Sujet Précédent Sujet Suivant

Vers

Fermé
Peter_néophyte - 4 juil. 2007 à 20:41
Peter_neophyte Messages postés 8 Date d'inscription mercredi 4 juillet 2007 Statut Membre Dernière intervention 13 juillet 2007 - 13 juil. 2007 à 21:08
Bjr à tous,

j'ai un gros avec mon portable, certainement infesté de vers malgré la présence d'un antivirus/firewall.
Fenêtres d'erreurs qui apparaissent au bout d'un moment.
J'ai dans les processus le genre lsass.exe, et à priori c'est pas bon signe ! Ordinateur qui bloque !
La totale du bon infecté.

Si qqun peut m'aider

Merci d'avance

7 réponses

Réponse 1 / 7
Utilisateur anonyme
4 juil. 2007 à 23:57
Bonjour

Qu'as-tu comme anti-virus, anti-spywares et pare-feu ?


----
Ensuite, Télécharge HijackThis :
---> http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis_v2.exe

Installe le dans son propre dossier :
- clic droit sur le bureau, tu choisis "nouveau dossier" puis installe-le à l'intérieur.
Fais un clic droit sur Hijackthis, choisis "renommer" puis marque ceci : abcde.exe
Double-clic sur HijackThis. Clic sur "I Accept" puis clic sur "do a system scan and save logfile"
Puis copie et colle ici le rapport qu'il va te générer.

Démo pour HijackThis si besoin :
http://pageperso.aol.fr/balltrap34/demohijack.htm
0
Peter_neophyte Messages postés 8 Date d'inscription mercredi 4 juillet 2007 Statut Membre Dernière intervention 13 juillet 2007
7 juil. 2007 à 13:52
Bjr boulepate62

En fait je me demande si vous avez bien reçu ma réponse que j'ai envoyé avant ?
J'ai pas trop l'habitude de naviguer ici ;-)

j'avais fait un petit résumé des actions avant tt le bazar sur l'ordi et dans le cas ou vous auriez pas reçu ma derniere réponse, vous renvoie le rapport Hijackthis selon vos explications :


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:27:42, on 07/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Micro Application\Anti-Virus Personnel 2007\avp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Micro Application\Anti-Virus Personnel 2007\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\proprietaire\Bureau\Nouveau dossier\abcde.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ASocksrv] SocksA.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Micro Application\Anti-Virus Personnel 2007\avp.exe"
O4 - HKCU\..\Run: [BSserver] FileKan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Micro Application\Anti-Virus Personnel 2007\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Anti-Virus Personnel 2007 (AVP) - Micro Application - C:\Program Files\Micro Application\Anti-Virus Personnel 2007\avp.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
0
Réponse 2 / 7
Peter_neophyte Messages postés 8 Date d'inscription mercredi 4 juillet 2007 Statut Membre Dernière intervention 13 juillet 2007
7 juil. 2007 à 13:55
ah oui j'ai oublié pour le systeme de protection !

C'est Antivirus personnel 2007+ de chez Micro Application mis à jour biensur

Merci

@+
0
Réponse 3 / 7
Peter_neophyte Messages postés 8 Date d'inscription mercredi 4 juillet 2007 Statut Membre Dernière intervention 13 juillet 2007
7 juil. 2007 à 17:29
Bjr à tous,

je tiens à préciser qu'au départ j'avais installé un pilote de carte réseau de vista par mégarde sur windows XP et que cela m'a mis un de ces bazar ! donc ne sachant pas rectifier la choz, j'ai voulu réinstaller xp et me suis loupé : installation 2 fois sur les 2 partitions ! et puis comment récupérer les pilotes de l'ordi sachant que c'était pas un cd de restauration xp mais un cd licencé xp ?
Donc pour finir, l'ordi est parti chez la boutique d'info du coin pour etre reformater et réinstaller avec XP et tous ses pilotes. Je précise que ce portable était livré à la base avec vista puisqu'il est récent.
En fait, je me demande si les vers ou virus ou autres se seraient pas glissés chez le marchand informatique ? car quand j'ai installé ensuite l'antivirus/ Firewall, il a foiré à la fin de l'installation m'indiquant des soucis de sécu. La personne du portable avait pris XP car vista aurait des soucis ! est-ce confirmer ? et quel genre ?

Merci de votre aide pour rendre l'ordi saint

@+
0
Réponse 4 / 7
Utilisateur anonyme
7 juil. 2007 à 20:15
Bonjour

Fais ceci pour y voir plus clair


¤ Télécharge ce programme puis double clic dessus (ferme ton antivirus s'il te détecte quoi que ce soit)
http://www.suspectfile.com/systemscan/

* Coche uniquement ces cases, décoche tout le reste :

- Recent Files, 90 days
- Registry Run Key
- Hidden objects
- suspucious files


Puis clic sur scan now, soit patient.
Une fois qu'il aura terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
Peter_neophyte Messages postés 8 Date d'inscription mercredi 4 juillet 2007 Statut Membre Dernière intervention 13 juillet 2007
8 juil. 2007 à 14:23
Bonjour,

Après avoir couper ttes les protections, j'ai effectué le scan comme prévu, mais au premier coup l'ordi a planté en écran bleu lorsque le scan était sur Registry run key : il m'a mis qu'il y avait un problème de pilote ou qqchose dans le genre. Plus aucune commande n'était active et j'ai du arrêter l'ordi en force, mais j'ai pensé à redémarrer en mode sans échec au cas ou. J'ai relancé le scan et les 4 actions se sont bien déroulées, voici le rapport complet :

SystemScan - www.suspectfile.com - ver. 3.2.0

Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS

Date: 07/07/2007
Time: 20:56:27

Output limited to:
-Recent files
-Registry Run Keys
-Hidden objects
-Suspicious Files

===================== Recent files (90 days old)=====================

----- recent files in C:\
29/06/2007 15:55:23 0 byte 8 days old -- CONFIG.SYS
29/06/2007 15:55:23 0 byte 8 days old -- IO.SYS
29/06/2007 15:55:23 0 byte 8 days old -- MSDOS.SYS
29/06/2007 15:55:23 0 byte 8 days old -- AUTOEXEC.BAT
29/06/2007 16:00:02 (DIR) 0 byte 8 days old -- System Volume Information
29/06/2007 16:44:15 (DIR) 0 byte 8 days old -- temp
29/06/2007 17:53:53 (DIR) 0 byte 8 days old -- RECYCLER
29/06/2007 18:18:16 (DIR) 0 byte 8 days old -- MSOCache
30/06/2007 09:33:38 328 byte 7 days old -- boot.ini
03/07/2007 22:48:58 268 byte 4 days old -- sqmdata00.sqm
03/07/2007 22:48:58 244 byte 4 days old -- sqmnoopt00.sqm
03/07/2007 23:28:10 172 byte 4 days old -- sqmnoopt01.sqm
03/07/2007 23:28:10 172 byte 4 days old -- sqmdata01.sqm
04/07/2007 14:23:32 (DIR) 0 byte 3 days old -- Program Files
04/07/2007 21:15:59 (DIR) 0 byte 3 days old -- HijackThis
07/07/2007 00:10:08 (DIR) 0 byte 0 days old -- Config.Msi
07/07/2007 20:51:33 1598029824 byte 0 days old -- pagefile.sys
07/07/2007 20:51:58 (DIR) 0 byte 0 days old -- WINDOWS
07/07/2007 20:52:19 (DIR) 0 byte 0 days old -- Documents and Settings
07/07/2007 20:56:27 (DIR) 0 byte 0 days old -- suspectfile

