[Virus] Infecté par album photo !
Zedka
-
zedka -
zedka -
Hello, SVP est-ce que quelqu'un peu m'aider ???
j'ai eu le virus album photo msn et voilà les log hijackthis et msnfix
hijack :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:39:01, on 19/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOLbox\Gateway\wlancfg.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
C:\WINDOWS\AdobeR.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\TerraTec\DMX 6fire\DMX6Fire.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Clément\Bureau\test.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.deviantart.com/zedka
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FIREBOX] C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ?
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.26\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.26\IExifCom.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\AOLbox\Gateway\wlancfg.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O24 - Desktop Component 0: (no name) - http://ic1.deviantart.com/fs11/i/2006/226/5/7/Recapitulation_by_vhm_alex.jpg
j'ai eu le virus album photo msn et voilà les log hijackthis et msnfix
hijack :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:39:01, on 19/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOLbox\Gateway\wlancfg.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
C:\WINDOWS\AdobeR.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\TerraTec\DMX 6fire\DMX6Fire.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Clément\Bureau\test.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.deviantart.com/zedka
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FIREBOX] C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ?
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.26\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.26\IExifCom.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\AOLbox\Gateway\wlancfg.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O24 - Desktop Component 0: (no name) - http://ic1.deviantart.com/fs11/i/2006/226/5/7/Recapitulation_by_vhm_alex.jpg
A voir également:
- [Virus] Infecté par album photo !
- Google photo - Télécharger - Albums photo
- Album photo partagé - Guide
- Google photo album partagé - Guide
- Photo filtre 7 gratuit - Télécharger - Retouche d'image
- Logiciel album photo - Télécharger - Albums photo
8 réponses
Ta réponse est ici :
virus msn album photo zip
virus msn album photo zip
Zedka
Merci, j'ai eu cet article, mais il est stipulé de faire analyser les logs...
Bonjour
Télécharge et exécute ceci
--> http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
Ensuite :
¤ Télécharge ce programme puis double clic dessus (ferme ton antivirus s'il te détecte quoi que ce soit)
http://www.suspectfile.com/systemscan/
* Coche uniquement ces cases, décoche tout le reste :
- Recent Files, 30 days
- Registry Run Key
- Hidden objects
Puis clic sur scan now, soit patient.
Une fois qu'il aura terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.
Télécharge et exécute ceci
--> http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
Ensuite :
¤ Télécharge ce programme puis double clic dessus (ferme ton antivirus s'il te détecte quoi que ce soit)
http://www.suspectfile.com/systemscan/
* Coche uniquement ces cases, décoche tout le reste :
- Recent Files, 30 days
- Registry Run Key
- Hidden objects
Puis clic sur scan now, soit patient.
Une fois qu'il aura terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.
Merci boulepate, voilà le log :
SystemScan - www.suspectfile.com - ver. 3.1.2
Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
Date: 19/06/2007
Time: 23:28:40
Output limited to:
-Recent files
-Registry Run Keys
-Hidden objects
===================== Recent files (30 days old)=====================
----- recent files in C:\
19/06/2007 22:19:40 805306368 byte 0 days old -- pagefile.sys
19/06/2007 23:28:40 (DIR) 0 byte 0 days old -- suspectfile
----- recent files in C:\WINDOWS\
24/05/2007 03:00:38 (DIR) 0 byte 26 days old -- $NtUninstallKB927891$
24/05/2007 03:00:46 7566 byte 26 days old -- KB927891.log
03/06/2007 00:33:28 179735 byte 16 days old -- setupact.log
13/06/2007 03:00:54 24210 byte 6 days old -- KB933566-IE7.log
13/06/2007 03:00:56 (DIR) 0 byte 6 days old -- $NtUninstallKB935839$
13/06/2007 03:00:58 18953 byte 6 days old -- KB935839.log
13/06/2007 03:02:08 (DIR) 0 byte 6 days old -- $NtUninstallKB935840$
13/06/2007 03:02:12 1374 byte 6 days old -- imsins.BAK
13/06/2007 03:02:12 19307 byte 6 days old -- KB935840.log
13/06/2007 03:02:14 (DIR) 0 byte 6 days old -- $NtUninstallKB929123$
13/06/2007 03:02:16 108113 byte 6 days old -- updspapi.log
13/06/2007 03:02:18 20847 byte 6 days old -- KB929123.log
13/06/2007 03:02:18 836312 byte 6 days old -- FaxSetup.log
13/06/2007 03:02:18 131016 byte 6 days old -- iis6.log
13/06/2007 03:02:18 1374 byte 6 days old -- imsins.log
13/06/2007 03:02:18 414562 byte 6 days old -- ocgen.log
13/06/2007 03:02:18 285093 byte 6 days old -- comsetup.log
13/06/2007 03:02:18 172294 byte 6 days old -- ntdtcsetup.log
13/06/2007 03:02:18 325223 byte 6 days old -- tsoc.log
13/06/2007 03:02:18 42396 byte 6 days old -- msgsocm.log
13/06/2007 03:02:18 46537 byte 6 days old -- ocmsn.log
13/06/2007 18:24:06 150463 byte 6 days old -- setupapi.log
14/06/2007 15:53:04 22771 byte 5 days old -- 4-wlancfg.log
15/06/2007 20:19:42 75610 byte 4 days old -- 5-wlancfg.log
17/06/2007 06:34:32 22903 byte 2 days old -- 6-wlancfg.log
18/06/2007 07:35:06 23197 byte 1 days old -- 0-wlancfg.log
19/06/2007 09:03:00 22897 byte 0 days old -- 1-wlancfg.log
19/06/2007 10:28:46 503 byte 0 days old -- sam7_E.INI
19/06/2007 19:01:04 242183 byte 0 days old -- wmsetup.log
19/06/2007 19:37:22 3838 byte 0 days old -- ModemLog_SoftV92 Data Fax Modem #2.txt
19/06/2007 19:57:56 759 byte 0 days old -- win.ini
19/06/2007 21:59:24 14822 byte 0 days old -- DPINST.LOG
19/06/2007 22:19:04 32416 byte 0 days old -- SchedLgU.Txt
19/06/2007 22:19:04 50 byte 0 days old -- wiaservc.log
19/06/2007 22:19:04 2030413 byte 0 days old -- WindowsUpdate.log
19/06/2007 22:19:44 2048 byte 0 days old -- bootstat.dat
19/06/2007 22:19:50 159 byte 0 days old -- wiadebug.log
19/06/2007 22:19:56 1477 byte 0 days old -- msnfix.txt
19/06/2007 22:21:20 0 byte 0 days old -- 0.log
19/06/2007 22:21:34 68439 byte 0 days old -- 2-wlancfg.log
----- recent files in C:\WINDOWS\Downloaded Program Files\
----- recent files in C:\WINDOWS\system\
----- recent files in C:\WINDOWS\system32\
06/06/2007 08:38:42 15747032 byte 13 days old -- MRT.exe
19/06/2007 22:21:54 13646 byte 0 days old -- wpa.dbl
----- recent files in C:\WINDOWS\system32\drivers\
----- recent files in C:\WINDOWS\temp\
19/06/2007 22:19:48 255 byte 0 days old -- WGAErrLog.txt
19/06/2007 22:21:56 409 byte 0 days old -- WGANotify.settings
----- recent files in C:\Program Files\
----- recent files in C:\Program Files\Fichiers communs\
===================== REGISTRY SCAN =====================
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe\00xe"
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"FIREBOX"="C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe"
"Acrobat Assistant 7.0"="\"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe\""
"SunJavaUpdateSched"="\"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe\""
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe"
"TkBellExe"="\"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe\" -osboot"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"Adobe Photo Downloader"="\"C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe\""
"RavAV"="C:\WINDOWS\AdobeR.exe"
[Run\OptionalComponents]
[Run\OptionalComponents\IMAIL]
"Installed"="1"
[Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[Run\OptionalComponents\MSFS]
"Installed"="1"
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"MsnMsgr"="\"C:\Program Files\MSN Messenger\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"updateMgr"="\"C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe\" AcPro7_0_8 -reboot 1"
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe"
-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----
[Windows]
"AppInit_DLLs"=""
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----
[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\System32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----
[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"
[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installation de logiciel"
"DllName"=expand:"appmgmts.dll"
[Winlogon\Notify]
[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"
[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"
[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"
[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"
[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=expand:"WgaLogon.dll"
[Winlogon\Notify\WgaLogon\Settings]
[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
[Winlogon\SpecialAccounts]
[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp"
"BuildNumber"=dword:00000a28
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----
[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"
-----HKLM\System\CurrentControlSet\Control\Session Manager\-----
[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"
[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----
[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
[RunOnceEx]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
[RunServicesOnce]
-----HKLM\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----
-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----
-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----
[Browser Helper Objects]
[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
#### HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 @="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
@=""
[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"NoExplorer"=dword:00000001
[Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
#### HKCR\CLSID\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\InprocServer32 @="C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll"
[Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
#### HKCR\CLSID\{AE7CD045-E861-484f-8273-0445EE161910}\InprocServer32 @="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll"
@=""
[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
#### HKCR\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServer32 @="C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll"
-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----
[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"
-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-----
[startupfolder]
[startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Kodak software updater.lnk"
"backup"="C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE "
"item"="Kodak software updater"
[startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk"
"backup"="C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe "
"item"="Lancement rapide d'Adobe Acrobat"
[startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk"
"backup"="C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -hx"
"item"="Logiciel Kodak EasyShare"
[startupfolder\C:^Documents and Settings^Clément^Menu Démarrer^Programmes^Démarrage^Iomega Product Registration.lnk]
"path"="C:\Documents and Settings\Clément\Menu Démarrer\Programmes\Démarrage\Iomega Product Registration.lnk"
"backup"="C:\WINDOWS\pss\Iomega Product Registration.lnkStartup"
"location"="Startup"
"command"="C:\PROGRA~1\Iomega\REGIST~1\Register.exe /remind /language=FR /PRNM=\"Iomega Product\""
"item"="Iomega Product Registration"
-----HKCU\Control Panel\Desktop\-----
[Desktop]
[Desktop\WindowMetrics]
-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----
[command]
@="\"%1\" /S"
-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----
[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"
-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----
[URL]
[URL\DefaultPrefix]
@="http://"
[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"
-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----
[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wdigest\00\00"
"LsaPid"=dword:000002c0
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"
[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"
[Lsa\Audit]
[Lsa\Audit\PerUserAuditing]
[Lsa\Audit\PerUserAuditing\System]
[Lsa\Data]
@Class="80f1ce00"
"Pattern"=hex:d8,63,50,8e,02,d8,b7,d9,ca,73,ca,95,c3,97,e3,69,38,30,66,31,63,\
65,30,30,00,68,07,00,01,00,00,00,d8,00,00,00,dc,00,00,00,48,fa,06,00,d6,48,\
51,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,bc,a4,ea,49
[Lsa\GBG]
@Class="bc7cb879"
"GrafBlumGroup"=hex:d1,c6,06,a8,96,92,cc,65,e6
[Lsa\JD]
@Class="e69149cb"
"Lookup"=hex:1f,3b,9f,c6,74,fe
[Lsa\Kerberos]
[Lsa\Kerberos\Domains]
[Lsa\Kerberos\SidCache]
[Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000
[Lsa\Skew1]
@Class="eaa49eb6"
"SkewMatrix"=hex:8f,1f,8f,a1,75,b0,d1,bd,12,dd,7e,75,a9,68,be,0a
[Lsa\SSO]
[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[Lsa\SspiCache]
"Time"=hex:18,96,38,18,be,12,c5,01
[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,ea,0b,83,fe,85,c4,01
"Type"=dword:00000031
[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,cb,01,89,fe,85,c4,01
"Type"=dword:00000031
[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,cb,01,89,fe,85,c4,01
"Type"=dword:00000031
-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----
[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Pare-feu Windows / Partage de connexion Internet"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"DependOnGroup"=multi:"\00"
"ObjectName"="LocalSystem"
"Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."
