3n-h@ckm@n ::::: 17.10
Start at: 19:58:21 | 15/04/2010
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\PersistenceThread.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
ProductReg REG_SZ "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
RTHDCPL REG_SZ RTHDCPL.EXE
AzMixerSel REG_SZ C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
RemoteControl8 REG_SZ "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
PDVD8LanguageShortcut REG_SZ "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
MSPY2002 REG_SZ C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
snp2uvc REG_SZ rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS
PLFSetL REG_SZ C:\WINDOWS\PLFSetL.exe
LManager REG_SZ C:\Program Files\Launch Manager\LManager.exe
USB Antivirus REG_SZ C:\Program Files\USB Disk Security\USBGuard.exe
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
PersistenceThread REG_SZ C:\WINDOWS\system32\PersistenceThread.exe
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
COMODO Internet Security REG_SZ "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NofolderOptions REG_DWORD 0 (0x0)
NoFind REG_DWORD 0 (0x0)
NoRun REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
NoFolderOptions REG_DWORD 0 (0x0)
HonorAutoRunSetting REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ C:\WINDOWS\system32\guard32.dll
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ ACER-4228220248
DefaultUserName REG_SZ Mohsen
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Mohsen
AltDefaultDomainName REG_SZ ACER-4228220248
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\Skype\Plugin Manager\skypePM.exe REG_SZ C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
===
DNS
===
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.hopsurf.com
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
========
Safemode
========
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot" : OK !!
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal" : OK !!
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network" : OK !!
=========
Atapi.sys
=========
C:\WINDOWS\system32\drivers\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Documents and Settings\Mohsen\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\Mohsen\Application Data\wklnhst.dat
Present !! : C:\Documents and Settings\Mohsen\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\Mohsen\Application Data\wklnhst.dat
Present !! : C:\Documents and Settings\Mohsen\Local Settings\Temp\6.tmp
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\SkypeSetup.exe
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_480.dat
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_54c.dat
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_5e8.dat
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_638.dat
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_81c.dat
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_a20.dat
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_a7c.dat
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_f8c.dat
Present !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\mpengine.dll
Present !! : C:\Documents and Settings\Mohsen\Local Settings\Temporary Internet Files\SuggestedSites.dat
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
Present !! : HKEY_USERS\S-1-5-21-3168066103-1421531899-4282951562-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind
Present !! : HKEY_USERS\S-1-5-21-3168066103-1421531899-4282951562-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
Present !! : HKEY_USERS\S-1-5-21-3168066103-1421531899-4282951562-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
Present !! : HKEY_USERS\S-1-5-21-3168066103-1421531899-4282951562-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind
Present !! : HKEY_USERS\S-1-5-21-3168066103-1421531899-4282951562-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
Present !! : HKEY_USERS\S-1-5-21-3168066103-1421531899-4282951562-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}
Present !! : HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
============
driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-15 21:17:08
Windows 5.1.2600 Service Pack 3 FAT NTAPI
detected NTDLL code modification:
ZwClose, ZwOpenFile
scanning hidden processes ...
IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: error reading MBR
kernel: error reading MBR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 21:17:10,60
Utilisateur anonyme
15 avril 2010 à 22:48
15 avril 2010 à 22:48
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
Utilisateur anonyme
15 avril 2010 à 23:23
15 avril 2010 à 23:23
Le client ne dispose pas d'un privilège nécessaire.
Le client ne dispose pas d'un privilège nécessaire.
je n'ai jamais eu affaire a ceci
Le client ne dispose pas d'un privilège nécessaire.
je n'ai jamais eu affaire a ceci
je me suis un peu mal exprimé, je veux dire j'ai besoin d'avoir ie c'est un peu le truc qui me gène, le reste je n'y pige rien, je vois l'intérêt qu'aurait quelqu'un à piraté mr. tout le monde, je fais pas d'achat en ligne, et ma vie est plutôt ennuyante ; ))
bon, si tu veux bien m'aider ce serait sympatoche : )
bon, si tu veux bien m'aider ce serait sympatoche : )
Utilisateur anonyme
15 avril 2010 à 23:55
15 avril 2010 à 23:55
je t'ai demandé de au moins desactiver toutes tes defenses pendant l'utilisation de l'outil !!!
tu m'etonnes que l'acces est refuse !!!!
tu m'etonnes que l'acces est refuse !!!!