----- recent files in C:\WINDOWS\
29/06/2007 15:51:18 (DIR) 0 byte 8 days old -- Cursors
29/06/2007 15:52:07 37 byte 8 days old -- vbaddin.ini
29/06/2007 15:52:07 36 byte 8 days old -- vb.ini
29/06/2007 15:52:50 (DIR) 0 byte 8 days old -- pchealth
29/06/2007 15:53:55 (DIR) 0 byte 8 days old -- srchasst
29/06/2007 15:54:14 749 byte 8 days old -- WindowsShell.Manifest
29/06/2007 15:54:20 (DIR) 0 byte 8 days old -- Offline Web Pages
29/06/2007 15:54:24 (DIR) 0 byte 8 days old -- Web
29/06/2007 15:55:05 (DIR) 0 byte 8 days old -- Registration
29/06/2007 15:55:08 4205 byte 8 days old -- ODBCINST.INI
29/06/2007 15:55:23 0 byte 8 days old -- control.ini
29/06/2007 15:55:46 (DIR) 0 byte 8 days old -- ime
29/06/2007 15:55:46 (DIR) 0 byte 8 days old -- repair
29/06/2007 15:59:46 8192 byte 8 days old -- REGLOCS.OLD
29/06/2007 15:59:59 (DIR) 0 byte 8 days old -- Tasks
29/06/2007 16:48:32 69632 byte 8 days old -- Alcmtr.exe
29/06/2007 16:48:32 2809856 byte 8 days old -- alcwzrd.exe
29/06/2007 16:48:33 2158592 byte 8 days old -- MicCal.exe
29/06/2007 16:48:33 15961088 byte 8 days old -- RTHDCPL.exe
29/06/2007 16:48:35 9710592 byte 8 days old -- RTLCPL.exe
29/06/2007 16:48:35 356352 byte 8 days old -- RtlUpd.exe
29/06/2007 16:48:35 86016 byte 8 days old -- SoundMan.exe
29/06/2007 16:48:36 487424 byte 8 days old -- RtlExUpd.dll
29/06/2007 16:49:10 (DIR) 0 byte 8 days old -- $NtUninstallKB888111WXPSP2$
29/06/2007 17:01:47 88203 byte 8 days old -- AGRSMMSG.exe
29/06/2007 17:01:48 68096 byte 8 days old -- agrsmdel.exe
29/06/2007 17:10:29 (DIR) 0 byte 8 days old -- security
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- mui
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- Connection Wizard
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- Provisioning
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- Config
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- msapps
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- Driver Cache
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- addins
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- java
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- Resources
29/06/2007 17:40:53 (DIR) 0 byte 8 days old -- PeerNet
29/06/2007 17:47:03 0 byte 8 days old -- Sti_Trace.log
29/06/2007 17:54:56 (DIR) 0 byte 8 days old -- Options
29/06/2007 17:54:57 (DIR) 0 byte 8 days old -- BisonCam
29/06/2007 18:15:57 829 byte 8 days old -- orun32.ini
29/06/2007 18:16:30 193507 byte 8 days old -- orun32.isu
29/06/2007 18:18:25 (DIR) 0 byte 8 days old -- system
29/06/2007 18:22:26 (DIR) 0 byte 8 days old -- SHELLNEW
29/06/2007 18:23:14 385 byte 8 days old -- ODBC.INI
29/06/2007 18:27:04 (DIR) 0 byte 8 days old -- $NtUninstallKB898461$
29/06/2007 18:27:25 (DIR) 0 byte 8 days old -- $MSI31Uninstall_KB893803v2$
29/06/2007 18:35:39 (DIR) 0 byte 8 days old -- $NtUninstallKB920683$
29/06/2007 18:35:45 (DIR) 0 byte 8 days old -- $NtUninstallKB886185$
29/06/2007 18:35:48 (DIR) 0 byte 8 days old -- $NtUninstallKB917953$
29/06/2007 18:35:52 (DIR) 0 byte 8 days old -- $NtUninstallKB919007$
30/06/2007 09:04:58 (DIR) 0 byte 7 days old -- pss
30/06/2007 09:07:18 227 byte 7 days old -- system.ini
30/06/2007 09:36:32 (DIR) 0 byte 7 days old -- $NtUninstallKB896423$
03/07/2007 22:02:07 (DIR) 0 byte 4 days old -- $NtUninstallKB928843$
03/07/2007 22:02:13 (DIR) 0 byte 4 days old -- $NtUninstallKB890859$
03/07/2007 22:02:20 (DIR) 0 byte 4 days old -- $NtUninstallKB914389$
03/07/2007 22:02:25 (DIR) 0 byte 4 days old -- $NtUninstallKB908519$
03/07/2007 22:02:28 (DIR) 0 byte 4 days old -- $NtUninstallKB894391$
03/07/2007 22:02:34 (DIR) 0 byte 4 days old -- $NtUninstallKB935839$
03/07/2007 22:02:59 (DIR) 0 byte 4 days old -- $NtUninstallKB896428$
03/07/2007 22:03:04 (DIR) 0 byte 4 days old -- $NtUninstallKB913580$
03/07/2007 22:03:09 (DIR) 0 byte 4 days old -- $NtUninstallKB905749$
03/07/2007 22:03:14 (DIR) 0 byte 4 days old -- $NtUninstallKB908531$
03/07/2007 22:03:22 (DIR) 0 byte 4 days old -- $NtUninstallKB904706$
03/07/2007 22:03:26 (DIR) 0 byte 4 days old -- $NtUninstallKB930916$
03/07/2007 22:03:30 (DIR) 0 byte 4 days old -- $NtUninstallKB916595$
03/07/2007 22:04:07 (DIR) 0 byte 4 days old -- $NtUninstallKB935840$
03/07/2007 22:04:11 (DIR) 0 byte 4 days old -- $NtUninstallKB920213$
03/07/2007 22:04:17 (DIR) 0 byte 4 days old -- $NtUninstallKB900725$
03/07/2007 22:04:22 (DIR) 0 byte 4 days old -- $NtUninstallKB888302$
03/07/2007 22:04:27 (DIR) 0 byte 4 days old -- $NtUninstallKB926255$
03/07/2007 22:04:32 (DIR) 0 byte 4 days old -- $NtUninstallKB918118$
03/07/2007 22:04:41 (DIR) 0 byte 4 days old -- $NtUninstallKB922582$
03/07/2007 22:04:47 (DIR) 0 byte 4 days old -- $NtUninstallKB923191$
03/07/2007 22:04:52 (DIR) 0 byte 4 days old -- $NtUninstallKB901214$
03/07/2007 22:04:56 (DIR) 0 byte 4 days old -- $NtUninstallKB932168$
03/07/2007 22:05:01 (DIR) 0 byte 4 days old -- $NtUninstallKB905414$
03/07/2007 22:05:06 (DIR) 0 byte 4 days old -- $NtUninstallKB917344$
03/07/2007 22:05:11 (DIR) 0 byte 4 days old -- $NtUninstallKB914388$
03/07/2007 22:05:16 (DIR) 0 byte 4 days old -- $NtUninstallKB930178$
03/07/2007 22:05:24 (DIR) 0 byte 4 days old -- $NtUninstallKB920872$
03/07/2007 22:05:28 1024687 byte 4 days old -- setupapi.log.0.old
03/07/2007 22:05:29 (DIR) 0 byte 4 days old -- $NtUninstallKB926436$
03/07/2007 22:05:33 (DIR) 0 byte 4 days old -- $NtUninstallKB890046$
03/07/2007 22:05:39 (DIR) 0 byte 4 days old -- $NtUninstallKB902400$
03/07/2007 22:05:51 (DIR) 0 byte 4 days old -- $NtUninstallKB918439$
03/07/2007 22:05:54 (DIR) 0 byte 4 days old -- $NtUninstallKB891781$
03/07/2007 22:05:58 (DIR) 0 byte 4 days old -- $NtUninstallKB920670$
03/07/2007 22:06:04 (DIR) 0 byte 4 days old -- $NtUninstallKB929123$
03/07/2007 22:06:10 (DIR) 0 byte 4 days old -- $NtUninstallKB925902$
03/07/2007 22:06:27 (DIR) 0 byte 4 days old -- $NtUninstallKB911564$
03/07/2007 22:06:41 (DIR) 0 byte 4 days old -- $NtUninstallKB923689$
03/07/2007 22:06:46 (DIR) 0 byte 4 days old -- $NtUninstallKB910437$
03/07/2007 22:06:56 (DIR) 0 byte 4 days old -- $NtUninstallKB933566_0$
03/07/2007 22:07:47 (DIR) 0 byte 4 days old -- $NtUninstallKB896358$
03/07/2007 22:07:52 (DIR) 0 byte 4 days old -- $NtUninstallKB887472$
03/07/2007 22:07:57 (DIR) 0 byte 4 days old -- $NtUninstallKB931836$
03/07/2007 22:08:01 (DIR) 0 byte 4 days old -- $NtUninstallKB927891$
03/07/2007 22:08:07 (DIR) 0 byte 4 days old -- $NtUninstallKB924496$
03/07/2007 22:08:11 (DIR) 0 byte 4 days old -- $NtUninstallKB873339$
03/07/2007 22:08:15 (DIR) 0 byte 4 days old -- $NtUninstallKB931261$
03/07/2007 22:08:20 (DIR) 0 byte 4 days old -- $NtUninstallKB924270$
03/07/2007 22:08:27 (DIR) 0 byte 4 days old -- $NtUninstallKB900485$
03/07/2007 22:08:31 (DIR) 0 byte 4 days old -- $NtUninstallKB924667$
03/07/2007 22:08:35 (DIR) 0 byte 4 days old -- $NtUninstallKB911562$
03/07/2007 22:08:40 (DIR) 0 byte 4 days old -- $NtUninstallKB911280$
03/07/2007 22:08:45 (DIR) 0 byte 4 days old -- $NtUninstallKB923980$
03/07/2007 22:08:51 (DIR) 0 byte 4 days old -- $NtUninstallKB893756$
03/07/2007 22:08:56 (DIR) 0 byte 4 days old -- $NtUninstallKB920685$
03/07/2007 22:09:00 (DIR) 0 byte 4 days old -- $NtUninstallKB923723$
03/07/2007 22:09:04 (DIR) 0 byte 4 days old -- $NtUninstallKB899591$
03/07/2007 22:09:08 (DIR) 0 byte 4 days old -- $NtUninstallKB901017$
03/07/2007 22:09:23 (DIR) 0 byte 4 days old -- $NtUninstallKB925398_WMP64$
03/07/2007 22:09:26 (DIR) 0 byte 4 days old -- $NtUninstallKB911927$
03/07/2007 22:09:32 (DIR) 0 byte 4 days old -- $NtUninstallKB935448$
03/07/2007 22:09:35 (DIR) 0 byte 4 days old -- $NtUninstallKB929969$
03/07/2007 22:09:42 (DIR) 0 byte 4 days old -- $NtUninstallKB931784$
03/07/2007 22:09:57 (DIR) 0 byte 4 days old -- $NtUninstallKB917734_WMP9$
03/07/2007 22:10:04 (DIR) 0 byte 4 days old -- $NtUninstallKB928255$
03/07/2007 22:10:11 (DIR) 0 byte 4 days old -- $NtUninstallKB923414$
03/07/2007 22:10:16 (DIR) 0 byte 4 days old -- $NtUninstallKB885836$
03/07/2007 22:10:21 (DIR) 0 byte 4 days old -- $NtUninstallKB885835$
03/07/2007 22:10:27 (DIR) 0 byte 4 days old -- $NtUninstallKB922819$
03/07/2007 22:10:31 (DIR) 0 byte 4 days old -- $NtUninstallKB924191$
03/07/2007 22:10:36 (DIR) 0 byte 4 days old -- $NtUninstallKB927802$
03/07/2007 22:10:42 (DIR) 0 byte 4 days old -- $NtUninstallKB927779$
03/07/2007 22:10:47 (DIR) 0 byte 4 days old -- $NtUninstallKB899587$
03/07/2007 22:12:02 (DIR) 0 byte 4 days old -- msagent
03/07/2007 22:14:47 (DIR) 0 byte 4 days old -- SoftwareDistribution
03/07/2007 22:18:17 (DIR) 0 byte 4 days old -- $NtUninstallKB904942$
03/07/2007 22:18:24 (DIR) 0 byte 4 days old -- $NtUninstallKB914440$
03/07/2007 22:18:25 (DIR) 0 byte 4 days old -- network diagnostic
03/07/2007 22:18:31 (DIR) 0 byte 4 days old -- $NtUninstallKB933566$
03/07/2007 22:19:15 (DIR) 0 byte 4 days old -- $NtUninstallKB915865$
03/07/2007 22:19:27 (DIR) 0 byte 4 days old -- $NtServicePackUninstallNLSDownlevelMapping$
03/07/2007 22:19:39 (DIR) 0 byte 4 days old -- $NtServicePackUninstallIDNMitigationAPIs$
03/07/2007 22:20:50 (DIR) 0 byte 4 days old -- ie7
03/07/2007 22:20:59 (DIR) 0 byte 4 days old -- Media
03/07/2007 22:21:06 (DIR) 0 byte 4 days old -- WBEM
03/07/2007 22:24:30 (DIR) 0 byte 4 days old -- $hf_mig$
03/07/2007 22:25:33 (DIR) 0 byte 4 days old -- ie7updates
04/07/2007 01:51:46 (DIR) 0 byte 3 days old -- $NtUninstallWudf01000$
04/07/2007 01:52:18 (DIR) 0 byte 3 days old -- $NtUninstallWMFDist11$
04/07/2007 01:52:34 316640 byte 3 days old -- WMSysPr9.prx
04/07/2007 01:53:06 (DIR) 0 byte 3 days old -- $NtUninstallwmp11$
04/07/2007 01:53:10 (DIR) 0 byte 3 days old -- Help
04/07/2007 01:53:29 (DIR) 0 byte 3 days old -- $NtUninstallMSCompPackV1$
04/07/2007 01:53:58 (DIR) 0 byte 3 days old -- $NtUninstallKB926239$
04/07/2007 01:55:27 (DIR) 0 byte 3 days old -- AppPatch
04/07/2007 11:42:23 (DIR) 0 byte 3 days old -- Debug
04/07/2007 18:35:20 (DIR) 0 byte 3 days old -- twain_32
04/07/2007 18:35:29 (DIR) 0 byte 3 days old -- WinSxS
04/07/2007 18:37:52 131941 byte 3 days old -- hpoins11.dat
04/07/2007 19:13:53 (DIR) 0 byte 3 days old -- $NtUninstallKB929399$
04/07/2007 19:15:26 (DIR) 0 byte 3 days old -- Fonts
04/07/2007 20:01:20 (DIR) 0 byte 3 days old -- Downloaded Program Files
04/07/2007 20:10:45 682 byte 3 days old -- win.ini
05/07/2007 21:30:20 (DIR) 0 byte 2 days old -- inf
07/07/2007 00:10:07 (DIR) 0 byte 0 days old -- Installer
07/07/2007 14:12:05 16974 byte 0 days old -- SchedLgU.Txt
07/07/2007 20:24:19 159 byte 0 days old -- wiadebug.log
07/07/2007 20:24:20 50 byte 0 days old -- wiaservc.log
07/07/2007 20:27:41 1826199 byte 0 days old -- WindowsUpdate.log
07/07/2007 20:33:57 (DIR) 0 byte 0 days old -- Temp
07/07/2007 20:48:35 (DIR) 0 byte 0 days old -- Prefetch
07/07/2007 20:51:57 2048 byte 0 days old -- bootstat.dat
07/07/2007 20:51:58 (DIR) 0 byte 0 days old -- Minidump
07/07/2007 20:52:05 152862 byte 0 days old -- ntbtlog.txt
07/07/2007 20:56:15 (DIR) 0 byte 0 days old -- system32