[SharedAccess\Epoch]
"Epoch"=dword:00006e3f
[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
[SharedAccess\Parameters\FirewallPolicy]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\MSNMSGR.EXE"="C:\Program Files\MSN Messenger\MSNMSGR.EXE:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Valve\Steam\SteamApps\zeklooms\half-life 2\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\zeklooms\half-life 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\AdobeR.exe"="C:\WINDOWS\AdobeR.exe:*:Enabled:AdobeR"
"C:\Program Files\MSN Messenger\MSNMSGR.EXE"="C:\Program Files\MSN Messenger\MSNMSGR.EXE:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002"
"15074:TCP"="15074:TCP:*:Enabled:NortonAV"
"17693:TCP"="17693:TCP:*:Enabled:NortonAV"
"14892:TCP"="14892:TCP:*:Enabled:NortonAV"
"18524:TCP"="18524:TCP:*:Enabled:NortonAV"
"12805:TCP"="12805:TCP:*:Enabled:NortonAV"
"16572:TCP"="16572:TCP:*:Enabled:NortonAV"
"12921:TCP"="12921:TCP:*:Enabled:NortonAV"
"17670:TCP"="17670:TCP:*:Enabled:NortonAV"
"16974:TCP"="16974:TCP:*:Enabled:NortonAV"
"13827:TCP"="13827:TCP:*:Enabled:NortonAV"
"18348:TCP"="18348:TCP:*:Enabled:NortonAV"
"17445:TCP"="17445:TCP:*:Enabled:NortonAV"
"12590:TCP"="12590:TCP:*:Enabled:NortonAV"
"17769:TCP"="17769:TCP:*:Enabled:NortonAV"
"12482:TCP"="12482:TCP:*:Enabled:NortonAV"
"16973:TCP"="16973:TCP:*:Enabled:NortonAV"
"13424:TCP"="13424:TCP:*:Enabled:NortonAV"
"17215:TCP"="17215:TCP:*:Enabled:NortonAV"
"12960:TCP"="12960:TCP:*:Enabled:NortonAV"
"12379:TCP"="12379:TCP:*:Enabled:NortonAV"
"17536:TCP"="17536:TCP:*:Enabled:NortonAV"
"18041:TCP"="18041:TCP:*:Enabled:NortonAV"
"15455:TCP"="15455:TCP:*:Enabled:NortonAV"
[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001
-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----
-----HKLM\Software\Microsoft\Ole-----
[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
[Ole\AppCompat]
[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----
[Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[Security Center\Monitoring]
[Security Center\Monitoring\AhnlabAntiVirus]
[Security Center\Monitoring\ComputerAssociatesAntiVirus]
[Security Center\Monitoring\KasperskyAntiVirus]
[Security Center\Monitoring\McAfeeAntiVirus]
[Security Center\Monitoring\McAfeeFirewall]
[Security Center\Monitoring\PandaAntiVirus]
[Security Center\Monitoring\PandaFirewall]
[Security Center\Monitoring\SophosAntiVirus]
[Security Center\Monitoring\SymantecAntiVirus]
[Security Center\Monitoring\SymantecFirewall]
[Security Center\Monitoring\TinyFirewall]
[Security Center\Monitoring\TrendAntiVirus]
[Security Center\Monitoring\TrendFirewall]
[Security Center\Monitoring\ZoneLabsFirewall]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----
[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{F7A4AEFD-3B25-4236-8A77-98967DF103FC}"
[SystemRestore\SnapshotCallbacks]
@=""
-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----
-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----
[MountPoints2]
[MountPoints2\A]
"BaseClass"="Drive"
[MountPoints2\C]
"BaseClass"="Drive"
[MountPoints2\D]
"BaseClass"="Drive"
[MountPoints2\E]
"BaseClass"="Drive"
[MountPoints2\F]
"BaseClass"="Drive"
[MountPoints2\G]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,01,01,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,00,00,00
[MountPoints2\{02545520-7eb2-11d9-b6ce-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{02545520-7eb2-11d9-b6ce-00038a000015}\shell]
@="None"
[MountPoints2\{02545520-7eb2-11d9-b6ce-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{02545520-7eb2-11d9-b6ce-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{0620273c-9be5-11da-9913-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,04,00,00
[MountPoints2\{0620273c-9be5-11da-9913-00038a000015}\shell]
@="None"
[MountPoints2\{0620273c-9be5-11da-9913-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{0620273c-9be5-11da-9913-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{0a586a2c-ea94-11db-9b49-00173126dee8}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,07,00,00
[MountPoints2\{0a586a2c-ea94-11db-9b49-00173126dee8}\shell]
@="None"
[MountPoints2\{0a586a2c-ea94-11db-9b49-00173126dee8}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{0a586a2c-ea94-11db-9b49-00173126dee8}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{0f1664da-efbc-11d9-b794-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{0f1664da-efbc-11d9-b794-00038a000015}\shell]
@="None"
[MountPoints2\{0f1664da-efbc-11d9-b794-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{0f1664da-efbc-11d9-b794-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{179c9926-853b-11d9-b6d8-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{179c9926-853b-11d9-b6d8-00038a000015}\shell]
@="None"
[MountPoints2\{179c9926-853b-11d9-b6d8-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{179c9926-853b-11d9-b6d8-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{1e966b90-68d8-11da-98ba-000fb5cc093d}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{1e966b90-68d8-11da-98ba-000fb5cc093d}\shell]
@="None"
[MountPoints2\{1e966b90-68d8-11da-98ba-000fb5cc093d}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{1e966b90-68d8-11da-98ba-000fb5cc093d}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{2743e0c4-5064-11da-988e-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{2743e0c4-5064-11da-988e-00038a000015}\shell]
@="None"
[MountPoints2\{2743e0c4-5064-11da-988e-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{2743e0c4-5064-11da-988e-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{2ca736ea-66c2-11db-9a65-00173126dee8}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,05,00,00
[MountPoints2\{2ca736ea-66c2-11db-9a65-00173126dee8}\shell]
@="None"
[MountPoints2\{2ca736ea-66c2-11db-9a65-00173126dee8}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{2ca736ea-66c2-11db-9a65-00173126dee8}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{4af30482-2ae8-11db-9a08-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[MountPoints2\{4af30482-2ae8-11db-9a08-00038a000015}\shell]
@="None"
[MountPoints2\{4af30482-2ae8-11db-9a08-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{4af30482-2ae8-11db-9a08-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{4dae1f6c-ba5b-11d9-b732-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{4dae1f6c-ba5b-11d9-b732-00038a000015}\shell]
@="None"
[MountPoints2\{4dae1f6c-ba5b-11d9-b732-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{4dae1f6c-ba5b-11d9-b732-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{4e748e34-c4e7-11db-9b10-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{4e748e34-c4e7-11db-9b10-00038a000015}\shell]
@="None"
[MountPoints2\{4e748e34-c4e7-11db-9b10-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{4e748e34-c4e7-11db-9b10-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,00,\
01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,00,00,00
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell]
@="Auto"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\Auto]
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\Auto\command]
@="G:\AdobeR.exe e"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\AutoRun]
"Extended"=""
@="&Exécution automatique"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\AutoRun\command]
@="C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e"
[MountPoints2\{55d18e90-a7f3-11db-9ad8-00173126dee8}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{55d18e90-a7f3-11db-9ad8-00173126dee8}\shell]
@="None"
[MountPoints2\{55d18e90-a7f3-11db-9ad8-00173126dee8}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{55d18e90-a7f3-11db-9ad8-00173126dee8}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{59b5f262-4402-11db-9a26-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[MountPoints2\{59b5f262-4402-11db-9a26-00038a000015}\shell]
@="None"
[MountPoints2\{59b5f262-4402-11db-9a26-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{59b5f262-4402-11db-9a26-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{5cd16596-a0cb-11db-9ac9-00173126dee8}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,cf,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,01,00,00,00,00,00,00,00
[MountPoints2\{6128aa46-9357-11da-9904-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{6128aa46-9357-11da-9904-00038a000015}\shell]
@="None"
[MountPoints2\{6128aa46-9357-11da-9904-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{6128aa46-9357-11da-9904-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,01,00,00
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell]
@="Auto"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\Auto]
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\Auto\command]
@="G:\AdobeR.exe e"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\AutoRun]
"Extended"=""
@="&Exécution automatique"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\AutoRun\command]
@="C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e"
[MountPoints2\{655b5c40-ff90-11d9-9816-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,01,01,00,5f,\
5f,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,60,00,00,00,0a,00,00,00
[MountPoints2\{655b5c40-ff90-11d9-9816-806d6172696f}\_Autorun]
[MountPoints2\{655b5c40-ff90-11d9-9816-806d6172696f}\_Autorun\DefaultIcon]
@="E:\Booba.ico"
[MountPoints2\{70efa6c8-97fd-11da-990d-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{7c4bb7c4-8f15-11d9-b6e7-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{7c4bb7c4-8f15-11d9-b6e7-00038a000015}\shell]
@="None"
[MountPoints2\{7c4bb7c4-8f15-11d9-b6e7-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{7c4bb7c4-8f15-11d9-b6e7-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{7fc596f6-5307-11db-9a42-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,09,07,00,00
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell]
@="Auto"
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\Auto]
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\Auto\command]
@="G:\AdobeR.exe e"
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\AutoRun]
"Extended"=""
@="&Exécution automatique"
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\AutoRun\command]
@="C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e"
[MountPoints2\{9478a210-6cf6-11db-9a70-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{9478a210-6cf6-11db-9a70-00038a000015}\shell]
@="None"
[MountPoints2\{9478a210-6cf6-11db-9a70-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{9478a210-6cf6-11db-9a70-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{a7e770dc-7ea1-11d9-ac8f-806d6172696f}]
"BaseClass"="Drive"
[MountPoints2\{a7e770dd-7ea1-11d9-ac8f-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,20,00,00,00,08,07,00,00
[MountPoints2\{a7e770de-7ea1-11d9-ac8f-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,01,00,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,60,00,00,00,0a,00,00,00
[MountPoints2\{a7e770df-7ea1-11d9-ac8f-806d6172696f}]
"BaseClass"="Drive"
[MountPoints2\{a7e770e0-7ea1-11d9-ac8f-806d6172696f}]
"BaseClass"="Drive"
[MountPoints2\{b4fd7610-4997-11da-9885-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[MountPoints2\{b4fd7610-4997-11da-9885-00038a000015}\shell]
@="None"
[MountPoints2\{b4fd7610-4997-11da-9885-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{b4fd7610-4997-11da-9885-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{b91e7d30-eaa8-11db-9b4a-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
SystemScan - www.suspectfile.com - ver. 3.1.2
Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
Date: 19/06/2007
Time: 23:28:40
Output limited to:
-Recent files
-Registry Run Keys
-Hidden objects
===================== Recent files (30 days old)=====================
----- recent files in C:\
19/06/2007 22:19:40 805306368 byte 0 days old -- pagefile.sys
19/06/2007 23:28:40 (DIR) 0 byte 0 days old -- suspectfile
----- recent files in C:\WINDOWS\
24/05/2007 03:00:38 (DIR) 0 byte 26 days old -- $NtUninstallKB927891$
24/05/2007 03:00:46 7566 byte 26 days old -- KB927891.log
03/06/2007 00:33:28 179735 byte 16 days old -- setupact.log
13/06/2007 03:00:54 24210 byte 6 days old -- KB933566-IE7.log
13/06/2007 03:00:56 (DIR) 0 byte 6 days old -- $NtUninstallKB935839$
13/06/2007 03:00:58 18953 byte 6 days old -- KB935839.log
13/06/2007 03:02:08 (DIR) 0 byte 6 days old -- $NtUninstallKB935840$
13/06/2007 03:02:12 1374 byte 6 days old -- imsins.BAK
13/06/2007 03:02:12 19307 byte 6 days old -- KB935840.log
13/06/2007 03:02:14 (DIR) 0 byte 6 days old -- $NtUninstallKB929123$
13/06/2007 03:02:16 108113 byte 6 days old -- updspapi.log
13/06/2007 03:02:18 20847 byte 6 days old -- KB929123.log
13/06/2007 03:02:18 836312 byte 6 days old -- FaxSetup.log
13/06/2007 03:02:18 131016 byte 6 days old -- iis6.log
13/06/2007 03:02:18 1374 byte 6 days old -- imsins.log
13/06/2007 03:02:18 414562 byte 6 days old -- ocgen.log
13/06/2007 03:02:18 285093 byte 6 days old -- comsetup.log
13/06/2007 03:02:18 172294 byte 6 days old -- ntdtcsetup.log
13/06/2007 03:02:18 325223 byte 6 days old -- tsoc.log
13/06/2007 03:02:18 42396 byte 6 days old -- msgsocm.log
13/06/2007 03:02:18 46537 byte 6 days old -- ocmsn.log
13/06/2007 18:24:06 150463 byte 6 days old -- setupapi.log
14/06/2007 15:53:04 22771 byte 5 days old -- 4-wlancfg.log
15/06/2007 20:19:42 75610 byte 4 days old -- 5-wlancfg.log
17/06/2007 06:34:32 22903 byte 2 days old -- 6-wlancfg.log
18/06/2007 07:35:06 23197 byte 1 days old -- 0-wlancfg.log
19/06/2007 09:03:00 22897 byte 0 days old -- 1-wlancfg.log
19/06/2007 10:28:46 503 byte 0 days old -- sam7_E.INI
19/06/2007 19:01:04 242183 byte 0 days old -- wmsetup.log
19/06/2007 19:37:22 3838 byte 0 days old -- ModemLog_SoftV92 Data Fax Modem #2.txt
19/06/2007 19:57:56 759 byte 0 days old -- win.ini
19/06/2007 21:59:24 14822 byte 0 days old -- DPINST.LOG
19/06/2007 22:19:04 32416 byte 0 days old -- SchedLgU.Txt
19/06/2007 22:19:04 50 byte 0 days old -- wiaservc.log
19/06/2007 22:19:04 2030413 byte 0 days old -- WindowsUpdate.log
19/06/2007 22:19:44 2048 byte 0 days old -- bootstat.dat
19/06/2007 22:19:50 159 byte 0 days old -- wiadebug.log
19/06/2007 22:19:56 1477 byte 0 days old -- msnfix.txt
19/06/2007 22:21:20 0 byte 0 days old -- 0.log
19/06/2007 22:21:34 68439 byte 0 days old -- 2-wlancfg.log
----- recent files in C:\WINDOWS\Downloaded Program Files\
----- recent files in C:\WINDOWS\system\
----- recent files in C:\WINDOWS\system32\
06/06/2007 08:38:42 15747032 byte 13 days old -- MRT.exe
19/06/2007 22:21:54 13646 byte 0 days old -- wpa.dbl
----- recent files in C:\WINDOWS\system32\drivers\
----- recent files in C:\WINDOWS\temp\
19/06/2007 22:19:48 255 byte 0 days old -- WGAErrLog.txt
19/06/2007 22:21:56 409 byte 0 days old -- WGANotify.settings
----- recent files in C:\Program Files\
----- recent files in C:\Program Files\Fichiers communs\
===================== REGISTRY SCAN =====================
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe\00xe"
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"FIREBOX"="C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe"
"Acrobat Assistant 7.0"="\"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe\""
"SunJavaUpdateSched"="\"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe\""
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe"
"TkBellExe"="\"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe\" -osboot"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"Adobe Photo Downloader"="\"C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe\""
"RavAV"="C:\WINDOWS\AdobeR.exe"
[Run\OptionalComponents]
[Run\OptionalComponents\IMAIL]
"Installed"="1"
[Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[Run\OptionalComponents\MSFS]
"Installed"="1"
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"MsnMsgr"="\"C:\Program Files\MSN Messenger\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"updateMgr"="\"C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe\" AcPro7_0_8 -reboot 1"
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe"
-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----
[Windows]
"AppInit_DLLs"=""
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----
[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\System32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----
[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"
[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installation de logiciel"
"DllName"=expand:"appmgmts.dll"
[Winlogon\Notify]
[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"
[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"
[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"
[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"
[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=expand:"WgaLogon.dll"
[Winlogon\Notify\WgaLogon\Settings]
[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
[Winlogon\SpecialAccounts]
[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp"
"BuildNumber"=dword:00000a28
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----
[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"
-----HKLM\System\CurrentControlSet\Control\Session Manager\-----
[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"
[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----
[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
[RunOnceEx]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
[RunServicesOnce]
-----HKLM\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----
-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----
-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----
[Browser Helper Objects]
[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
#### HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 @="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
@=""
[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"NoExplorer"=dword:00000001
[Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
#### HKCR\CLSID\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\InprocServer32 @="C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll"
[Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
#### HKCR\CLSID\{AE7CD045-E861-484f-8273-0445EE161910}\InprocServer32 @="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll"
@=""
[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
#### HKCR\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServer32 @="C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll"
-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----
[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"
-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-----
[startupfolder]
[startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Kodak software updater.lnk"
"backup"="C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE "
"item"="Kodak software updater"
[startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk"
"backup"="C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe "
"item"="Lancement rapide d'Adobe Acrobat"
[startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk"
"backup"="C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -hx"
"item"="Logiciel Kodak EasyShare"
[startupfolder\C:^Documents and Settings^Clément^Menu Démarrer^Programmes^Démarrage^Iomega Product Registration.lnk]
"path"="C:\Documents and Settings\Clément\Menu Démarrer\Programmes\Démarrage\Iomega Product Registration.lnk"
"backup"="C:\WINDOWS\pss\Iomega Product Registration.lnkStartup"
"location"="Startup"
"command"="C:\PROGRA~1\Iomega\REGIST~1\Register.exe /remind /language=FR /PRNM=\"Iomega Product\""
"item"="Iomega Product Registration"
-----HKCU\Control Panel\Desktop\-----
[Desktop]
[Desktop\WindowMetrics]
-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----
[command]
@="\"%1\" /S"
-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----
[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"
-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----
[URL]
[URL\DefaultPrefix]
@="http://"
[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"
-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----
[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wdigest\00\00"
"LsaPid"=dword:000002c0
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"
[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"
[Lsa\Audit]
[Lsa\Audit\PerUserAuditing]
[Lsa\Audit\PerUserAuditing\System]
[Lsa\Data]
@Class="80f1ce00"
"Pattern"=hex:d8,63,50,8e,02,d8,b7,d9,ca,73,ca,95,c3,97,e3,69,38,30,66,31,63,\
65,30,30,00,68,07,00,01,00,00,00,d8,00,00,00,dc,00,00,00,48,fa,06,00,d6,48,\
51,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,bc,a4,ea,49
[Lsa\GBG]
@Class="bc7cb879"
"GrafBlumGroup"=hex:d1,c6,06,a8,96,92,cc,65,e6
[Lsa\JD]
@Class="e69149cb"
"Lookup"=hex:1f,3b,9f,c6,74,fe
[Lsa\Kerberos]
[Lsa\Kerberos\Domains]
[Lsa\Kerberos\SidCache]
[Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000
[Lsa\Skew1]
@Class="eaa49eb6"
"SkewMatrix"=hex:8f,1f,8f,a1,75,b0,d1,bd,12,dd,7e,75,a9,68,be,0a
[Lsa\SSO]
[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[Lsa\SspiCache]
"Time"=hex:18,96,38,18,be,12,c5,01
[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,ea,0b,83,fe,85,c4,01
"Type"=dword:00000031
[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,cb,01,89,fe,85,c4,01
"Type"=dword:00000031
[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,cb,01,89,fe,85,c4,01
"Type"=dword:00000031
-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----
[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Pare-feu Windows / Partage de connexion Internet"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"DependOnGroup"=multi:"\00"
"ObjectName"="LocalSystem"
"Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."