ça y est j'ai fait tourner le clean, depuis comodo ne s'active pas automatiquement au démarrage, c'est normal ? ie8 se lance comme avant,
voici le rapport :
Kill'em by g3n-h@ckm@n 1.7.1.0
User : (Administrateurs)
Update on 13/04/2010 by g3n-h@ckm@n ::::: 17.10
Start at: 23:02:52 | 15/04/2010
Intel(R) Atom(TM) CPU Z520 @ 1.33GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : COMODO Antivirus 3.9 [ (!) Disabled | Updated ]
FW : COMODO Firewall[ Enabled ]3.9
C:\ -> Disque fixe local | 141,05 Go (86,24 Go free) [ACER] | NTFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\Application Data\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\Application Data\wklnhst.dat
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\Local Settings\Temp\6.tmp
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\SkypeSetup.exe
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_480.dat
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_54c.dat
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_5e8.dat
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_638.dat
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_81c.dat
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_a7c.dat
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\mpengine.dll
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\Local Settings\Temporary Internet Files\SuggestedSites.dat
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc15.amr
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc16.amr
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc17.amr
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc18.amr
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc19.amr
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc20.amr
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc21.amr
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc22.amr
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc23.amr
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc24.amr
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc25.amr
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc27.doc
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc28.avi
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc29.exe
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc30.avi
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc31.avi
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc32.avi
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc33.xls
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc34.pdf
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc35.xls
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc36.xls
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc37.doc
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc38.flv
==============
host file OK !
==============
========
Registry
========
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}
Deleted : HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
C'est quoi que j'avais choppé ?
encore merci pour ton aide
voici le rapport :
Kill'em by g3n-h@ckm@n 1.7.1.0
User : (Administrateurs)
Update on 13/04/2010 by g3n-h@ckm@n ::::: 17.10
Start at: 23:02:52 | 15/04/2010
Intel(R) Atom(TM) CPU Z520 @ 1.33GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : COMODO Antivirus 3.9 [ (!) Disabled | Updated ]
FW : COMODO Firewall[ Enabled ]3.9
C:\ -> Disque fixe local | 141,05 Go (86,24 Go free) [ACER] | NTFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\Application Data\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\Application Data\wklnhst.dat
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\Local Settings\Temp\6.tmp
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\SkypeSetup.exe
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_480.dat
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_54c.dat
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_5e8.dat
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_638.dat
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_81c.dat
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\Perflib_Perfdata_a7c.dat
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\LOCAL Settings\Temp\mpengine.dll
Quarantined & Deleted !! : C:\Documents and Settings\Mohsen\Local Settings\Temporary Internet Files\SuggestedSites.dat
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc15.amr
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc16.amr
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc17.amr
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc18.amr
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc19.amr
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc20.amr
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc21.amr
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc22.amr
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc23.amr
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc24.amr
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc25.amr
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc27.doc
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc28.avi
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc29.exe
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc30.avi
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc31.avi
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc32.avi
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc33.xls
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc34.pdf
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc35.xls
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc36.xls
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc37.doc
Deleted !! : C:\RECYCLER\S-1-5-21-3168066103-1421531899-4282951562-1005\Dc38.flv
==============
host file OK !
==============
========
Registry
========
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}
Deleted : HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
C'est quoi que j'avais choppé ?
encore merci pour ton aide
Utilisateur anonyme
16 avril 2010 à 21:42
16 avril 2010 à 21:42
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant tous les utilisateurs
▶ règle age du fichier sur "60 jours"
▶ dans la moitié gauche , mets tout sur "tous"
ne modifie pas ceci :
"fichiers créés" et "fichiers Modifiés"
▶Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant tous les utilisateurs
▶ règle age du fichier sur "60 jours"
▶ dans la moitié gauche , mets tout sur "tous"
ne modifie pas ceci :
"fichiers créés" et "fichiers Modifiés"
▶Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
Utilisateur anonyme
28 avril 2010 à 09:14
28 avril 2010 à 09:14
▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
▶ clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :
C:\WINDOWS\System32\drivers\sfi.dat
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
▶ clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :
C:\WINDOWS\System32\drivers\sfi.dat
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
Utilisateur anonyme
28 avril 2010 à 23:02
28 avril 2010 à 23:02
peux-tu s'il te plait , ouvrir un nouveau document texte , et faire glisser cet icone dans cette page et m'indiquer les information(copier/coller) qui se trouvent dedans ???????????,
Utilisateur anonyme
28 avril 2010 à 23:22
28 avril 2010 à 23:22
non fais glisser le fichier dans le txt
Utilisateur anonyme
29 avril 2010 à 19:52
29 avril 2010 à 19:52
et clic droit / proprietes ?
13 avril 2010 à 18:48
non pour le vanter mais c'est veridique.....