Probleme de pub CiD
puce1543
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour, j ai un probleme de pub non desirer, casino, achat en ligne, etc, je sais que que par erreurs j ai accepter par defaut qq chose sur hi5 , et ces depuis ce temps que j ai des probleme, meme certaine page web ne veux plus s'ouvrir,et quand j essaie de suprime la menace elle m empeche de faire, sa veux tout simplement pas y a t'il qq'un qui peut m'aider svp. je suis pas une pro de l'informatique,...merci , j ai telecharger hijacker mais je comprend rien et je sais pas quoi faire avec tout le scan quelle me donne et de ces info... help svp merci
A voir également:
- Probleme de pub CiD
- Bloqueur de pub youtube - Accueil - Streaming
- Stop pub gratuit - Télécharger - Divers Utilitaires
- Supprimer la pub - Guide
- Bloqueur de pub m6 - Astuces et Solutions
- Trouver nom acteur pub ✓ - Forum Cinéma / Télé
97 réponses
Un compliment tres cher , je te trouve super excellent . et je te dirais jamais acces un gros merci et chapeau a toi.
Re , !
voila , c'est ici que nous sommes , nous =)
On va scanner à fond :
Télécharge Systemscan
→ Double clic dessus (ferme ton antivirus le temps du téléchargement s'il te détecte quoi que ce soit et réactive le après)
→ Clique sur Unselect all
Coche uniquement ces cases :
_ Recent Files, 30 days
_ Registry run keys
_ Suspicious files
Puis clique sur scan now, sois patient.
Une fois le scan terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
A+
voila , c'est ici que nous sommes , nous =)
On va scanner à fond :
Télécharge Systemscan
→ Double clic dessus (ferme ton antivirus le temps du téléchargement s'il te détecte quoi que ce soit et réactive le après)
→ Clique sur Unselect all
Coche uniquement ces cases :
_ Recent Files, 30 days
_ Registry run keys
_ Suspicious files
Puis clique sur scan now, sois patient.
Une fois le scan terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
A+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Cyrildu17 ,voila le rapport systemscan ,,, tu es bon de pouvoir lire tout sa wowww Puce
SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)
Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\Francine\Local Settings\Temporary Internet Files\Content.IE5\YIWAB21A\sys31596[1].exe
Running in: User mode
Date: 4/14/2008
Time: 3:52:08 PM
Output limited to:
-Recent files
-Registry Run Keys
-Suspicious Files
===================== RECENT FILES =====================
Showing files newer than 30 days
----- recent files in C:\
14/04/2008 03:07:26 474 byte 0 days old -- Raccourci vers Mes documents.lnk
14/04/2008 13:51:53 (DIR) 0 byte 0 days old -- Program Files
14/04/2008 14:21:25 352321536 byte 0 days old -- pagefile.sys
14/04/2008 14:23:52 (DIR) 0 byte 0 days old -- WINDOWS
14/04/2008 15:26:17 525 byte 0 days old -- hpfr3420.xml
14/04/2008 15:26:17 294 byte 0 days old -- hpfr3425.log
10/04/2008 13:57:45 (DIR) 0 byte 4 days old -- _OTMoveIt
12/04/2008 15:54:15 (DIR) 0 byte 2 days old -- Config.Msi
----- recent files in C:\WINDOWS\
03/04/2008 15:10:47 282 byte 11 days old -- system.ini
03/04/2008 18:43:18 (DIR) 0 byte 11 days old -- Registration
22/03/2008 04:34:56 796672 byte 23 days old -- GPInstall.exe
27/03/2008 16:03:01 97342 byte 18 days old -- wmsetup.log
29/03/2008 12:40:30 (DIR) 0 byte 16 days old -- Help