[SharedAccess\Epoch]
"Epoch"=dword:00006e3f
[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
[SharedAccess\Parameters\FirewallPolicy]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\MSNMSGR.EXE"="C:\Program Files\MSN Messenger\MSNMSGR.EXE:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Valve\Steam\SteamApps\zeklooms\half-life 2\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\zeklooms\half-life 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\AdobeR.exe"="C:\WINDOWS\AdobeR.exe:*:Enabled:AdobeR"
"C:\Program Files\MSN Messenger\MSNMSGR.EXE"="C:\Program Files\MSN Messenger\MSNMSGR.EXE:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002"
"15074:TCP"="15074:TCP:*:Enabled:NortonAV"
"17693:TCP"="17693:TCP:*:Enabled:NortonAV"
"14892:TCP"="14892:TCP:*:Enabled:NortonAV"
"18524:TCP"="18524:TCP:*:Enabled:NortonAV"
"12805:TCP"="12805:TCP:*:Enabled:NortonAV"
"16572:TCP"="16572:TCP:*:Enabled:NortonAV"
"12921:TCP"="12921:TCP:*:Enabled:NortonAV"
"17670:TCP"="17670:TCP:*:Enabled:NortonAV"
"16974:TCP"="16974:TCP:*:Enabled:NortonAV"
"13827:TCP"="13827:TCP:*:Enabled:NortonAV"
"18348:TCP"="18348:TCP:*:Enabled:NortonAV"
"17445:TCP"="17445:TCP:*:Enabled:NortonAV"
"12590:TCP"="12590:TCP:*:Enabled:NortonAV"
"17769:TCP"="17769:TCP:*:Enabled:NortonAV"
"12482:TCP"="12482:TCP:*:Enabled:NortonAV"
"16973:TCP"="16973:TCP:*:Enabled:NortonAV"
"13424:TCP"="13424:TCP:*:Enabled:NortonAV"
"17215:TCP"="17215:TCP:*:Enabled:NortonAV"
"12960:TCP"="12960:TCP:*:Enabled:NortonAV"
"12379:TCP"="12379:TCP:*:Enabled:NortonAV"
"17536:TCP"="17536:TCP:*:Enabled:NortonAV"
"18041:TCP"="18041:TCP:*:Enabled:NortonAV"
"15455:TCP"="15455:TCP:*:Enabled:NortonAV"
[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001
-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----
-----HKLM\Software\Microsoft\Ole-----
[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
[Ole\AppCompat]
[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----
[Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[Security Center\Monitoring]
[Security Center\Monitoring\AhnlabAntiVirus]
[Security Center\Monitoring\ComputerAssociatesAntiVirus]
[Security Center\Monitoring\KasperskyAntiVirus]
[Security Center\Monitoring\McAfeeAntiVirus]
[Security Center\Monitoring\McAfeeFirewall]
[Security Center\Monitoring\PandaAntiVirus]
[Security Center\Monitoring\PandaFirewall]
[Security Center\Monitoring\SophosAntiVirus]
[Security Center\Monitoring\SymantecAntiVirus]
[Security Center\Monitoring\SymantecFirewall]
[Security Center\Monitoring\TinyFirewall]
[Security Center\Monitoring\TrendAntiVirus]
[Security Center\Monitoring\TrendFirewall]
[Security Center\Monitoring\ZoneLabsFirewall]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----
[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{F7A4AEFD-3B25-4236-8A77-98967DF103FC}"
[SystemRestore\SnapshotCallbacks]
@=""
-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----
-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----
[MountPoints2]
[MountPoints2\A]
"BaseClass"="Drive"
[MountPoints2\C]
"BaseClass"="Drive"
[MountPoints2\D]
"BaseClass"="Drive"
[MountPoints2\E]
"BaseClass"="Drive"
[MountPoints2\F]
"BaseClass"="Drive"
[MountPoints2\G]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,01,01,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,00,00,00
[MountPoints2\{02545520-7eb2-11d9-b6ce-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{02545520-7eb2-11d9-b6ce-00038a000015}\shell]
@="None"
[MountPoints2\{02545520-7eb2-11d9-b6ce-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{02545520-7eb2-11d9-b6ce-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{0620273c-9be5-11da-9913-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,04,00,00
[MountPoints2\{0620273c-9be5-11da-9913-00038a000015}\shell]
@="None"
[MountPoints2\{0620273c-9be5-11da-9913-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{0620273c-9be5-11da-9913-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{0a586a2c-ea94-11db-9b49-00173126dee8}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,07,00,00
[MountPoints2\{0a586a2c-ea94-11db-9b49-00173126dee8}\shell]
@="None"
[MountPoints2\{0a586a2c-ea94-11db-9b49-00173126dee8}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{0a586a2c-ea94-11db-9b49-00173126dee8}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{0f1664da-efbc-11d9-b794-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{0f1664da-efbc-11d9-b794-00038a000015}\shell]
@="None"
[MountPoints2\{0f1664da-efbc-11d9-b794-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{0f1664da-efbc-11d9-b794-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{179c9926-853b-11d9-b6d8-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{179c9926-853b-11d9-b6d8-00038a000015}\shell]
@="None"
[MountPoints2\{179c9926-853b-11d9-b6d8-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{179c9926-853b-11d9-b6d8-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{1e966b90-68d8-11da-98ba-000fb5cc093d}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{1e966b90-68d8-11da-98ba-000fb5cc093d}\shell]
@="None"
[MountPoints2\{1e966b90-68d8-11da-98ba-000fb5cc093d}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{1e966b90-68d8-11da-98ba-000fb5cc093d}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{2743e0c4-5064-11da-988e-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{2743e0c4-5064-11da-988e-00038a000015}\shell]
@="None"
[MountPoints2\{2743e0c4-5064-11da-988e-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{2743e0c4-5064-11da-988e-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{2ca736ea-66c2-11db-9a65-00173126dee8}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,05,00,00
[MountPoints2\{2ca736ea-66c2-11db-9a65-00173126dee8}\shell]
@="None"
[MountPoints2\{2ca736ea-66c2-11db-9a65-00173126dee8}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{2ca736ea-66c2-11db-9a65-00173126dee8}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{4af30482-2ae8-11db-9a08-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[MountPoints2\{4af30482-2ae8-11db-9a08-00038a000015}\shell]
@="None"
[MountPoints2\{4af30482-2ae8-11db-9a08-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{4af30482-2ae8-11db-9a08-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{4dae1f6c-ba5b-11d9-b732-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{4dae1f6c-ba5b-11d9-b732-00038a000015}\shell]
@="None"
[MountPoints2\{4dae1f6c-ba5b-11d9-b732-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{4dae1f6c-ba5b-11d9-b732-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{4e748e34-c4e7-11db-9b10-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{4e748e34-c4e7-11db-9b10-00038a000015}\shell]
@="None"
[MountPoints2\{4e748e34-c4e7-11db-9b10-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{4e748e34-c4e7-11db-9b10-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,00,\
01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,00,00,00
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell]
@="Auto"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\Auto]
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\Auto\command]
@="G:\AdobeR.exe e"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\AutoRun]
"Extended"=""
@="&Exécution automatique"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\AutoRun\command]
@="C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e"
[MountPoints2\{55d18e90-a7f3-11db-9ad8-00173126dee8}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{55d18e90-a7f3-11db-9ad8-00173126dee8}\shell]
@="None"
[MountPoints2\{55d18e90-a7f3-11db-9ad8-00173126dee8}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{55d18e90-a7f3-11db-9ad8-00173126dee8}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{59b5f262-4402-11db-9a26-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[MountPoints2\{59b5f262-4402-11db-9a26-00038a000015}\shell]
@="None"
[MountPoints2\{59b5f262-4402-11db-9a26-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{59b5f262-4402-11db-9a26-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{5cd16596-a0cb-11db-9ac9-00173126dee8}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,cf,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,01,00,00,00,00,00,00,00
[MountPoints2\{6128aa46-9357-11da-9904-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{6128aa46-9357-11da-9904-00038a000015}\shell]
@="None"
[MountPoints2\{6128aa46-9357-11da-9904-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{6128aa46-9357-11da-9904-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,01,00,00
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell]
@="Auto"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\Auto]
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\Auto\command]
@="G:\AdobeR.exe e"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\AutoRun]
"Extended"=""
@="&Exécution automatique"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\AutoRun\command]
@="C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e"
[MountPoints2\{655b5c40-ff90-11d9-9816-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,01,01,00,5f,\
5f,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,60,00,00,00,0a,00,00,00
[MountPoints2\{655b5c40-ff90-11d9-9816-806d6172696f}\_Autorun]
[MountPoints2\{655b5c40-ff90-11d9-9816-806d6172696f}\_Autorun\DefaultIcon]
@="E:\Booba.ico"
[MountPoints2\{70efa6c8-97fd-11da-990d-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{7c4bb7c4-8f15-11d9-b6e7-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{7c4bb7c4-8f15-11d9-b6e7-00038a000015}\shell]
@="None"
[MountPoints2\{7c4bb7c4-8f15-11d9-b6e7-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{7c4bb7c4-8f15-11d9-b6e7-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{7fc596f6-5307-11db-9a42-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,09,07,00,00
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell]
@="Auto"
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\Auto]
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\Auto\command]
@="G:\AdobeR.exe e"
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\AutoRun]
"Extended"=""
@="&Exécution automatique"
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\AutoRun\command]
@="C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e"
[MountPoints2\{9478a210-6cf6-11db-9a70-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{9478a210-6cf6-11db-9a70-00038a000015}\shell]
@="None"
[MountPoints2\{9478a210-6cf6-11db-9a70-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{9478a210-6cf6-11db-9a70-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{a7e770dc-7ea1-11d9-ac8f-806d6172696f}]
"BaseClass"="Drive"
[MountPoints2\{a7e770dd-7ea1-11d9-ac8f-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,20,00,00,00,08,07,00,00
[MountPoints2\{a7e770de-7ea1-11d9-ac8f-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,01,00,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,60,00,00,00,0a,00,00,00
[MountPoints2\{a7e770df-7ea1-11d9-ac8f-806d6172696f}]
"BaseClass"="Drive"
[MountPoints2\{a7e770e0-7ea1-11d9-ac8f-806d6172696f}]
"BaseClass"="Drive"
[MountPoints2\{b4fd7610-4997-11da-9885-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[MountPoints2\{b4fd7610-4997-11da-9885-00038a000015}\shell]
@="None"
[MountPoints2\{b4fd7610-4997-11da-9885-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{b4fd7610-4997-11da-9885-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{b91e7d30-eaa8-11db-9b4a-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Argh désolé effectivement je n'avais pas fait les bonne manip, voilà ce qui doit être le rapport complet, ouquelque chose m'échappe. Merci
SystemScan - www.suspectfile.com - ver. 3.1.2
Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
Date: 20/06/2007
Time: 01:33:37
Output limited to:
-Recent files
-Registry Run Keys
-Hidden objects
===================== Recent files (30 days old)=====================
----- recent files in C:\
19/06/2007 22:19:40 805306368 byte 1 days old -- pagefile.sys
19/06/2007 23:28:40 (DIR) 0 byte 1 days old -- suspectfile
20/06/2007 01:31:46 (DIR) 0 byte 0 days old -- autorun.inf
----- recent files in C:\WINDOWS\
24/05/2007 03:00:38 (DIR) 0 byte 27 days old -- $NtUninstallKB927891$
13/06/2007 03:00:56 (DIR) 0 byte 7 days old -- $NtUninstallKB935839$
13/06/2007 03:02:08 (DIR) 0 byte 7 days old -- $NtUninstallKB935840$
13/06/2007 03:02:14 (DIR) 0 byte 7 days old -- $NtUninstallKB929123$
19/06/2007 10:28:46 503 byte 1 days old -- sam7_E.INI
19/06/2007 19:37:22 3838 byte 1 days old -- ModemLog_SoftV92 Data Fax Modem #2.txt
19/06/2007 19:57:56 759 byte 1 days old -- win.ini
19/06/2007 22:19:04 50 byte 1 days old -- wiaservc.log
19/06/2007 22:19:04 32416 byte 1 days old -- SchedLgU.Txt
19/06/2007 22:19:44 2048 byte 1 days old -- bootstat.dat
19/06/2007 22:19:50 159 byte 1 days old -- wiadebug.log
19/06/2007 22:19:56 1477 byte 1 days old -- msnfix.txt
20/06/2007 00:20:14 2032853 byte 0 days old -- WindowsUpdate.log
20/06/2007 00:22:56 116 byte 0 days old -- NeroDigital.ini
20/06/2007 01:30:48 3868 byte 0 days old -- 2-wlancfg.log
20/06/2007 01:30:52 11465 byte 0 days old -- 3-wlancfg.log
----- recent files in C:\WINDOWS\Downloaded Program Files\
----- recent files in C:\WINDOWS\system\
----- recent files in C:\WINDOWS\system32\
06/06/2007 08:38:42 15747032 byte 14 days old -- MRT.exe
19/06/2007 22:21:54 13646 byte 1 days old -- wpa.dbl
----- recent files in C:\WINDOWS\system32\drivers\
----- recent files in C:\WINDOWS\temp\
----- recent files in C:\Program Files\
20/06/2007 01:20:48 (DIR) 0 byte 0 days old -- CCleaner
----- recent files in C:\Program Files\Fichiers communs\
===================== REGISTRY SCAN =====================
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe\00xe"
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"FIREBOX"="C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe"
"Acrobat Assistant 7.0"="\"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe\""
"SunJavaUpdateSched"="\"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe\""
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe"
"TkBellExe"="\"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe\" -osboot"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"Adobe Photo Downloader"="\"C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe\""
[Run\OptionalComponents]
[Run\OptionalComponents\IMAIL]
"Installed"="1"
[Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[Run\OptionalComponents\MSFS]
"Installed"="1"
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"MsnMsgr"="\"C:\Program Files\MSN Messenger\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"updateMgr"="\"C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe\" AcPro7_0_8 -reboot 1"
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe"
-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
[Run]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
[run]
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----
[Windows]
"AppInit_DLLs"=""
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----
[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\System32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----
[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"
[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installation de logiciel"
"DllName"=expand:"appmgmts.dll"
[Winlogon\Notify]
[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"
[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"
[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"
[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"
[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=expand:"WgaLogon.dll"
[Winlogon\Notify\WgaLogon\Settings]
[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
[Winlogon\SpecialAccounts]
[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp"
"BuildNumber"=dword:00000a28
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----
[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"
-----HKLM\System\CurrentControlSet\Control\Session Manager\-----
[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"
[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----
[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
[RunOnceEx]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
[RunServicesOnce]
-----HKLM\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----
-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----
-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----
[Browser Helper Objects]
[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
#### HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 @="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
@=""
[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"NoExplorer"=dword:00000001
[Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
#### HKCR\CLSID\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\InprocServer32 @="C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll"
[Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
#### HKCR\CLSID\{AE7CD045-E861-484f-8273-0445EE161910}\InprocServer32 @="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll"
@=""
[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
#### HKCR\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServer32 @="C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll"
-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----
[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"
-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-----
[startupfolder]
[startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Kodak software updater.lnk"
"backup"="C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE "
"item"="Kodak software updater"
[startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk"
"backup"="C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe "
"item"="Lancement rapide d'Adobe Acrobat"
[startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk"
"backup"="C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -hx"
"item"="Logiciel Kodak EasyShare"
[startupfolder\C:^Documents and Settings^Clément^Menu Démarrer^Programmes^Démarrage^Iomega Product Registration.lnk]
"path"="C:\Documents and Settings\Clément\Menu Démarrer\Programmes\Démarrage\Iomega Product Registration.lnk"
"backup"="C:\WINDOWS\pss\Iomega Product Registration.lnkStartup"
"location"="Startup"
"command"="C:\PROGRA~1\Iomega\REGIST~1\Register.exe /remind /language=FR /PRNM=\"Iomega Product\""
"item"="Iomega Product Registration"
-----HKCU\Control Panel\Desktop\-----
[Desktop]
[Desktop\WindowMetrics]
-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----
[command]
@="\"%1\" /S"
-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----
[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"
-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----
[URL]
[URL\DefaultPrefix]
@="http://"
[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"
-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----
[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wdigest\00\00"
"LsaPid"=dword:000002c0
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"
[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"
[Lsa\Audit]
[Lsa\Audit\PerUserAuditing]
[Lsa\Audit\PerUserAuditing\System]
[Lsa\Data]
@Class="80f1ce00"
"Pattern"=hex:d8,63,50,8e,02,d8,b7,d9,ca,73,ca,95,c3,97,e3,69,38,30,66,31,63,\
65,30,30,00,68,07,00,01,00,00,00,d8,00,00,00,dc,00,00,00,48,fa,06,00,d6,48,\
51,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,bc,a4,ea,49
[Lsa\GBG]
@Class="bc7cb879"
"GrafBlumGroup"=hex:d1,c6,06,a8,96,92,cc,65,e6
[Lsa\JD]
@Class="e69149cb"
"Lookup"=hex:1f,3b,9f,c6,74,fe
[Lsa\Kerberos]
[Lsa\Kerberos\Domains]
[Lsa\Kerberos\SidCache]
[Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000
[Lsa\Skew1]
@Class="eaa49eb6"
"SkewMatrix"=hex:8f,1f,8f,a1,75,b0,d1,bd,12,dd,7e,75,a9,68,be,0a
[Lsa\SSO]
[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[Lsa\SspiCache]
"Time"=hex:18,96,38,18,be,12,c5,01
[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,ea,0b,83,fe,85,c4,01
"Type"=dword:00000031
[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,cb,01,89,fe,85,c4,01
"Type"=dword:00000031
[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,cb,01,89,fe,85,c4,01
"Type"=dword:00000031
-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----
[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Pare-feu Windows / Partage de connexion Internet"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"DependOnGroup"=multi:"\00"
"ObjectName"="LocalSystem"
"Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."
