Virus ( cheval de troi ) récurrant !
Yuki
-
HELMUTH -
HELMUTH -
Salut,
J'ai un virus.
Mon antivirus avast et ( ou ) Avg le repère, le supprime mais il réapparaît toujours...
avg le repère comme étant : une variante de win32/Rootkit.Agent.dp (cheval de Troie)
sa localisation : C:\WINDOWS\System32\ip6fw.sys j'ai souvent ce virus qui revient avec avast : win32 : agent kir et small epg !
Même manuellement si je le supprime, il réapparaît...
Le virus s'active quand je me connecte à internet. Mon pc devient très-lent alors que normalement ça va plus vite (j'écris en mode sans échec avec prise du réseau..).
J'ai essayé avec Ad-Aware et d'autres logiciels que je possède mais il ne voit rien.
J'ai un virus.
Mon antivirus avast et ( ou ) Avg le repère, le supprime mais il réapparaît toujours...
avg le repère comme étant : une variante de win32/Rootkit.Agent.dp (cheval de Troie)
sa localisation : C:\WINDOWS\System32\ip6fw.sys j'ai souvent ce virus qui revient avec avast : win32 : agent kir et small epg !
Même manuellement si je le supprime, il réapparaît...
Le virus s'active quand je me connecte à internet. Mon pc devient très-lent alors que normalement ça va plus vite (j'écris en mode sans échec avec prise du réseau..).
J'ai essayé avec Ad-Aware et d'autres logiciels que je possède mais il ne voit rien.
A voir également:
- Virus ( cheval de troi ) récurrant !
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
- Ordinateur bloqué virus - Accueil - Arnaque
63 réponses
salut,
j'ai fait pareil ( virustotal ) avec ce fichier quii réapparait toujours malgré les mises en quarantaines :
C:\WINDOWS\Temp\startdrv.exe
Fichier startdrv.exe reçu le 2007.09.23 17:49:16 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 20/31 (64.52%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 39 et 56 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.9.22.0 2007.09.21 Win-Trojan/Dropper.21504.B
AntiVir 7.6.0.15 2007.09.21 TR/Dropper.Gen
Authentium 4.93.8 2007.09.23 W32/Downldr2.AHGH
Avast 4.7.1043.0 2007.09.22 Win32:Agent-LPR
AVG 7.5.0.485 2007.09.23 -
BitDefender 7.2 2007.09.23 Trojan.Kobcka.L
CAT-QuickHeal 9.00 2007.09.21 TrojanDownloader.Agent.djt
ClamAV 0.91.2 2007.09.23 Trojan.Dropper-2556
DrWeb 4.33 2007.09.23 Trojan.MulDrop.8738
eSafe 7.0.15.0 2007.09.19 -
eTrust-Vet 31.2.5154 2007.09.21 -
Ewido 4.0 2007.09.20 -
FileAdvisor 1 2007.09.23 -
Fortinet 3.11.0.0 2007.09.23 -
F-Prot 4.3.2.48 2007.09.23 W32/Downldr2.AHGH
F-Secure 6.70.13030.0 2007.09.21 Trojan-Downloader.Win32.Agent.djt
Ikarus T3.1.1.12 2007.09.23 Trojan-Downloader.Win32.Agent.djt
Kaspersky 4.0.2.24 2007.09.23 Trojan-Downloader.Win32.Agent.djt
McAfee 5125 2007.09.21 Spy-Agent.bv.dldr
Microsoft 1.2803 2007.09.23 TrojanDownloader:Win32/Agent.ACZ
NOD32v2 2545 2007.09.23 Win32/TrojanDownloader.Agent.DJT
Norman 5.80.02 2007.09.21 Pandex.gen
Panda 9.0.0.4 2007.09.23 Trj/BedeTres.B
Rising 19.41.62.00 2007.09.23 -
Sophos 4.21.0 2007.09.23 -
Sunbelt 2.2.907.0 2007.09.22 -
Symantec 10 2007.09.23 -
TheHacker 6.2.5.066 2007.09.22 -
VBA32 3.12.2.4 2007.09.23 Trojan-Downloader.Win32.Agent.djt
VirusBuster 4.3.26:9 2007.09.23 Trojan.DR.Agent.VWM
Webwasher-Gateway 6.0.1 2007.09.21 Trojan.Dropper.Gen
Information additionnelle
File size: 21504 bytes
MD5: 57dc8e742a312efc0a62310ecb3ec6be
SHA1: a1a503fb4833cd4b93e3dada46984f807b9cad3a
j'ai fait pareil ( virustotal ) avec ce fichier quii réapparait toujours malgré les mises en quarantaines :
C:\WINDOWS\Temp\startdrv.exe
Fichier startdrv.exe reçu le 2007.09.23 17:49:16 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 20/31 (64.52%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 39 et 56 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.9.22.0 2007.09.21 Win-Trojan/Dropper.21504.B
AntiVir 7.6.0.15 2007.09.21 TR/Dropper.Gen
Authentium 4.93.8 2007.09.23 W32/Downldr2.AHGH
Avast 4.7.1043.0 2007.09.22 Win32:Agent-LPR
AVG 7.5.0.485 2007.09.23 -
BitDefender 7.2 2007.09.23 Trojan.Kobcka.L
CAT-QuickHeal 9.00 2007.09.21 TrojanDownloader.Agent.djt
ClamAV 0.91.2 2007.09.23 Trojan.Dropper-2556
DrWeb 4.33 2007.09.23 Trojan.MulDrop.8738
eSafe 7.0.15.0 2007.09.19 -
eTrust-Vet 31.2.5154 2007.09.21 -
Ewido 4.0 2007.09.20 -
FileAdvisor 1 2007.09.23 -
Fortinet 3.11.0.0 2007.09.23 -
F-Prot 4.3.2.48 2007.09.23 W32/Downldr2.AHGH
F-Secure 6.70.13030.0 2007.09.21 Trojan-Downloader.Win32.Agent.djt
Ikarus T3.1.1.12 2007.09.23 Trojan-Downloader.Win32.Agent.djt
Kaspersky 4.0.2.24 2007.09.23 Trojan-Downloader.Win32.Agent.djt
McAfee 5125 2007.09.21 Spy-Agent.bv.dldr
Microsoft 1.2803 2007.09.23 TrojanDownloader:Win32/Agent.ACZ
NOD32v2 2545 2007.09.23 Win32/TrojanDownloader.Agent.DJT
Norman 5.80.02 2007.09.21 Pandex.gen
Panda 9.0.0.4 2007.09.23 Trj/BedeTres.B
Rising 19.41.62.00 2007.09.23 -
Sophos 4.21.0 2007.09.23 -
Sunbelt 2.2.907.0 2007.09.22 -
Symantec 10 2007.09.23 -
TheHacker 6.2.5.066 2007.09.22 -
VBA32 3.12.2.4 2007.09.23 Trojan-Downloader.Win32.Agent.djt
VirusBuster 4.3.26:9 2007.09.23 Trojan.DR.Agent.VWM
Webwasher-Gateway 6.0.1 2007.09.21 Trojan.Dropper.Gen
Information additionnelle
File size: 21504 bytes
MD5: 57dc8e742a312efc0a62310ecb3ec6be
SHA1: a1a503fb4833cd4b93e3dada46984f807b9cad3a
Bonsoir,
Oui, celui-là, je n'avais pas de doute.
C'est l'autre qui me souciait. Finalement, il est propre.
Ouvre ce lien :
https://www.bleepingcomputer.com/download/linux/
pour télécharger regsearch.zip.
Choisis Enregistrer puis Bureau.
A la fin du déchargement fais un clic droit sur l'icône de regsearch.zip créée sur le bureau,choisis Extraire tout et suis les instructions.
Exécute Regsearch.exe qui se trouve dans le dossier qui vient d'être créé en double-cliquant et clique sur exécuter.
Dans la fenêtre qui s'ouvre vérifie que toutes les cases sont cochées.
Ensuite écris startdrv dans la première ligne de la fenêtre .
Clique sur OK pour rechercher dans le registre.
En fin de recherche, le bloc-note s'ouvre. Copie-colle le contenu du rapport dans ta réponse.
Le rapport se trouve dans le même dossier que Regsearch.exe sous le nom RegSearch.txt.
Relance aussi suspect files avec coché uniqument Scheduled jobs et Include host File et poste aussi le rappot.
Si tout cela ne donne rien, on sort le 450 de marine.
@+
Oui, celui-là, je n'avais pas de doute.
C'est l'autre qui me souciait. Finalement, il est propre.
Ouvre ce lien :
https://www.bleepingcomputer.com/download/linux/
pour télécharger regsearch.zip.
Choisis Enregistrer puis Bureau.
A la fin du déchargement fais un clic droit sur l'icône de regsearch.zip créée sur le bureau,choisis Extraire tout et suis les instructions.
Exécute Regsearch.exe qui se trouve dans le dossier qui vient d'être créé en double-cliquant et clique sur exécuter.
Dans la fenêtre qui s'ouvre vérifie que toutes les cases sont cochées.
Ensuite écris startdrv dans la première ligne de la fenêtre .
Clique sur OK pour rechercher dans le registre.
En fin de recherche, le bloc-note s'ouvre. Copie-colle le contenu du rapport dans ta réponse.
Le rapport se trouve dans le même dossier que Regsearch.exe sous le nom RegSearch.txt.
Relance aussi suspect files avec coché uniqument Scheduled jobs et Include host File et poste aussi le rappot.
Si tout cela ne donne rien, on sort le 450 de marine.
@+
Salut voici le rapport de regsearch :
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 23/09/2007 19:52:26 for strings:
; 'startdrv'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"startdrv"="C:\\WINDOWS\\Temp\\startdrv.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"f"="C:\\WINDOWS\\temp\\startdrv.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"a"="C:\\WINDOWS\\temp\\startdrv.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\WINDOWS\\Temp\\startdrv.exe"="startdrv"
; End Of The Log...
et celui de suspect files :
SystemScan - www.suspectfile.com - ver. 3.2.0
Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
Date: 23/09/2007
Time: 19:56:10
Output limited to:
-Scheduled jobs
-Include HOSTS file
===================== SCHEDULED JOBS =====================
jobs found in C:\WINDOWS:
05/08/2004 07:00:00 65 byte 1144 days old -- desktop.ini
23/09/2007 18:35:13 6 byte 0 days old -- SA.DAT
23/09/2007 18:39:00 256 byte 0 days old -- Vérifier les mises à jour de Windows Live Toolbar.job
~~~~~~~~~~~~~~~~~~~~~
Active jobs:
~~~~~~~~~~~~~~~~~~~~~
Most recent (50) lines in jobs scheduled log:
===================== HOSTS FILE =====================
==========================================
Scan completed in 0 minutes
End of report
merci
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 23/09/2007 19:52:26 for strings:
; 'startdrv'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"startdrv"="C:\\WINDOWS\\Temp\\startdrv.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"f"="C:\\WINDOWS\\temp\\startdrv.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"a"="C:\\WINDOWS\\temp\\startdrv.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\WINDOWS\\Temp\\startdrv.exe"="startdrv"
; End Of The Log...
et celui de suspect files :
SystemScan - www.suspectfile.com - ver. 3.2.0
Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
Date: 23/09/2007
Time: 19:56:10
Output limited to:
-Scheduled jobs
-Include HOSTS file
===================== SCHEDULED JOBS =====================
jobs found in C:\WINDOWS:
05/08/2004 07:00:00 65 byte 1144 days old -- desktop.ini
23/09/2007 18:35:13 6 byte 0 days old -- SA.DAT
23/09/2007 18:39:00 256 byte 0 days old -- Vérifier les mises à jour de Windows Live Toolbar.job
~~~~~~~~~~~~~~~~~~~~~
Active jobs:
~~~~~~~~~~~~~~~~~~~~~
Most recent (50) lines in jobs scheduled log:
===================== HOSTS FILE =====================
==========================================
Scan completed in 0 minutes
End of report
merci
Re,
des informations utiles.
1) Ouvre le Bloc Notes.
Copie le texte ci-dessous (entre les * mais sans les *) avec le texte qui se trouve dans l'espace ci-dessous (copie/colle) :
*****************************
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"startdrv"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"f"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"a"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\WINDOWS\\Temp\\startdrv.exe"=-
*****************************
Clique sur "Fichier", "Enregistrer sous".
Clique sur Bureau (dans la colonne de gauche)
Dans Nom du fichier tu écris fix.reg
Pour Type tu choisis "tous les fichiers" avec le menu déroulant.
Tu cliques sur Enregistrer.
Tu fermes le Bloc-notes
Sur ton bureau, tu double-clique sur l'icône de Fix.reg
Tu acceptes l'avertissement concernant la fusion
Le fix va travailler sans se manifester.
A la fin, tu vas voir un message disant que la fusion est terminée. Tu valides.
2) télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\WINDOWS\Temp\startdrv.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. Si ce n'est pas le cas, fais le toi-même;
Remets un log Hijackthis
@+
des informations utiles.
1) Ouvre le Bloc Notes.
Copie le texte ci-dessous (entre les * mais sans les *) avec le texte qui se trouve dans l'espace ci-dessous (copie/colle) :
*****************************
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"startdrv"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"f"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"a"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\WINDOWS\\Temp\\startdrv.exe"=-
*****************************
Clique sur "Fichier", "Enregistrer sous".
Clique sur Bureau (dans la colonne de gauche)
Dans Nom du fichier tu écris fix.reg
Pour Type tu choisis "tous les fichiers" avec le menu déroulant.
Tu cliques sur Enregistrer.
Tu fermes le Bloc-notes
Sur ton bureau, tu double-clique sur l'icône de Fix.reg
Tu acceptes l'avertissement concernant la fusion
Le fix va travailler sans se manifester.
A la fin, tu vas voir un message disant que la fusion est terminée. Tu valides.
2) télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\WINDOWS\Temp\startdrv.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. Si ce n'est pas le cas, fais le toi-même;
Remets un log Hijackthis
@+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonsoir, j'ai fait ce que tu m'à demander , voici le rapport de C:\_OTMoveIt\MovedFiles :
C:\WINDOWS\Temp\startdrv.exe moved successfully.
Created on 09/23/2007 21:11:19
voici le rapport HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 21:35:05, on 23/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.fr/8SEFRFR030000TBR/InstallSuccess
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: jeanmarcmorandini Toolbar - {58b525f4-b7d7-4600-86f4-46d30a9cc183} - C:\Program Files\jeanmarcmorandini\tbjean.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: jeanmarcmorandini Toolbar - {58b525f4-b7d7-4600-86f4-46d30a9cc183} - C:\Program Files\jeanmarcmorandini\tbjean.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: jeanmarcmorandini Toolbar - {58b525f4-b7d7-4600-86f4-46d30a9cc183} - C:\Program Files\jeanmarcmorandini\tbjean.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1157577326\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 2.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?2ce861a41e324489ac465c2b9d28c6a7
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?2ce861a41e324489ac465c2b9d28c6a7
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Userinit Logon Application - Unknown owner - C:\WINDOWS\userinit.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Temp\startdrv.exe moved successfully.
Created on 09/23/2007 21:11:19
voici le rapport HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 21:35:05, on 23/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.fr/8SEFRFR030000TBR/InstallSuccess
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: jeanmarcmorandini Toolbar - {58b525f4-b7d7-4600-86f4-46d30a9cc183} - C:\Program Files\jeanmarcmorandini\tbjean.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: jeanmarcmorandini Toolbar - {58b525f4-b7d7-4600-86f4-46d30a9cc183} - C:\Program Files\jeanmarcmorandini\tbjean.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: jeanmarcmorandini Toolbar - {58b525f4-b7d7-4600-86f4-46d30a9cc183} - C:\Program Files\jeanmarcmorandini\tbjean.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1157577326\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 2.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?2ce861a41e324489ac465c2b9d28c6a7
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?2ce861a41e324489ac465c2b9d28c6a7
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Userinit Logon Application - Unknown owner - C:\WINDOWS\userinit.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Re,
tu avais redémarré l'ordi avant de faire tourner hijackthis ?