----- recent files in C:\WINDOWS\Downloaded Program Files\
16/04/2007 22:50:22 295 byte 82 days old -- muweb.inf
29/06/2007 15:54:20 65 byte 8 days old -- desktop.ini

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
16/04/2007 17:53:11 1049600 byte 82 days old -- kernel32.dll
16/04/2007 22:43:40 208248 byte 82 days old -- muweb.dll
16/04/2007 22:43:44 30072 byte 82 days old -- mucltui.dll.mui
16/04/2007 22:44:20 271224 byte 82 days old -- mucltui.dll
16/04/2007 22:45:06 38232 byte 82 days old -- wucltui.dll.mui
16/04/2007 22:45:20 53080 byte 82 days old -- wuauclt.exe
16/04/2007 22:45:20 43352 byte 82 days old -- wups2.dll
16/04/2007 22:45:28 92504 byte 82 days old -- cdm.dll
16/04/2007 22:45:36 203096 byte 82 days old -- wuweb.dll
16/04/2007 22:45:40 216408 byte 82 days old -- wuaucpl.cpl
16/04/2007 22:45:42 325976 byte 82 days old -- wucltui.dll
16/04/2007 22:45:42 21336 byte 82 days old -- wuaueng.dll.mui
16/04/2007 22:45:48 549720 byte 82 days old -- wuapi.dll
16/04/2007 22:45:54 1710936 byte 82 days old -- wuaueng.dll
16/04/2007 22:46:54 30040 byte 82 days old -- wuapi.dll.mui
16/04/2007 22:47:26 30040 byte 82 days old -- wuaucpl.cpl.mui
16/04/2007 22:47:36 33624 byte 82 days old -- wups.dll
17/04/2007 11:32:38 2455488 byte 81 days old -- ieapfltr.dat
18/04/2007 12:56:44 265216 byte 80 days old -- xpsp3res.dll
18/04/2007 14:44:39 1023488 byte 80 days old -- browseui.dll
18/04/2007 14:44:40 1056768 byte 80 days old -- danim.dll
18/04/2007 14:44:40 152064 byte 80 days old -- cdfview.dll
18/04/2007 14:44:42 1498624 byte 80 days old -- shdocvw.dll
18/04/2007 14:44:42 474624 byte 80 days old -- shlwapi.dll
18/04/2007 18:14:18 2854400 byte 80 days old -- msi.dll
24/04/2007 09:34:57 161792 byte 74 days old -- ieakui.dll
24/04/2007 11:32:06 1485696 byte 74 days old -- LegitCheckControl.dll
24/04/2007 12:00:29 56832 byte 74 days old -- ie4uinit.exe
24/04/2007 16:26:20 13824 byte 74 days old -- ieudinit.exe
25/04/2007 09:38:53 124928 byte 73 days old -- advpack.dll
25/04/2007 09:38:55 132608 byte 73 days old -- extmgr.dll
25/04/2007 09:38:57 230400 byte 73 days old -- ieaksie.dll
25/04/2007 09:38:57 153088 byte 73 days old -- ieakeng.dll
25/04/2007 09:38:59 383488 byte 73 days old -- ieapfltr.dll
25/04/2007 09:39:04 384512 byte 73 days old -- iedkcs32.dll
25/04/2007 09:39:24 6058496 byte 73 days old -- ieframe.dll
25/04/2007 09:39:25 44544 byte 73 days old -- iernonce.dll
25/04/2007 09:39:26 267776 byte 73 days old -- iertutil.dll
25/04/2007 09:39:32 27648 byte 73 days old -- jsproxy.dll
25/04/2007 09:39:32 1824768 byte 73 days old -- inetcpl.cpl
25/04/2007 09:39:35 52224 byte 73 days old -- msfeedsbs.dll
25/04/2007 09:39:35 459264 byte 73 days old -- msfeeds.dll
25/04/2007 09:40:06 477696 byte 73 days old -- mshtmled.dll
25/04/2007 09:40:07 193024 byte 73 days old -- msrating.dll
25/04/2007 09:40:12 670720 byte 73 days old -- mstime.dll
25/04/2007 09:40:13 102400 byte 73 days old -- occache.dll
25/04/2007 09:40:13 105984 byte 73 days old -- url.dll
25/04/2007 09:40:18 1152000 byte 73 days old -- urlmon.dll
25/04/2007 09:40:21 232960 byte 73 days old -- webcheck.dll
25/04/2007 09:40:25 822784 byte 73 days old -- wininet.dll
25/04/2007 16:22:35 144896 byte 73 days old -- schannel.dll
08/05/2007 10:59:01 3583488 byte 60 days old -- mshtml.dll
16/05/2007 17:13:53 683520 byte 52 days old -- inetcomm.dll
01/06/2007 08:20:30 51568 byte 36 days old -- sirenacm.dll
05/06/2007 23:38:42 15747032 byte 32 days old -- MRT.exe
29/06/2007 15:49:51 (DIR) 0 byte 8 days old -- spool
29/06/2007 15:52:00 (DIR) 0 byte 8 days old -- MsDtc
29/06/2007 15:52:21 21892 byte 8 days old -- emptyregdb.dat
29/06/2007 15:53:04 (DIR) 0 byte 8 days old -- Macromed
29/06/2007 15:53:37 (DIR) 0 byte 8 days old -- oobe
29/06/2007 15:53:47 (DIR) 0 byte 8 days old -- DirectX
29/06/2007 15:54:14 749 byte 8 days old -- ncpa.cpl.manifest
29/06/2007 15:54:14 749 byte 8 days old -- wuaucpl.cpl.manifest
29/06/2007 15:54:14 749 byte 8 days old -- nwc.cpl.manifest
29/06/2007 15:54:14 749 byte 8 days old -- sapi.cpl.manifest
29/06/2007 15:54:14 749 byte 8 days old -- cdplayer.exe.manifest
29/06/2007 15:54:20 488 byte 8 days old -- logonui.exe.manifest
29/06/2007 15:54:20 488 byte 8 days old -- WindowsLogon.manifest
29/06/2007 15:54:55 (DIR) 0 byte 8 days old -- ias
29/06/2007 15:55:23 3072 byte 8 days old -- CONFIG.NT
29/06/2007 15:55:46 (DIR) 0 byte 8 days old -- wbem
29/06/2007 15:55:46 (DIR) 0 byte 8 days old -- xircom
29/06/2007 15:58:07 261 byte 8 days old -- $winnt$.inf
29/06/2007 15:59:30 (DIR) 0 byte 8 days old -- config
29/06/2007 15:59:58 (DIR) 0 byte 8 days old -- Microsoft
29/06/2007 16:00:01 (DIR) 0 byte 8 days old -- Restore
29/06/2007 16:19:38 (DIR) 0 byte 8 days old -- SoftwareDistribution
29/06/2007 16:45:48 65536 byte 8 days old -- WLTRYSVC.EXE
29/06/2007 16:45:49 1261676 byte 8 days old -- BCMWLCPL.CPL
29/06/2007 16:45:49 69632 byte 8 days old -- BCMWLD2K.EXE
29/06/2007 16:45:49 827499 byte 8 days old -- BCMWLTRY.EXE
29/06/2007 16:45:49 184320 byte 8 days old -- BCMWLU00.EXE
29/06/2007 16:45:49 172032 byte 8 days old -- BCMLogon.dll
29/06/2007 16:45:50 647272 byte 8 days old -- WLTRAY.EXE
29/06/2007 16:45:50 81920 byte 8 days old -- wltrynt.dll
29/06/2007 16:47:36 166 byte 8 days old -- results.txt
29/06/2007 16:47:40 (DIR) 0 byte 8 days old -- T60H918_01_4.0.0.14001_50323_Acer_SVID_1025
29/06/2007 16:47:40 (DIR) 0 byte 8 days old -- 4.0.0.14001
29/06/2007 16:47:40 (DIR) 0 byte 8 days old -- Wendy-918-NewDriDate-50316
29/06/2007 16:47:40 (DIR) 0 byte 8 days old -- 4.0.0.167
29/06/2007 16:47:42 (DIR) 0 byte 8 days old -- ReinstallBackups
29/06/2007 16:48:32 299008 byte 8 days old -- ALSndMgr.Cpl
29/06/2007 16:48:34 135168 byte 8 days old -- RtlCPAPI.dll
29/06/2007 16:48:35 266240 byte 8 days old -- RTSndMgr.Cpl
29/06/2007 16:48:35 40960 byte 8 days old -- ChCfg.exe
29/06/2007 16:50:06 (DIR) 0 byte 8 days old -- RTCOM
29/06/2007 17:07:35 121470 byte 8 days old -- ialmdnt5.dll