[SharedAccess\Epoch]
"Epoch"=dword:00006e47
[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
[SharedAccess\Parameters\FirewallPolicy]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\MSNMSGR.EXE"="C:\Program Files\MSN Messenger\MSNMSGR.EXE:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Valve\Steam\SteamApps\zeklooms\half-life 2\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\zeklooms\half-life 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\AdobeR.exe"="C:\WINDOWS\AdobeR.exe:*:Enabled:AdobeR"
"C:\Program Files\MSN Messenger\MSNMSGR.EXE"="C:\Program Files\MSN Messenger\MSNMSGR.EXE:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002"
"15074:TCP"="15074:TCP:*:Enabled:NortonAV"
"17693:TCP"="17693:TCP:*:Enabled:NortonAV"
"14892:TCP"="14892:TCP:*:Enabled:NortonAV"
"18524:TCP"="18524:TCP:*:Enabled:NortonAV"
"12805:TCP"="12805:TCP:*:Enabled:NortonAV"
"16572:TCP"="16572:TCP:*:Enabled:NortonAV"
"12921:TCP"="12921:TCP:*:Enabled:NortonAV"
"17670:TCP"="17670:TCP:*:Enabled:NortonAV"
"16974:TCP"="16974:TCP:*:Enabled:NortonAV"
"13827:TCP"="13827:TCP:*:Enabled:NortonAV"
"18348:TCP"="18348:TCP:*:Enabled:NortonAV"
"17445:TCP"="17445:TCP:*:Enabled:NortonAV"
"12590:TCP"="12590:TCP:*:Enabled:NortonAV"
"17769:TCP"="17769:TCP:*:Enabled:NortonAV"
"12482:TCP"="12482:TCP:*:Enabled:NortonAV"
"16973:TCP"="16973:TCP:*:Enabled:NortonAV"
"13424:TCP"="13424:TCP:*:Enabled:NortonAV"
"17215:TCP"="17215:TCP:*:Enabled:NortonAV"
"12960:TCP"="12960:TCP:*:Enabled:NortonAV"
"12379:TCP"="12379:TCP:*:Enabled:NortonAV"
"17536:TCP"="17536:TCP:*:Enabled:NortonAV"
"18041:TCP"="18041:TCP:*:Enabled:NortonAV"
"15455:TCP"="15455:TCP:*:Enabled:NortonAV"
"12917:TCP"="12917:TCP:*:Enabled:NortonAV"
[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001
-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----
-----HKLM\Software\Microsoft\Ole-----
[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
[Ole\AppCompat]
[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----
[Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[Security Center\Monitoring]
[Security Center\Monitoring\AhnlabAntiVirus]
[Security Center\Monitoring\ComputerAssociatesAntiVirus]
[Security Center\Monitoring\KasperskyAntiVirus]
[Security Center\Monitoring\McAfeeAntiVirus]
[Security Center\Monitoring\McAfeeFirewall]
[Security Center\Monitoring\PandaAntiVirus]
[Security Center\Monitoring\PandaFirewall]
[Security Center\Monitoring\SophosAntiVirus]
[Security Center\Monitoring\SymantecAntiVirus]
[Security Center\Monitoring\SymantecFirewall]
[Security Center\Monitoring\TinyFirewall]
[Security Center\Monitoring\TrendAntiVirus]
[Security Center\Monitoring\TrendFirewall]
[Security Center\Monitoring\ZoneLabsFirewall]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----
[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{F7A4AEFD-3B25-4236-8A77-98967DF103FC}"
[SystemRestore\SnapshotCallbacks]
@=""
-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----
[VB and VBA Program Settings]
[VB and VBA Program Settings\CCleaner]
[VB and VBA Program Settings\CCleaner\Options]
-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----
[MountPoints2]
[MountPoints2\A]
"BaseClass"="Drive"
[MountPoints2\C]
"BaseClass"="Drive"
[MountPoints2\D]
"BaseClass"="Drive"
[MountPoints2\E]
"BaseClass"="Drive"
[MountPoints2\F]
"BaseClass"="Drive"
[MountPoints2\G]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,01,01,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,00,00,00
[MountPoints2\{02545520-7eb2-11d9-b6ce-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,03,00,00
[MountPoints2\{0620273c-9be5-11da-9913-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,04,00,00
[MountPoints2\{0620273c-9be5-11da-9913-00038a000015}\shell]
@="None"
[MountPoints2\{0620273c-9be5-11da-9913-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{0620273c-9be5-11da-9913-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{0a586a2c-ea94-11db-9b49-00173126dee8}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,07,00,00
[MountPoints2\{0a586a2c-ea94-11db-9b49-00173126dee8}\shell]
@="None"
[MountPoints2\{0a586a2c-ea94-11db-9b49-00173126dee8}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{0a586a2c-ea94-11db-9b49-00173126dee8}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{0f1664da-efbc-11d9-b794-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{0f1664da-efbc-11d9-b794-00038a000015}\shell]
@="None"
[MountPoints2\{0f1664da-efbc-11d9-b794-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{0f1664da-efbc-11d9-b794-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{179c9926-853b-11d9-b6d8-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{179c9926-853b-11d9-b6d8-00038a000015}\shell]
@="None"
[MountPoints2\{179c9926-853b-11d9-b6d8-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{179c9926-853b-11d9-b6d8-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{1e966b90-68d8-11da-98ba-000fb5cc093d}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{1e966b90-68d8-11da-98ba-000fb5cc093d}\shell]
@="None"
[MountPoints2\{1e966b90-68d8-11da-98ba-000fb5cc093d}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{1e966b90-68d8-11da-98ba-000fb5cc093d}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{2743e0c4-5064-11da-988e-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{2743e0c4-5064-11da-988e-00038a000015}\shell]
@="None"
[MountPoints2\{2743e0c4-5064-11da-988e-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{2743e0c4-5064-11da-988e-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{2ca736ea-66c2-11db-9a65-00173126dee8}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,05,00,00
[MountPoints2\{2ca736ea-66c2-11db-9a65-00173126dee8}\shell]
@="None"
[MountPoints2\{2ca736ea-66c2-11db-9a65-00173126dee8}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{2ca736ea-66c2-11db-9a65-00173126dee8}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{4af30482-2ae8-11db-9a08-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[MountPoints2\{4af30482-2ae8-11db-9a08-00038a000015}\shell]
@="None"
[MountPoints2\{4af30482-2ae8-11db-9a08-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{4af30482-2ae8-11db-9a08-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{4dae1f6c-ba5b-11d9-b732-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{4dae1f6c-ba5b-11d9-b732-00038a000015}\shell]
@="None"
[MountPoints2\{4dae1f6c-ba5b-11d9-b732-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{4dae1f6c-ba5b-11d9-b732-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{4e748e34-c4e7-11db-9b10-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{4e748e34-c4e7-11db-9b10-00038a000015}\shell]
@="None"
[MountPoints2\{4e748e34-c4e7-11db-9b10-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{4e748e34-c4e7-11db-9b10-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,00,\
01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,00,00,00
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell]
@="Auto"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\Auto]
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\Auto\command]
@="G:\AdobeR.exe e"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\AutoRun]
"Extended"=""
@="&Exécution automatique"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\AutoRun\command]
@="C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e"
[MountPoints2\{55d18e90-a7f3-11db-9ad8-00173126dee8}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{55d18e90-a7f3-11db-9ad8-00173126dee8}\shell]
@="None"
[MountPoints2\{55d18e90-a7f3-11db-9ad8-00173126dee8}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{55d18e90-a7f3-11db-9ad8-00173126dee8}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{59b5f262-4402-11db-9a26-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[MountPoints2\{59b5f262-4402-11db-9a26-00038a000015}\shell]
@="None"
[MountPoints2\{59b5f262-4402-11db-9a26-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{59b5f262-4402-11db-9a26-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{5cd16596-a0cb-11db-9ac9-00173126dee8}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,cf,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,01,00,00,00,00,00,00,00
[MountPoints2\{6128aa46-9357-11da-9904-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{6128aa46-9357-11da-9904-00038a000015}\shell]
@="None"
[MountPoints2\{6128aa46-9357-11da-9904-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{6128aa46-9357-11da-9904-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,01,00,00
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell]
@="Auto"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\Auto]
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\Auto\command]
@="G:\AdobeR.exe e"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\AutoRun]
"Extended"=""
@="&Exécution automatique"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\AutoRun\command]
@="C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e"
[MountPoints2\{655b5c40-ff90-11d9-9816-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,01,01,00,5f,\
5f,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,60,00,00,00,0a,00,00,00
[MountPoints2\{655b5c40-ff90-11d9-9816-806d6172696f}\_Autorun]
[MountPoints2\{655b5c40-ff90-11d9-9816-806d6172696f}\_Autorun\DefaultIcon]
@="E:\Booba.ico"
[MountPoints2\{70efa6c8-97fd-11da-990d-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{7c4bb7c4-8f15-11d9-b6e7-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{7c4bb7c4-8f15-11d9-b6e7-00038a000015}\shell]
@="None"
[MountPoints2\{7c4bb7c4-8f15-11d9-b6e7-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{7c4bb7c4-8f15-11d9-b6e7-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{7fc596f6-5307-11db-9a42-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,09,07,00,00
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell]
@="Auto"
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\Auto]
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\Auto\command]
@="G:\AdobeR.exe e"
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\AutoRun]
"Extended"=""
@="&Exécution automatique"
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\AutoRun\command]
@="C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e"
[MountPoints2\{9478a210-6cf6-11db-9a70-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{9478a210-6cf6-11db-9a70-00038a000015}\shell]
@="None"
[MountPoints2\{9478a210-6cf6-11db-9a70-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{9478a210-6cf6-11db-9a70-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{a7e770dc-7ea1-11d9-ac8f-806d6172696f}]
"BaseClass"="Drive"
[MountPoints2\{a7e770dd-7ea1-11d9-ac8f-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,20,00,00,00,08,07,00,00
[MountPoints2\{a7e770de-7ea1-11d9-ac8f-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,01,00,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,60,00,00,00,0a,00,00,00
[MountPoints2\{a7e770df-7ea1-11d9-ac8f-806d6172696f}]
"BaseClass"="Drive"
[MountPoints2\{a7e770e0-7ea1-11d9-ac8f-806d6172696f}]
"BaseClass"="Drive"
[MountPoints2\{b4fd7610-4997-11da-9885-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[MountPoints2\{b4fd7610-4997-11da-9885-00038a000015}\shell]
@="None"
[MountPoints2\{b4fd7610-4997-11da-9885-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{b4fd7610-4997-11da-9885-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{b91e7d30-eaa8-11db-9b4a-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,03,00,00
[MountPoints2\{b91e7d30-eaa8-11db-9b4a-00038a000015}\shell]
@="None"
[MountPoints2\{b91e7d30-eaa8-11db-9b4a-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{b91e7d30-eaa8-11db-9b4a-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{d60b2766-7edb-11da-98e1-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{d60b2766-7edb-11da-98e1-00038a000015}\shell]
@="None"
[MountPoints2\{d60b2766-7edb-11da-98e1-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{d60b2766-7edb-11da-98e1-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{d62c4f02-aefc-11db-9ae3-00173126dee8}]
"BaseClass"="Drive"
"_CommentFromDesktopINI"=""
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5
SystemScan - www.suspectfile.com - ver. 3.1.2
Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
Date: 20/06/2007
Time: 01:33:37
Output limited to:
-Recent files
-Registry Run Keys
-Hidden objects
===================== Recent files (30 days old)=====================
----- recent files in C:\
19/06/2007 22:19:40 805306368 byte 1 days old -- pagefile.sys
19/06/2007 23:28:40 (DIR) 0 byte 1 days old -- suspectfile
20/06/2007 01:31:46 (DIR) 0 byte 0 days old -- autorun.inf
----- recent files in C:\WINDOWS\
24/05/2007 03:00:38 (DIR) 0 byte 27 days old -- $NtUninstallKB927891$
13/06/2007 03:00:56 (DIR) 0 byte 7 days old -- $NtUninstallKB935839$
13/06/2007 03:02:08 (DIR) 0 byte 7 days old -- $NtUninstallKB935840$
13/06/2007 03:02:14 (DIR) 0 byte 7 days old -- $NtUninstallKB929123$
19/06/2007 10:28:46 503 byte 1 days old -- sam7_E.INI
19/06/2007 19:37:22 3838 byte 1 days old -- ModemLog_SoftV92 Data Fax Modem #2.txt
19/06/2007 19:57:56 759 byte 1 days old -- win.ini
19/06/2007 22:19:04 50 byte 1 days old -- wiaservc.log
19/06/2007 22:19:04 32416 byte 1 days old -- SchedLgU.Txt
19/06/2007 22:19:44 2048 byte 1 days old -- bootstat.dat
19/06/2007 22:19:50 159 byte 1 days old -- wiadebug.log
19/06/2007 22:19:56 1477 byte 1 days old -- msnfix.txt
20/06/2007 00:20:14 2032853 byte 0 days old -- WindowsUpdate.log
20/06/2007 00:22:56 116 byte 0 days old -- NeroDigital.ini
20/06/2007 01:30:48 3868 byte 0 days old -- 2-wlancfg.log
20/06/2007 01:30:52 11465 byte 0 days old -- 3-wlancfg.log
----- recent files in C:\WINDOWS\Downloaded Program Files\
----- recent files in C:\WINDOWS\system\
----- recent files in C:\WINDOWS\system32\
06/06/2007 08:38:42 15747032 byte 14 days old -- MRT.exe
19/06/2007 22:21:54 13646 byte 1 days old -- wpa.dbl
----- recent files in C:\WINDOWS\system32\drivers\
----- recent files in C:\WINDOWS\temp\
----- recent files in C:\Program Files\
20/06/2007 01:20:48 (DIR) 0 byte 0 days old -- CCleaner
----- recent files in C:\Program Files\Fichiers communs\
===================== REGISTRY SCAN =====================
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe\00xe"
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"FIREBOX"="C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe"
"Acrobat Assistant 7.0"="\"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe\""
"SunJavaUpdateSched"="\"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe\""
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe"
"TkBellExe"="\"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe\" -osboot"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"Adobe Photo Downloader"="\"C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe\""
[Run\OptionalComponents]
[Run\OptionalComponents\IMAIL]
"Installed"="1"
[Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[Run\OptionalComponents\MSFS]
"Installed"="1"
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"MsnMsgr"="\"C:\Program Files\MSN Messenger\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"updateMgr"="\"C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe\" AcPro7_0_8 -reboot 1"
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe"
-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
[Run]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
[run]
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----
[Windows]
"AppInit_DLLs"=""
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----
[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\System32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----
[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"
[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installation de logiciel"
"DllName"=expand:"appmgmts.dll"
[Winlogon\Notify]
[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"
[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"
[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"
[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"
[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=expand:"WgaLogon.dll"
[Winlogon\Notify\WgaLogon\Settings]
[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
[Winlogon\SpecialAccounts]
[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp"
"BuildNumber"=dword:00000a28
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----
[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"
-----HKLM\System\CurrentControlSet\Control\Session Manager\-----
[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"
[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----