On va prendre un point de restauration propre;
regarde ce tuto :
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924
dans un premier temps, tu coches la case pour désactiver la restauration.
dans un deuxième temps, tu décoches la case pour réactiver la restauration.
Que reste-t-il des soucis du début ?
@+
tu avais redémarré l'ordi avant de faire tourner hijackthis ?
On va prendre un point de restauration propre;
regarde ce tuto :
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924
dans un premier temps, tu coches la case pour désactiver la restauration.
dans un deuxième temps, tu décoches la case pour réactiver la restauration.
Que reste-t-il des soucis du début ?
@+
Re,
alors je crois qu'on l'a eu.
Tu prends ton point de restauration et tu me dis ce qu'il te semble rester de tes soucis initiaux.
@+
alors je crois qu'on l'a eu.
Tu prends ton point de restauration et tu me dis ce qu'il te semble rester de tes soucis initiaux.
@+
re,
alors j'ai fait la phase 1 : ( tu coches la case pour désactiver la restauration. )
puis pour la phase 2 ( tu décoches la case pour réactiver la restauration. ) on m'a demander de redemarrer ( car le mode sans echec ne peut reprendre un point de restauration ).
donc en mode normal j'ai réactivé la restauration, et après un redémarrage, le pc se lance on ne peut mieux mais il y a toujours ce blocage et ce ralentissement.
d'autant plus que startdrv apparait encore( quand je scanne ce repertoire C:\WINDOWS\temp\startdrv.exe, avast retrouve le virus ) :
scan HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 23:40:14, on 23/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.fr/8SEFRFR030000TBR/InstallSuccess
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: jeanmarcmorandini Toolbar - {58b525f4-b7d7-4600-86f4-46d30a9cc183} - C:\Program Files\jeanmarcmorandini\tbjean.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: jeanmarcmorandini Toolbar - {58b525f4-b7d7-4600-86f4-46d30a9cc183} - C:\Program Files\jeanmarcmorandini\tbjean.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: jeanmarcmorandini Toolbar - {58b525f4-b7d7-4600-86f4-46d30a9cc183} - C:\Program Files\jeanmarcmorandini\tbjean.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1157577326\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 2.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?2ce861a41e324489ac465c2b9d28c6a7
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?2ce861a41e324489ac465c2b9d28c6a7
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Userinit Logon Application - Unknown owner - C:\WINDOWS\userinit.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
merci bonne nuit et à demain.
alors j'ai fait la phase 1 : ( tu coches la case pour désactiver la restauration. )
puis pour la phase 2 ( tu décoches la case pour réactiver la restauration. ) on m'a demander de redemarrer ( car le mode sans echec ne peut reprendre un point de restauration ).
donc en mode normal j'ai réactivé la restauration, et après un redémarrage, le pc se lance on ne peut mieux mais il y a toujours ce blocage et ce ralentissement.
d'autant plus que startdrv apparait encore( quand je scanne ce repertoire C:\WINDOWS\temp\startdrv.exe, avast retrouve le virus ) :
scan HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 23:40:14, on 23/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.fr/8SEFRFR030000TBR/InstallSuccess
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: jeanmarcmorandini Toolbar - {58b525f4-b7d7-4600-86f4-46d30a9cc183} - C:\Program Files\jeanmarcmorandini\tbjean.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: jeanmarcmorandini Toolbar - {58b525f4-b7d7-4600-86f4-46d30a9cc183} - C:\Program Files\jeanmarcmorandini\tbjean.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: jeanmarcmorandini Toolbar - {58b525f4-b7d7-4600-86f4-46d30a9cc183} - C:\Program Files\jeanmarcmorandini\tbjean.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1157577326\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 2.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?2ce861a41e324489ac465c2b9d28c6a7
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?2ce861a41e324489ac465c2b9d28c6a7
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Userinit Logon Application - Unknown owner - C:\WINDOWS\userinit.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
merci bonne nuit et à demain.
Re;
tu feras ça :
Scanne ensuite ton PC avec BitDefender en ligne (uniquement sous Internet Explorer).
ouvre ce lien :
www.bitdefender.com/scan8/ie.html
Utilisation :
Cliquer sur "J'accepte" puis accepter également l'ActiveX bloqué par la barre anti-popup du SP2 qui clignotera en haut et l'installer.
Ensuite, cliquer sur "Cliquez ici pour scanner".
Patienter jusqu'à la fin du scan qui peut durer assez longtemps...
Copier/coller le rapport entier sur le forum.
Tutoriel en images ici : http://pageperso.aol.fr/rginformatique/mapage/defender.htm (merci à Balltrap34 pour cette réalisation)
@+
tu feras ça :
Scanne ensuite ton PC avec BitDefender en ligne (uniquement sous Internet Explorer).
ouvre ce lien :
www.bitdefender.com/scan8/ie.html
Utilisation :
Cliquer sur "J'accepte" puis accepter également l'ActiveX bloqué par la barre anti-popup du SP2 qui clignotera en haut et l'installer.
Ensuite, cliquer sur "Cliquez ici pour scanner".
Patienter jusqu'à la fin du scan qui peut durer assez longtemps...
Copier/coller le rapport entier sur le forum.
Tutoriel en images ici : http://pageperso.aol.fr/rginformatique/mapage/defender.htm (merci à Balltrap34 pour cette réalisation)
@+
salut , je viens d'allumer mon pc ( qui démarre bien mais se ralentit au bout d'un moment donc retour en sans échec ),
oui merci je connais Bitdefender, donc je lance l'analyse ( c'est long ).
sinon ne vaut -il pas reprendre les points 17, 22 et 24 ? en gros refaire la manip d'hier ???
oui merci je connais Bitdefender, donc je lance l'analyse ( c'est long ).
sinon ne vaut -il pas reprendre les points 17, 22 et 24 ? en gros refaire la manip d'hier ???
Bonjour,
le pb est que les mêmes causes produisent les mêmes effets. Le fichier revient.
Il y a un mécanisme de réinfection que je n'ai pas vu.
Une première amélioration est de "fixer" cette ligne
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll
relance hijackthis, choisi do a scan only, coche la case devant la ligne et clique sur fix checked (-toutes les autres fenêtres, en particulier le navigateur fermé, donc après bit defender).
Ensuite, en mode sans échec, via l'explorateur Windows, tu supprimes C:\Program Files\eoRezo et tu vides ta corbeille.
Tu peux faire ça en même temps que bit defender :
1) Ouvre ce lien (merci a S!RI pour ce programme). http://siri.urz.free.fr/Fix/SmitfraudFix.php
et télécharge SmitfraudFix.exe.
Regarde le tuto
Exécute le en choisissant l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
2) Tu relance Regsearch avec, dans la première ligne runtime et dans la sconde runtime2
tu postes les rapports.
@+
le pb est que les mêmes causes produisent les mêmes effets. Le fichier revient.
Il y a un mécanisme de réinfection que je n'ai pas vu.
Une première amélioration est de "fixer" cette ligne
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll
relance hijackthis, choisi do a scan only, coche la case devant la ligne et clique sur fix checked (-toutes les autres fenêtres, en particulier le navigateur fermé, donc après bit defender).
Ensuite, en mode sans échec, via l'explorateur Windows, tu supprimes C:\Program Files\eoRezo et tu vides ta corbeille.
Tu peux faire ça en même temps que bit defender :
1) Ouvre ce lien (merci a S!RI pour ce programme). http://siri.urz.free.fr/Fix/SmitfraudFix.php
et télécharge SmitfraudFix.exe.
Regarde le tuto
Exécute le en choisissant l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
2) Tu relance Regsearch avec, dans la première ligne runtime et dans la sconde runtime2
tu postes les rapports.
@+
Salut,
voici le rapport de Bitdefender :
BitDefender Online Scanner
Scan report generated at: Mon, Sep 24, 2007 - 14:02:00
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;
Statistics
Time
00:51:11
Files
348364
Folders
6586
Boot Sectors
4
Archives
7351
Packed Files
26667
Results
Identified Viruses
2
Infected Files
4
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
4
Engines Info
Virus Definitions
823498
Engine build
AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\System Volume Information\_restore{6C8E7B52-D81C-4AFE-8CB4-40363E703700}\RP1\A0001009.exe
Infected with: Trojan.Kobcka.L
C:\System Volume Information\_restore{6C8E7B52-D81C-4AFE-8CB4-40363E703700}\RP1\A0001009.exe
Disinfection failed
C:\System Volume Information\_restore{6C8E7B52-D81C-4AFE-8CB4-40363E703700}\RP1\A0001009.exe
Deleted
C:\WINDOWS\temp\startdrv.exe
Infected with: Trojan.Kobcka.L
C:\WINDOWS\temp\startdrv.exe
Disinfection failed
C:\WINDOWS\temp\startdrv.exe
Deleted
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\drivers\ip6fw.sys
Infected with: Rootkit.Agent.DP
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\drivers\ip6fw.sys
Disinfection failed
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\drivers\ip6fw.sys
Deleted
C:\_OTMoveIt\MovedFiles\WINDOWS\Temp\startdrv.exe
Infected with: Trojan.Kobcka.L
C:\_OTMoveIt\MovedFiles\WINDOWS\Temp\startdrv.exe
Disinfection failed
C:\_OTMoveIt\MovedFiles\WINDOWS\Temp\startdrv.exe
Deleted
--la ligne à été fixé avec hijackthis ( eo rezo )
voici le rapport de SmitfraudFix :
SmitFraudFix v2.227
Rapport fait à 16:08:08,09, 24/09/2007
Executé à partir de C:\Documents and Settings\Barros\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Barros
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Barros\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Barros\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: SiS 900 PCI Fast Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3C7D350F-0EE3-4047-A4A0-FE12EB8A3C98}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3C7D350F-0EE3-4047-A4A0-FE12EB8A3C98}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3C7D350F-0EE3-4047-A4A0-FE12EB8A3C98}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3C7D350F-0EE3-4047-A4A0-FE12EB8A3C98}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
rapport de regsearch :
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 24/09/2007 16:10:35 for strings:
; ' runtime'
; 'runtime2'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLRMetaData.CLRRuntimeHost]
@="Microsoft Common Language Runtime Host V2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLRMetaData.CLRRuntimeHost.1]
@="Microsoft Common Language Runtime Host V2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLRMetaData.CLRRuntimeHost.2]
@="Microsoft Common Language Runtime Host V2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLRMetaData.CorMetaDataDispenser]
@="Microsoft Common Language Runtime Meta Data"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLRMetaData.CorMetaDataDispenser.2]
@="Microsoft Common Language Runtime Meta Data"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLRMetaData.CorMetaDataDispenserRuntime]
@="Microsoft Common Language Runtime Meta Data"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLRMetaData.CorMetaDataDispenserRuntime.2]
@="Microsoft Common Language Runtime Meta Data"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLRMetaData.CorRuntimeHost]
@="Microsoft Common Language Runtime Host"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLRMetaData.CorRuntimeHost.2]
@="Microsoft Common Language Runtime Host"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{047A9A40-657E-11D3-8D5B-00104B35E7EF}]
@="Microsoft Common Language Runtime Debugger Publisher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{183C259A-0480-11d1-87EA-00C04FC29D46}]
@="LM Runtime Control"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1EC2DE53-75CC-11d2-9775-00A0C9B4D50C}]
@="Microsoft Common Language Runtime Meta Data"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FEF44D0-39E7-4C77-BE8E-C9F8CF988630}]
@="Microsoft Common Language Runtime Debugger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90F1A06E-7712-4762-86B5-7A5EBA6BDB01}]
@="Microsoft Common Language Runtime Meta Data V2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90F1A06E-7712-4762-86B5-7A5EBA6BDB02}]
@="Microsoft Common Language Runtime Meta Data V2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB2F6723-AB3A-11d2-9C40-00C04FA30A3E}]
@="Microsoft Common Language Runtime Meta Data"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5CB7A31-7512-11D2-89CE-0080C792E5D8}]
@="Microsoft Common Language Runtime Meta Data"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComPlusDebug.CorDebug]
@="Microsoft Common Language Runtime Debugger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComPlusDebug.CorDebug.1]
@="Microsoft Common Language Runtime Debugger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComPlusDebug.CorpubPublish]
@="Microsoft Common Language Runtime Debugger Publisher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComPlusDebug.CorpubPublish.1]
@="Microsoft Common Language Runtime Debugger Publisher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComPlusMetaData.MsCorHost.2]
@="Microsoft COM+ Runtime Meta Data"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510005]
"ProductName"="J2SE Runtime Environment 5.0 Update 5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510005\SourceList]
"PackageName"="J2SE Runtime Environment 5.0 Update 5.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006]
"ProductName"="J2SE Runtime Environment 5.0 Update 6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510009]
"ProductName"="J2SE Runtime Environment 5.0 Update 9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000]
"ProductName"="J2SE Runtime Environment 5.0 Update 10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001]
"ProductName"="J2SE Runtime Environment 5.0 Update 11"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LM.LMReader]
@="LM Runtime Control"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LM.LMReader.1]
@="LM Runtime Control"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Multimedia\Components\Installed\playback_wmfsdk]
@="Windows Media Format Runtime"
"DESCRIPTION"="Windows Media Format Runtime provides efficient playback of Windows Media files. This component must be installed for the software to function."