31/03/2008 15:28:21 (DIR) 0 byte 14 days old -- assembly
31/03/2008 15:28:23 (DIR) 0 byte 14 days old -- Microsoft.NET
04/04/2008 12:52:11 (DIR) 0 byte 10 days old -- network diagnostic
04/04/2008 16:26:46 1035310 byte 10 days old -- setupapi.log.0.old
04/04/2008 18:01:15 (DIR) 0 byte 10 days old -- WinSxS
14/04/2008 13:52:17 (DIR) 0 byte 0 days old -- Prefetch
14/04/2008 14:20:38 32586 byte 0 days old -- SchedLgU.Txt
14/04/2008 14:21:31 2048 byte 0 days old -- bootstat.dat
14/04/2008 14:22:21 50 byte 0 days old -- wiaservc.log
14/04/2008 14:23:53 0 byte 0 days old -- 0.log
14/04/2008 14:25:22 (DIR) 0 byte 0 days old -- Tasks
14/04/2008 14:30:24 159 byte 0 days old -- wiadebug.log
14/04/2008 14:47:07 1886657 byte 0 days old -- WindowsUpdate.log
14/04/2008 14:49:00 2678 byte 0 days old -- setupact.log
14/04/2008 15:26:12 (DIR) 0 byte 0 days old -- system32
14/04/2008 15:46:45 (DIR) 0 byte 0 days old -- Internet Logs
14/04/2008 15:50:13 (DIR) 0 byte 0 days old -- Temp
05/04/2008 12:12:26 (DIR) 0 byte 9 days old -- SxsCaPendDel
08/04/2008 20:38:18 (DIR) 0 byte 6 days old -- $NtUninstallKB945553$
08/04/2008 20:39:28 16046 byte 6 days old -- KB945553.log
08/04/2008 20:43:44 (DIR) 0 byte 6 days old -- $NtUninstallKB948590$
08/04/2008 20:43:52 15967 byte 6 days old -- KB948590.log
08/04/2008 20:44:05 (DIR) 0 byte 6 days old -- ie7updates
08/04/2008 20:45:07 131194 byte 6 days old -- updspapi.log
08/04/2008 20:45:54 24896 byte 6 days old -- KB947864-IE7.log
08/04/2008 20:46:49 (DIR) 0 byte 6 days old -- $NtUninstallKB941693$
08/04/2008 20:47:13 24314 byte 6 days old -- KB941693.log
08/04/2008 20:47:14 1355 byte 6 days old -- imsins.BAK
08/04/2008 20:50:24 (DIR) 0 byte 6 days old -- $hf_mig$
08/04/2008 20:50:32 (DIR) 0 byte 6 days old -- $NtUninstallKB948881$
08/04/2008 20:50:52 887606 byte 6 days old -- FaxSetup.log
08/04/2008 20:50:54 174857 byte 6 days old -- ocgen.log
08/04/2008 20:50:54 18401 byte 6 days old -- msgsocm.log
08/04/2008 20:50:55 20305 byte 6 days old -- ocmsn.log
08/04/2008 20:50:55 322389 byte 6 days old -- tsoc.log
08/04/2008 20:50:55 19644 byte 6 days old -- KB948881.log
08/04/2008 20:50:55 1355 byte 6 days old -- imsins.log
08/04/2008 20:50:56 139028 byte 6 days old -- iis6.log
08/04/2008 20:50:56 318582 byte 6 days old -- comsetup.log
08/04/2008 20:50:56 73363 byte 6 days old -- ntdtcsetup.log
09/04/2008 23:24:20 1084 byte 5 days old -- win.ini
11/04/2008 18:35:22 18960 byte 3 days old -- setupapi.log
11/04/2008 19:41:28 (DIR) 0 byte 3 days old -- BDOSCAN8
12/04/2008 01:51:28 448 byte 2 days old -- ulead32.ini
12/04/2008 14:51:30 (DIR) 0 byte 2 days old -- Installer
12/04/2008 16:03:13 187598 byte 2 days old -- ntbtlog.txt
12/04/2008 16:11:41 (DIR) 0 byte 2 days old -- Downloaded Program Files
12/04/2008 16:11:53 (DIR) 0 byte 2 days old -- inf
12/04/2008 16:15:15 15 byte 2 days old -- popcinfo.dat
----- recent files in C:\WINDOWS\Downloaded Program Files\
20/03/2008 15:10:04 367 byte 25 days old -- LegitCheckControl.inf
----- recent files in C:\WINDOWS\system\
----- recent files in C:\WINDOWS\system32\
03/04/2008 18:43:18 (DIR) 0 byte 11 days old -- wbem
03/04/2008 18:43:44 (DIR) 0 byte 11 days old -- config
20/03/2008 04:09:22 1845376 byte 25 days old -- win32k.sys
20/03/2008 18:06:36 1480232 byte 25 days old -- LegitCheckControl.DLL