[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
[RunOnceEx]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
[RunServicesOnce]
-----HKLM\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----
-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----
-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----
[Browser Helper Objects]
[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
#### HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 @="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
@=""
[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"NoExplorer"=dword:00000001
[Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
#### HKCR\CLSID\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\InprocServer32 @="C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll"
[Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
#### HKCR\CLSID\{AE7CD045-E861-484f-8273-0445EE161910}\InprocServer32 @="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll"
@=""
[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
#### HKCR\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServer32 @="C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll"
-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----
[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"
-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-----
[startupfolder]
[startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Kodak software updater.lnk"
"backup"="C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE "
"item"="Kodak software updater"
[startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk"
"backup"="C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe "
"item"="Lancement rapide d'Adobe Acrobat"
[startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk"
"backup"="C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -hx"
"item"="Logiciel Kodak EasyShare"
[startupfolder\C:^Documents and Settings^Clément^Menu Démarrer^Programmes^Démarrage^Iomega Product Registration.lnk]
"path"="C:\Documents and Settings\Clément\Menu Démarrer\Programmes\Démarrage\Iomega Product Registration.lnk"
"backup"="C:\WINDOWS\pss\Iomega Product Registration.lnkStartup"
"location"="Startup"
"command"="C:\PROGRA~1\Iomega\REGIST~1\Register.exe /remind /language=FR /PRNM=\"Iomega Product\""
"item"="Iomega Product Registration"
-----HKCU\Control Panel\Desktop\-----
[Desktop]
[Desktop\WindowMetrics]
-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----
[command]
@="\"%1\" /S"
-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----
[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"
-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----
[URL]
[URL\DefaultPrefix]
@="http://"
[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"
-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----
[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wdigest\00\00"
"LsaPid"=dword:000002c0
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"
[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"
[Lsa\Audit]
[Lsa\Audit\PerUserAuditing]
[Lsa\Audit\PerUserAuditing\System]
[Lsa\Data]
@Class="80f1ce00"
"Pattern"=hex:d8,63,50,8e,02,d8,b7,d9,ca,73,ca,95,c3,97,e3,69,38,30,66,31,63,\
65,30,30,00,68,07,00,01,00,00,00,d8,00,00,00,dc,00,00,00,48,fa,06,00,d6,48,\
51,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,bc,a4,ea,49
[Lsa\GBG]
@Class="bc7cb879"
"GrafBlumGroup"=hex:d1,c6,06,a8,96,92,cc,65,e6
[Lsa\JD]
@Class="e69149cb"
"Lookup"=hex:1f,3b,9f,c6,74,fe
[Lsa\Kerberos]
[Lsa\Kerberos\Domains]
[Lsa\Kerberos\SidCache]
[Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000
[Lsa\Skew1]
@Class="eaa49eb6"
"SkewMatrix"=hex:8f,1f,8f,a1,75,b0,d1,bd,12,dd,7e,75,a9,68,be,0a
[Lsa\SSO]
[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[Lsa\SspiCache]
"Time"=hex:18,96,38,18,be,12,c5,01
[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,ea,0b,83,fe,85,c4,01
"Type"=dword:00000031
[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,cb,01,89,fe,85,c4,01
"Type"=dword:00000031
[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,cb,01,89,fe,85,c4,01
"Type"=dword:00000031
-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----
[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Pare-feu Windows / Partage de connexion Internet"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"DependOnGroup"=multi:"\00"
"ObjectName"="LocalSystem"
"Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."
[SharedAccess\Epoch]
"Epoch"=dword:00006e47
[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
[SharedAccess\Parameters\FirewallPolicy]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\MSNMSGR.EXE"="C:\Program Files\MSN Messenger\MSNMSGR.EXE:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Valve\Steam\SteamApps\zeklooms\half-life 2\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\zeklooms\half-life 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\AdobeR.exe"="C:\WINDOWS\AdobeR.exe:*:Enabled:AdobeR"
"C:\Program Files\MSN Messenger\MSNMSGR.EXE"="C:\Program Files\MSN Messenger\MSNMSGR.EXE:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002"
"15074:TCP"="15074:TCP:*:Enabled:NortonAV"
"17693:TCP"="17693:TCP:*:Enabled:NortonAV"
"14892:TCP"="14892:TCP:*:Enabled:NortonAV"
"18524:TCP"="18524:TCP:*:Enabled:NortonAV"
"12805:TCP"="12805:TCP:*:Enabled:NortonAV"
"16572:TCP"="16572:TCP:*:Enabled:NortonAV"
"12921:TCP"="12921:TCP:*:Enabled:NortonAV"
"17670:TCP"="17670:TCP:*:Enabled:NortonAV"
"16974:TCP"="16974:TCP:*:Enabled:NortonAV"
"13827:TCP"="13827:TCP:*:Enabled:NortonAV"
"18348:TCP"="18348:TCP:*:Enabled:NortonAV"
"17445:TCP"="17445:TCP:*:Enabled:NortonAV"
"12590:TCP"="12590:TCP:*:Enabled:NortonAV"
"17769:TCP"="17769:TCP:*:Enabled:NortonAV"
"12482:TCP"="12482:TCP:*:Enabled:NortonAV"
"16973:TCP"="16973:TCP:*:Enabled:NortonAV"
"13424:TCP"="13424:TCP:*:Enabled:NortonAV"
"17215:TCP"="17215:TCP:*:Enabled:NortonAV"
"12960:TCP"="12960:TCP:*:Enabled:NortonAV"
"12379:TCP"="12379:TCP:*:Enabled:NortonAV"
"17536:TCP"="17536:TCP:*:Enabled:NortonAV"
"18041:TCP"="18041:TCP:*:Enabled:NortonAV"
"15455:TCP"="15455:TCP:*:Enabled:NortonAV"
"12917:TCP"="12917:TCP:*:Enabled:NortonAV"
[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001
-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----
-----HKLM\Software\Microsoft\Ole-----
[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
[Ole\AppCompat]
[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----
[Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[Security Center\Monitoring]
[Security Center\Monitoring\AhnlabAntiVirus]
[Security Center\Monitoring\ComputerAssociatesAntiVirus]
[Security Center\Monitoring\KasperskyAntiVirus]
[Security Center\Monitoring\McAfeeAntiVirus]
[Security Center\Monitoring\McAfeeFirewall]
[Security Center\Monitoring\PandaAntiVirus]
[Security Center\Monitoring\PandaFirewall]
[Security Center\Monitoring\SophosAntiVirus]
[Security Center\Monitoring\SymantecAntiVirus]
[Security Center\Monitoring\SymantecFirewall]
[Security Center\Monitoring\TinyFirewall]
[Security Center\Monitoring\TrendAntiVirus]
[Security Center\Monitoring\TrendFirewall]
[Security Center\Monitoring\ZoneLabsFirewall]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----
[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{F7A4AEFD-3B25-4236-8A77-98967DF103FC}"
[SystemRestore\SnapshotCallbacks]
@=""
-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----
[VB and VBA Program Settings]
[VB and VBA Program Settings\CCleaner]
[VB and VBA Program Settings\CCleaner\Options]
-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----
[MountPoints2]
[MountPoints2\A]
"BaseClass"="Drive"
[MountPoints2\C]
"BaseClass"="Drive"
[MountPoints2\D]
"BaseClass"="Drive"
[MountPoints2\E]
"BaseClass"="Drive"
[MountPoints2\F]
"BaseClass"="Drive"
[MountPoints2\G]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,01,01,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,00,00,00
[MountPoints2\{02545520-7eb2-11d9-b6ce-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,03,00,00
[MountPoints2\{0620273c-9be5-11da-9913-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,04,00,00
[MountPoints2\{0620273c-9be5-11da-9913-00038a000015}\shell]
@="None"
[MountPoints2\{0620273c-9be5-11da-9913-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{0620273c-9be5-11da-9913-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{0a586a2c-ea94-11db-9b49-00173126dee8}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,07,00,00
[MountPoints2\{0a586a2c-ea94-11db-9b49-00173126dee8}\shell]
@="None"
[MountPoints2\{0a586a2c-ea94-11db-9b49-00173126dee8}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{0a586a2c-ea94-11db-9b49-00173126dee8}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{0f1664da-efbc-11d9-b794-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{0f1664da-efbc-11d9-b794-00038a000015}\shell]
@="None"
[MountPoints2\{0f1664da-efbc-11d9-b794-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{0f1664da-efbc-11d9-b794-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{179c9926-853b-11d9-b6d8-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{179c9926-853b-11d9-b6d8-00038a000015}\shell]
@="None"
[MountPoints2\{179c9926-853b-11d9-b6d8-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{179c9926-853b-11d9-b6d8-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{1e966b90-68d8-11da-98ba-000fb5cc093d}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{1e966b90-68d8-11da-98ba-000fb5cc093d}\shell]
@="None"
[MountPoints2\{1e966b90-68d8-11da-98ba-000fb5cc093d}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{1e966b90-68d8-11da-98ba-000fb5cc093d}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{2743e0c4-5064-11da-988e-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{2743e0c4-5064-11da-988e-00038a000015}\shell]
@="None"
[MountPoints2\{2743e0c4-5064-11da-988e-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{2743e0c4-5064-11da-988e-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{2ca736ea-66c2-11db-9a65-00173126dee8}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,05,00,00
[MountPoints2\{2ca736ea-66c2-11db-9a65-00173126dee8}\shell]
@="None"
[MountPoints2\{2ca736ea-66c2-11db-9a65-00173126dee8}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{2ca736ea-66c2-11db-9a65-00173126dee8}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{4af30482-2ae8-11db-9a08-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[MountPoints2\{4af30482-2ae8-11db-9a08-00038a000015}\shell]
@="None"
[MountPoints2\{4af30482-2ae8-11db-9a08-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{4af30482-2ae8-11db-9a08-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{4dae1f6c-ba5b-11d9-b732-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{4dae1f6c-ba5b-11d9-b732-00038a000015}\shell]
@="None"
[MountPoints2\{4dae1f6c-ba5b-11d9-b732-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{4dae1f6c-ba5b-11d9-b732-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{4e748e34-c4e7-11db-9b10-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{4e748e34-c4e7-11db-9b10-00038a000015}\shell]
@="None"
[MountPoints2\{4e748e34-c4e7-11db-9b10-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{4e748e34-c4e7-11db-9b10-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,00,\
01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,00,00,00
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell]
@="Auto"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\Auto]
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\Auto\command]
@="G:\AdobeR.exe e"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\AutoRun]
"Extended"=""
@="&Exécution automatique"
[MountPoints2\{4e748e35-c4e7-11db-9b10-00038a000015}\Shell\AutoRun\command]
@="C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e"
[MountPoints2\{55d18e90-a7f3-11db-9ad8-00173126dee8}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{55d18e90-a7f3-11db-9ad8-00173126dee8}\shell]
@="None"
[MountPoints2\{55d18e90-a7f3-11db-9ad8-00173126dee8}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{55d18e90-a7f3-11db-9ad8-00173126dee8}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{59b5f262-4402-11db-9a26-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[MountPoints2\{59b5f262-4402-11db-9a26-00038a000015}\shell]
@="None"
[MountPoints2\{59b5f262-4402-11db-9a26-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{59b5f262-4402-11db-9a26-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{5cd16596-a0cb-11db-9ac9-00173126dee8}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,cf,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,01,00,00,00,00,00,00,00
[MountPoints2\{6128aa46-9357-11da-9904-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{6128aa46-9357-11da-9904-00038a000015}\shell]
@="None"
[MountPoints2\{6128aa46-9357-11da-9904-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{6128aa46-9357-11da-9904-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,01,00,00
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell]
@="Auto"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\Auto]
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\Auto\command]
@="G:\AdobeR.exe e"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\AutoRun]
"Extended"=""
@="&Exécution automatique"
[MountPoints2\{62b72932-19ca-11dc-9b91-00173126dee8}\Shell\AutoRun\command]
@="C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e"
[MountPoints2\{655b5c40-ff90-11d9-9816-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,01,01,00,5f,\
5f,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,60,00,00,00,0a,00,00,00
[MountPoints2\{655b5c40-ff90-11d9-9816-806d6172696f}\_Autorun]
[MountPoints2\{655b5c40-ff90-11d9-9816-806d6172696f}\_Autorun\DefaultIcon]
@="E:\Booba.ico"
[MountPoints2\{70efa6c8-97fd-11da-990d-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{7c4bb7c4-8f15-11d9-b6e7-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{7c4bb7c4-8f15-11d9-b6e7-00038a000015}\shell]
@="None"
[MountPoints2\{7c4bb7c4-8f15-11d9-b6e7-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{7c4bb7c4-8f15-11d9-b6e7-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{7fc596f6-5307-11db-9a42-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,09,07,00,00
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell]
@="Auto"
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\Auto]
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\Auto\command]
@="G:\AdobeR.exe e"
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\AutoRun]
"Extended"=""
@="&Exécution automatique"
[MountPoints2\{88ea74e2-dc54-11da-999e-00038a000015}\Shell\AutoRun\command]
@="C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e"
[MountPoints2\{9478a210-6cf6-11db-9a70-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{9478a210-6cf6-11db-9a70-00038a000015}\shell]
@="None"
[MountPoints2\{9478a210-6cf6-11db-9a70-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{9478a210-6cf6-11db-9a70-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{a7e770dc-7ea1-11d9-ac8f-806d6172696f}]
"BaseClass"="Drive"
[MountPoints2\{a7e770dd-7ea1-11d9-ac8f-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,20,00,00,00,08,07,00,00
[MountPoints2\{a7e770de-7ea1-11d9-ac8f-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,01,00,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,60,00,00,00,0a,00,00,00
[MountPoints2\{a7e770df-7ea1-11d9-ac8f-806d6172696f}]
"BaseClass"="Drive"
[MountPoints2\{a7e770e0-7ea1-11d9-ac8f-806d6172696f}]
"BaseClass"="Drive"
[MountPoints2\{b4fd7610-4997-11da-9885-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[MountPoints2\{b4fd7610-4997-11da-9885-00038a000015}\shell]
@="None"
[MountPoints2\{b4fd7610-4997-11da-9885-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{b4fd7610-4997-11da-9885-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{b91e7d30-eaa8-11db-9b4a-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,03,00,00
[MountPoints2\{b91e7d30-eaa8-11db-9b4a-00038a000015}\shell]
@="None"
[MountPoints2\{b91e7d30-eaa8-11db-9b4a-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{b91e7d30-eaa8-11db-9b4a-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{d60b2766-7edb-11da-98e1-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{d60b2766-7edb-11da-98e1-00038a000015}\shell]
@="None"
[MountPoints2\{d60b2766-7edb-11da-98e1-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{d60b2766-7edb-11da-98e1-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{d62c4f02-aefc-11db-9ae3-00173126dee8}]
"BaseClass"="Drive"
"_CommentFromDesktopINI"=""
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5
As-tu utilisé l'utilitaire que je t'ai demandé d'exécuter sur ton PC ? !