29/06/2007 17:07:35 232733 byte 8 days old -- ialmdev5.dll
29/06/2007 17:07:35 45697 byte 8 days old -- ialmrnt5.dll
29/06/2007 17:07:35 49152 byte 8 days old -- ialmrem.dll
29/06/2007 17:07:35 77824 byte 8 days old -- hkcmd.exe
29/06/2007 17:07:35 73728 byte 8 days old -- hccutils.dll
29/06/2007 17:07:35 956029 byte 8 days old -- ialmdd5.dll
29/06/2007 17:07:35 61440 byte 8 days old -- iAlmCoIn_v4497.dll
29/06/2007 17:07:36 81920 byte 8 days old -- igfxrchs.lrc
29/06/2007 17:07:36 126976 byte 8 days old -- igfxrara.lrc
29/06/2007 17:07:36 143360 byte 8 days old -- igfxpph.dll
29/06/2007 17:07:36 81920 byte 8 days old -- igfxrcht.lrc
29/06/2007 17:07:36 155648 byte 8 days old -- igfxrdeu.lrc
29/06/2007 17:07:36 139264 byte 8 days old -- igfxrdan.lrc
29/06/2007 17:07:36 143360 byte 8 days old -- igfxrcsy.lrc
29/06/2007 17:07:36 139264 byte 8 days old -- igfxdev.dll
29/06/2007 17:07:36 81920 byte 8 days old -- igfxcpl.cpl
29/06/2007 17:07:36 450560 byte 8 days old -- igfxcfg.exe
29/06/2007 17:07:36 86016 byte 8 days old -- igfxdo.dll
29/06/2007 17:07:36 118784 byte 8 days old -- igfxpers.exe
29/06/2007 17:07:36 94208 byte 8 days old -- igfxext.exe
29/06/2007 17:07:36 40960 byte 8 days old -- igfxexps.dll
29/06/2007 17:07:36 155648 byte 8 days old -- igfxrita.lrc
29/06/2007 17:07:36 147456 byte 8 days old -- igfxrhun.lrc
29/06/2007 17:07:36 122880 byte 8 days old -- igfxrheb.lrc
29/06/2007 17:07:36 98304 byte 8 days old -- igfxrjpn.lrc
29/06/2007 17:07:36 139264 byte 8 days old -- igfxrnor.lrc
29/06/2007 17:07:36 151552 byte 8 days old -- igfxrnld.lrc
29/06/2007 17:07:36 98304 byte 8 days old -- igfxrkor.lrc
29/06/2007 17:07:36 151552 byte 8 days old -- igfxres.dll
29/06/2007 17:07:36 135168 byte 8 days old -- igfxrenu.lrc
29/06/2007 17:07:36 155648 byte 8 days old -- igfxrell.lrc
29/06/2007 17:07:36 151552 byte 8 days old -- igfxresp.lrc
29/06/2007 17:07:36 151552 byte 8 days old -- igfxrfra.lrc
29/06/2007 17:07:36 143360 byte 8 days old -- igfxrfin.lrc
29/06/2007 17:07:36 1503232 byte 8 days old -- igfxress.dll
29/06/2007 17:07:37 94208 byte 8 days old -- igfxtray.exe
29/06/2007 17:07:37 163840 byte 8 days old -- igfxsrvc.exe
29/06/2007 17:07:37 61440 byte 8 days old -- igfxsrvc.dll
29/06/2007 17:07:37 2310144 byte 8 days old -- iglicd32.dll
29/06/2007 17:07:37 524288 byte 8 days old -- igldev32.dll
29/06/2007 17:07:37 114688 byte 8 days old -- igfxzoom.exe
29/06/2007 17:07:37 139264 byte 8 days old -- igfxrtrk.lrc
29/06/2007 17:07:37 147456 byte 8 days old -- igfxrptg.lrc
29/06/2007 17:07:37 143360 byte 8 days old -- igfxrptb.lrc
29/06/2007 17:07:37 143360 byte 8 days old -- igfxrplk.lrc
29/06/2007 17:07:37 131072 byte 8 days old -- igfxrtha.lrc
29/06/2007 17:07:37 139264 byte 8 days old -- igfxrsve.lrc
29/06/2007 17:07:37 143360 byte 8 days old -- igfxrrus.lrc
29/06/2007 17:07:37 58704 byte 8 days old -- igxpxk32.vp
29/06/2007 17:07:37 26752 byte 8 days old -- igxpxs32.vp
29/06/2007 17:07:37 524850 byte 8 days old -- igxpxa32.cpa
29/06/2007 17:07:37 929 byte 8 days old -- igxpxa32.vp
29/06/2007 17:11:37 940794 byte 8 days old -- LoopyMusic.wav
29/06/2007 17:11:37 146650 byte 8 days old -- BuzzingBee.wav
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- 1042
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- ShellExt
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- 1054
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- 2052
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- dhcp
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- export
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- wins
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- 3076
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- 3com_dmi
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- inetsrv
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- 1031
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- 1037
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- 1025
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- 1028
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- IME
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- mui
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- 1041
29/06/2007 17:32:32 (DIR) 0 byte 8 days old -- 1033
29/06/2007 17:33:26 (DIR) 0 byte 8 days old -- icsxml
29/06/2007 17:34:18 (DIR) 0 byte 8 days old -- ras
29/06/2007 17:35:34 (DIR) 0 byte 8 days old -- 1036
29/06/2007 17:40:37 (DIR) 0 byte 8 days old -- npp
29/06/2007 17:41:20 (DIR) 0 byte 8 days old -- usmt
29/06/2007 17:41:32 (DIR) 0 byte 8 days old -- Setup
29/06/2007 17:49:14 0 byte 8 days old -- h323log.txt
29/06/2007 18:27:06 (DIR) 0 byte 8 days old -- PreInstall
30/06/2007 09:28:05 13646 byte 7 days old -- wpa.bak
03/07/2007 22:05:45 (DIR) 0 byte 4 days old -- Com
03/07/2007 22:07:57 121832 byte 4 days old -- TZLog.log
03/07/2007 22:25:18 (DIR) 0 byte 4 days old -- CatRoot
03/07/2007 22:25:42 (DIR) 0 byte 4 days old -- fr-fr
03/07/2007 22:48:09 (DIR) 0 byte 4 days old -- DRVSTORE
03/07/2007 22:55:28 (DIR) 0 byte 4 days old -- IOSUBSYS
04/07/2007 01:51:50 (DIR) 0 byte 3 days old -- LogFiles
04/07/2007 01:55:58 23392 byte 3 days old -- nscompat.tlb
04/07/2007 01:55:58 16832 byte 3 days old -- amcompat.tlb
04/07/2007 19:13:53 (DIR) 0 byte 3 days old -- dllcache
04/07/2007 20:23:57 10752 byte 3 days old -- BASSMOD.dll
04/07/2007 20:29:13 239944 byte 3 days old -- FNTCACHE.DAT
07/07/2007 00:13:42 (DIR) 0 byte 0 days old -- drivers
07/07/2007 20:24:23 (DIR) 0 byte 0 days old -- Lang
07/07/2007 20:24:28 13646 byte 0 days old -- wpa.dbl
07/07/2007 20:24:35 (DIR) 0 byte 0 days old -- CatRoot2
07/07/2007 20:56:14 775210 byte 0 days old -- PerfStringBackup.INI
07/07/2007 20:56:15 48616 byte 0 days old -- perfc00C.dat
07/07/2007 20:56:15 39992 byte 0 days old -- perfc009.dat
07/07/2007 20:56:15 367658 byte 0 days old -- perfh00C.dat
07/07/2007 20:56:15 311604 byte 0 days old -- perfh009.dat