31/03/2008 14:28:51 (DIR) 0 byte 14 days old -- mui
31/03/2008 14:30:58 960440 byte 14 days old -- PerfStringBackup.INI
31/03/2008 14:30:59 73020 byte 14 days old -- perfc00C.dat
31/03/2008 14:30:59 464474 byte 14 days old -- perfh00C.dat
31/03/2008 14:30:59 397560 byte 14 days old -- perfh009.dat
31/03/2008 14:30:59 59780 byte 14 days old -- perfc009.dat
04/04/2008 17:27:43 15360 byte 10 days old -- Thumbs.db
14/04/2008 14:24:13 58727 byte 0 days old -- vsconfig.xml
14/04/2008 14:25:33 (DIR) 0 byte 0 days old -- CatRoot2
06/04/2008 01:56:20 19836024 byte 8 days old -- MRT.exe
08/04/2008 20:46:52 (DIR) 0 byte 6 days old -- dllcache
08/04/2008 21:19:52 192976 byte 6 days old -- FNTCACHE.DAT
10/04/2008 19:03:32 3072 byte 4 days old -- CONFIG.NT
10/04/2008 23:00:24 (DIR) 0 byte 4 days old -- drivers
10/04/2008 23:11:12 4212 byte 4 days old -- zllictbl.dat
12/04/2008 14:26:26 1158 byte 2 days old -- wpa.dbl
12/04/2008 15:54:14 (DIR) 0 byte 2 days old -- ZoneLabs
----- recent files in C:\WINDOWS\system32\drivers\
14/04/2008 14:20:55 161252 byte 0 days old -- fidbox.idx
14/04/2008 15:50:08 13709344 byte 0 days old -- fidbox.dat
10/04/2008 12:15:32 (DIR) 0 byte 4 days old -- etc
10/04/2008 19:18:33 61632 byte 4 days old -- avipbb.sys
10/04/2008 23:00:24 74396 byte 4 days old -- klin.dat
10/04/2008 23:00:24 75932 byte 4 days old -- klick.dat
----- recent files in C:\WINDOWS\temp\
02/04/2008 10:47:28 16384 byte 12 days old -- Perflib_Perfdata_594.dat
03/04/2008 18:31:46 16384 byte 11 days old -- Perflib_Perfdata_598.dat
03/04/2008 18:45:05 16384 byte 11 days old -- Perflib_Perfdata_590.dat
22/03/2008 12:08:48 16384 byte 23 days old -- Perflib_Perfdata_548.dat
25/03/2008 05:41:36 16384 byte 20 days old -- Perflib_Perfdata_4ac.dat
25/03/2008 05:53:29 16384 byte 20 days old -- Perflib_Perfdata_4b8.dat
27/03/2008 21:18:03 16384 byte 18 days old -- Perflib_Perfdata_544.dat
04/04/2008 00:04:02 16384 byte 10 days old -- Perflib_Perfdata_59c.dat
04/04/2008 13:59:56 16384 byte 10 days old -- Perflib_Perfdata_588.dat
04/04/2008 16:26:30 596 byte 10 days old -- hpzcoi10.log
04/04/2008 16:26:31 596 byte 10 days old -- hpzcoi11.log
04/04/2008 16:26:32 848 byte 10 days old -- hpzcoi13.log
04/04/2008 16:26:32 893 byte 10 days old -- hpzcoi12.log
04/04/2008 17:37:20 7168 byte 10 days old -- Thumbs.db
14/04/2008 02:09:09 154 byte 0 days old -- dw.log
14/04/2008 02:09:46 (DIR) 0 byte 0 days old -- MPTelemetrySubmit
14/04/2008 14:21:50 256 byte 0 days old -- ZLT00108.TMP
14/04/2008 14:21:54 256 byte 0 days old -- ZLT00115.TMP
14/04/2008 14:42:33 35210 byte 0 days old -- MpCmdRun.log
14/04/2008 15:45:18 255 byte 0 days old -- WGAErrLog.txt
05/04/2008 12:12:54 16384 byte 9 days old -- Perflib_Perfdata_5ac.dat
08/04/2008 10:07:23 409 byte 6 days old -- WGANotify.settings
10/04/2008 18:50:25 16384 byte 4 days old -- Perflib_Perfdata_578.dat
10/04/2008 22:57:40 (DIR) 0 byte 4 days old -- _avast4_
10/04/2008 23:14:58 256 byte 4 days old -- ZLT06088.TMP
10/04/2008 23:15:03 256 byte 4 days old -- ZLT0609b.TMP
11/04/2008 02:03:34 33302 byte 3 days old -- MpSigStub.log
12/04/2008 20:24:16 256 byte 2 days old -- ZLT07a29.TMP
12/04/2008 20:24:17 256 byte 2 days old -- ZLT07a2c.TMP
----- recent files in C:\Program Files\
02/04/2008 10:11:38 (DIR) 0 byte 12 days old -- Yahoo!