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{27D2CF3C-D5B0-11D2-8094-00104B1F9838}\1.0]
@="InstallShield Runtime 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}\1.0]
@="Microsoft Scripting Runtime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5477469E-83B1-11D2-8B49-00A0C9B7C9C4}\1.1]
@="Common Language Runtime Execution Engine 1.0 Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5477469E-83B1-11D2-8B49-00A0C9B7C9C4}\2.0]
@="Common Language Runtime Execution Engine 2.0 Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{97177EBC-0C54-11D0-B407-00AA00C14969}\5.0]
@="Visual Basic runtime objects and procedures"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BED7F4EA-1A96-11D2-8F08-00A0C9A6186D}\1.a]
@="Common Language Runtime Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}\6.0]
@="Visual Basic runtime objects and procedures"
[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment]
[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.5]
[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_05]
[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06]
[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09]
[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10]
[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11]
[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11\MSI]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
@="Java Runtime Environment 1.5.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
@="Java Runtime Environment 1.5.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
@="Java Runtime Environment 1.5.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
@="Java Runtime Environment 1.5.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
@="Java Runtime Environment 1.5.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
@="Java Runtime Environment 1.5.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
@="Java Runtime Environment 1.5.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\10]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\11]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\12]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\13]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\14]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\15]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\16]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\17]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\18]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\19]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\20]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\21]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\22]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\23]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\24]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\25]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\27]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\28]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\29]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\30]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\31]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\34]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\35]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\36]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\37]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\38]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\39]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\4]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\40]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\41]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\42]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\44]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\45]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\46]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\47]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\48]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\49]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\5]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\50]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\51]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\52]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\53]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\54]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\55]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\56]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\57]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\58]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\59]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\6]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\60]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\61]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\62]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\63]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\64]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\65]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\66]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\67]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\68]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\69]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\70]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\71]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\72]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\73]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\74]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\75]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\76]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\77]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\78]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\79]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\8]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\80]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\81]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\82]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\83]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\84]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\85]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\86]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\87]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\88]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\89]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\9]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\90]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\91]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\92]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\93]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\94]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\WMFDist11]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\WMFDist11]
"PackageName"="Windows Media Format 11 runtime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Media Format Runtime]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510005\InstallProperties]
"DisplayName"="J2SE Runtime Environment 5.0 Update 5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006\InstallProperties]
"DisplayName"="J2SE Runtime Environment 5.0 Update 6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510009\InstallProperties]
"DisplayName"="J2SE Runtime Environment 5.0 Update 9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000\InstallProperties]
"DisplayName"="J2SE Runtime Environment 5.0 Update 10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001\InstallProperties]
"DisplayName"="J2SE Runtime Environment 5.0 Update 11"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime]
"DisplayName"="Windows Media Format 11 runtime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMFDist11]
"DisplayName"="Windows Media Format 11 runtime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150050}]
"DisplayName"="J2SE Runtime Environment 5.0 Update 5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}]
"DisplayName"="J2SE Runtime Environment 5.0 Update 6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150090}]
"DisplayName"="J2SE Runtime Environment 5.0 Update 9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100}]
"DisplayName"="J2SE Runtime Environment 5.0 Update 10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}]
"DisplayName"="J2SE Runtime Environment 5.0 Update 11"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CLR_OPTIMIZATION_V2.0.50727_32\0000]
"DeviceDesc"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RUNTIME2]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RUNTIME2\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RUNTIME2\0000]
"Service"="runtime2"
"DeviceDesc"="runtime2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"DisplayName"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WebClient
; VSS
; VBRuntime
; usnjsvc
; Userinit
; Userenv
; SysmonLog
; Starter
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; SNDSrvc
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; safrslv
; SAFrdms
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Offline Files
; Oakley
; ntbackup
; NeroCheck
; MSSQLSERVER/MSDE
; MsiInstaller
; MSDTC Client
; MSDTC
; mnmsrvc
; Microsoft H.323 Telephony Service Provider
; Microsoft Fax
; Microsoft (R) Visual C# 2005 Compiler
; LoadPerf
; LiveUpdate
; HelpSvc
; Folder Redirection
; File Deployment
; EventSystem
; ESENT
; DrWatson
; DiskQuota
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; Automatic LiveUpdate Scheduler
; AutoEnrollment
; Autochk
; ASP.NET 2.0.50727.0
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; .NET Runtime Optimization Service
; .NET Runtime 2.0 Error Reporting
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,\
6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,\
69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,\
74,00,69,00,6f,00,6e,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,\
00,74,00,00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,00,\
69,00,6d,00,65,00,00,00,75,00,73,00,6e,00,6a,00,73,00,76,00,63,00,00,00,55,\
00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,00,55,00,73,00,65,00,72,00,\
65,00,6e,00,76,00,00,00,53,00,79,00,73,00,6d,00,6f,00,6e,00,4c,00,6f,00,67,\
00,00,00,53,00,74,00,61,00,72,00,74,00,65,00,72,00,00,00,53,00,70,00,6f,00,\
6f,00,6c,00,65,00,72,00,43,00,74,00,72,00,73,00,00,00,53,00,6f,00,66,00,74,\
00,77,00,61,00,72,00,65,00,20,00,52,00,65,00,73,00,74,00,72,00,69,00,63,00,\
74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,\
00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,49,00,6e,00,\
73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,53,00,4e,\
00,44,00,53,00,72,00,76,00,63,00,00,00,53,00,65,00,63,00,75,00,72,00,69,00,\
74,00,79,00,43,00,65,00,6e,00,74,00,65,00,72,00,00,00,53,00,63,00,6c,00,67,\
00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,65,00,53,00,72,00,76,00,00,00,\
53,00,63,00,65,00,43,00,6c,00,69,00,00,00,73,00,61,00,66,00,72,00,73,00,6c,\
00,76,00,00,00,53,00,41,00,46,00,72,00,64,00,6d,00,73,00,00,00,52,00,65,00,\
6d,00,6f,00,74,00,65,00,20,00,41,00,73,00,73,00,69,00,73,00,74,00,61,00,6e,\
00,63,00,65,00,00,00,50,00,65,00,72,00,66,00,50,00,72,00,6f,00,63,00,00,00,\
50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,65,00,72,00,66,00,4e,00,65,\
00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,00,6e,00,00,00,50,00,65,00,\
72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,72,00,66,00,44,00,69,00,73,\
00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,00,72,00,73,00,00,00,4f,00,\
66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,\
00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,00,74,00,62,00,61,00,63,00,\
6b,00,75,00,70,00,00,00,4e,00,65,00,72,00,6f,00,43,00,68,00,65,00,63,00,6b,\
00,00,00,4d,00,53,00,53,00,51,00,4c,00,53,00,45,00,52,00,56,00,45,00,52,00,\
2f,00,4d,00,53,00,44,00,45,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,\
00,61,00,6c,00,6c,00,65,00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,\
43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,00,\
00,6d,00,6e,00,6d,00,73,00,72,00,76,00,63,00,00,00,4d,00,69,00,63,00,72,00,\
6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,2e,00,33,00,32,00,33,00,20,00,54,\
00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,00,79,00,20,00,53,00,65,00,72,00,\
76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,\
00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,46,00,\
61,00,78,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,\
00,28,00,52,00,29,00,20,00,56,00,69,00,73,00,75,00,61,00,6c,00,20,00,43,00,\
23,00,20,00,32,00,30,00,30,00,35,00,20,00,43,00,6f,00,6d,00,70,00,69,00,6c,\
00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,00,65,00,72,00,66,00,00,00,\
4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,00,00,48,00,65,\
00,6c,00,70,00,53,00,76,00,63,00,00,00,46,00,6f,00,6c,00,64,00,65,00,72,00,\
20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,\
00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,70,00,6c,00,6f,00,79,00,6d,00,\
65,00,6e,00,74,00,00,00,45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,\
00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,00,54,00,00,00,44,00,72,00,57,00,\
61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,69,00,73,00,6b,00,51,00,75,00,6f,\
00,74,00,61,00,00,00,63,00,72,00,79,00,70,00,74,00,33,00,32,00,00,00,43,00,\
4f,00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,00,00,43,00,69,00,00,00,43,00,68,\
00,6b,00,64,00,73,00,6b,00,00,00,41,00,75,00,74,00,6f,00,6d,00,61,00,74,00,\
69,00,63,00,20,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,\
00,20,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,00,00,41,00,\
75,00,74,00,6f,00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,6e,00,74,\
00,00,00,41,00,75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,53,00,50,00,\
2e,00,4e,00,45,00,54,00,20,00,32,00,2e,00,30,00,2e,00,35,00,30,00,37,00,32,\
00,37,00,2e,00,30,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,\
31,00,2e,00,31,00,2e,00,34,00,33,00,32,00,32,00,2e,00,30,00,00,00,41,00,70,\
00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,\
6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,41,00,70,00,70,00,6c,\
00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,48,00,61,00,6e,00,67,00,\
00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,\
00,45,00,72,00,72,00,6f,00,72,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,\
75,00,6e,00,74,00,69,00,6d,00,65,00,20,00,4f,00,70,00,74,00,69,00,6d,00,69,\
00,7a,00,61,00,74,00,69,00,6f,00,6e,00,20,00,53,00,65,00,72,00,76,00,69,00,\
63,00,65,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,\
00,6d,00,65,00,20,00,32,00,2e,00,30,00,20,00,45,00,72,00,72,00,6f,00,72,00,\
20,00,52,00,65,00,70,00,6f,00,72,00,74,00,69,00,6e,00,67,00,00,00,2e,00,4e,\
00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,00,00,41,00,\
70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\.NET Runtime]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\.NET Runtime 2.0 Error Reporting]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\.NET Runtime Optimization Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CLR_OPTIMIZATION_V2.0.50727_32\0000]
"DeviceDesc"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RUNTIME2]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RUNTIME2\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RUNTIME2\0000]
"Service"="runtime2"
"DeviceDesc"="runtime2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\clr_optimization_v2.0.50727_32]
"DisplayName"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WebClient
; VSS
; VBRuntime
; usnjsvc
; Userinit
; Userenv
; SysmonLog
; Starter
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; SNDSrvc
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; safrslv
; SAFrdms
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Offline Files
; Oakley
; ntbackup
; NeroCheck
; MSSQLSERVER/MSDE
; MsiInstaller
; MSDTC Client
; MSDTC
; mnmsrvc
; Microsoft H.323 Telephony Service Provider
; Microsoft Fax
; Microsoft (R) Visual C# 2005 Compiler
; LoadPerf
; LiveUpdate
; HelpSvc
; Folder Redirection
; File Deployment
; F-Secure Management Agent
; EventSystem
; ESENT
; DrWatson
; DiskQuota
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; Automatic LiveUpdate Scheduler
; AutoEnrollment
; Autochk
; ASP.NET 2.0.50727.0
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; .NET Runtime Optimization Service
; .NET Runtime 2.0 Error Reporting
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,\
6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,\
69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,\
74,00,69,00,6f,00,6e,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,\
00,74,00,00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,00,\
69,00,6d,00,65,00,00,00,75,00,73,00,6e,00,6a,00,73,00,76,00,63,00,00,00,55,\
00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,00,55,00,73,00,65,00,72,00,\
65,00,6e,00,76,00,00,00,53,00,79,00,73,00,6d,00,6f,00,6e,00,4c,00,6f,00,67,\
00,00,00,53,00,74,00,61,00,72,00,74,00,65,00,72,00,00,00,53,00,70,00,6f,00,\
6f,00,6c,00,65,00,72,00,43,00,74,00,72,00,73,00,00,00,53,00,6f,00,66,00,74,\
00,77,00,61,00,72,00,65,00,20,00,52,00,65,00,73,00,74,00,72,00,69,00,63,00,\
74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,\
00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,49,00,6e,00,\
73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,53,00,4e,\
00,44,00,53,00,72,00,76,00,63,00,00,00,53,00,65,00,63,00,75,00,72,00,69,00,\
74,00,79,00,43,00,65,00,6e,00,74,00,65,00,72,00,00,00,53,00,63,00,6c,00,67,\
00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,65,00,53,00,72,00,76,00,00,00,\
53,00,63,00,65,00,43,00,6c,00,69,00,00,00,73,00,61,00,66,00,72,00,73,00,6c,\
00,76,00,00,00,53,00,41,00,46,00,72,00,64,00,6d,00,73,00,00,00,52,00,65,00,\
6d,00,6f,00,74,00,65,00,20,00,41,00,73,00,73,00,69,00,73,00,74,00,61,00,6e,\
00,63,00,65,00,00,00,50,00,65,00,72,00,66,00,50,00,72,00,6f,00,63,00,00,00,\
50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,65,00,72,00,66,00,4e,00,65,\
00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,00,6e,00,00,00,50,00,65,00,\
72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,72,00,66,00,44,00,69,00,73,\
00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,00,72,00,73,00,00,00,4f,00,\
66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,\
00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,00,74,00,62,00,61,00,63,00,\
6b,00,75,00,70,00,00,00,4e,00,65,00,72,00,6f,00,43,00,68,00,65,00,63,00,6b,\
00,00,00,4d,00,53,00,53,00,51,00,4c,00,53,00,45,00,52,00,56,00,45,00,52,00,\
2f,00,4d,00,53,00,44,00,45,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,\
00,61,00,6c,00,6c,00,65,00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,\
43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,00,\
00,6d,00,6e,00,6d,00,73,00,72,00,76,00,63,00,00,00,4d,00,69,00,63,00,72,00,\
6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,2e,00,33,00,32,00,33,00,20,00,54,\
00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,00,79,00,20,00,53,00,65,00,72,00,\
76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,\
00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,46,00,\
61,00,78,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,\
00,28,00,52,00,29,00,20,00,56,00,69,00,73,00,75,00,61,00,6c,00,20,00,43,00,\
23,00,20,00,32,00,30,00,30,00,35,00,20,00,43,00,6f,00,6d,00,70,00,69,00,6c,\
00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,00,65,00,72,00,66,00,00,00,\
4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,00,00,48,00,65,\
00,6c,00,70,00,53,00,76,00,63,00,00,00,46,00,6f,00,6c,00,64,00,65,00,72,00,\
20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,\
00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,70,00,6c,00,6f,00,79,00,6d,00,\
65,00,6e,00,74,00,00,00,46,00,2d,00,53,00,65,00,63,00,75,00,72,00,65,00,20,\
00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,20,00,41,00,\
67,00,65,00,6e,00,74,00,00,00,45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,\
00,74,00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,00,54,00,00,00,44,00,72,00,\
57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,69,00,73,00,6b,00,51,00,75,\
00,6f,00,74,00,61,00,00,00,63,00,72,00,79,00,70,00,74,00,33,00,32,00,00,00,\
43,00,4f,00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,00,00,43,00,69,00,00,00,43,\
00,68,00,6b,00,64,00,73,00,6b,00,00,00,41,00,75,00,74,00,6f,00,6d,00,61,00,\
74,00,69,00,63,00,20,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,\
00,65,00,20,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,00,00,\
41,00,75,00,74,00,6f,00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,6e,\