----- recent files in C:\WINDOWS\system32\drivers\
29/06/2007 16:44:36 17801 byte 8 days old -- AegisP.sys
29/06/2007 16:45:49 369024 byte 8 days old -- BCMWL5.SYS
29/06/2007 16:48:34 4137984 byte 8 days old -- RtkHDAud.Sys
29/06/2007 16:53:55 162176 byte 8 days old -- tifm21.sys
29/06/2007 17:01:48 1120416 byte 8 days old -- AGRSM.sys
29/06/2007 17:05:53 78976 byte 8 days old -- Rtenicxp.sys
29/06/2007 17:07:35 1399615 byte 8 days old -- ialmnt5.sys
29/06/2007 17:30:59 (DIR) 0 byte 8 days old -- disdn
29/06/2007 17:33:41 (DIR) 0 byte 8 days old -- etc
04/07/2007 01:52:28 (DIR) 0 byte 3 days old -- UMDF
07/07/2007 00:13:42 82258 byte 0 days old -- klin.dat
07/07/2007 00:13:42 82258 byte 0 days old -- klick.dat
07/07/2007 14:12:25 22784 byte 0 days old -- fidbox.idx
07/07/2007 14:12:25 1484 byte 0 days old -- fidbox2.idx
07/07/2007 20:46:20 6944 byte 0 days old -- fidbox2.dat
07/07/2007 20:48:30 1569824 byte 0 days old -- fidbox.dat

----- recent files in C:\WINDOWS\temp\
07/07/2007 20:55:23 255 byte 0 days old -- WGAErrLog.txt

----- recent files in C:\Program Files\
29/06/2007 15:50:40 (DIR) 0 byte 8 days old -- MSN
29/06/2007 15:51:13 (DIR) 0 byte 8 days old -- Windows NT
29/06/2007 15:51:21 (DIR) 0 byte 8 days old -- MSN Gaming Zone
29/06/2007 15:52:09 (DIR) 0 byte 8 days old -- ComPlus Applications
29/06/2007 15:52:58 (DIR) 0 byte 8 days old -- Movie Maker
29/06/2007 15:53:15 (DIR) 0 byte 8 days old -- NetMeeting
29/06/2007 15:54:05 (DIR) 0 byte 8 days old -- Services en ligne
29/06/2007 15:54:10 (DIR) 0 byte 8 days old -- WindowsUpdate
29/06/2007 15:55:46 (DIR) 0 byte 8 days old -- microsoft frontpage
29/06/2007 15:55:46 (DIR) 0 byte 8 days old -- xerox
29/06/2007 16:01:36 (DIR) 0 byte 8 days old -- Uninstall Information
29/06/2007 16:47:35 (DIR) 0 byte 8 days old -- Atheros
29/06/2007 16:49:05 (DIR) 0 byte 8 days old -- Realtek
29/06/2007 18:22:27 (DIR) 0 byte 8 days old -- Microsoft.NET
29/06/2007 18:25:01 (DIR) 0 byte 8 days old -- Microsoft Office
29/06/2007 18:25:05 (DIR) 0 byte 8 days old -- Microsoft Visual Studio
29/06/2007 18:32:04 (DIR) 0 byte 8 days old -- Ahead
03/07/2007 22:06:05 (DIR) 0 byte 4 days old -- Outlook Express
03/07/2007 22:07:54 (DIR) 0 byte 4 days old -- Messenger
03/07/2007 22:26:58 (DIR) 0 byte 4 days old -- Internet Explorer
03/07/2007 22:55:29 (DIR) 0 byte 4 days old -- Picasa2
03/07/2007 22:56:29 (DIR) 0 byte 4 days old -- Google
03/07/2007 22:59:40 (DIR) 0 byte 4 days old -- Adobe
03/07/2007 23:51:19 (DIR) 0 byte 4 days old -- PowerQuest
03/07/2007 23:51:28 (DIR) 0 byte 4 days old -- InstallShield Installation Information
04/07/2007 00:10:58 (DIR) 0 byte 3 days old -- Fichiers communs
04/07/2007 00:10:59 (DIR) 0 byte 3 days old -- Skype
04/07/2007 00:32:48 (DIR) 0 byte 3 days old -- Micro Application
04/07/2007 01:46:47 (DIR) 0 byte 3 days old -- MSXML 4.0
04/07/2007 01:53:15 (DIR) 0 byte 3 days old -- Windows Media Connect 2
04/07/2007 01:55:27 (DIR) 0 byte 3 days old -- Windows Media Player
04/07/2007 11:41:48 (DIR) 0 byte 3 days old -- CCleaner
04/07/2007 13:39:50 (DIR) 0 byte 3 days old -- Windows Live
04/07/2007 14:21:56 (DIR) 0 byte 3 days old -- XnView
04/07/2007 18:35:47 (DIR) 0 byte 3 days old -- Hewlett-Packard
04/07/2007 18:35:47 (DIR) 0 byte 3 days old -- HP
04/07/2007 19:15:08 (DIR) 0 byte 3 days old -- Microsoft Works
04/07/2007 20:23:05 (DIR) 0 byte 3 days old -- WinRAR