Compare le rapport et le message que tu viens de mettre sur le forum, le message étant trop long on a pas la fin
f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{d62c4f02-aefc-11db-9ae3-00173126dee8}\shell]
@="None"
[MountPoints2\{d62c4f02-aefc-11db-9ae3-00173126dee8}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{d62c4f02-aefc-11db-9ae3-00173126dee8}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{dda51a3e-2a09-11db-9a06-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{dda51a3e-2a09-11db-9a06-00038a000015}\shell]
@="None"
[MountPoints2\{dda51a3e-2a09-11db-9a06-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{dda51a3e-2a09-11db-9a06-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{fa009a64-d090-11da-997c-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,01,00,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{fa009a64-d090-11da-997c-00038a000015}\shell]
@="None"
[MountPoints2\{fa009a64-d090-11da-997c-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{fa009a64-d090-11da-997c-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{fb8221c4-0dcf-11db-99ee-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,02,00,00
[MountPoints2\{fb8221c4-0dcf-11db-99ee-00038a000015}\Shell]
@="Auto"
[MountPoints2\{fb8221c4-0dcf-11db-99ee-00038a000015}\Shell\Auto]
[MountPoints2\{fb8221c4-0dcf-11db-99ee-00038a000015}\Shell\Auto\command]
@="G:\AdobeR.exe e"
[MountPoints2\{fb8221c4-0dcf-11db-99ee-00038a000015}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{fb8221c4-0dcf-11db-99ee-00038a000015}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{fb8221c4-0dcf-11db-99ee-00038a000015}\Shell\AutoRun]
"Extended"=""
@="&Exécution automatique"
[MountPoints2\{fb8221c4-0dcf-11db-99ee-00038a000015}\Shell\AutoRun\command]
@="C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e"
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
[AdvancedOptions]
[AdvancedOptions\INTERNATIONAL]
"Text"="International*"
[AdvancedOptions\INTERNATIONAL\IDN]
"Text"="Send IDN server names"
[AdvancedOptions\INTERNATIONAL\IDN_INFOBAR]
"Text"="Show Information bar for encoded addresses"
[AdvancedOptions\INTERNATIONAL\IDN_INTRANET]
"Text"="Send IDN server names for Intranet addresses"
[AdvancedOptions\INTERNATIONAL\IDN_SHOWPUNY]
"Text"="Always show encoded addresses"
[AdvancedOptions\INTERNATIONAL\UTF8_MAILTO]
"Text"="Use UTF-8 for mailto links"
[AdvancedOptions\INTERNATIONAL\UTF8_URL]
"Text"="Send UTF-8 URLs"
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
-----HKLM\Software\Microsoft\Active Setup\Installed Components-----
[Installed Components]
[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"
[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Lecteur Windows Media"
"ComponentID"="WMPACCESS"
[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Personnalisation du navigateur"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"
[Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}]
#### HKCR\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\InprocServer32 @="C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll"
"@="Viewpoint Media Player"
"ComponentID"="Viewpoint"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\system32\msjava.dll"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
"@="Internet Explorer Classes for Java"
"ComponentID"="IEJAVA"
[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendu VML (Vector Graphics Rendering)"
"ComponentID"="MSVML"
[Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
#### HKCR\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}\InprocServer32 @="C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll"
"@="Viewpoint Media Player"
"ComponentID"="Viewpoint"
[Installed Components\{1C818E03-F86D-87A1-9A7A-67CAF2C4E365}]
"ComponentID"="NetShow"
[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""
[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"
[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
"@="DirectAnimation"
"ComponentID"="DirectAnimation"
[Installed Components\{2AF080BA-A327-44A5-8F11-522A6B8E9D2E}]
"@="Viewpoint Media Player"
"ComponentID"="Viewpoint"
[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"
[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Liaison de données Dynamic HTML pour Java"
"ComponentID"="TridataJava"
[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"
[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"
[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Création avancée"
"ComponentID"="AdvAuth"
[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"
[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"
[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classes Java DirectAnimation"
"ComponentID"="DAJava"
[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"
[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"
[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\System32\msieftp.dll"
[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"
[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"
[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Carnet d'adresses 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Mise à jour du Bureau Windows"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"
[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"
[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Planificateur de tâches"
"ComponentID"="MSTASK"
[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Shockwave Flash"
"ComponentID"="Flash"
[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"
[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"
-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services
Result compared: Identical
-----Comparing registry keys CCS1 vs CCS3 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {1B22C23C-B441-463B-A136-63F7E5F8026B} REG_BINARY 5100000000000000120000000000000020B9794601FFFF706172616469732D6E78387339757900000600000000000000040000000000000020B97946C0A801010300000000000000040000000000000020B97946C0A801010100000000000000040000000000000020B97946FFFFFF003B00000000000000040000000000000020B97946000127503A00000000000000040000000000000020B979460000A8C03300000000000000040000000000000020B97946000151803600000000000000040000000000000020B97946C0A801013500000000000000010000000000000020B9794605000000
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {1B22C23C-B441-463B-A136-63F7E5F8026B} REG_BINARY 51000000000000001200000000000000E08B794601FFFF706172616469732D6E783873397579000006000000000000000400000000000000E08B7946C0A8010103000000000000000400000000000000E08B7946C0A8010101000000000000000400000000000000E08B7946FFFFFF003B000000000000000400000000000000E08B7946000127503A000000000000000400000000000000E08B79460000A8C033000000000000000400000000000000E08B79460001518036000000000000000400000000000000E08B7946C0A8010135000000000000000100000000000000E08B794605000000
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\HTTP\Parameters\Synchronize
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\pwalker
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 28231 (0x6E47)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 28219 (0x6E3B)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List 12917:TCP REG_SZ 12917:TCP:*:Enabled:NortonAV
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters DhcpNameServer REG_SZ 192.168.1.1
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} LeaseObtainedTime REG_DWORD 1182295968 (0x467867A0)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} LeaseObtainedTime REG_DWORD 1182284384 (0x46783A60)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} T1 REG_DWORD 1182339168 (0x46791060)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} T1 REG_DWORD 1182327584 (0x4678E320)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} T2 REG_DWORD 1182371568 (0x46798EF0)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} T2 REG_DWORD 1182359984 (0x467961B0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} LeaseTerminatesTime REG_DWORD 1182382368 (0x4679B920)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} LeaseTerminatesTime REG_DWORD 1182370784 (0x46798BE0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} DhcpRetryTime REG_DWORD 43198 (0xA8BE)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} DhcpRetryStatus REG_DWORD 0 (0x0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} DhcpNameServer REG_SZ 192.168.1.1
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} DhcpDefaultGateway REG_MULTI_SZ 192.168.1.1\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} DhcpSubnetMaskOpt REG_MULTI_SZ 255.255.255.0\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1B22C23C-B441-463B-A136-63F7E5F8026B}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1182295968 (0x467867A0)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{1B22C23C-B441-463B-A136-63F7E5F8026B}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1182284384 (0x46783A60)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1B22C23C-B441-463B-A136-63F7E5F8026B}\Parameters\Tcpip T1 REG_DWORD 1182339168 (0x46791060)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{1B22C23C-B441-463B-A136-63F7E5F8026B}\Parameters\Tcpip T1 REG_DWORD 1182327584 (0x4678E320)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1B22C23C-B441-463B-A136-63F7E5F8026B}\Parameters\Tcpip T2 REG_DWORD 1182371568 (0x46798EF0)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{1B22C23C-B441-463B-A136-63F7E5F8026B}\Parameters\Tcpip T2 REG_DWORD 1182359984 (0x467961B0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1B22C23C-B441-463B-A136-63F7E5F8026B}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1182382368 (0x4679B920)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{1B22C23C-B441-463B-A136-63F7E5F8026B}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1182370784 (0x46798BE0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1B22C23C-B441-463B-A136-63F7E5F8026B}\Parameters\Tcpip DhcpDefaultGateway REG_MULTI_SZ 192.168.1.1\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1B22C23C-B441-463B-A136-63F7E5F8026B}\Parameters\Tcpip DhcpSubnetMaskOpt REG_MULTI_SZ 255.255.255.0\0\0
Result compared: Different
===================== Hidden Objects =====================
SCAN ABORTED: an unknown error has occurred. Please check Rootkit presence with another tool
===================== Checking Rustock rootkit =====================
==========================================
Scan completed in 2,2 minutes
End of report
ff,ff,00,00,10,00,00,08,02,00,00
[MountPoints2\{d62c4f02-aefc-11db-9ae3-00173126dee8}\shell]
@="None"
[MountPoints2\{d62c4f02-aefc-11db-9ae3-00173126dee8}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{d62c4f02-aefc-11db-9ae3-00173126dee8}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{dda51a3e-2a09-11db-9a06-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{dda51a3e-2a09-11db-9a06-00038a000015}\shell]
@="None"
[MountPoints2\{dda51a3e-2a09-11db-9a06-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{dda51a3e-2a09-11db-9a06-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{fa009a64-d090-11da-997c-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,01,00,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,01,00,00,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00
[MountPoints2\{fa009a64-d090-11da-997c-00038a000015}\shell]
@="None"
[MountPoints2\{fa009a64-d090-11da-997c-00038a000015}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{fa009a64-d090-11da-997c-00038a000015}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{fb8221c4-0dcf-11db-99ee-00038a000015}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,02,00,00
[MountPoints2\{fb8221c4-0dcf-11db-99ee-00038a000015}\Shell]
@="Auto"
[MountPoints2\{fb8221c4-0dcf-11db-99ee-00038a000015}\Shell\Auto]
[MountPoints2\{fb8221c4-0dcf-11db-99ee-00038a000015}\Shell\Auto\command]
@="G:\AdobeR.exe e"
[MountPoints2\{fb8221c4-0dcf-11db-99ee-00038a000015}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{fb8221c4-0dcf-11db-99ee-00038a000015}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{fb8221c4-0dcf-11db-99ee-00038a000015}\Shell\AutoRun]
"Extended"=""
@="&Exécution automatique"
[MountPoints2\{fb8221c4-0dcf-11db-99ee-00038a000015}\Shell\AutoRun\command]
@="C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e"
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
[AdvancedOptions]
[AdvancedOptions\INTERNATIONAL]
"Text"="International*"
[AdvancedOptions\INTERNATIONAL\IDN]
"Text"="Send IDN server names"
[AdvancedOptions\INTERNATIONAL\IDN_INFOBAR]
"Text"="Show Information bar for encoded addresses"
[AdvancedOptions\INTERNATIONAL\IDN_INTRANET]
"Text"="Send IDN server names for Intranet addresses"
[AdvancedOptions\INTERNATIONAL\IDN_SHOWPUNY]
"Text"="Always show encoded addresses"
[AdvancedOptions\INTERNATIONAL\UTF8_MAILTO]
"Text"="Use UTF-8 for mailto links"
[AdvancedOptions\INTERNATIONAL\UTF8_URL]
"Text"="Send UTF-8 URLs"
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
-----HKLM\Software\Microsoft\Active Setup\Installed Components-----
[Installed Components]
[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"
[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Lecteur Windows Media"
"ComponentID"="WMPACCESS"
[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Personnalisation du navigateur"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"
[Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}]
#### HKCR\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\InprocServer32 @="C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll"
"@="Viewpoint Media Player"
"ComponentID"="Viewpoint"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\system32\msjava.dll"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
"@="Internet Explorer Classes for Java"
"ComponentID"="IEJAVA"
[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendu VML (Vector Graphics Rendering)"
"ComponentID"="MSVML"
[Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
#### HKCR\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}\InprocServer32 @="C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll"
"@="Viewpoint Media Player"
"ComponentID"="Viewpoint"
[Installed Components\{1C818E03-F86D-87A1-9A7A-67CAF2C4E365}]
"ComponentID"="NetShow"
[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""
[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"
[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
"@="DirectAnimation"
"ComponentID"="DirectAnimation"
[Installed Components\{2AF080BA-A327-44A5-8F11-522A6B8E9D2E}]
"@="Viewpoint Media Player"
"ComponentID"="Viewpoint"
[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"
[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Liaison de données Dynamic HTML pour Java"
"ComponentID"="TridataJava"
[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"
[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"
[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Création avancée"
"ComponentID"="AdvAuth"
[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"
[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"
[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classes Java DirectAnimation"
"ComponentID"="DAJava"
[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"
[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"
[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\System32\msieftp.dll"
[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"
[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"
[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Carnet d'adresses 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Mise à jour du Bureau Windows"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"
[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"
[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Planificateur de tâches"
"ComponentID"="MSTASK"
[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Shockwave Flash"
"ComponentID"="Flash"
[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"
[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"
-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services
Result compared: Identical
-----Comparing registry keys CCS1 vs CCS3 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {1B22C23C-B441-463B-A136-63F7E5F8026B} REG_BINARY 5100000000000000120000000000000020B9794601FFFF706172616469732D6E78387339757900000600000000000000040000000000000020B97946C0A801010300000000000000040000000000000020B97946C0A801010100000000000000040000000000000020B97946FFFFFF003B00000000000000040000000000000020B97946000127503A00000000000000040000000000000020B979460000A8C03300000000000000040000000000000020B97946000151803600000000000000040000000000000020B97946C0A801013500000000000000010000000000000020B9794605000000
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {1B22C23C-B441-463B-A136-63F7E5F8026B} REG_BINARY 51000000000000001200000000000000E08B794601FFFF706172616469732D6E783873397579000006000000000000000400000000000000E08B7946C0A8010103000000000000000400000000000000E08B7946C0A8010101000000000000000400000000000000E08B7946FFFFFF003B000000000000000400000000000000E08B7946000127503A000000000000000400000000000000E08B79460000A8C033000000000000000400000000000000E08B79460001518036000000000000000400000000000000E08B7946C0A8010135000000000000000100000000000000E08B794605000000
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\HTTP\Parameters\Synchronize
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\pwalker
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 28231 (0x6E47)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 28219 (0x6E3B)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List 12917:TCP REG_SZ 12917:TCP:*:Enabled:NortonAV
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters DhcpNameServer REG_SZ 192.168.1.1
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} LeaseObtainedTime REG_DWORD 1182295968 (0x467867A0)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} LeaseObtainedTime REG_DWORD 1182284384 (0x46783A60)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} T1 REG_DWORD 1182339168 (0x46791060)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} T1 REG_DWORD 1182327584 (0x4678E320)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} T2 REG_DWORD 1182371568 (0x46798EF0)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} T2 REG_DWORD 1182359984 (0x467961B0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} LeaseTerminatesTime REG_DWORD 1182382368 (0x4679B920)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} LeaseTerminatesTime REG_DWORD 1182370784 (0x46798BE0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} DhcpRetryTime REG_DWORD 43198 (0xA8BE)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} DhcpRetryStatus REG_DWORD 0 (0x0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} DhcpNameServer REG_SZ 192.168.1.1
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} DhcpDefaultGateway REG_MULTI_SZ 192.168.1.1\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{1B22C23C-B441-463B-A136-63F7E5F8026B} DhcpSubnetMaskOpt REG_MULTI_SZ 255.255.255.0\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1B22C23C-B441-463B-A136-63F7E5F8026B}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1182295968 (0x467867A0)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{1B22C23C-B441-463B-A136-63F7E5F8026B}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1182284384 (0x46783A60)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1B22C23C-B441-463B-A136-63F7E5F8026B}\Parameters\Tcpip T1 REG_DWORD 1182339168 (0x46791060)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{1B22C23C-B441-463B-A136-63F7E5F8026B}\Parameters\Tcpip T1 REG_DWORD 1182327584 (0x4678E320)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1B22C23C-B441-463B-A136-63F7E5F8026B}\Parameters\Tcpip T2 REG_DWORD 1182371568 (0x46798EF0)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{1B22C23C-B441-463B-A136-63F7E5F8026B}\Parameters\Tcpip T2 REG_DWORD 1182359984 (0x467961B0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1B22C23C-B441-463B-A136-63F7E5F8026B}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1182382368 (0x4679B920)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{1B22C23C-B441-463B-A136-63F7E5F8026B}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1182370784 (0x46798BE0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1B22C23C-B441-463B-A136-63F7E5F8026B}\Parameters\Tcpip DhcpDefaultGateway REG_MULTI_SZ 192.168.1.1\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{1B22C23C-B441-463B-A136-63F7E5F8026B}\Parameters\Tcpip DhcpSubnetMaskOpt REG_MULTI_SZ 255.255.255.0\0\0
Result compared: Different
===================== Hidden Objects =====================
SCAN ABORTED: an unknown error has occurred. Please check Rootkit presence with another tool
===================== Checking Rustock rootkit =====================
==========================================
Scan completed in 2,2 minutes
End of report
Voilà toutes les opérations que j'ai réalisée depuis que je me préocupe de ce virus ce soir :
-installation / utilisation de MSNFix (comme stipulé dans le premier forum d'aide où tu m'as par la suite redirigé)
-installation/utilisation de hijackthis
-installation/utilisation de systemscan - sur tes recommandations. Mais comme un boulet j'ai voulu aller trop vite j'ai copié le log comme une merde.