00,74,00,00,00,41,00,75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,53,00,\
50,00,2e,00,4e,00,45,00,54,00,20,00,32,00,2e,00,30,00,2e,00,35,00,30,00,37,\
00,32,00,37,00,2e,00,30,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,00,\
20,00,31,00,2e,00,31,00,2e,00,34,00,33,00,32,00,32,00,2e,00,30,00,00,00,41,\
00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,4d,00,\
61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,41,00,70,00,70,\
00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,48,00,61,00,6e,00,\
67,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\
00,20,00,45,00,72,00,72,00,6f,00,72,00,00,00,2e,00,4e,00,45,00,54,00,20,00,\
52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,20,00,4f,00,70,00,74,00,69,00,6d,\
00,69,00,7a,00,61,00,74,00,69,00,6f,00,6e,00,20,00,53,00,65,00,72,00,76,00,\
69,00,63,00,65,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,\
00,69,00,6d,00,65,00,20,00,32,00,2e,00,30,00,20,00,45,00,72,00,72,00,6f,00,\
72,00,20,00,52,00,65,00,70,00,6f,00,72,00,74,00,69,00,6e,00,67,00,00,00,2e,\
00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,00,00,\
41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,\
00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\.NET Runtime]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\.NET Runtime 2.0 Error Reporting]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\.NET Runtime Optimization Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CLR_OPTIMIZATION_V2.0.50727_32\0000]
"DeviceDesc"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_RUNTIME2]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_RUNTIME2\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_RUNTIME2\0000]
"Service"="runtime2"
"DeviceDesc"="runtime2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_RUNTIME2\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\clr_optimization_v2.0.50727_32]
"DisplayName"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WebClient
; VSS
; VBRuntime
; Userinit
; Userenv
; SysmonLog
; Starter
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; SNDSrvc
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; safrslv
; SAFrdms
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Offline Files
; Oakley
; ntbackup
; NeroCheck
; MSSQLSERVER/MSDE
; MsiInstaller
; MSDTC Client
; MSDTC
; mnmsrvc
; Microsoft H.323 Telephony Service Provider
; Microsoft Fax
; Microsoft (R) Visual C# 2005 Compiler
; LoadPerf
; LiveUpdate
; HelpSvc
; Folder Redirection
; File Deployment
; F-Secure Management Agent
; EventSystem
; ESENT
; DrWatson
; DiskQuota
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; AVG7
; Automatic LiveUpdate Scheduler
; AutoEnrollment
; Autochk
; ASP.NET 2.0.50727.0
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; .NET Runtime Optimization Service
; .NET Runtime 2.0 Error Reporting
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,\
6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,\
69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,\
74,00,69,00,6f,00,6e,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,\
00,74,00,00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,00,\
69,00,6d,00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,\
00,55,00,73,00,65,00,72,00,65,00,6e,00,76,00,00,00,53,00,79,00,73,00,6d,00,\
6f,00,6e,00,4c,00,6f,00,67,00,00,00,53,00,74,00,61,00,72,00,74,00,65,00,72,\
00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,43,00,74,00,72,00,73,00,\
00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,52,00,65,00,73,\
00,74,00,72,00,69,00,63,00,74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,6c,00,\
69,00,63,00,69,00,65,00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,\
00,65,00,20,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,53,00,4e,00,44,00,53,00,72,00,76,00,63,00,00,00,53,00,65,\
00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,6e,00,74,00,65,00,72,00,\
00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,65,\
00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,6c,00,69,00,00,00,73,00,\
61,00,66,00,72,00,73,00,6c,00,76,00,00,00,53,00,41,00,46,00,72,00,64,00,6d,\
00,73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,20,00,41,00,73,00,73,00,\
69,00,73,00,74,00,61,00,6e,00,63,00,65,00,00,00,50,00,65,00,72,00,66,00,50,\
00,72,00,6f,00,63,00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,\
65,00,72,00,66,00,4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,\
00,6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,\
72,00,66,00,44,00,69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,\
00,72,00,73,00,00,00,4f,00,66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,\
69,00,6c,00,65,00,73,00,00,00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,\
00,74,00,62,00,61,00,63,00,6b,00,75,00,70,00,00,00,4e,00,65,00,72,00,6f,00,\
43,00,68,00,65,00,63,00,6b,00,00,00,4d,00,53,00,53,00,51,00,4c,00,53,00,45,\
00,52,00,56,00,45,00,52,00,2f,00,4d,00,53,00,44,00,45,00,00,00,4d,00,73,00,\
69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,4d,00,53,\
00,44,00,54,00,43,00,20,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4d,00,\
53,00,44,00,54,00,43,00,00,00,6d,00,6e,00,6d,00,73,00,72,00,76,00,63,00,00,\
00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,2e,00,\
33,00,32,00,33,00,20,00,54,00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,00,79,\
00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,\
76,00,69,00,64,00,65,00,72,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,\
00,66,00,74,00,20,00,46,00,61,00,78,00,00,00,4d,00,69,00,63,00,72,00,6f,00,\
73,00,6f,00,66,00,74,00,20,00,28,00,52,00,29,00,20,00,56,00,69,00,73,00,75,\
00,61,00,6c,00,20,00,43,00,23,00,20,00,32,00,30,00,30,00,35,00,20,00,43,00,\
6f,00,6d,00,70,00,69,00,6c,00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,\
00,65,00,72,00,66,00,00,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,\
74,00,65,00,00,00,48,00,65,00,6c,00,70,00,53,00,76,00,63,00,00,00,46,00,6f,\
00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,00,\
74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,70,\
00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,46,00,2d,00,53,00,65,00,\
63,00,75,00,72,00,65,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,\
00,6e,00,74,00,20,00,41,00,67,00,65,00,6e,00,74,00,00,00,45,00,76,00,65,00,\
6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,\
00,54,00,00,00,44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,\
69,00,73,00,6b,00,51,00,75,00,6f,00,74,00,61,00,00,00,63,00,72,00,79,00,70,\
00,74,00,33,00,32,00,00,00,43,00,4f,00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,\
00,00,43,00,69,00,00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,00,41,00,56,\
00,47,00,37,00,00,00,41,00,75,00,74,00,6f,00,6d,00,61,00,74,00,69,00,63,00,\
20,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,20,00,53,\
00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,00,00,41,00,75,00,74,00,\
6f,00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,6e,00,74,00,00,00,41,\
00,75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,53,00,50,00,2e,00,4e,00,\
45,00,54,00,20,00,32,00,2e,00,30,00,2e,00,35,00,30,00,37,00,32,00,37,00,2e,\
00,30,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,31,00,2e,00,\
31,00,2e,00,34,00,33,00,32,00,32,00,2e,00,30,00,00,00,41,00,70,00,70,00,6c,\
00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,\
67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,\
00,61,00,74,00,69,00,6f,00,6e,00,20,00,48,00,61,00,6e,00,67,00,00,00,41,00,\
70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,45,00,72,\
00,72,00,6f,00,72,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,\
74,00,69,00,6d,00,65,00,20,00,4f,00,70,00,74,00,69,00,6d,00,69,00,7a,00,61,\
00,74,00,69,00,6f,00,6e,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,\
00,20,00,32,00,2e,00,30,00,20,00,45,00,72,00,72,00,6f,00,72,00,20,00,52,00,\
65,00,70,00,6f,00,72,00,74,00,69,00,6e,00,67,00,00,00,2e,00,4e,00,45,00,54,\
00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,00,00,41,00,70,00,70,00,\
6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\.NET Runtime]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\.NET Runtime 2.0 Error Reporting]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\.NET Runtime Optimization Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_CLR_OPTIMIZATION_V2.0.50727_32\0000]
"DeviceDesc"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_RUNTIME2]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_RUNTIME2\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_RUNTIME2\0000]
"Service"="runtime2"
"DeviceDesc"="runtime2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_RUNTIME2\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_RUNTIME2\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_RUNTIME2\0000\Control]
"ActiveService"="runtime2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\clr_optimization_v2.0.50727_32]
"DisplayName"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WebClient
; VSS
; VBRuntime
; Userinit
; Userenv
; SysmonLog
; Starter
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; SNDSrvc
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; safrslv
; SAFrdms
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Offline Files
; Oakley
; ntbackup
; NeroCheck
; MSSQLSERVER/MSDE
; MsiInstaller
; MSDTC Client
; MSDTC
; mnmsrvc
; Microsoft H.323 Telephony Service Provider
; Microsoft Fax
; Microsoft (R) Visual C# 2005 Compiler
; LoadPerf
; LiveUpdate
; HelpSvc
; Folder Redirection
; File Deployment
; F-Secure Management Agent
; EventSystem
; ESENT
; DrWatson
; DiskQuota
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; AVG7
; Automatic LiveUpdate Scheduler
; AutoEnrollment
; Autochk
; ASP.NET 2.0.50727.0
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; .NET Runtime Optimization Service
; .NET Runtime 2.0 Error Reporting
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,\
6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,\
69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,\
74,00,69,00,6f,00,6e,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,\
00,74,00,00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,00,\
69,00,6d,00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,\
00,55,00,73,00,65,00,72,00,65,00,6e,00,76,00,00,00,53,00,79,00,73,00,6d,00,\
6f,00,6e,00,4c,00,6f,00,67,00,00,00,53,00,74,00,61,00,72,00,74,00,65,00,72,\
00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,43,00,74,00,72,00,73,00,\
00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,52,00,65,00,73,\
00,74,00,72,00,69,00,63,00,74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,6c,00,\
69,00,63,00,69,00,65,00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,\
00,65,00,20,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,53,00,4e,00,44,00,53,00,72,00,76,00,63,00,00,00,53,00,65,\
00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,6e,00,74,00,65,00,72,00,\
00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,65,\
00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,6c,00,69,00,00,00,73,00,\
61,00,66,00,72,00,73,00,6c,00,76,00,00,00,53,00,41,00,46,00,72,00,64,00,6d,\
00,73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,20,00,41,00,73,00,73,00,\
69,00,73,00,74,00,61,00,6e,00,63,00,65,00,00,00,50,00,65,00,72,00,66,00,50,\
00,72,00,6f,00,63,00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,\
65,00,72,00,66,00,4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,\
00,6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,\
72,00,66,00,44,00,69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,\
00,72,00,73,00,00,00,4f,00,66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,\
69,00,6c,00,65,00,73,00,00,00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,\
00,74,00,62,00,61,00,63,00,6b,00,75,00,70,00,00,00,4e,00,65,00,72,00,6f,00,\
43,00,68,00,65,00,63,00,6b,00,00,00,4d,00,53,00,53,00,51,00,4c,00,53,00,45,\
00,52,00,56,00,45,00,52,00,2f,00,4d,00,53,00,44,00,45,00,00,00,4d,00,73,00,\
69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,4d,00,53,\
00,44,00,54,00,43,00,20,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4d,00,\
53,00,44,00,54,00,43,00,00,00,6d,00,6e,00,6d,00,73,00,72,00,76,00,63,00,00,\
00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,2e,00,\
33,00,32,00,33,00,20,00,54,00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,00,79,\
00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,\
76,00,69,00,64,00,65,00,72,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,\
00,66,00,74,00,20,00,46,00,61,00,78,00,00,00,4d,00,69,00,63,00,72,00,6f,00,\
73,00,6f,00,66,00,74,00,20,00,28,00,52,00,29,00,20,00,56,00,69,00,73,00,75,\
00,61,00,6c,00,20,00,43,00,23,00,20,00,32,00,30,00,30,00,35,00,20,00,43,00,\
6f,00,6d,00,70,00,69,00,6c,00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,\
00,65,00,72,00,66,00,00,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,\
74,00,65,00,00,00,48,00,65,00,6c,00,70,00,53,00,76,00,63,00,00,00,46,00,6f,\
00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,00,\
74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,70,\
00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,46,00,2d,00,53,00,65,00,\
63,00,75,00,72,00,65,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,\
00,6e,00,74,00,20,00,41,00,67,00,65,00,6e,00,74,00,00,00,45,00,76,00,65,00,\
6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,\
00,54,00,00,00,44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,\
69,00,73,00,6b,00,51,00,75,00,6f,00,74,00,61,00,00,00,63,00,72,00,79,00,70,\
00,74,00,33,00,32,00,00,00,43,00,4f,00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,\
00,00,43,00,69,00,00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,00,41,00,56,\
00,47,00,37,00,00,00,41,00,75,00,74,00,6f,00,6d,00,61,00,74,00,69,00,63,00,\
20,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,20,00,53,\
00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,00,00,41,00,75,00,74,00,\
6f,00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,6e,00,74,00,00,00,41,\
00,75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,53,00,50,00,2e,00,4e,00,\
45,00,54,00,20,00,32,00,2e,00,30,00,2e,00,35,00,30,00,37,00,32,00,37,00,2e,\
00,30,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,31,00,2e,00,\
31,00,2e,00,34,00,33,00,32,00,32,00,2e,00,30,00,00,00,41,00,70,00,70,00,6c,\
00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,\
67,00,6
voici le rapport de Bitdefender :
BitDefender Online Scanner
Scan report generated at: Mon, Sep 24, 2007 - 14:02:00
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;
Statistics
Time
00:51:11
Files
348364
Folders
6586
Boot Sectors
4
Archives
7351
Packed Files
26667
Results
Identified Viruses
2
Infected Files
4
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
4
Engines Info
Virus Definitions
823498
Engine build
AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\System Volume Information\_restore{6C8E7B52-D81C-4AFE-8CB4-40363E703700}\RP1\A0001009.exe
Infected with: Trojan.Kobcka.L
C:\System Volume Information\_restore{6C8E7B52-D81C-4AFE-8CB4-40363E703700}\RP1\A0001009.exe
Disinfection failed
C:\System Volume Information\_restore{6C8E7B52-D81C-4AFE-8CB4-40363E703700}\RP1\A0001009.exe
Deleted
C:\WINDOWS\temp\startdrv.exe
Infected with: Trojan.Kobcka.L
C:\WINDOWS\temp\startdrv.exe
Disinfection failed
C:\WINDOWS\temp\startdrv.exe
Deleted
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\drivers\ip6fw.sys
Infected with: Rootkit.Agent.DP
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\drivers\ip6fw.sys
Disinfection failed
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\drivers\ip6fw.sys
Deleted
C:\_OTMoveIt\MovedFiles\WINDOWS\Temp\startdrv.exe
Infected with: Trojan.Kobcka.L
C:\_OTMoveIt\MovedFiles\WINDOWS\Temp\startdrv.exe
Disinfection failed
C:\_OTMoveIt\MovedFiles\WINDOWS\Temp\startdrv.exe
Deleted
--la ligne à été fixé avec hijackthis ( eo rezo )
voici le rapport de SmitfraudFix :
SmitFraudFix v2.227
Rapport fait à 16:08:08,09, 24/09/2007
Executé à partir de C:\Documents and Settings\Barros\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Barros
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Barros\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Barros\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: SiS 900 PCI Fast Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3C7D350F-0EE3-4047-A4A0-FE12EB8A3C98}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3C7D350F-0EE3-4047-A4A0-FE12EB8A3C98}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3C7D350F-0EE3-4047-A4A0-FE12EB8A3C98}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3C7D350F-0EE3-4047-A4A0-FE12EB8A3C98}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
rapport de regsearch :
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 24/09/2007 16:10:35 for strings:
; ' runtime'
; 'runtime2'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLRMetaData.CLRRuntimeHost]
@="Microsoft Common Language Runtime Host V2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLRMetaData.CLRRuntimeHost.1]
@="Microsoft Common Language Runtime Host V2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLRMetaData.CLRRuntimeHost.2]
@="Microsoft Common Language Runtime Host V2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLRMetaData.CorMetaDataDispenser]
@="Microsoft Common Language Runtime Meta Data"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLRMetaData.CorMetaDataDispenser.2]
@="Microsoft Common Language Runtime Meta Data"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLRMetaData.CorMetaDataDispenserRuntime]
@="Microsoft Common Language Runtime Meta Data"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLRMetaData.CorMetaDataDispenserRuntime.2]
@="Microsoft Common Language Runtime Meta Data"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLRMetaData.CorRuntimeHost]
@="Microsoft Common Language Runtime Host"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLRMetaData.CorRuntimeHost.2]
@="Microsoft Common Language Runtime Host"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{047A9A40-657E-11D3-8D5B-00104B35E7EF}]
@="Microsoft Common Language Runtime Debugger Publisher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{183C259A-0480-11d1-87EA-00C04FC29D46}]
@="LM Runtime Control"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1EC2DE53-75CC-11d2-9775-00A0C9B4D50C}]
@="Microsoft Common Language Runtime Meta Data"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FEF44D0-39E7-4C77-BE8E-C9F8CF988630}]
@="Microsoft Common Language Runtime Debugger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90F1A06E-7712-4762-86B5-7A5EBA6BDB01}]
@="Microsoft Common Language Runtime Meta Data V2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90F1A06E-7712-4762-86B5-7A5EBA6BDB02}]
@="Microsoft Common Language Runtime Meta Data V2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB2F6723-AB3A-11d2-9C40-00C04FA30A3E}]
@="Microsoft Common Language Runtime Meta Data"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5CB7A31-7512-11D2-89CE-0080C792E5D8}]
@="Microsoft Common Language Runtime Meta Data"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComPlusDebug.CorDebug]
@="Microsoft Common Language Runtime Debugger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComPlusDebug.CorDebug.1]
@="Microsoft Common Language Runtime Debugger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComPlusDebug.CorpubPublish]
@="Microsoft Common Language Runtime Debugger Publisher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComPlusDebug.CorpubPublish.1]
@="Microsoft Common Language Runtime Debugger Publisher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ComPlusMetaData.MsCorHost.2]
@="Microsoft COM+ Runtime Meta Data"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510005]
"ProductName"="J2SE Runtime Environment 5.0 Update 5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510005\SourceList]
"PackageName"="J2SE Runtime Environment 5.0 Update 5.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006]
"ProductName"="J2SE Runtime Environment 5.0 Update 6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510009]
"ProductName"="J2SE Runtime Environment 5.0 Update 9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000]
"ProductName"="J2SE Runtime Environment 5.0 Update 10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001]
"ProductName"="J2SE Runtime Environment 5.0 Update 11"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LM.LMReader]
@="LM Runtime Control"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LM.LMReader.1]
@="LM Runtime Control"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\Multimedia\Components\Installed\playback_wmfsdk]
@="Windows Media Format Runtime"
"DESCRIPTION"="Windows Media Format Runtime provides efficient playback of Windows Media files. This component must be installed for the software to function."