----- recent files in C:\Program Files\Fichiers communs\
29/06/2007 15:53:09 (DIR) 0 byte 8 days old -- MSSoap
29/06/2007 15:53:13 (DIR) 0 byte 8 days old -- Services
29/06/2007 17:44:13 (DIR) 0 byte 8 days old -- SpeechEngines
29/06/2007 17:44:18 (DIR) 0 byte 8 days old -- ODBC
29/06/2007 17:47:06 (DIR) 0 byte 8 days old -- Acer
29/06/2007 17:47:18 (DIR) 0 byte 8 days old -- Logitech
29/06/2007 18:22:03 (DIR) 0 byte 8 days old -- DESIGNER
29/06/2007 18:31:47 (DIR) 0 byte 8 days old -- Ahead
29/06/2007 18:34:05 (DIR) 0 byte 8 days old -- Nero
03/07/2007 22:06:05 (DIR) 0 byte 4 days old -- System
03/07/2007 22:59:48 (DIR) 0 byte 4 days old -- Adobe
03/07/2007 23:15:17 (DIR) 0 byte 4 days old -- Hewlett-Packard
03/07/2007 23:50:51 (DIR) 0 byte 4 days old -- InstallShield
04/07/2007 18:36:45 (DIR) 0 byte 3 days old -- HP
04/07/2007 20:09:46 (DIR) 0 byte 3 days old -- Microsoft Shared

----- recent files in C:\Documents and Settings\proprietaire\Application Data\
29/06/2007 16:01:38 (DIR) 0 byte 8 days old -- Identities
29/06/2007 17:43:40 62 byte 8 days old -- desktop.ini
29/06/2007 18:05:58 (DIR) 0 byte 8 days old -- U3
03/07/2007 22:31:43 (DIR) 0 byte 4 days old -- Macromedia
03/07/2007 23:02:11 (DIR) 0 byte 4 days old -- Google
03/07/2007 23:19:16 (DIR) 0 byte 4 days old -- HP
03/07/2007 23:30:42 (DIR) 0 byte 4 days old -- Microsoft
03/07/2007 23:58:42 (DIR) 0 byte 4 days old -- Help
04/07/2007 02:08:12 (DIR) 0 byte 3 days old -- Adobe
04/07/2007 15:20:11 (DIR) 0 byte 3 days old -- XnView
04/07/2007 18:42:09 (DIR) 0 byte 3 days old -- Image Zone Express

----- recent files in C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\
07/07/2007 20:24:33 1285 byte 0 days old -- MAR1.tmp
07/07/2007 20:24:34 2846 byte 0 days old -- hpodvd09.log
07/07/2007 20:24:40 116 byte 0 days old -- STS4.tmp
07/07/2007 20:47:08 16384 byte 0 days old -- ~DFAA95.tmp
07/07/2007 20:48:32 0 byte 0 days old -- 16B3E3.dmp
07/07/2007 20:48:32 18136 byte 0 days old -- a32a_appcompat.txt
07/07/2007 20:48:32 0 byte 0 days old -- a29f_appcompat.txt
07/07/2007 20:48:32 0 byte 0 days old -- a255_appcompat.txt
07/07/2007 20:48:33 18136 byte 0 days old -- a674_appcompat.txt
07/07/2007 20:48:33 18136 byte 0 days old -- a497_appcompat.txt
07/07/2007 20:48:33 18136 byte 0 days old -- a78f_appcompat.txt
07/07/2007 20:48:33 0 byte 0 days old -- 16B72F.dmp
07/07/2007 20:48:33 0 byte 0 days old -- 16B683.dmp
07/07/2007 20:48:33 0 byte 0 days old -- 16B480.dmp
07/07/2007 20:48:33 16104 byte 0 days old -- a6ba_appcompat.txt
07/07/2007 20:48:33 2640 byte 0 days old -- a6ce_appcompat.txt
07/07/2007 20:48:33 0 byte 0 days old -- 16B451.dmp
07/07/2007 20:48:34 18136 byte 0 days old -- a9f4_appcompat.txt
07/07/2007 20:48:34 18136 byte 0 days old -- aaf4_appcompat.txt
07/07/2007 20:48:34 18136 byte 0 days old -- ab93_appcompat.txt
07/07/2007 20:48:34 230 byte 0 days old -- a95b_appcompat.txt
07/07/2007 20:48:34 18136 byte 0 days old -- a81e_appcompat.txt
07/07/2007 20:48:34 7200 byte 0 days old -- a87e_appcompat.txt
07/07/2007 20:48:34 18136 byte 0 days old -- a8b3_appcompat.txt
07/07/2007 20:48:34 0 byte 0 days old -- 16BA3C.dmp
07/07/2007 20:48:34 0 byte 0 days old -- 16BB36.dmp
07/07/2007 20:48:34 0 byte 0 days old -- 16B990.dmp
07/07/2007 20:48:34 0 byte 0 days old -- 16B829.dmp
07/07/2007 20:48:34 0 byte 0 days old -- 16B8F4.dmp
07/07/2007 20:48:35 18136 byte 0 days old -- aaec_appcompat.txt
07/07/2007 20:48:35 4282 byte 0 days old -- aa45_appcompat.txt
07/07/2007 20:48:35 4276 byte 0 days old -- aace_appcompat.txt
07/07/2007 20:48:35 224 byte 0 days old -- afe9_appcompat.txt
07/07/2007 20:48:35 16316 byte 0 days old -- abee_appcompat.txt
07/07/2007 20:48:35 0 byte 0 days old -- 16BBD3.dmp
07/07/2007 20:48:35 18136 byte 0 days old -- a93b_appcompat.txt
07/07/2007 20:48:35 0 byte 0 days old -- 16BDB7.dmp
07/07/2007 20:48:35 0 byte 0 days old -- 16BE53.dmp
07/07/2007 20:48:35 0 byte 0 days old -- 16BF5D.dmp
07/07/2007 20:48:35 18136 byte 0 days old -- a873_appcompat.txt
07/07/2007 20:48:35 14258 byte 0 days old -- a96a_appcompat.txt
07/07/2007 20:48:35 0 byte 0 days old -- 16BC8E.dmp
07/07/2007 20:48:35 18136 byte 0 days old -- a9a7_appcompat.txt
07/07/2007 20:48:35 0 byte 0 days old -- a99e_appcompat.txt
07/07/2007 20:48:36 18136 byte 0 days old -- d547_appcompat.txt
07/07/2007 20:48:36 0 byte 0 days old -- 16C19F.dmp
07/07/2007 20:48:36 0 byte 0 days old -- 16C066.dmp
07/07/2007 20:48:36 (DIR) 0 byte 0 days old -- nsn6.tmp
07/07/2007 20:48:36 18136 byte 0 days old -- d418_appcompat.txt
07/07/2007 20:48:36 18136 byte 0 days old -- aa93_appcompat.txt
07/07/2007 20:48:36 16104 byte 0 days old -- aa96_appcompat.txt
07/07/2007 20:48:36 18136 byte 0 days old -- d506_appcompat.txt
07/07/2007 20:48:36 16416 byte 0 days old -- d44b_appcompat.txt
07/07/2007 20:48:36 16104 byte 0 days old -- d423_appcompat.txt
07/07/2007 20:55:58 16384 byte 0 days old -- ~DF9149.tmp
07/07/2007 20:55:58 (DIR) 0 byte 0 days old -- nsr37.tmp

===================== REGISTRY SCAN =====================


-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"ACU"="\"C:\Program Files\Atheros\ACU.exe\" -nogui"
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe"
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE"
"ASocksrv"="SocksA.exe"
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe"
"Adobe Reader Speed Launcher"="\"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\""
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
"AVP"="\"C:\Program Files\Micro Application\Anti-Virus Personnel 2007\avp.exe\""
"KernelFaultCheck"=expand:"%systemroot%\system32\dumprep 0 -k"

[Run\OptionalComponents]
@=""

[Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
@=""

[Run\OptionalComponents\MSFS]
"Installed"="1"
@=""

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"BSserver"="FileKan.exe"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"ccleaner"="\"C:\Program Files\CCleaner\ccleaner.exe\" /AUTO"

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"=""

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installation de logiciel"
"DllName"=expand:"appmgmts.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"

[Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxdev.dll"
"Unlock"="WinlogonUnlockEvent"

[Winlogon\Notify\klogon]
"DllName"="C:\WINDOWS\system32\klogon.dll"
"Logon"="WLEventStop"
"Startup"="WLEventStart"
"Lock"="WLEventStart"
"Unlock"="WLEventStop"
"Logoff"="WLEventStart"
@=""

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=expand:"WgaLogon.dll"

[Winlogon\Notify\WgaLogon\Settings]

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp"
"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[RunOnceEx]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""

[Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
@=""

[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"

[Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
#### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll"

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-----

[startupfolder]

-----HKCU\Control Panel\Desktop\-----

[Desktop]
"SCRNSAVE.EXE"="C:\WINDOWS\System32\logon.scr"

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wdigest\00\00"
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
"LsaPid"=dword:00000110
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"