Entre temps j'ai utilisé CCleaner pour faire de la place sur mon HD
- j'ai repris ton message, installé et utilisé Flash disinfector
-puis refait tourné systemscan, générant un nouveau log que je t'ai collé en 2 parties.
Ai-je zappé quelque chose ?
merci pour ta patience
-installation / utilisation de MSNFix (comme stipulé dans le premier forum d'aide où tu m'as par la suite redirigé)
-installation/utilisation de hijackthis
-installation/utilisation de systemscan - sur tes recommandations. Mais comme un boulet j'ai voulu aller trop vite j'ai copié le log comme une merde.
Entre temps j'ai utilisé CCleaner pour faire de la place sur mon HD
- j'ai repris ton message, installé et utilisé Flash disinfector
-puis refait tourné systemscan, générant un nouveau log que je t'ai collé en 2 parties.
Ai-je zappé quelque chose ?
merci pour ta patience
Ok, maintenant, télécharge et double-clic sur ce fichier et accepte la fusion au registre ça permettra de supprimer des clés laissés par l'infection
---> https://www.cjoint.com/?gudKJOLY6U
N'hésite pas à faire un scan en ligne
Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
A++
---> https://www.cjoint.com/?gudKJOLY6U
N'hésite pas à faire un scan en ligne
Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
A++
Voilà le rapport bitdefender :
BitDefender Online Scanner
Scan report generated at: Wed, Jun 20, 2007 - 14:50:02
Scan path: A:\;C:\;D:\;E:\;F:\;
Statistics
Time
00:48:37
Files
266203
Folders
6132
Boot Sectors
3
Archives
11609
Packed Files
11335
Results
Identified Viruses
11
Infected Files
24
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
24
Engines Info
Virus Definitions
514494
Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Clément\Bureau\MSNFix\19062007_22195042.zip=>backup/photos.zip=>webcam_photos-2007-06.scr
Infected with: Backdoor.IRCBot.ABDD
C:\Documents and Settings\Clément\Bureau\MSNFix\19062007_22195042.zip=>backup/photos.zip=>webcam_photos-2007-06.scr
Disinfection failed
C:\Documents and Settings\Clément\Bureau\MSNFix\19062007_22195042.zip=>backup/photos.zip=>webcam_photos-2007-06.scr
Deleted
C:\Documents and Settings\Clément\Bureau\MSNFix\19062007_22195042.zip=>backup/photos.zip
Updated
C:\Documents and Settings\Clément\Bureau\MSNFix\19062007_22195042.zip
Updated
C:\Documents and Settings\Clément\Bureau\MSNFix\19062007_22195042.zip=>backup/syshelps.dll
Infected with: Backdoor.IRCBot.ABDD
C:\Documents and Settings\Clément\Bureau\MSNFix\19062007_22195042.zip=>backup/syshelps.dll
Disinfection failed
C:\Documents and Settings\Clément\Bureau\MSNFix\19062007_22195042.zip=>backup/syshelps.dll
Deleted
C:\Documents and Settings\Clément\Bureau\MSNFix\19062007_22195042.zip
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 9)=>[Subject: I'm nude][Date: Wed, 2 Mar 2005 18:03:05 +0100]=>(MIME part)=>photo.zip=>photo.jpg .scr
Infected with: Win32.Mabutu.A@mm
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 9)=>[Subject: I'm nude][Date: Wed, 2 Mar 2005 18:03:05 +0100]=>(MIME part)=>photo.zip=>photo.jpg .scr
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 9)=>[Subject: I'm nude][Date: Wed, 2 Mar 2005 18:03:05 +0100]=>(MIME part)=>photo.zip
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 9)=>[Subject: I'm nude][Date: Wed, 2 Mar 2005 18:03:05 +0100]=>(MIME part)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 9)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 22)=>[Subject: ][Date: Sat, 05 Mar 2005 09:27:43 -0300]=>(MIME part)=>2332134.rar=>dddd.exe
Infected with: Win32.Bagle.BG@mm
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 22)=>[Subject: ][Date: Sat, 05 Mar 2005 09:27:43 -0300]=>(MIME part)=>2332134.rar=>dddd.exe
Disinfection failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 22)=>[Subject: ][Date: Sat, 05 Mar 2005 09:27:43 -0300]=>(MIME part)=>2332134.rar=>dddd.exe
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 22)=>[Subject: ][Date: Sat, 05 Mar 2005 09:27:43 -0300]=>(MIME part)=>2332134.rar
Update failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 40)
Infected with: Trojan.Spy.HTML.Bankfraud.DQ
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 40)
Disinfection failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 40)
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 456)=>[Subject: ][Date: Wed, 21 Sep 2005 08:22:50 +0800]=>(MIME part)=>newprice.zip=>06.exe
Infected with: Win32.Bagle.JL@mm
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 456)=>[Subject: ][Date: Wed, 21 Sep 2005 08:22:50 +0800]=>(MIME part)=>newprice.zip=>06.exe
Disinfection failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 456)=>[Subject: ][Date: Wed, 21 Sep 2005 08:22:50 +0800]=>(MIME part)=>newprice.zip=>06.exe
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 456)=>[Subject: ][Date: Wed, 21 Sep 2005 08:22:50 +0800]=>(MIME part)=>newprice.zip
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 456)=>[Subject: ][Date: Wed, 21 Sep 2005 08:22:50 +0800]=>(MIME part)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 456)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 569)=>[Subject: Josias][Date: Thu, 15 Dec 2005 20:26:09 -0500]=>(MIME part)=>Harry.zip=>DSC00017.exe
Infected with: Trojan.Downloader.Bagle.H
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 569)=>[Subject: Josias][Date: Thu, 15 Dec 2005 20:26:09 -0500]=>(MIME part)=>Harry.zip=>DSC00017.exe
Disinfection failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 569)=>[Subject: Josias][Date: Thu, 15 Dec 2005 20:26:09 -0500]=>(MIME part)=>Harry.zip=>DSC00017.exe
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 569)=>[Subject: Josias][Date: Thu, 15 Dec 2005 20:26:09 -0500]=>(MIME part)=>Harry.zip
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 569)=>[Subject: Josias][Date: Thu, 15 Dec 2005 20:26:09 -0500]=>(MIME part)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 569)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 7)=>[Subject: ][Date: Sat, 05 Mar 2005 09:27:43 -0300]=>(MIME part)=>2332134.rar=>dddd.exe
Infected with: Win32.Bagle.BG@mm
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 7)=>[Subject: ][Date: Sat, 05 Mar 2005 09:27:43 -0300]=>(MIME part)=>2332134.rar=>dddd.exe
Disinfection failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 7)=>[Subject: ][Date: Sat, 05 Mar 2005 09:27:43 -0300]=>(MIME part)=>2332134.rar=>dddd.exe
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 7)=>[Subject: ][Date: Sat, 05 Mar 2005 09:27:43 -0300]=>(MIME part)=>2332134.rar
Update failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 23)
Infected with: Trojan.Spy.HTML.Bankfraud.DQ
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 23)
Disinfection failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 23)
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 358)=>[Subject: I'm nude][Date: Wed, 2 Mar 2005 18:03:05 +0100]=>(MIME part)=>photo.zip=>photo.jpg .scr
Infected with: Win32.Mabutu.A@mm
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 358)=>[Subject: I'm nude][Date: Wed, 2 Mar 2005 18:03:05 +0100]=>(MIME part)=>photo.zip=>photo.jpg .scr
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 358)=>[Subject: I'm nude][Date: Wed, 2 Mar 2005 18:03:05 +0100]=>(MIME part)=>photo.zip
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 358)=>[Subject: I'm nude][Date: Wed, 2 Mar 2005 18:03:05 +0100]=>(MIME part)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 358)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 445)=>[Subject: ][Date: Wed, 21 Sep 2005 08:22:50 +0800]=>(MIME part)=>newprice.zip=>06.exe
Infected with: Win32.Bagle.JL@mm
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 445)=>[Subject: ][Date: Wed, 21 Sep 2005 08:22:50 +0800]=>(MIME part)=>newprice.zip=>06.exe
Disinfection failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 445)=>[Subject: ][Date: Wed, 21 Sep 2005 08:22:50 +0800]=>(MIME part)=>newprice.zip=>06.exe
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 445)=>[Subject: ][Date: Wed, 21 Sep 2005 08:22:50 +0800]=>(MIME part)=>newprice.zip
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 445)=>[Subject: ][Date: Wed, 21 Sep 2005 08:22:50 +0800]=>(MIME part)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 445)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 531)=>[Subject: Josias][Date: Thu, 15 Dec 2005 20:26:09 -0500]=>(MIME part)=>Harry.zip=>DSC00017.exe
Infected with: Trojan.Downloader.Bagle.H
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 531)=>[Subject: Josias][Date: Thu, 15 Dec 2005 20:26:09 -0500]=>(MIME part)=>Harry.zip=>DSC00017.exe
Disinfection failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 531)=>[Subject: Josias][Date: Thu, 15 Dec 2005 20:26:09 -0500]=>(MIME part)=>Harry.zip=>DSC00017.exe
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 531)=>[Subject: Josias][Date: Thu, 15 Dec 2005 20:26:09 -0500]=>(MIME part)=>Harry.zip
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 531)=>[Subject: Josias][Date: Thu, 15 Dec 2005 20:26:09 -0500]=>(MIME part)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 531)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 510)=>[Subject: Isabel][Date: Tue, 04 Jul 2006 04:16:31 -0800]=>(MIME part)=>Edwarde.zip=>tgvyvghwfaut.exe
Infected with: Win32.Bagle.GL@mm
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 510)=>[Subject: Isabel][Date: Tue, 04 Jul 2006 04:16:31 -0800]=>(MIME part)=>Edwarde.zip=>tgvyvghwfaut.exe
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 510)=>[Subject: Isabel][Date: Tue, 04 Jul 2006 04:16:31 -0800]=>(MIME part)=>Edwarde.zip
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 510)=>[Subject: Isabel][Date: Tue, 04 Jul 2006 04:16:31 -0800]=>(MIME part)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 510)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 513)=>[Subject: Security Measures][Date: Tue, 04 Jul 2006 13:52:44 -0400]=>(MIME part)=>(message body)
Infected with: Trojan.Spy.Html.Bankfraud.PD
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 513)=>[Subject: Security Measures][Date: Tue, 04 Jul 2006 13:52:44 -0400]=>(MIME part)=>(message body)
Disinfection failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 513)=>[Subject: Security Measures][Date: Tue, 04 Jul 2006 13:52:44 -0400]=>(MIME part)=>(message body)
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 513)=>[Subject: Security Measures][Date: Tue, 04 Jul 2006 13:52:44 -0400]=>(MIME part)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 513)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 519)=>[Subject: Security Measures][Date: Tue, 04 Jul 2006 13:52:44 -0400]=>(MIME part)=>(message body)
Infected with: Trojan.Spy.Html.Bankfraud.PD
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 519)=>[Subject: Security Measures][Date: Tue, 04 Jul 2006 13:52:44 -0400]=>(MIME part)=>(message body)
Disinfection failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 519)=>[Subject: Security Measures][Date: Tue, 04 Jul 2006 13:52:44 -0400]=>(MIME part)=>(message body)
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 519)=>[Subject: Security Measures][Date: Tue, 04 Jul 2006 13:52:44 -0400]=>(MIME part)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 519)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox
Updated
C:\Documents and Settings\Clément\ie.exe
Infected with: Trojan.Agent.AQG
C:\Documents and Settings\Clément\ie.exe
Disinfection failed
C:\Documents and Settings\Clément\ie.exe
Deleted
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0106405.DLL
Infected with: Backdoor.IRCBot.ABDD
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0106405.DLL
Disinfection failed
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0106405.DLL
Deleted
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0106406.dll
Infected with: Backdoor.IRCBot.ABDD
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0106406.dll
Disinfection failed
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0106406.dll
Deleted
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0108550.exe
Infected with: Worm.RJump.K
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0108550.exe
Disinfection failed
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0108550.exe
Deleted
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0108552.EXE
Infected with: Trojan.Agent.AQG
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0108552.EXE
Disinfection failed
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0108552.EXE
Deleted
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0108563.exe
Infected with: Trojan.Agent.AQG
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0108563.exe
Disinfection failed
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0108563.exe
Deleted
D:\Images\Photos\webcam_photos-2007-06.scr
Infected with: Backdoor.IRCBot.ABDD
D:\Images\Photos\webcam_photos-2007-06.scr
Disinfection failed
D:\Images\Photos\webcam_photos-2007-06.scr
Deleted
D:\Pharmacie\Virus\MSNFix\19062007_22195042.zip=>backup/photos.zip=>webcam_photos-2007-06.scr
Infected with: Backdoor.IRCBot.ABDD
D:\Pharmacie\Virus\MSNFix\19062007_22195042.zip=>backup/photos.zip=>webcam_photos-2007-06.scr
Disinfection failed
D:\Pharmacie\Virus\MSNFix\19062007_22195042.zip=>backup/photos.zip=>webcam_photos-2007-06.scr
Deleted
D:\Pharmacie\Virus\MSNFix\19062007_22195042.zip=>backup/photos.zip
Updated
D:\Pharmacie\Virus\MSNFix\19062007_22195042.zip
Updated
D:\Pharmacie\Virus\MSNFix\19062007_22195042.zip=>backup/syshelps.dll
Infected with: Backdoor.IRCBot.ABDD
D:\Pharmacie\Virus\MSNFix\19062007_22195042.zip=>backup/syshelps.dll
Disinfection failed
D:\Pharmacie\Virus\MSNFix\19062007_22195042.zip=>backup/syshelps.dll
Deleted
D:\Pharmacie\Virus\MSNFix\19062007_22195042.zip
Updated
BitDefender Online Scanner
Scan report generated at: Wed, Jun 20, 2007 - 14:50:02
Scan path: A:\;C:\;D:\;E:\;F:\;
Statistics
Time
00:48:37
Files
266203
Folders
6132
Boot Sectors
3
Archives
11609
Packed Files
11335
Results
Identified Viruses
11
Infected Files
24
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
24
Engines Info
Virus Definitions
514494
Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Clément\Bureau\MSNFix\19062007_22195042.zip=>backup/photos.zip=>webcam_photos-2007-06.scr
Infected with: Backdoor.IRCBot.ABDD
C:\Documents and Settings\Clément\Bureau\MSNFix\19062007_22195042.zip=>backup/photos.zip=>webcam_photos-2007-06.scr
Disinfection failed
C:\Documents and Settings\Clément\Bureau\MSNFix\19062007_22195042.zip=>backup/photos.zip=>webcam_photos-2007-06.scr
Deleted
C:\Documents and Settings\Clément\Bureau\MSNFix\19062007_22195042.zip=>backup/photos.zip