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{27D2CF3C-D5B0-11D2-8094-00104B1F9838}\1.0]
@="InstallShield Runtime 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}\1.0]
@="Microsoft Scripting Runtime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5477469E-83B1-11D2-8B49-00A0C9B7C9C4}\1.1]
@="Common Language Runtime Execution Engine 1.0 Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5477469E-83B1-11D2-8B49-00A0C9B7C9C4}\2.0]
@="Common Language Runtime Execution Engine 2.0 Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{97177EBC-0C54-11D0-B407-00AA00C14969}\5.0]
@="Visual Basic runtime objects and procedures"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BED7F4EA-1A96-11D2-8F08-00A0C9A6186D}\1.a]
@="Common Language Runtime Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}\6.0]
@="Visual Basic runtime objects and procedures"
[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment]
[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.5]
[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_05]
[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06]
[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09]
[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10]
[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11]
[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11\MSI]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
@="Java Runtime Environment 1.5.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
@="Java Runtime Environment 1.5.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
@="Java Runtime Environment 1.5.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
@="Java Runtime Environment 1.5.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
@="Java Runtime Environment 1.5.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
@="Java Runtime Environment 1.5.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
@="Java Runtime Environment 1.5.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\10]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\11]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\12]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\13]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\14]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\15]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\16]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\17]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\18]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\19]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\20]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\21]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\22]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\23]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\24]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\25]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\27]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\28]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\29]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\30]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\31]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\34]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\35]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\36]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\37]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\38]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\39]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\4]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\40]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\41]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\42]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\44]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\45]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\46]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\47]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\48]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\49]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\5]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\50]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\51]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\52]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\53]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\54]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\55]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\56]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\57]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\58]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\59]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\6]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\60]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\61]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\62]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\63]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\64]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\65]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\66]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\67]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\68]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\69]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\70]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\71]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\72]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\73]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\74]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\75]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\76]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\77]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\78]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\79]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\8]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\80]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\81]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\82]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\83]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\84]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\85]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\86]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\87]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\88]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\89]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\9]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\90]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\91]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\92]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\93]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist\94]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\WMFDist11]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Format 11 runtime\WMFDist11]
"PackageName"="Windows Media Format 11 runtime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Media Format Runtime]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510005\InstallProperties]
"DisplayName"="J2SE Runtime Environment 5.0 Update 5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006\InstallProperties]
"DisplayName"="J2SE Runtime Environment 5.0 Update 6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510009\InstallProperties]
"DisplayName"="J2SE Runtime Environment 5.0 Update 9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000\InstallProperties]
"DisplayName"="J2SE Runtime Environment 5.0 Update 10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001\InstallProperties]
"DisplayName"="J2SE Runtime Environment 5.0 Update 11"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime]
"DisplayName"="Windows Media Format 11 runtime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMFDist11]
"DisplayName"="Windows Media Format 11 runtime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150050}]
"DisplayName"="J2SE Runtime Environment 5.0 Update 5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}]
"DisplayName"="J2SE Runtime Environment 5.0 Update 6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150090}]
"DisplayName"="J2SE Runtime Environment 5.0 Update 9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100}]
"DisplayName"="J2SE Runtime Environment 5.0 Update 10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}]
"DisplayName"="J2SE Runtime Environment 5.0 Update 11"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CLR_OPTIMIZATION_V2.0.50727_32\0000]
"DeviceDesc"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RUNTIME2]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RUNTIME2\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RUNTIME2\0000]
"Service"="runtime2"
"DeviceDesc"="runtime2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"DisplayName"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WebClient
; VSS
; VBRuntime
; usnjsvc
; Userinit
; Userenv
; SysmonLog
; Starter
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; SNDSrvc
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; safrslv
; SAFrdms
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Offline Files
; Oakley
; ntbackup
; NeroCheck
; MSSQLSERVER/MSDE
; MsiInstaller
; MSDTC Client
; MSDTC
; mnmsrvc
; Microsoft H.323 Telephony Service Provider
; Microsoft Fax
; Microsoft (R) Visual C# 2005 Compiler
; LoadPerf
; LiveUpdate
; HelpSvc
; Folder Redirection
; File Deployment
; EventSystem
; ESENT
; DrWatson
; DiskQuota
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; Automatic LiveUpdate Scheduler
; AutoEnrollment
; Autochk
; ASP.NET 2.0.50727.0
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; .NET Runtime Optimization Service
; .NET Runtime 2.0 Error Reporting
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,\
6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,\
69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,\
74,00,69,00,6f,00,6e,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,\
00,74,00,00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,00,\
69,00,6d,00,65,00,00,00,75,00,73,00,6e,00,6a,00,73,00,76,00,63,00,00,00,55,\
00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,00,55,00,73,00,65,00,72,00,\
65,00,6e,00,76,00,00,00,53,00,79,00,73,00,6d,00,6f,00,6e,00,4c,00,6f,00,67,\
00,00,00,53,00,74,00,61,00,72,00,74,00,65,00,72,00,00,00,53,00,70,00,6f,00,\
6f,00,6c,00,65,00,72,00,43,00,74,00,72,00,73,00,00,00,53,00,6f,00,66,00,74,\
00,77,00,61,00,72,00,65,00,20,00,52,00,65,00,73,00,74,00,72,00,69,00,63,00,\
74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,\
00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,49,00,6e,00,\
73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,53,00,4e,\
00,44,00,53,00,72,00,76,00,63,00,00,00,53,00,65,00,63,00,75,00,72,00,69,00,\
74,00,79,00,43,00,65,00,6e,00,74,00,65,00,72,00,00,00,53,00,63,00,6c,00,67,\
00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,65,00,53,00,72,00,76,00,00,00,\
53,00,63,00,65,00,43,00,6c,00,69,00,00,00,73,00,61,00,66,00,72,00,73,00,6c,\
00,76,00,00,00,53,00,41,00,46,00,72,00,64,00,6d,00,73,00,00,00,52,00,65,00,\
6d,00,6f,00,74,00,65,00,20,00,41,00,73,00,73,00,69,00,73,00,74,00,61,00,6e,\
00,63,00,65,00,00,00,50,00,65,00,72,00,66,00,50,00,72,00,6f,00,63,00,00,00,\
50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,65,00,72,00,66,00,4e,00,65,\
00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,00,6e,00,00,00,50,00,65,00,\
72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,72,00,66,00,44,00,69,00,73,\
00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,00,72,00,73,00,00,00,4f,00,\
66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,\
00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,00,74,00,62,00,61,00,63,00,\
6b,00,75,00,70,00,00,00,4e,00,65,00,72,00,6f,00,43,00,68,00,65,00,63,00,6b,\
00,00,00,4d,00,53,00,53,00,51,00,4c,00,53,00,45,00,52,00,56,00,45,00,52,00,\
2f,00,4d,00,53,00,44,00,45,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,\
00,61,00,6c,00,6c,00,65,00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,\
43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,00,\
00,6d,00,6e,00,6d,00,73,00,72,00,76,00,63,00,00,00,4d,00,69,00,63,00,72,00,\
6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,2e,00,33,00,32,00,33,00,20,00,54,\
00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,00,79,00,20,00,53,00,65,00,72,00,\
76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,\
00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,46,00,\
61,00,78,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,\
00,28,00,52,00,29,00,20,00,56,00,69,00,73,00,75,00,61,00,6c,00,20,00,43,00,\
23,00,20,00,32,00,30,00,30,00,35,00,20,00,43,00,6f,00,6d,00,70,00,69,00,6c,\
00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,00,65,00,72,00,66,00,00,00,\
4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,00,00,48,00,65,\
00,6c,00,70,00,53,00,76,00,63,00,00,00,46,00,6f,00,6c,00,64,00,65,00,72,00,\
20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,\
00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,70,00,6c,00,6f,00,79,00,6d,00,\
65,00,6e,00,74,00,00,00,45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,\
00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,00,54,00,00,00,44,00,72,00,57,00,\
61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,69,00,73,00,6b,00,51,00,75,00,6f,\
00,74,00,61,00,00,00,63,00,72,00,79,00,70,00,74,00,33,00,32,00,00,00,43,00,\
4f,00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,00,00,43,00,69,00,00,00,43,00,68,\
00,6b,00,64,00,73,00,6b,00,00,00,41,00,75,00,74,00,6f,00,6d,00,61,00,74,00,\
69,00,63,00,20,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,\
00,20,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,00,00,41,00,\
75,00,74,00,6f,00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,6e,00,74,\
00,00,00,41,00,75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,53,00,50,00,\
2e,00,4e,00,45,00,54,00,20,00,32,00,2e,00,30,00,2e,00,35,00,30,00,37,00,32,\
00,37,00,2e,00,30,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,\
31,00,2e,00,31,00,2e,00,34,00,33,00,32,00,32,00,2e,00,30,00,00,00,41,00,70,\
00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,\
6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,41,00,70,00,70,00,6c,\
00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,48,00,61,00,6e,00,67,00,\
00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,\
00,45,00,72,00,72,00,6f,00,72,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,\
75,00,6e,00,74,00,69,00,6d,00,65,00,20,00,4f,00,70,00,74,00,69,00,6d,00,69,\
00,7a,00,61,00,74,00,69,00,6f,00,6e,00,20,00,53,00,65,00,72,00,76,00,69,00,\
63,00,65,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,\
00,6d,00,65,00,20,00,32,00,2e,00,30,00,20,00,45,00,72,00,72,00,6f,00,72,00,\
20,00,52,00,65,00,70,00,6f,00,72,00,74,00,69,00,6e,00,67,00,00,00,2e,00,4e,\
00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,00,00,41,00,\
70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\.NET Runtime]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\.NET Runtime 2.0 Error Reporting]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\.NET Runtime Optimization Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CLR_OPTIMIZATION_V2.0.50727_32\0000]
"DeviceDesc"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RUNTIME2]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RUNTIME2\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RUNTIME2\0000]
"Service"="runtime2"
"DeviceDesc"="runtime2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\clr_optimization_v2.0.50727_32]
"DisplayName"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WebClient
; VSS
; VBRuntime
; usnjsvc
; Userinit
; Userenv
; SysmonLog
; Starter
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; SNDSrvc
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; safrslv
; SAFrdms
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Offline Files
; Oakley
; ntbackup
; NeroCheck
; MSSQLSERVER/MSDE
; MsiInstaller
; MSDTC Client
; MSDTC
; mnmsrvc
; Microsoft H.323 Telephony Service Provider
; Microsoft Fax
; Microsoft (R) Visual C# 2005 Compiler
; LoadPerf
; LiveUpdate
; HelpSvc
; Folder Redirection
; File Deployment
; F-Secure Management Agent
; EventSystem
; ESENT
; DrWatson
; DiskQuota
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; Automatic LiveUpdate Scheduler
; AutoEnrollment
; Autochk
; ASP.NET 2.0.50727.0
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; .NET Runtime Optimization Service
; .NET Runtime 2.0 Error Reporting
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,\
6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,\
69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,\
74,00,69,00,6f,00,6e,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,\
00,74,00,00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,00,\
69,00,6d,00,65,00,00,00,75,00,73,00,6e,00,6a,00,73,00,76,00,63,00,00,00,55,\
00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,00,55,00,73,00,65,00,72,00,\
65,00,6e,00,76,00,00,00,53,00,79,00,73,00,6d,00,6f,00,6e,00,4c,00,6f,00,67,\
00,00,00,53,00,74,00,61,00,72,00,74,00,65,00,72,00,00,00,53,00,70,00,6f,00,\
6f,00,6c,00,65,00,72,00,43,00,74,00,72,00,73,00,00,00,53,00,6f,00,66,00,74,\
00,77,00,61,00,72,00,65,00,20,00,52,00,65,00,73,00,74,00,72,00,69,00,63,00,\
74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,\
00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,49,00,6e,00,\
73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,53,00,4e,\
00,44,00,53,00,72,00,76,00,63,00,00,00,53,00,65,00,63,00,75,00,72,00,69,00,\
74,00,79,00,43,00,65,00,6e,00,74,00,65,00,72,00,00,00,53,00,63,00,6c,00,67,\
00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,65,00,53,00,72,00,76,00,00,00,\
53,00,63,00,65,00,43,00,6c,00,69,00,00,00,73,00,61,00,66,00,72,00,73,00,6c,\
00,76,00,00,00,53,00,41,00,46,00,72,00,64,00,6d,00,73,00,00,00,52,00,65,00,\
6d,00,6f,00,74,00,65,00,20,00,41,00,73,00,73,00,69,00,73,00,74,00,61,00,6e,\
00,63,00,65,00,00,00,50,00,65,00,72,00,66,00,50,00,72,00,6f,00,63,00,00,00,\
50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,65,00,72,00,66,00,4e,00,65,\
00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,00,6e,00,00,00,50,00,65,00,\