[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]
@Class="25cf48ca"
"Pattern"=hex:c6,58,cb,80,f1,dc,6e,44,21,5d,96,b4,b8,62,a3,20,32,35,63,66,34,\
38,63,61,00,fd,07,00,4c,14,00,00,34,fa,07,00,56,82,74,75,20,fa,07,00,40,fd,\
07,00,4c,fd,07,00,33,ca,f6,f9,eb,8d,cf,dd,d5,00,8f,25

[Lsa\GBG]
@Class="338d88eb"
"GrafBlumGroup"=hex:ec,1b,bb,72,f1,f2,e5,33,02

[Lsa\JD]
@Class="d58ff9dd"
"Lookup"=hex:39,3a,b6,11,85,25

[Lsa\Kerberos]

[Lsa\Kerberos\Domains]

[Lsa\Kerberos\SidCache]

[Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[Lsa\Skew1]
@Class="f6ca00e5"
"SkewMatrix"=hex:47,92,08,55,7f,33,7d,b8,85,67,fd,5a,cd,45,fd,e0

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]
"Time"=hex:66,41,f3,bd,5f,ba,c7,01

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,20,e7,d4,f0,3d,c6,01
"Type"=dword:00000031

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,20,e7,d4,f0,3d,c6,01
"Type"=dword:00000031

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,20,e7,d4,f0,3d,c6,01
"Type"=dword:00000031

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."
"DisplayName"="Pare-feu Windows / Partage de connexion Internet"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[SharedAccess\Epoch]
"Epoch"=dword:000002e4

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled
0
Réponse 6 / 7
Peter_neophyte Messages postés 8 Date d'inscription mercredi 4 juillet 2007 Statut Membre Dernière intervention 13 juillet 2007
8 juil. 2007 à 14:33
...la suite...

:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Micro Application\Anti-Virus Personnel 2007\avp.exe"="C:\Program Files\Micro Application\Anti-Virus Personnel 2007\avp.exe:*:Enabled:Anti-Virus Personnel 2007"

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
"EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
@=""

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{BA33AD8C-0D46-48B0-949B-F7AC749000A1}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

[VB and VBA Program Settings]

[VB and VBA Program Settings\CCleaner]

[VB and VBA Program Settings\CCleaner\Options]

[VB and VBA Program Settings\Euro Add-in]

[VB and VBA Program Settings\Euro Add-in\Wizard Options]

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

[MountPoints2]

[MountPoints2\C]
"BaseClass"="Drive"

[MountPoints2\D]
"BaseClass"="Drive"

[MountPoints2\E]
"BaseClass"="Drive"

[MountPoints2\F]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,20,00,00,00,09,00,00,00

[MountPoints2\F\_Autorun]

[MountPoints2\F\_Autorun\DefaultIcon]
@="F:\LaunchU3.exe,0"

[MountPoints2\G]
"BaseClass"="Drive"

[MountPoints2\{08ea51a4-29a6-11dc-8ae3-00197d06903e}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,00,10,00,00,00,00,00,00

[MountPoints2\{08ea51a4-29a6-11dc-8ae3-00197d06903e}\shell]
@="None"

[MountPoints2\{08ea51a4-29a6-11dc-8ae3-00197d06903e}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{08ea51a4-29a6-11dc-8ae3-00197d06903e}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{212d72e8-2659-11dc-8ad1-000000000000}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,02,00,00

[MountPoints2\{212d72e8-2659-11dc-8ad1-000000000000}\Shell]
@="Auto"

[MountPoints2\{212d72e8-2659-11dc-8ad1-000000000000}\Shell\Auto]

[MountPoints2\{212d72e8-2659-11dc-8ad1-000000000000}\Shell\Auto\command]
@="G:\tel.xls.exe"

[MountPoints2\{212d72e8-2659-11dc-8ad1-000000000000}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{212d72e8-2659-11dc-8ad1-000000000000}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{212d72e8-2659-11dc-8ad1-000000000000}\Shell\AutoRun]
"Extended"=""
@="&Exécution automatique"

[MountPoints2\{212d72e8-2659-11dc-8ad1-000000000000}\Shell\AutoRun\command]
@="C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe"

[MountPoints2\{576c5541-2657-11dc-8acb-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,60,00,00,00,00,00,00,00

[MountPoints2\{576c5541-2657-11dc-8acb-806d6172696f}\_Autorun]

[MountPoints2\{576c5541-2657-11dc-8acb-806d6172696f}\_Autorun\DefaultIcon]
@="D:\Micro.ico"

[MountPoints2\{723de6eb-26db-11dc-8ad5-00197d06903e}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00

[MountPoints2\{723de6eb-26db-11dc-8ad5-00197d06903e}\shell]
@="None"

[MountPoints2\{723de6eb-26db-11dc-8ad5-00197d06903e}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{723de6eb-26db-11dc-8ad5-00197d06903e}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{89c6b28f-2a4a-11dc-8c17-0016d34f8d27}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,00,10,00,00,00,00,00,00

[MountPoints2\{89c6b28f-2a4a-11dc-8c17-0016d34f8d27}\shell]
@="None"

[MountPoints2\{89c6b28f-2a4a-11dc-8c17-0016d34f8d27}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{89c6b28f-2a4a-11dc-8c17-0016d34f8d27}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{97919d08-29b1-11dc-bba1-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,00,\
01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,09,00,00,00

[MountPoints2\{cfca3726-264a-11dc-8ace-aaab6b021e62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00

[MountPoints2\{cfca3726-264a-11dc-8ace-aaab6b021e62}\shell]
@="None"

[MountPoints2\{cfca3726-264a-11dc-8ace-aaab6b021e62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{cfca3726-264a-11dc-8ace-aaab6b021e62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{e998e7be-264f-11dc-8e53-806d6172696f}]
"BaseClass"="Drive"
"_LabelFromReg"="windows XP"

[MountPoints2\{ee3cbc47-29ac-11dc-8ae4-00197d06903e}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,00,5f,cf,cf,00,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,00,10,00,00,08,00,00,00

[MountPoints2\{ee3cbc47-29ac-11dc-8ae4-00197d06903e}\shell]
@="None"

[MountPoints2\{ee3cbc47-29ac-11dc-8ae4-00197d06903e}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{ee3cbc47-29ac-11dc-8ae4-00197d06903e}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

[AdvancedOptions\INTERNATIONAL]
"Text"="International*"

[AdvancedOptions\INTERNATIONAL\IDN]
"Text"="Send IDN server names"

[AdvancedOptions\INTERNATIONAL\IDN_INFOBAR]
"Text"="Show Information bar for encoded addresses"

[AdvancedOptions\INTERNATIONAL\IDN_INTRANET]
"Text"="Send IDN server names for Intranet addresses"

[AdvancedOptions\INTERNATIONAL\IDN_SHOWPUNY]
"Text"="Always show encoded addresses"

[AdvancedOptions\INTERNATIONAL\UTF8_MAILTO]
"Text"="Use UTF-8 for mailto links"

[AdvancedOptions\INTERNATIONAL\UTF8_URL]
"Text"="Send UTF-8 URLs"

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Personnalisation du navigateur"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendu VML (Vector Graphics Rendering)"
"ComponentID"="MSVML"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
"@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Liaison de données Dynamic HTML pour Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Création avancée"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classes Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"
"@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"

[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
"@="Dossiers Web"
"ComponentID"="WebFolders"
"StubPath"=""

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Carnet d'adresses 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Mise à jour du Bureau Windows"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"

[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Planificateur de tâches"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player 9 ActiveX"
"ComponentID"="Flash"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"