Updated
C:\Documents and Settings\Clément\Bureau\MSNFix\19062007_22195042.zip
Updated
C:\Documents and Settings\Clément\Bureau\MSNFix\19062007_22195042.zip=>backup/syshelps.dll
Infected with: Backdoor.IRCBot.ABDD
C:\Documents and Settings\Clément\Bureau\MSNFix\19062007_22195042.zip=>backup/syshelps.dll
Disinfection failed
C:\Documents and Settings\Clément\Bureau\MSNFix\19062007_22195042.zip=>backup/syshelps.dll
Deleted
C:\Documents and Settings\Clément\Bureau\MSNFix\19062007_22195042.zip
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 9)=>[Subject: I'm nude][Date: Wed, 2 Mar 2005 18:03:05 +0100]=>(MIME part)=>photo.zip=>photo.jpg .scr
Infected with: Win32.Mabutu.A@mm
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 9)=>[Subject: I'm nude][Date: Wed, 2 Mar 2005 18:03:05 +0100]=>(MIME part)=>photo.zip=>photo.jpg .scr
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 9)=>[Subject: I'm nude][Date: Wed, 2 Mar 2005 18:03:05 +0100]=>(MIME part)=>photo.zip
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 9)=>[Subject: I'm nude][Date: Wed, 2 Mar 2005 18:03:05 +0100]=>(MIME part)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 9)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 22)=>[Subject: ][Date: Sat, 05 Mar 2005 09:27:43 -0300]=>(MIME part)=>2332134.rar=>dddd.exe
Infected with: Win32.Bagle.BG@mm
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 22)=>[Subject: ][Date: Sat, 05 Mar 2005 09:27:43 -0300]=>(MIME part)=>2332134.rar=>dddd.exe
Disinfection failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 22)=>[Subject: ][Date: Sat, 05 Mar 2005 09:27:43 -0300]=>(MIME part)=>2332134.rar=>dddd.exe
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 22)=>[Subject: ][Date: Sat, 05 Mar 2005 09:27:43 -0300]=>(MIME part)=>2332134.rar
Update failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 40)
Infected with: Trojan.Spy.HTML.Bankfraud.DQ
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 40)
Disinfection failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 40)
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 456)=>[Subject: ][Date: Wed, 21 Sep 2005 08:22:50 +0800]=>(MIME part)=>newprice.zip=>06.exe
Infected with: Win32.Bagle.JL@mm
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 456)=>[Subject: ][Date: Wed, 21 Sep 2005 08:22:50 +0800]=>(MIME part)=>newprice.zip=>06.exe
Disinfection failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 456)=>[Subject: ][Date: Wed, 21 Sep 2005 08:22:50 +0800]=>(MIME part)=>newprice.zip=>06.exe
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 456)=>[Subject: ][Date: Wed, 21 Sep 2005 08:22:50 +0800]=>(MIME part)=>newprice.zip
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 456)=>[Subject: ][Date: Wed, 21 Sep 2005 08:22:50 +0800]=>(MIME part)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 456)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 569)=>[Subject: Josias][Date: Thu, 15 Dec 2005 20:26:09 -0500]=>(MIME part)=>Harry.zip=>DSC00017.exe
Infected with: Trojan.Downloader.Bagle.H
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 569)=>[Subject: Josias][Date: Thu, 15 Dec 2005 20:26:09 -0500]=>(MIME part)=>Harry.zip=>DSC00017.exe
Disinfection failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 569)=>[Subject: Josias][Date: Thu, 15 Dec 2005 20:26:09 -0500]=>(MIME part)=>Harry.zip=>DSC00017.exe
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 569)=>[Subject: Josias][Date: Thu, 15 Dec 2005 20:26:09 -0500]=>(MIME part)=>Harry.zip
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 569)=>[Subject: Josias][Date: Thu, 15 Dec 2005 20:26:09 -0500]=>(MIME part)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox=>(message 569)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Inbox
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 7)=>[Subject: ][Date: Sat, 05 Mar 2005 09:27:43 -0300]=>(MIME part)=>2332134.rar=>dddd.exe
Infected with: Win32.Bagle.BG@mm
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 7)=>[Subject: ][Date: Sat, 05 Mar 2005 09:27:43 -0300]=>(MIME part)=>2332134.rar=>dddd.exe
Disinfection failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 7)=>[Subject: ][Date: Sat, 05 Mar 2005 09:27:43 -0300]=>(MIME part)=>2332134.rar=>dddd.exe
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 7)=>[Subject: ][Date: Sat, 05 Mar 2005 09:27:43 -0300]=>(MIME part)=>2332134.rar
Update failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 23)
Infected with: Trojan.Spy.HTML.Bankfraud.DQ
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 23)
Disinfection failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 23)
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 358)=>[Subject: I'm nude][Date: Wed, 2 Mar 2005 18:03:05 +0100]=>(MIME part)=>photo.zip=>photo.jpg .scr
Infected with: Win32.Mabutu.A@mm
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 358)=>[Subject: I'm nude][Date: Wed, 2 Mar 2005 18:03:05 +0100]=>(MIME part)=>photo.zip=>photo.jpg .scr
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 358)=>[Subject: I'm nude][Date: Wed, 2 Mar 2005 18:03:05 +0100]=>(MIME part)=>photo.zip
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 358)=>[Subject: I'm nude][Date: Wed, 2 Mar 2005 18:03:05 +0100]=>(MIME part)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 358)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 445)=>[Subject: ][Date: Wed, 21 Sep 2005 08:22:50 +0800]=>(MIME part)=>newprice.zip=>06.exe
Infected with: Win32.Bagle.JL@mm
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 445)=>[Subject: ][Date: Wed, 21 Sep 2005 08:22:50 +0800]=>(MIME part)=>newprice.zip=>06.exe
Disinfection failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 445)=>[Subject: ][Date: Wed, 21 Sep 2005 08:22:50 +0800]=>(MIME part)=>newprice.zip=>06.exe
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 445)=>[Subject: ][Date: Wed, 21 Sep 2005 08:22:50 +0800]=>(MIME part)=>newprice.zip
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 445)=>[Subject: ][Date: Wed, 21 Sep 2005 08:22:50 +0800]=>(MIME part)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 445)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 531)=>[Subject: Josias][Date: Thu, 15 Dec 2005 20:26:09 -0500]=>(MIME part)=>Harry.zip=>DSC00017.exe
Infected with: Trojan.Downloader.Bagle.H
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 531)=>[Subject: Josias][Date: Thu, 15 Dec 2005 20:26:09 -0500]=>(MIME part)=>Harry.zip=>DSC00017.exe
Disinfection failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 531)=>[Subject: Josias][Date: Thu, 15 Dec 2005 20:26:09 -0500]=>(MIME part)=>Harry.zip=>DSC00017.exe
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 531)=>[Subject: Josias][Date: Thu, 15 Dec 2005 20:26:09 -0500]=>(MIME part)=>Harry.zip
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 531)=>[Subject: Josias][Date: Thu, 15 Dec 2005 20:26:09 -0500]=>(MIME part)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash=>(message 531)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky.com\Trash
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 510)=>[Subject: Isabel][Date: Tue, 04 Jul 2006 04:16:31 -0800]=>(MIME part)=>Edwarde.zip=>tgvyvghwfaut.exe
Infected with: Win32.Bagle.GL@mm
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 510)=>[Subject: Isabel][Date: Tue, 04 Jul 2006 04:16:31 -0800]=>(MIME part)=>Edwarde.zip=>tgvyvghwfaut.exe
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 510)=>[Subject: Isabel][Date: Tue, 04 Jul 2006 04:16:31 -0800]=>(MIME part)=>Edwarde.zip
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 510)=>[Subject: Isabel][Date: Tue, 04 Jul 2006 04:16:31 -0800]=>(MIME part)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 510)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 513)=>[Subject: Security Measures][Date: Tue, 04 Jul 2006 13:52:44 -0400]=>(MIME part)=>(message body)
Infected with: Trojan.Spy.Html.Bankfraud.PD
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 513)=>[Subject: Security Measures][Date: Tue, 04 Jul 2006 13:52:44 -0400]=>(MIME part)=>(message body)
Disinfection failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 513)=>[Subject: Security Measures][Date: Tue, 04 Jul 2006 13:52:44 -0400]=>(MIME part)=>(message body)
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 513)=>[Subject: Security Measures][Date: Tue, 04 Jul 2006 13:52:44 -0400]=>(MIME part)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 513)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 519)=>[Subject: Security Measures][Date: Tue, 04 Jul 2006 13:52:44 -0400]=>(MIME part)=>(message body)
Infected with: Trojan.Spy.Html.Bankfraud.PD
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 519)=>[Subject: Security Measures][Date: Tue, 04 Jul 2006 13:52:44 -0400]=>(MIME part)=>(message body)
Disinfection failed
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 519)=>[Subject: Security Measures][Date: Tue, 04 Jul 2006 13:52:44 -0400]=>(MIME part)=>(message body)
Deleted
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 519)=>[Subject: Security Measures][Date: Tue, 04 Jul 2006 13:52:44 -0400]=>(MIME part)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox=>(message 519)
Updated
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com\Inbox
Updated
C:\Documents and Settings\Clément\ie.exe
Infected with: Trojan.Agent.AQG
C:\Documents and Settings\Clément\ie.exe
Disinfection failed
C:\Documents and Settings\Clément\ie.exe
Deleted
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0106405.DLL
Infected with: Backdoor.IRCBot.ABDD
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0106405.DLL
Disinfection failed
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0106405.DLL
Deleted
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0106406.dll
Infected with: Backdoor.IRCBot.ABDD
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0106406.dll
Disinfection failed
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0106406.dll
Deleted
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0108550.exe
Infected with: Worm.RJump.K
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0108550.exe
Disinfection failed
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0108550.exe
Deleted
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0108552.EXE
Infected with: Trojan.Agent.AQG
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0108552.EXE
Disinfection failed
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0108552.EXE
Deleted
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0108563.exe
Infected with: Trojan.Agent.AQG
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0108563.exe
Disinfection failed
C:\System Volume Information\_restore{F7A4AEFD-3B25-4236-8A77-98967DF103FC}\RP803\A0108563.exe
Deleted
D:\Images\Photos\webcam_photos-2007-06.scr
Infected with: Backdoor.IRCBot.ABDD
D:\Images\Photos\webcam_photos-2007-06.scr
Disinfection failed
D:\Images\Photos\webcam_photos-2007-06.scr
Deleted
D:\Pharmacie\Virus\MSNFix\19062007_22195042.zip=>backup/photos.zip=>webcam_photos-2007-06.scr
Infected with: Backdoor.IRCBot.ABDD
D:\Pharmacie\Virus\MSNFix\19062007_22195042.zip=>backup/photos.zip=>webcam_photos-2007-06.scr
Disinfection failed
D:\Pharmacie\Virus\MSNFix\19062007_22195042.zip=>backup/photos.zip=>webcam_photos-2007-06.scr
Deleted
D:\Pharmacie\Virus\MSNFix\19062007_22195042.zip=>backup/photos.zip
Updated
D:\Pharmacie\Virus\MSNFix\19062007_22195042.zip
Updated
D:\Pharmacie\Virus\MSNFix\19062007_22195042.zip=>backup/syshelps.dll
Infected with: Backdoor.IRCBot.ABDD
D:\Pharmacie\Virus\MSNFix\19062007_22195042.zip=>backup/syshelps.dll
Disinfection failed
D:\Pharmacie\Virus\MSNFix\19062007_22195042.zip=>backup/syshelps.dll
Deleted
D:\Pharmacie\Virus\MSNFix\19062007_22195042.zip
Updated
Fais ceci :
¤ Pour afficher tous les dossiers et fichiers cachés :
Clic sur "démarrer", "panneau de configuration", "outils" ,"option des dossiers", "affichage"
Coche :
- afficher les fichiers et dossiers cachés
- Clic sur "appliquer" puis "ok"
----------------------------------------------------------
Puis rends toi ici et supprime le dossier :
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com
Supprime aussi :
D:\Pharmacie\Virus\MSNFix
Ensuite :
¤ Alors ceci : C:\System Volume Information\_restore (voir rapport Bitdefender )
indique que ta restauration du système etait infecté ou est infecté, pour être sûr, nous allons créer un point propre.
Clic sur "demarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du système"
¤ coches la case "desactiver la restauration du systéme sur tous les lecteurs", puis clic ur "appliquer"
¤ décoches la case et clic sur "appliquer" puis "ok".
Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre :
Clic sur "demarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, clic sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créé
Si un jour tu le décides, tu pourras revenir en arrière à la date que tu as créé ce point de restauration.
En exécutant la restauration du système tu pourras remettre ton ordinateur à la date ou l'on à créé ce point de restauration mais tu perdras les modifications que tu auras fait entre deux.
¤ Pour afficher tous les dossiers et fichiers cachés :
Clic sur "démarrer", "panneau de configuration", "outils" ,"option des dossiers", "affichage"
Coche :
- afficher les fichiers et dossiers cachés
- Clic sur "appliquer" puis "ok"
----------------------------------------------------------
Puis rends toi ici et supprime le dossier :
C:\Documents and Settings\Clément\Application Data\Thunderbird\Profiles\default.0ft\Mail\pop.monsterfonky-1.com
Supprime aussi :
D:\Pharmacie\Virus\MSNFix
Ensuite :
¤ Alors ceci : C:\System Volume Information\_restore (voir rapport Bitdefender )
indique que ta restauration du système etait infecté ou est infecté, pour être sûr, nous allons créer un point propre.
Clic sur "demarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du système"
¤ coches la case "desactiver la restauration du systéme sur tous les lecteurs", puis clic ur "appliquer"
¤ décoches la case et clic sur "appliquer" puis "ok".
Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre :
Clic sur "demarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, clic sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créé
Si un jour tu le décides, tu pourras revenir en arrière à la date que tu as créé ce point de restauration.
En exécutant la restauration du système tu pourras remettre ton ordinateur à la date ou l'on à créé ce point de restauration mais tu perdras les modifications que tu auras fait entre deux.