72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,72,00,66,00,44,00,69,00,73,\
00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,00,72,00,73,00,00,00,4f,00,\
66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,\
00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,00,74,00,62,00,61,00,63,00,\
6b,00,75,00,70,00,00,00,4e,00,65,00,72,00,6f,00,43,00,68,00,65,00,63,00,6b,\
00,00,00,4d,00,53,00,53,00,51,00,4c,00,53,00,45,00,52,00,56,00,45,00,52,00,\
2f,00,4d,00,53,00,44,00,45,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,\
00,61,00,6c,00,6c,00,65,00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,\
43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,00,\
00,6d,00,6e,00,6d,00,73,00,72,00,76,00,63,00,00,00,4d,00,69,00,63,00,72,00,\
6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,2e,00,33,00,32,00,33,00,20,00,54,\
00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,00,79,00,20,00,53,00,65,00,72,00,\
76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,\
00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,46,00,\
61,00,78,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,\
00,28,00,52,00,29,00,20,00,56,00,69,00,73,00,75,00,61,00,6c,00,20,00,43,00,\
23,00,20,00,32,00,30,00,30,00,35,00,20,00,43,00,6f,00,6d,00,70,00,69,00,6c,\
00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,00,65,00,72,00,66,00,00,00,\
4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,00,00,48,00,65,\
00,6c,00,70,00,53,00,76,00,63,00,00,00,46,00,6f,00,6c,00,64,00,65,00,72,00,\
20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,\
00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,70,00,6c,00,6f,00,79,00,6d,00,\
65,00,6e,00,74,00,00,00,46,00,2d,00,53,00,65,00,63,00,75,00,72,00,65,00,20,\
00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,20,00,41,00,\
67,00,65,00,6e,00,74,00,00,00,45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,\
00,74,00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,00,54,00,00,00,44,00,72,00,\
57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,69,00,73,00,6b,00,51,00,75,\
00,6f,00,74,00,61,00,00,00,63,00,72,00,79,00,70,00,74,00,33,00,32,00,00,00,\
43,00,4f,00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,00,00,43,00,69,00,00,00,43,\
00,68,00,6b,00,64,00,73,00,6b,00,00,00,41,00,75,00,74,00,6f,00,6d,00,61,00,\
74,00,69,00,63,00,20,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,\
00,65,00,20,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,00,00,\
41,00,75,00,74,00,6f,00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,6e,\
00,74,00,00,00,41,00,75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,53,00,\
50,00,2e,00,4e,00,45,00,54,00,20,00,32,00,2e,00,30,00,2e,00,35,00,30,00,37,\
00,32,00,37,00,2e,00,30,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,00,\
20,00,31,00,2e,00,31,00,2e,00,34,00,33,00,32,00,32,00,2e,00,30,00,00,00,41,\
00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,4d,00,\
61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,41,00,70,00,70,\
00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,48,00,61,00,6e,00,\
67,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\
00,20,00,45,00,72,00,72,00,6f,00,72,00,00,00,2e,00,4e,00,45,00,54,00,20,00,\
52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,20,00,4f,00,70,00,74,00,69,00,6d,\
00,69,00,7a,00,61,00,74,00,69,00,6f,00,6e,00,20,00,53,00,65,00,72,00,76,00,\
69,00,63,00,65,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,\
00,69,00,6d,00,65,00,20,00,32,00,2e,00,30,00,20,00,45,00,72,00,72,00,6f,00,\
72,00,20,00,52,00,65,00,70,00,6f,00,72,00,74,00,69,00,6e,00,67,00,00,00,2e,\
00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,00,00,\
41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,\
00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\.NET Runtime]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\.NET Runtime 2.0 Error Reporting]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\.NET Runtime Optimization Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CLR_OPTIMIZATION_V2.0.50727_32\0000]
"DeviceDesc"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_RUNTIME2]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_RUNTIME2\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_RUNTIME2\0000]
"Service"="runtime2"
"DeviceDesc"="runtime2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_RUNTIME2\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\clr_optimization_v2.0.50727_32]
"DisplayName"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WebClient
; VSS
; VBRuntime
; Userinit
; Userenv
; SysmonLog
; Starter
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; SNDSrvc
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; safrslv
; SAFrdms
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Offline Files
; Oakley
; ntbackup
; NeroCheck
; MSSQLSERVER/MSDE
; MsiInstaller
; MSDTC Client
; MSDTC
; mnmsrvc
; Microsoft H.323 Telephony Service Provider
; Microsoft Fax
; Microsoft (R) Visual C# 2005 Compiler
; LoadPerf
; LiveUpdate
; HelpSvc
; Folder Redirection
; File Deployment
; F-Secure Management Agent
; EventSystem
; ESENT
; DrWatson
; DiskQuota
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; AVG7
; Automatic LiveUpdate Scheduler
; AutoEnrollment
; Autochk
; ASP.NET 2.0.50727.0
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; .NET Runtime Optimization Service
; .NET Runtime 2.0 Error Reporting
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,\
6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,\
69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,\
74,00,69,00,6f,00,6e,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,\
00,74,00,00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,00,\
69,00,6d,00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,\
00,55,00,73,00,65,00,72,00,65,00,6e,00,76,00,00,00,53,00,79,00,73,00,6d,00,\
6f,00,6e,00,4c,00,6f,00,67,00,00,00,53,00,74,00,61,00,72,00,74,00,65,00,72,\
00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,43,00,74,00,72,00,73,00,\
00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,52,00,65,00,73,\
00,74,00,72,00,69,00,63,00,74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,6c,00,\
69,00,63,00,69,00,65,00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,\
00,65,00,20,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,53,00,4e,00,44,00,53,00,72,00,76,00,63,00,00,00,53,00,65,\
00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,6e,00,74,00,65,00,72,00,\
00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,65,\
00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,6c,00,69,00,00,00,73,00,\
61,00,66,00,72,00,73,00,6c,00,76,00,00,00,53,00,41,00,46,00,72,00,64,00,6d,\
00,73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,20,00,41,00,73,00,73,00,\
69,00,73,00,74,00,61,00,6e,00,63,00,65,00,00,00,50,00,65,00,72,00,66,00,50,\
00,72,00,6f,00,63,00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,\
65,00,72,00,66,00,4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,\
00,6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,\
72,00,66,00,44,00,69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,\
00,72,00,73,00,00,00,4f,00,66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,\
69,00,6c,00,65,00,73,00,00,00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,\
00,74,00,62,00,61,00,63,00,6b,00,75,00,70,00,00,00,4e,00,65,00,72,00,6f,00,\
43,00,68,00,65,00,63,00,6b,00,00,00,4d,00,53,00,53,00,51,00,4c,00,53,00,45,\
00,52,00,56,00,45,00,52,00,2f,00,4d,00,53,00,44,00,45,00,00,00,4d,00,73,00,\
69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,4d,00,53,\
00,44,00,54,00,43,00,20,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4d,00,\
53,00,44,00,54,00,43,00,00,00,6d,00,6e,00,6d,00,73,00,72,00,76,00,63,00,00,\
00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,2e,00,\
33,00,32,00,33,00,20,00,54,00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,00,79,\
00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,\
76,00,69,00,64,00,65,00,72,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,\
00,66,00,74,00,20,00,46,00,61,00,78,00,00,00,4d,00,69,00,63,00,72,00,6f,00,\
73,00,6f,00,66,00,74,00,20,00,28,00,52,00,29,00,20,00,56,00,69,00,73,00,75,\
00,61,00,6c,00,20,00,43,00,23,00,20,00,32,00,30,00,30,00,35,00,20,00,43,00,\
6f,00,6d,00,70,00,69,00,6c,00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,\
00,65,00,72,00,66,00,00,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,\
74,00,65,00,00,00,48,00,65,00,6c,00,70,00,53,00,76,00,63,00,00,00,46,00,6f,\
00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,00,\
74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,70,\
00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,46,00,2d,00,53,00,65,00,\
63,00,75,00,72,00,65,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,\
00,6e,00,74,00,20,00,41,00,67,00,65,00,6e,00,74,00,00,00,45,00,76,00,65,00,\
6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,\
00,54,00,00,00,44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,\
69,00,73,00,6b,00,51,00,75,00,6f,00,74,00,61,00,00,00,63,00,72,00,79,00,70,\
00,74,00,33,00,32,00,00,00,43,00,4f,00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,\
00,00,43,00,69,00,00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,00,41,00,56,\
00,47,00,37,00,00,00,41,00,75,00,74,00,6f,00,6d,00,61,00,74,00,69,00,63,00,\
20,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,20,00,53,\
00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,00,00,41,00,75,00,74,00,\
6f,00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,6e,00,74,00,00,00,41,\
00,75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,53,00,50,00,2e,00,4e,00,\
45,00,54,00,20,00,32,00,2e,00,30,00,2e,00,35,00,30,00,37,00,32,00,37,00,2e,\
00,30,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,31,00,2e,00,\
31,00,2e,00,34,00,33,00,32,00,32,00,2e,00,30,00,00,00,41,00,70,00,70,00,6c,\
00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,\
67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,\
00,61,00,74,00,69,00,6f,00,6e,00,20,00,48,00,61,00,6e,00,67,00,00,00,41,00,\
70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,45,00,72,\
00,72,00,6f,00,72,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,\
74,00,69,00,6d,00,65,00,20,00,4f,00,70,00,74,00,69,00,6d,00,69,00,7a,00,61,\
00,74,00,69,00,6f,00,6e,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,\
00,20,00,32,00,2e,00,30,00,20,00,45,00,72,00,72,00,6f,00,72,00,20,00,52,00,\
65,00,70,00,6f,00,72,00,74,00,69,00,6e,00,67,00,00,00,2e,00,4e,00,45,00,54,\
00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,00,00,41,00,70,00,70,00,\
6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\.NET Runtime]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\.NET Runtime 2.0 Error Reporting]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\.NET Runtime Optimization Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_CLR_OPTIMIZATION_V2.0.50727_32\0000]
"DeviceDesc"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_RUNTIME2]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_RUNTIME2\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_RUNTIME2\0000]
"Service"="runtime2"
"DeviceDesc"="runtime2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_RUNTIME2\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_RUNTIME2\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_RUNTIME2\0000\Control]
"ActiveService"="runtime2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\clr_optimization_v2.0.50727_32]
"DisplayName"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WebClient
; VSS
; VBRuntime
; Userinit
; Userenv
; SysmonLog
; Starter
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; SNDSrvc
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; safrslv
; SAFrdms
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Offline Files
; Oakley
; ntbackup
; NeroCheck
; MSSQLSERVER/MSDE
; MsiInstaller
; MSDTC Client
; MSDTC
; mnmsrvc
; Microsoft H.323 Telephony Service Provider
; Microsoft Fax
; Microsoft (R) Visual C# 2005 Compiler
; LoadPerf
; LiveUpdate
; HelpSvc
; Folder Redirection
; File Deployment
; F-Secure Management Agent
; EventSystem
; ESENT
; DrWatson
; DiskQuota
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; AVG7
; Automatic LiveUpdate Scheduler
; AutoEnrollment
; Autochk
; ASP.NET 2.0.50727.0
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; .NET Runtime Optimization Service
; .NET Runtime 2.0 Error Reporting
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,\
6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,\
69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,\
74,00,69,00,6f,00,6e,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,\
00,74,00,00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,00,\
69,00,6d,00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,\
00,55,00,73,00,65,00,72,00,65,00,6e,00,76,00,00,00,53,00,79,00,73,00,6d,00,\
6f,00,6e,00,4c,00,6f,00,67,00,00,00,53,00,74,00,61,00,72,00,74,00,65,00,72,\
00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,43,00,74,00,72,00,73,00,\
00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,52,00,65,00,73,\
00,74,00,72,00,69,00,63,00,74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,6c,00,\
69,00,63,00,69,00,65,00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,\
00,65,00,20,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,53,00,4e,00,44,00,53,00,72,00,76,00,63,00,00,00,53,00,65,\
00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,6e,00,74,00,65,00,72,00,\
00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,65,\
00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,6c,00,69,00,00,00,73,00,\
61,00,66,00,72,00,73,00,6c,00,76,00,00,00,53,00,41,00,46,00,72,00,64,00,6d,\
00,73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,20,00,41,00,73,00,73,00,\
69,00,73,00,74,00,61,00,6e,00,63,00,65,00,00,00,50,00,65,00,72,00,66,00,50,\
00,72,00,6f,00,63,00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,\
65,00,72,00,66,00,4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,\
00,6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,\
72,00,66,00,44,00,69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,\
00,72,00,73,00,00,00,4f,00,66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,\
69,00,6c,00,65,00,73,00,00,00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,\
00,74,00,62,00,61,00,63,00,6b,00,75,00,70,00,00,00,4e,00,65,00,72,00,6f,00,\
43,00,68,00,65,00,63,00,6b,00,00,00,4d,00,53,00,53,00,51,00,4c,00,53,00,45,\
00,52,00,56,00,45,00,52,00,2f,00,4d,00,53,00,44,00,45,00,00,00,4d,00,73,00,\
69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,4d,00,53,\
00,44,00,54,00,43,00,20,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4d,00,\
53,00,44,00,54,00,43,00,00,00,6d,00,6e,00,6d,00,73,00,72,00,76,00,63,00,00,\
00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,2e,00,\
33,00,32,00,33,00,20,00,54,00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,00,79,\
00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,\
76,00,69,00,64,00,65,00,72,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,\
00,66,00,74,00,20,00,46,00,61,00,78,00,00,00,4d,00,69,00,63,00,72,00,6f,00,\
73,00,6f,00,66,00,74,00,20,00,28,00,52,00,29,00,20,00,56,00,69,00,73,00,75,\
00,61,00,6c,00,20,00,43,00,23,00,20,00,32,00,30,00,30,00,35,00,20,00,43,00,\
6f,00,6d,00,70,00,69,00,6c,00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,\
00,65,00,72,00,66,00,00,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,\
74,00,65,00,00,00,48,00,65,00,6c,00,70,00,53,00,76,00,63,00,00,00,46,00,6f,\
00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,00,\
74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,70,\
00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,46,00,2d,00,53,00,65,00,\
63,00,75,00,72,00,65,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,\
00,6e,00,74,00,20,00,41,00,67,00,65,00,6e,00,74,00,00,00,45,00,76,00,65,00,\
6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,\
00,54,00,00,00,44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,\
69,00,73,00,6b,00,51,00,75,00,6f,00,74,00,61,00,00,00,63,00,72,00,79,00,70,\
00,74,00,33,00,32,00,00,00,43,00,4f,00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,\
00,00,43,00,69,00,00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,00,41,00,56,\
00,47,00,37,00,00,00,41,00,75,00,74,00,6f,00,6d,00,61,00,74,00,69,00,63,00,\
20,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,20,00,53,\
00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,00,00,41,00,75,00,74,00,\
6f,00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,6e,00,74,00,00,00,41,\
00,75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,53,00,50,00,2e,00,4e,00,\
45,00,54,00,20,00,32,00,2e,00,30,00,2e,00,35,00,30,00,37,00,32,00,37,00,2e,\
00,30,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,31,00,2e,00,\
31,00,2e,00,34,00,33,00,32,00,32,00,2e,00,30,00,00,00,41,00,70,00,70,00,6c,\
00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,\
67,00,6
voici la suite :
5,00,6d,00,65,00,6e,00,74,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,\
00,61,00,74,00,69,00,6f,00,6e,00,20,00,48,00,61,00,6e,00,67,00,00,00,41,00,\
70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,45,00,72,\
00,72,00,6f,00,72,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,\
74,00,69,00,6d,00,65,00,20,00,4f,00,70,00,74,00,69,00,6d,00,69,00,7a,00,61,\
00,74,00,69,00,6f,00,6e,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,\
00,20,00,32,00,2e,00,30,00,20,00,45,00,72,00,72,00,6f,00,72,00,20,00,52,00,\
65,00,70,00,6f,00,72,00,74,00,69,00,6e,00,67,00,00,00,2e,00,4e,00,45,00,54,\
00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,00,00,41,00,70,00,70,00,\
6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\.NET Runtime]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\.NET Runtime 2.0 Error Reporting]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\.NET Runtime Optimization Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_CLR_OPTIMIZATION_V2.0.50727_32\0000]
"DeviceDesc"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_RUNTIME2]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_RUNTIME2\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_RUNTIME2\0000]
"Service"="runtime2"
"DeviceDesc"="runtime2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_RUNTIME2\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\clr_optimization_v2.0.50727_32]