-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {B74DCA58-9AAC-4EE2-843A-D72275BEFD76} REG_BINARY 06000000000000000400000000000000DC2B9146C0A8010103000000000000000400000000000000DC2B9146C0A8010101000000000000000400000000000000DC2B9146FFFFFF0036000000000000000400000000000000DC2B9146C0A8010135000000000000000100000000000000DC2B914605000000FC00000000000000000000000000000020DB8F4651000000000000000B00000000000000DC2B914601FFFF504F525441424C45003B000000000000000400000000000000DC2B9146000127503A000000000000000400000000000000DC2B91460000A8C033000000000000000400000000000000DC2B914600015180
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {B74DCA58-9AAC-4EE2-843A-D72275BEFD76} REG_BINARY 51000000000000000B00000000000000F8CE904601FFFF504F525441424C450006000000000000000400000000000000F8CE9046C0A8010103000000000000000400000000000000F8CE9046C0A8010101000000000000000400000000000000F8CE9046FFFFFF003B000000000000000400000000000000F8CE9046000127503A000000000000000400000000000000F8CE90460000A8C033000000000000000400000000000000F8CE90460001518036000000000000000400000000000000F8CE9046C0A8010135000000000000000100000000000000F8CE904605000000
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 740 (0x2E4)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Epoch Epoch REG_DWORD 732 (0x2DC)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile EnableFirewall REG_DWORD 0 (0x0)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile EnableFirewall REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Spooler\Performance WbemAdapFileSignature REG_BINARY E415A3D071D315CD84F6F593A3A060B3
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Spooler\Performance WbemAdapFileTime REG_BINARY 0020E7D4F03DC601
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Spooler\Performance WbemAdapFileSize REG_DWORD 146944 (0x23E00)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Spooler\Performance WbemAdapStatus REG_DWORD 0 (0x0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TapiSrv\Performance WbemAdapFileSignature REG_BINARY 0483F001E58AF7EA90B23BA9ACB367D3
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TapiSrv\Performance WbemAdapFileTime REG_BINARY 0020E7D4F03DC601
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TapiSrv\Performance WbemAdapFileSize REG_DWORD 5632 (0x1600)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\TapiSrv\Performance WbemAdapStatus REG_DWORD 0 (0x0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{B74DCA58-9AAC-4EE2-843A-D72275BEFD76} LeaseObtainedTime REG_DWORD 1183832668 (0x468FDA5C)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{B74DCA58-9AAC-4EE2-843A-D72275BEFD76} LeaseObtainedTime REG_DWORD 1183808888 (0x468F7D78)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{B74DCA58-9AAC-4EE2-843A-D72275BEFD76} T1 REG_DWORD 1183875868 (0x4690831C)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{B74DCA58-9AAC-4EE2-843A-D72275BEFD76} T1 REG_DWORD 1183852088 (0x46902638)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{B74DCA58-9AAC-4EE2-843A-D72275BEFD76} T2 REG_DWORD 1183908268 (0x469101AC)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{B74DCA58-9AAC-4EE2-843A-D72275BEFD76} T2 REG_DWORD 1183884488 (0x4690A4C8)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{B74DCA58-9AAC-4EE2-843A-D72275BEFD76} LeaseTerminatesTime REG_DWORD 1183919068 (0x46912BDC)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{B74DCA58-9AAC-4EE2-843A-D72275BEFD76} LeaseTerminatesTime REG_DWORD 1183895288 (0x4690CEF8)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{B74DCA58-9AAC-4EE2-843A-D72275BEFD76} DhcpRetryTime REG_DWORD 43197 (0xA8BD)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{B74DCA58-9AAC-4EE2-843A-D72275BEFD76} DhcpRetryStatus REG_DWORD 0 (0x0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\WmiApRpl\Performance Last Counter REG_DWORD 2356 (0x934)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\WmiApRpl\Performance Last Counter REG_DWORD 2376 (0x948)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\WmiApRpl\Performance Last Help REG_DWORD 2357 (0x935)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\WmiApRpl\Performance Last Help REG_DWORD 2377 (0x949)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\WmiApRpl\Performance Object List REG_SZ 2352 2352
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\WmiApRpl\Performance Object List REG_SZ 2352 2352 2358 2358 2370 2370
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{B74DCA58-9AAC-4EE2-843A-D72275BEFD76}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1183832668 (0x468FDA5C)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{B74DCA58-9AAC-4EE2-843A-D72275BEFD76}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1183808888 (0x468F7D78)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{B74DCA58-9AAC-4EE2-843A-D72275BEFD76}\Parameters\Tcpip T1 REG_DWORD 1183875868 (0x4690831C)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{B74DCA58-9AAC-4EE2-843A-D72275BEFD76}\Parameters\Tcpip T1 REG_DWORD 1183852088 (0x46902638)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{B74DCA58-9AAC-4EE2-843A-D72275BEFD76}\Parameters\Tcpip T2 REG_DWORD 1183908268 (0x469101AC)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{B74DCA58-9AAC-4EE2-843A-D72275BEFD76}\Parameters\Tcpip T2 REG_DWORD 1183884488 (0x4690A4C8)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{B74DCA58-9AAC-4EE2-843A-D72275BEFD76}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1183919068 (0x46912BDC)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{B74DCA58-9AAC-4EE2-843A-D72275BEFD76}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1183895288 (0x4690CEF8)

Result compared: Different


-----Comparing registry keys CCS1 vs CCS3 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services

Result compared: Identical


===================== Hidden Objects =====================


SCAN ABORTED: an unknown error has occurred. Please check Rootkit presence with another tool

===================== Checking Rustock rootkit =====================



===================== Checking Suspicious files =====================
EXE and DLL files packed with runtime packers, found in: C:\; C:\WINDOWS\; C:\WINDOWS\system32\


==========================================
Scan completed in 3,1 minutes
End of report





Voila pour le gros rapport ! Quand on démarre l'ordi et qu'il se connecte à internet, le module sécurité Défense proactive de l'antivirus/firewall détecte une application présentant un risque potentiel : Invader.
il est marqué que c'est le processus PID : 1556 avec pour chemin c\...\LVPrcSrv.exe
il est aussi noté que un processus tente de s'intégrer à un autre processus, voir détails suivant :
Processus attaqué :
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
Identifiant du processus (PID): 1556

Tentative d'intrusion dans le processus:
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
Identifiant du processus (PID): 1288

Cela fait tout un roman mais j'essaie d'être le plus clair possible.

Merci de votre patience

;-)
0
Utilisateur anonyme
10 juil. 2007 à 22:44
BOnjour

Fais ceci je reviendrais tout à l'heure sur ton problème ;-)

Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp

https://www.bitdefender.com/toolbox/

0
Peter_neophyte Messages postés 8 Date d'inscription mercredi 4 juillet 2007 Statut Membre Dernière intervention 13 juillet 2007 > Utilisateur anonyme
11 juil. 2007 à 20:07
Bonsoir Boulepate62,

J'ai effectué le scan en ligne avec bitdefender comme prévu et à ma grande surprise il n'a absolument rien trouver donc aucun rapport à fournir. C'est étonnant car le portable se met à délirer sérieusement par moment avec des fenêtres d'erreurs, les fonds d'écritures des icones du bureau qui ont changé de couleurs presque tout seul ainsi qu'un petit contour autour des icones du bureau ! Et sans pouvoir y retirer à priori ! Ordinateur qui se bloque complet par moments entrainant un arrêt en force !
Je suis pas spécialiste mais tout porte à croire que le portable est infecté ! De quelle origine et par quoi ? je ne sais pas. A moins que ce ne soit qu'un problème lié à une mauvaise installation ?!?!

Merci pour la suite du traitement

@+
0
Réponse 7 / 7
Utilisateur anonyme
11 juil. 2007 à 22:06
Fais ces deux choses pour voir ce que ça donne.

Scanne et supprime tout ce qu'ils pourraient te trouver, il ne devraient pas trouver énormément de bestioles.


¤ Télécharge et installe AVG anti-spyware : mets le à jour
Tu fais un scan complet de ton système, dès qu'il a fini.
Si il te trouve des espions,supprime les. Enregistre le rapport et colle le ici stp

Téléchargeable et tutoriel sur cette page :
--> http://redir.fr/gsel


ET


¤ Télécharge et installe AVG anti-spyware : mets le à jour
Tu fais un scan complet de ton système, dès qu'il a fini.
Si il te trouve des espions,supprime les. Enregistre le rapport et colle le ici stp

Téléchargeable et tutoriel sur cette page :
--> http://redir.fr/gsel
0
Peter_neophyte Messages postés 8 Date d'inscription mercredi 4 juillet 2007 Statut Membre Dernière intervention 13 juillet 2007
12 juil. 2007 à 13:19
Bjr Boulepate62,

J'ai effectué le scan avec AVG, absolument rien du tout ! Mais une fois le scan terminé des fenêtres d'erreurs apparaissent :
1- PML Driver a rencontré un problème et doit fermer
2- Dwwin.exe - erreur d'application - l'instruction à "0x7c883f9c" emploie l'adresse mémoire "0x7c883f9c". La mémoire ne peut pas être "written"

Ces fenêtres apparaissent de façon aléatoire et difficile de les fermées parfois ! Au démarrage de l'ordi, l'antivirus/firewall détecte un problème lié à sa défense proactive qui détecte une application présentant un risque potentiel : le processus PID : 1540
origine dans c/.../LVPrcSrv.exe

Je me demande s'il y aurait pas une mauvaise installation d'une application ?
Et parfois problèmes avec HPzm ou qqchoz comme ça. L'ordi bloque régulièrement ! Docteur watson se met en marche et bloque lui aussi.

Quoi faire maintenant ?

Merci
0
Peter_neophyte Messages postés 8 Date d'inscription mercredi 4 juillet 2007 Statut Membre Dernière intervention 13 juillet 2007
13 juil. 2007 à 21:08
Bsr Boulepate62,

Je ne sais plus quoi faire et n'ai confiance plus à grand choses et terme d'antivirus/firewall. Soit je suis infecté ce que je pense fortement soit une mauvaise installation quelque part !!!

Au secours et c'est gonflant à force ! Faut éradiquer cette cochonnerie ! Fenêtres d'erreurs PMLdriver, codes erreurs, j'ai l'impression d'une prise de controle de l'ordi par moments !

A l'aide

Merci
0

Discussions similaires

Colis en cours de transport vers votre site de livraison ?
Ninan_5568 -
JulieVdr -

7 réponses
il est en cours de transport vers votre site de livraison
3rin -
Afrikarnak -

4 réponses
le site de distribution
youyou -
brucine -

2 réponses