"DisplayName"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WebClient
; VSS
; VBRuntime
; Userinit
; Userenv
; SysmonLog
; Starter
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; SNDSrvc
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; safrslv
; SAFrdms
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Offline Files
; Oakley
; ntbackup
; NeroCheck
; MSSQLSERVER/MSDE
; MsiInstaller
; MSDTC Client
; MSDTC
; mnmsrvc
; Microsoft H.323 Telephony Service Provider
; Microsoft Fax
; Microsoft (R) Visual C# 2005 Compiler
; LoadPerf
; LiveUpdate
; HelpSvc
; Folder Redirection
; File Deployment
; F-Secure Management Agent
; EventSystem
; ESENT
; DrWatson
; DiskQuota
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; AVG7
; Automatic LiveUpdate Scheduler
; AutoEnrollment
; Autochk
; ASP.NET 2.0.50727.0
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; .NET Runtime Optimization Service
; .NET Runtime 2.0 Error Reporting
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,\
6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,\
69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,\
74,00,69,00,6f,00,6e,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,\
00,74,00,00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,00,\
69,00,6d,00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,\
00,55,00,73,00,65,00,72,00,65,00,6e,00,76,00,00,00,53,00,79,00,73,00,6d,00,\
6f,00,6e,00,4c,00,6f,00,67,00,00,00,53,00,74,00,61,00,72,00,74,00,65,00,72,\
00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,43,00,74,00,72,00,73,00,\
00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,52,00,65,00,73,\
00,74,00,72,00,69,00,63,00,74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,6c,00,\
69,00,63,00,69,00,65,00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,\
00,65,00,20,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,53,00,4e,00,44,00,53,00,72,00,76,00,63,00,00,00,53,00,65,\
00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,6e,00,74,00,65,00,72,00,\
00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,65,\
00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,6c,00,69,00,00,00,73,00,\
61,00,66,00,72,00,73,00,6c,00,76,00,00,00,53,00,41,00,46,00,72,00,64,00,6d,\
00,73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,20,00,41,00,73,00,73,00,\
69,00,73,00,74,00,61,00,6e,00,63,00,65,00,00,00,50,00,65,00,72,00,66,00,50,\
00,72,00,6f,00,63,00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,\
65,00,72,00,66,00,4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,\
00,6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,\
72,00,66,00,44,00,69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,\
00,72,00,73,00,00,00,4f,00,66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,\
69,00,6c,00,65,00,73,00,00,00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,\
00,74,00,62,00,61,00,63,00,6b,00,75,00,70,00,00,00,4e,00,65,00,72,00,6f,00,\
43,00,68,00,65,00,63,00,6b,00,00,00,4d,00,53,00,53,00,51,00,4c,00,53,00,45,\
00,52,00,56,00,45,00,52,00,2f,00,4d,00,53,00,44,00,45,00,00,00,4d,00,73,00,\
69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,4d,00,53,\
00,44,00,54,00,43,00,20,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4d,00,\
53,00,44,00,54,00,43,00,00,00,6d,00,6e,00,6d,00,73,00,72,00,76,00,63,00,00,\
00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,2e,00,\
33,00,32,00,33,00,20,00,54,00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,00,79,\
00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,\
76,00,69,00,64,00,65,00,72,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,\
00,66,00,74,00,20,00,46,00,61,00,78,00,00,00,4d,00,69,00,63,00,72,00,6f,00,\
73,00,6f,00,66,00,74,00,20,00,28,00,52,00,29,00,20,00,56,00,69,00,73,00,75,\
00,61,00,6c,00,20,00,43,00,23,00,20,00,32,00,30,00,30,00,35,00,20,00,43,00,\
6f,00,6d,00,70,00,69,00,6c,00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,\
00,65,00,72,00,66,00,00,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,\
74,00,65,00,00,00,48,00,65,00,6c,00,70,00,53,00,76,00,63,00,00,00,46,00,6f,\
00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,00,\
74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,70,\
00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,46,00,2d,00,53,00,65,00,\
63,00,75,00,72,00,65,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,\
00,6e,00,74,00,20,00,41,00,67,00,65,00,6e,00,74,00,00,00,45,00,76,00,65,00,\
6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,\
00,54,00,00,00,44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,\
69,00,73,00,6b,00,51,00,75,00,6f,00,74,00,61,00,00,00,63,00,72,00,79,00,70,\
00,74,00,33,00,32,00,00,00,43,00,4f,00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,\
00,00,43,00,69,00,00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,00,41,00,56,\
00,47,00,37,00,00,00,41,00,75,00,74,00,6f,00,6d,00,61,00,74,00,69,00,63,00,\
20,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,20,00,53,\
00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,00,00,41,00,75,00,74,00,\
6f,00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,6e,00,74,00,00,00,41,\
00,75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,53,00,50,00,2e,00,4e,00,\
45,00,54,00,20,00,32,00,2e,00,30,00,2e,00,35,00,30,00,37,00,32,00,37,00,2e,\
00,30,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,31,00,2e,00,\
31,00,2e,00,34,00,33,00,32,00,32,00,2e,00,30,00,00,00,41,00,70,00,70,00,6c,\
00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,\
67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,\
00,61,00,74,00,69,00,6f,00,6e,00,20,00,48,00,61,00,6e,00,67,00,00,00,41,00,\
70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,45,00,72,\
00,72,00,6f,00,72,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,\
74,00,69,00,6d,00,65,00,20,00,4f,00,70,00,74,00,69,00,6d,00,69,00,7a,00,61,\
00,74,00,69,00,6f,00,6e,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,\
00,20,00,32,00,2e,00,30,00,20,00,45,00,72,00,72,00,6f,00,72,00,20,00,52,00,\
65,00,70,00,6f,00,72,00,74,00,69,00,6e,00,67,00,00,00,2e,00,4e,00,45,00,54,\
00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,00,00,41,00,70,00,70,00,\
6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Eventlog\Application\.NET Runtime]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Eventlog\Application\.NET Runtime 2.0 Error Reporting]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Eventlog\Application\.NET Runtime Optimization Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLR_OPTIMIZATION_V2.0.50727_32\0000]
"DeviceDesc"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME2\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME2\0000]
"Service"="runtime2"
"DeviceDesc"="runtime2"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME2\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME2\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME2\0000\Control]
"ActiveService"="runtime2"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clr_optimization_v2.0.50727_32]
"DisplayName"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WebClient
; VSS
; VBRuntime
; Userinit
; Userenv
; SysmonLog
; Starter
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; SNDSrvc
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; safrslv
; SAFrdms
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Offline Files
; Oakley
; ntbackup
; NeroCheck
; MSSQLSERVER/MSDE
; MsiInstaller
; MSDTC Client
; MSDTC
; mnmsrvc
; Microsoft H.323 Telephony Service Provider
; Microsoft Fax
; Microsoft (R) Visual C# 2005 Compiler
; LoadPerf
; LiveUpdate
; HelpSvc
; Folder Redirection
; File Deployment
; F-Secure Management Agent
; EventSystem
; ESENT
; DrWatson
; DiskQuota
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; AVG7
; Automatic LiveUpdate Scheduler
; AutoEnrollment
; Autochk
; ASP.NET 2.0.50727.0
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; .NET Runtime Optimization Service
; .NET Runtime 2.0 Error Reporting
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,\
6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,\
69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,\
74,00,69,00,6f,00,6e,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,\
00,74,00,00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,00,\
69,00,6d,00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,\
00,55,00,73,00,65,00,72,00,65,00,6e,00,76,00,00,00,53,00,79,00,73,00,6d,00,\
6f,00,6e,00,4c,00,6f,00,67,00,00,00,53,00,74,00,61,00,72,00,74,00,65,00,72,\
00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,43,00,74,00,72,00,73,00,\
00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,52,00,65,00,73,\
00,74,00,72,00,69,00,63,00,74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,6c,00,\
69,00,63,00,69,00,65,00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,\
00,65,00,20,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,53,00,4e,00,44,00,53,00,72,00,76,00,63,00,00,00,53,00,65,\
00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,6e,00,74,00,65,00,72,00,\
00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,65,\
00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,6c,00,69,00,00,00,73,00,\
61,00,66,00,72,00,73,00,6c,00,76,00,00,00,53,00,41,00,46,00,72,00,64,00,6d,\
00,73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,20,00,41,00,73,00,73,00,\
69,00,73,00,74,00,61,00,6e,00,63,00,65,00,00,00,50,00,65,00,72,00,66,00,50,\
00,72,00,6f,00,63,00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,\
65,00,72,00,66,00,4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,\
00,6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,\
72,00,66,00,44,00,69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,\
00,72,00,73,00,00,00,4f,00,66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,\
69,00,6c,00,65,00,73,00,00,00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,\
00,74,00,62,00,61,00,63,00,6b,00,75,00,70,00,00,00,4e,00,65,00,72,00,6f,00,\
43,00,68,00,65,00,63,00,6b,00,00,00,4d,00,53,00,53,00,51,00,4c,00,53,00,45,\
00,52,00,56,00,45,00,52,00,2f,00,4d,00,53,00,44,00,45,00,00,00,4d,00,73,00,\
69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,4d,00,53,\
00,44,00,54,00,43,00,20,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4d,00,\
53,00,44,00,54,00,43,00,00,00,6d,00,6e,00,6d,00,73,00,72,00,76,00,63,00,00,\
00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,2e,00,\
33,00,32,00,33,00,20,00,54,00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,00,79,\
00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,\
76,00,69,00,64,00,65,00,72,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,\
00,66,00,74,00,20,00,46,00,61,00,78,00,00,00,4d,00,69,00,63,00,72,00,6f,00,\
73,00,6f,00,66,00,74,00,20,00,28,00,52,00,29,00,20,00,56,00,69,00,73,00,75,\
00,61,00,6c,00,20,00,43,00,23,00,20,00,32,00,30,00,30,00,35,00,20,00,43,00,\
6f,00,6d,00,70,00,69,00,6c,00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,\
00,65,00,72,00,66,00,00,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,\
74,00,65,00,00,00,48,00,65,00,6c,00,70,00,53,00,76,00,63,00,00,00,46,00,6f,\
00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,00,\
74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,70,\
00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,46,00,2d,00,53,00,65,00,\
63,00,75,00,72,00,65,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,\
00,6e,00,74,00,20,00,41,00,67,00,65,00,6e,00,74,00,00,00,45,00,76,00,65,00,\
6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,\
00,54,00,00,00,44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,\
69,00,73,00,6b,00,51,00,75,00,6f,00,74,00,61,00,00,00,63,00,72,00,79,00,70,\
00,74,00,33,00,32,00,00,00,43,00,4f,00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,\
00,00,43,00,69,00,00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,00,41,00,56,\
00,47,00,37,00,00,00,41,00,75,00,74,00,6f,00,6d,00,61,00,74,00,69,00,63,00,\
20,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,20,00,53,\
00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,00,00,41,00,75,00,74,00,\
6f,00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,6e,00,74,00,00,00,41,\
00,75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,53,00,50,00,2e,00,4e,00,\
45,00,54,00,20,00,32,00,2e,00,30,00,2e,00,35,00,30,00,37,00,32,00,37,00,2e,\
00,30,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,31,00,2e,00,\
31,00,2e,00,34,00,33,00,32,00,32,00,2e,00,30,00,00,00,41,00,70,00,70,00,6c,\
00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,\
67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,\
00,61,00,74,00,69,00,6f,00,6e,00,20,00,48,00,61,00,6e,00,67,00,00,00,41,00,\
70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,45,00,72,\
00,72,00,6f,00,72,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,\
74,00,69,00,6d,00,65,00,20,00,4f,00,70,00,74,00,69,00,6d,00,69,00,7a,00,61,\
00,74,00,69,00,6f,00,6e,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,\
00,20,00,32,00,2e,00,30,00,20,00,45,00,72,00,72,00,6f,00,72,00,20,00,52,00,\
65,00,70,00,6f,00,72,00,74,00,69,00,6e,00,67,00,00,00,2e,00,4e,00,45,00,54,\
00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,00,00,41,00,70,00,70,00,\
6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\.NET Runtime]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\.NET Runtime 2.0 Error Reporting]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\.NET Runtime Optimization Service]
[HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment]
[HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment\1.5.0_06]
[HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment\1.5.0_09]
[HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment\1.5.0_10]
[HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment\1.5.0_11]
; End Of The Log...
voilà pour le moment,merci pour tes consignes
5,00,6d,00,65,00,6e,00,74,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,\
00,61,00,74,00,69,00,6f,00,6e,00,20,00,48,00,61,00,6e,00,67,00,00,00,41,00,\
70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,45,00,72,\
00,72,00,6f,00,72,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,\
74,00,69,00,6d,00,65,00,20,00,4f,00,70,00,74,00,69,00,6d,00,69,00,7a,00,61,\
00,74,00,69,00,6f,00,6e,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,\
00,20,00,32,00,2e,00,30,00,20,00,45,00,72,00,72,00,6f,00,72,00,20,00,52,00,\
65,00,70,00,6f,00,72,00,74,00,69,00,6e,00,67,00,00,00,2e,00,4e,00,45,00,54,\
00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,00,00,41,00,70,00,70,00,\
6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\.NET Runtime]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\.NET Runtime 2.0 Error Reporting]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\.NET Runtime Optimization Service]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_CLR_OPTIMIZATION_V2.0.50727_32\0000]
"DeviceDesc"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_RUNTIME2]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_RUNTIME2\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_RUNTIME2\0000]
"Service"="runtime2"
"DeviceDesc"="runtime2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_RUNTIME2\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\clr_optimization_v2.0.50727_32]
"DisplayName"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WebClient
; VSS
; VBRuntime
; Userinit
; Userenv
; SysmonLog
; Starter
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; SNDSrvc
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; safrslv
; SAFrdms
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Offline Files
; Oakley
; ntbackup
; NeroCheck
; MSSQLSERVER/MSDE
; MsiInstaller
; MSDTC Client
; MSDTC
; mnmsrvc
; Microsoft H.323 Telephony Service Provider
; Microsoft Fax
; Microsoft (R) Visual C# 2005 Compiler
; LoadPerf
; LiveUpdate
; HelpSvc
; Folder Redirection
; File Deployment
; F-Secure Management Agent
; EventSystem
; ESENT
; DrWatson
; DiskQuota
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; AVG7
; Automatic LiveUpdate Scheduler
; AutoEnrollment
; Autochk
; ASP.NET 2.0.50727.0
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; .NET Runtime Optimization Service
; .NET Runtime 2.0 Error Reporting
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,\
6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,\
69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,\
74,00,69,00,6f,00,6e,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,\
00,74,00,00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,00,\
69,00,6d,00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,\
00,55,00,73,00,65,00,72,00,65,00,6e,00,76,00,00,00,53,00,79,00,73,00,6d,00,\
6f,00,6e,00,4c,00,6f,00,67,00,00,00,53,00,74,00,61,00,72,00,74,00,65,00,72,\
00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,43,00,74,00,72,00,73,00,\
00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,52,00,65,00,73,\
00,74,00,72,00,69,00,63,00,74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,6c,00,\
69,00,63,00,69,00,65,00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,\
00,65,00,20,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,53,00,4e,00,44,00,53,00,72,00,76,00,63,00,00,00,53,00,65,\
00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,6e,00,74,00,65,00,72,00,\
00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,65,\
00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,6c,00,69,00,00,00,73,00,\
61,00,66,00,72,00,73,00,6c,00,76,00,00,00,53,00,41,00,46,00,72,00,64,00,6d,\
00,73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,20,00,41,00,73,00,73,00,\
69,00,73,00,74,00,61,00,6e,00,63,00,65,00,00,00,50,00,65,00,72,00,66,00,50,\
00,72,00,6f,00,63,00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,\
65,00,72,00,66,00,4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,\
00,6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,\
72,00,66,00,44,00,69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,\
00,72,00,73,00,00,00,4f,00,66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,\
69,00,6c,00,65,00,73,00,00,00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,\
00,74,00,62,00,61,00,63,00,6b,00,75,00,70,00,00,00,4e,00,65,00,72,00,6f,00,\
43,00,68,00,65,00,63,00,6b,00,00,00,4d,00,53,00,53,00,51,00,4c,00,53,00,45,\
00,52,00,56,00,45,00,52,00,2f,00,4d,00,53,00,44,00,45,00,00,00,4d,00,73,00,\
69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,4d,00,53,\
00,44,00,54,00,43,00,20,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4d,00,\
53,00,44,00,54,00,43,00,00,00,6d,00,6e,00,6d,00,73,00,72,00,76,00,63,00,00,\
00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,2e,00,\
33,00,32,00,33,00,20,00,54,00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,00,79,\
00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,\
76,00,69,00,64,00,65,00,72,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,\
00,66,00,74,00,20,00,46,00,61,00,78,00,00,00,4d,00,69,00,63,00,72,00,6f,00,\
73,00,6f,00,66,00,74,00,20,00,28,00,52,00,29,00,20,00,56,00,69,00,73,00,75,\
00,61,00,6c,00,20,00,43,00,23,00,20,00,32,00,30,00,30,00,35,00,20,00,43,00,\
6f,00,6d,00,70,00,69,00,6c,00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,\
00,65,00,72,00,66,00,00,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,\
74,00,65,00,00,00,48,00,65,00,6c,00,70,00,53,00,76,00,63,00,00,00,46,00,6f,\
00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,00,\
74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,70,\
00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,46,00,2d,00,53,00,65,00,\
63,00,75,00,72,00,65,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,\
00,6e,00,74,00,20,00,41,00,67,00,65,00,6e,00,74,00,00,00,45,00,76,00,65,00,\
6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,\
00,54,00,00,00,44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,\
69,00,73,00,6b,00,51,00,75,00,6f,00,74,00,61,00,00,00,63,00,72,00,79,00,70,\
00,74,00,33,00,32,00,00,00,43,00,4f,00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,\
00,00,43,00,69,00,00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,00,41,00,56,\
00,47,00,37,00,00,00,41,00,75,00,74,00,6f,00,6d,00,61,00,74,00,69,00,63,00,\
20,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,20,00,53,\
00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,00,00,41,00,75,00,74,00,\
6f,00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,6e,00,74,00,00,00,41,\
00,75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,53,00,50,00,2e,00,4e,00,\
45,00,54,00,20,00,32,00,2e,00,30,00,2e,00,35,00,30,00,37,00,32,00,37,00,2e,\
00,30,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,31,00,2e,00,\
31,00,2e,00,34,00,33,00,32,00,32,00,2e,00,30,00,00,00,41,00,70,00,70,00,6c,\
00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,\
67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,\
00,61,00,74,00,69,00,6f,00,6e,00,20,00,48,00,61,00,6e,00,67,00,00,00,41,00,\
70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,45,00,72,\
00,72,00,6f,00,72,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,\
74,00,69,00,6d,00,65,00,20,00,4f,00,70,00,74,00,69,00,6d,00,69,00,7a,00,61,\
00,74,00,69,00,6f,00,6e,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,\
00,20,00,32,00,2e,00,30,00,20,00,45,00,72,00,72,00,6f,00,72,00,20,00,52,00,\
65,00,70,00,6f,00,72,00,74,00,69,00,6e,00,67,00,00,00,2e,00,4e,00,45,00,54,\
00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,00,00,41,00,70,00,70,00,\
6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Eventlog\Application\.NET Runtime]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Eventlog\Application\.NET Runtime 2.0 Error Reporting]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Eventlog\Application\.NET Runtime Optimization Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLR_OPTIMIZATION_V2.0.50727_32\0000]
"DeviceDesc"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME2\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME2\0000]
"Service"="runtime2"
"DeviceDesc"="runtime2"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME2\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME2\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME2\0000\Control]
"ActiveService"="runtime2"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clr_optimization_v2.0.50727_32]
"DisplayName"=".NET Runtime Optimization Service v2.0.50727_X86"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WebClient
; VSS
; VBRuntime
; Userinit
; Userenv
; SysmonLog
; Starter
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; SNDSrvc
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; safrslv
; SAFrdms
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Offline Files
; Oakley
; ntbackup
; NeroCheck
; MSSQLSERVER/MSDE
; MsiInstaller
; MSDTC Client
; MSDTC
; mnmsrvc
; Microsoft H.323 Telephony Service Provider
; Microsoft Fax
; Microsoft (R) Visual C# 2005 Compiler
; LoadPerf
; LiveUpdate
; HelpSvc
; Folder Redirection
; File Deployment
; F-Secure Management Agent
; EventSystem
; ESENT
; DrWatson
; DiskQuota
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; AVG7
; Automatic LiveUpdate Scheduler
; AutoEnrollment
; Autochk
; ASP.NET 2.0.50727.0
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; .NET Runtime Optimization Service
; .NET Runtime 2.0 Error Reporting
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,\
6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,\
69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,\
74,00,69,00,6f,00,6e,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,\
00,74,00,00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,00,\
69,00,6d,00,65,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,\
00,55,00,73,00,65,00,72,00,65,00,6e,00,76,00,00,00,53,00,79,00,73,00,6d,00,\
6f,00,6e,00,4c,00,6f,00,67,00,00,00,53,00,74,00,61,00,72,00,74,00,65,00,72,\
00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,43,00,74,00,72,00,73,00,\
00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,52,00,65,00,73,\
00,74,00,72,00,69,00,63,00,74,00,69,00,6f,00,6e,00,20,00,50,00,6f,00,6c,00,\
69,00,63,00,69,00,65,00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,\
00,65,00,20,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,\
6f,00,6e,00,00,00,53,00,4e,00,44,00,53,00,72,00,76,00,63,00,00,00,53,00,65,\
00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,6e,00,74,00,65,00,72,00,\
00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,00,00,00,53,00,63,00,65,\
00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,6c,00,69,00,00,00,73,00,\
61,00,66,00,72,00,73,00,6c,00,76,00,00,00,53,00,41,00,46,00,72,00,64,00,6d,\
00,73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,20,00,41,00,73,00,73,00,\
69,00,73,00,74,00,61,00,6e,00,63,00,65,00,00,00,50,00,65,00,72,00,66,00,50,\
00,72,00,6f,00,63,00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,\
65,00,72,00,66,00,4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,\
00,6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,\
72,00,66,00,44,00,69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,\
00,72,00,73,00,00,00,4f,00,66,00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,\
69,00,6c,00,65,00,73,00,00,00,4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,\
00,74,00,62,00,61,00,63,00,6b,00,75,00,70,00,00,00,4e,00,65,00,72,00,6f,00,\
43,00,68,00,65,00,63,00,6b,00,00,00,4d,00,53,00,53,00,51,00,4c,00,53,00,45,\
00,52,00,56,00,45,00,52,00,2f,00,4d,00,53,00,44,00,45,00,00,00,4d,00,73,00,\
69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,4d,00,53,\
00,44,00,54,00,43,00,20,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4d,00,\
53,00,44,00,54,00,43,00,00,00,6d,00,6e,00,6d,00,73,00,72,00,76,00,63,00,00,\
00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,2e,00,\
33,00,32,00,33,00,20,00,54,00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,00,79,\
00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,\
76,00,69,00,64,00,65,00,72,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,\
00,66,00,74,00,20,00,46,00,61,00,78,00,00,00,4d,00,69,00,63,00,72,00,6f,00,\
73,00,6f,00,66,00,74,00,20,00,28,00,52,00,29,00,20,00,56,00,69,00,73,00,75,\
00,61,00,6c,00,20,00,43,00,23,00,20,00,32,00,30,00,30,00,35,00,20,00,43,00,\
6f,00,6d,00,70,00,69,00,6c,00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,\
00,65,00,72,00,66,00,00,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,\
74,00,65,00,00,00,48,00,65,00,6c,00,70,00,53,00,76,00,63,00,00,00,46,00,6f,\
00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,00,72,00,65,00,63,00,\
74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,00,44,00,65,00,70,\
00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,46,00,2d,00,53,00,65,00,\
63,00,75,00,72,00,65,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,\
00,6e,00,74,00,20,00,41,00,67,00,65,00,6e,00,74,00,00,00,45,00,76,00,65,00,\
6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,53,00,45,00,4e,\
00,54,00,00,00,44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,\
69,00,73,00,6b,00,51,00,75,00,6f,00,74,00,61,00,00,00,63,00,72,00,79,00,70,\
00,74,00,33,00,32,00,00,00,43,00,4f,00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,\
00,00,43,00,69,00,00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,00,41,00,56,\
00,47,00,37,00,00,00,41,00,75,00,74,00,6f,00,6d,00,61,00,74,00,69,00,63,00,\
20,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,20,00,53,\
00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,00,00,41,00,75,00,74,00,\
6f,00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,6e,00,74,00,00,00,41,\
00,75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,53,00,50,00,2e,00,4e,00,\
45,00,54,00,20,00,32,00,2e,00,30,00,2e,00,35,00,30,00,37,00,32,00,37,00,2e,\
00,30,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,31,00,2e,00,\
31,00,2e,00,34,00,33,00,32,00,32,00,2e,00,30,00,00,00,41,00,70,00,70,00,6c,\
00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,\
67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,\
00,61,00,74,00,69,00,6f,00,6e,00,20,00,48,00,61,00,6e,00,67,00,00,00,41,00,\
70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,45,00,72,\
00,72,00,6f,00,72,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,\
74,00,69,00,6d,00,65,00,20,00,4f,00,70,00,74,00,69,00,6d,00,69,00,7a,00,61,\
00,74,00,69,00,6f,00,6e,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,\
00,20,00,32,00,2e,00,30,00,20,00,45,00,72,00,72,00,6f,00,72,00,20,00,52,00,\
65,00,70,00,6f,00,72,00,74,00,69,00,6e,00,67,00,00,00,2e,00,4e,00,45,00,54,\
00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,00,00,41,00,70,00,70,00,\
6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\.NET Runtime]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\.NET Runtime 2.0 Error Reporting]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\.NET Runtime Optimization Service]
[HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment]
[HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment\1.5.0_06]
[HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment\1.5.0_09]
[HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment\1.5.0_10]
[HKEY_CURRENT_USER\Software\JavaSoft\Java Runtime Environment\1.5.0_11]
; End Of The Log...
voilà pour le moment,merci pour tes consignes
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 24/09/2007 18:56:20 for strings:
; 'ip6fw '
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
; End Of The Log...
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 24/09/2007 18:56:20 for strings:
; 'ip6fw '
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
; End Of The Log...
Re,
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier : C:\WINDOWS\userinit.exe
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
@+
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier : C:\WINDOWS\userinit.exe
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
@+
Bonsoir,
C:\WINDOWS\system32\userinit.exe
Fichier userinit.exe reçu le 2007.09.24 22:33:41 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.9.22.0 2007.09.24 -
AntiVir 7.6.0.15 2007.09.24 -
Authentium 4.93.8 2007.09.24 -
Avast 4.7.1043.0 2007.09.24 -
AVG 7.5.0.485 2007.09.24 -
BitDefender 7.2 2007.09.24 -
CAT-QuickHeal 9.00 2007.09.24 -
ClamAV 0.91.2 2007.09.24 -
DrWeb 4.33 2007.09.24 -
eSafe 7.0.15.0 2007.09.23 -
eTrust-Vet 31.2.5159 2007.09.24 -
Ewido 4.0 2007.09.24 -
FileAdvisor 1 2007.09.24 -
Fortinet 3.11.0.0 2007.09.24 -
F-Prot 4.3.2.48 2007.09.23 -
F-Secure 6.70.13030.0 2007.09.24 -
Ikarus T3.1.1.12 2007.09.24 -
Kaspersky 4.0.2.24 2007.09.24 -
McAfee 5126 2007.09.24 -
Microsoft 1.2803 2007.09.24 -
NOD32v2 2547 2007.09.24 -
Norman 5.80.02 2007.09.24 -
Panda 9.0.0.4 2007.09.24 -
Prevx1 V2 2007.09.24 -
Rising 19.42.02.00 2007.09.24 -
Sophos 4.21.0 2007.09.24 -
Sunbelt 2.2.907.0 2007.09.24 -
Symantec 10 2007.09.24 -
TheHacker 6.2.5.067 2007.09.24 -
VBA32 3.12.2.4 2007.09.23 -
VirusBuster 4.3.26:9 2007.09.24 -
Webwasher-Gateway 6.0.1 2007.09.24 -
Information additionnelle
File size: 25088 bytes
MD5: d6d65ea32b190401b57edb6706f29669
SHA1: 273ea1a839056c60444238b248213ce6c94d1c3f
C:\WINDOWS\system32\userinit.exe
Fichier userinit.exe reçu le 2007.09.24 22:33:41 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.9.22.0 2007.09.24 -
AntiVir 7.6.0.15 2007.09.24 -
Authentium 4.93.8 2007.09.24 -
Avast 4.7.1043.0 2007.09.24 -
AVG 7.5.0.485 2007.09.24 -
BitDefender 7.2 2007.09.24 -
CAT-QuickHeal 9.00 2007.09.24 -
ClamAV 0.91.2 2007.09.24 -
DrWeb 4.33 2007.09.24 -
eSafe 7.0.15.0 2007.09.23 -
eTrust-Vet 31.2.5159 2007.09.24 -
Ewido 4.0 2007.09.24 -
FileAdvisor 1 2007.09.24 -
Fortinet 3.11.0.0 2007.09.24 -
F-Prot 4.3.2.48 2007.09.23 -
F-Secure 6.70.13030.0 2007.09.24 -
Ikarus T3.1.1.12 2007.09.24 -
Kaspersky 4.0.2.24 2007.09.24 -
McAfee 5126 2007.09.24 -
Microsoft 1.2803 2007.09.24 -
NOD32v2 2547 2007.09.24 -
Norman 5.80.02 2007.09.24 -
Panda 9.0.0.4 2007.09.24 -
Prevx1 V2 2007.09.24 -
Rising 19.42.02.00 2007.09.24 -
Sophos 4.21.0 2007.09.24 -
Sunbelt 2.2.907.0 2007.09.24 -
Symantec 10 2007.09.24 -
TheHacker 6.2.5.067 2007.09.24 -
VBA32 3.12.2.4 2007.09.23 -
VirusBuster 4.3.26:9 2007.09.24 -
Webwasher-Gateway 6.0.1 2007.09.24 -
Information additionnelle
File size: 25088 bytes
MD5: d6d65ea32b190401b57edb6706f29669
SHA1: 273ea1a839056c60444238b248213ce6c94d1c3f
Bonsoir,
on refait une tentative de suppression;
1) Ouvre le Bloc Notes.
Copie le texte ci-dessous (entre les * mais sans les *) avec le texte qui se trouve dans l'espace ci-dessous (copie/colle) : (attention, ce n'est pas exactement le même).
*****************************
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"startdrv"= ""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"f"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"a"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\WINDOWS\\Temp\\startdrv.exe"=""
*****************************
Clique sur "Fichier", "Enregistrer sous".
Clique sur Bureau (dans la colonne de gauche)
Dans Nom du fichier tu écris fix.reg
Pour Type tu choisis "tous les fichiers" avec le menu déroulant.
Tu cliques sur Enregistrer.
Tu fermes le Bloc-notes
Sur ton bureau, tu double-clique sur l'icône de Fix.reg
Tu acceptes l'avertissement concernant la fusion
Le fix va travailler sans se manifester.
A la fin, tu vas voir un message disant que la fusion est terminée. Tu valides.
2)
Télécharge The Avenger par Swandog46 sur ton Bureau:
http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
Click sur Avenger.zip pour ouvrir le fichier
Extraire avenger.exe sur votre bureau
2. Copie tout le texte en gras ci-dessous : mettre en surbrillance et appuyer sur les touches(Ctrl+C):
Files to delete:
C:\WINDOWS\Temp\startdrv.exe
3. Maintenant, lance The Avenger en cliquant sur son icône du bureau.
Sous "scrïpt file to execute" choisir "Input scrïpt Manually".
Puis clique sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit scrïpt"
Dans cette fenêtre, colle le texte précedemment copié sur le bureau par les touches (Ctrl+V).
Cliquer Done
ensuite clique sur l'icône en forme de Feu Vert pour démarrer l'exécution du scrïpt
Réponds "Yes" deux fois quand demandé.
4. The Avenger va automatiquement faire ce qui suit:
Il va Re-démarrer le système.
Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur ton bureau, ceci est NORMAL.
Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
5. Pour finir copie/colle le contenu du ficher c:\avenger.txt dans ta réponse avec un nouveau rapport hijackthis.
Sauf mention (ou impossibilité), tu fais ça en mode normal, sur ta session habituelle.
@+
on refait une tentative de suppression;
1) Ouvre le Bloc Notes.
Copie le texte ci-dessous (entre les * mais sans les *) avec le texte qui se trouve dans l'espace ci-dessous (copie/colle) : (attention, ce n'est pas exactement le même).
*****************************
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"startdrv"= ""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"f"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"a"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\WINDOWS\\Temp\\startdrv.exe"=""
*****************************
Clique sur "Fichier", "Enregistrer sous".
Clique sur Bureau (dans la colonne de gauche)
Dans Nom du fichier tu écris fix.reg
Pour Type tu choisis "tous les fichiers" avec le menu déroulant.
Tu cliques sur Enregistrer.
Tu fermes le Bloc-notes
Sur ton bureau, tu double-clique sur l'icône de Fix.reg
Tu acceptes l'avertissement concernant la fusion
Le fix va travailler sans se manifester.
A la fin, tu vas voir un message disant que la fusion est terminée. Tu valides.
2)
Télécharge The Avenger par Swandog46 sur ton Bureau:
http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
Click sur Avenger.zip pour ouvrir le fichier
Extraire avenger.exe sur votre bureau
2. Copie tout le texte en gras ci-dessous : mettre en surbrillance et appuyer sur les touches(Ctrl+C):
Files to delete:
C:\WINDOWS\Temp\startdrv.exe
3. Maintenant, lance The Avenger en cliquant sur son icône du bureau.
Sous "scrïpt file to execute" choisir "Input scrïpt Manually".
Puis clique sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit scrïpt"
Dans cette fenêtre, colle le texte précedemment copié sur le bureau par les touches (Ctrl+V).
Cliquer Done
ensuite clique sur l'icône en forme de Feu Vert pour démarrer l'exécution du scrïpt
Réponds "Yes" deux fois quand demandé.
4. The Avenger va automatiquement faire ce qui suit:
Il va Re-démarrer le système.
Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur ton bureau, ceci est NORMAL.
Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
5. Pour finir copie/colle le contenu du ficher c:\avenger.txt dans ta réponse avec un nouveau rapport hijackthis.
Sauf mention (ou impossibilité), tu fais ça en mode normal, sur ta session habituelle.
@+