21/03/2008 12:20:38 (DIR) 0 byte 24 days old -- MSN Messenger
25/03/2008 23:38:00 (DIR) 0 byte 20 days old -- Icons francine
28/03/2008 19:26:01 (DIR) 0 byte 17 days old -- Spybot - Search & Destroy
29/03/2008 12:28:38 (DIR) 0 byte 16 days old -- Windows Defender
14/04/2008 13:52:07 (DIR) 0 byte 0 days old -- CleanUp!
08/04/2008 21:19:48 (DIR) 0 byte 6 days old -- Internet Explorer
10/04/2008 11:58:03 (DIR) 0 byte 4 days old -- Trend Micro
10/04/2008 12:17:09 (DIR) 0 byte 4 days old -- Lopxp
10/04/2008 19:13:40 (DIR) 0 byte 4 days old -- Avira
10/04/2008 22:57:01 (DIR) 0 byte 4 days old -- Zone Labs
12/04/2008 01:30:20 (DIR) 0 byte 2 days old -- Fichiers communs
12/04/2008 14:51:25 (DIR) 0 byte 2 days old -- Photo Story 3 for Windows
12/04/2008 16:25:13 (DIR) 0 byte 2 days old -- clean
----- recent files in C:\Program Files\Fichiers communs\
----- recent files in C:\Documents and Settings\Francine\Application Data\
28/03/2008 19:26:00 (DIR) 0 byte 17 days old -- FunWebProducts
12/04/2008 00:04:27 (DIR) 0 byte 2 days old -- Adobe
----- recent files in C:\DOCUME~1\Francine\LOCALS~1\Temp\
04/04/2008 17:50:33 (DIR) 0 byte 10 days old -- STOPzilla!
14/04/2008 02:22:14 16384 byte 0 days old -- ~DF9F.tmp
14/04/2008 14:24:15 (DIR) 0 byte 0 days old -- WPDNSE
14/04/2008 14:25:32 156 byte 0 days old -- Twunk001.MTX
14/04/2008 14:25:32 408 byte 0 days old -- TWAIN.LOG
14/04/2008 14:25:36 4 byte 0 days old -- Twain001.Mtx
14/04/2008 14:27:53 114688 byte 0 days old -- ~DF5FAA.tmp
14/04/2008 14:27:53 512 byte 0 days old -- ~DF5FE1.tmp
14/04/2008 14:27:58 114688 byte 0 days old -- ~DF70EB.tmp
14/04/2008 14:27:58 512 byte 0 days old -- ~DF7199.tmp
14/04/2008 14:29:32 952 byte 0 days old -- jusched.log
14/04/2008 14:35:28 (DIR) 0 byte 0 days old -- hsperfdata_Francine
14/04/2008 14:35:34 1664 byte 0 days old -- java_install_reg.log
14/04/2008 15:50:07 111 byte 0 days old -- systemscan.ini
14/04/2008 15:50:13 16384 byte 0 days old -- ~DFFD0.tmp
14/04/2008 15:50:14 (DIR) 0 byte 0 days old -- nsu19.tmp
10/04/2008 13:46:30 170793 byte 4 days old -- Sym3F.tmp
10/04/2008 13:46:32 122972 byte 4 days old -- SymNRT 4-10-2008 13h46m30s.log
10/04/2008 14:01:57 0 byte 4 days old -- Twunk002.MTX
10/04/2008 14:05:19 170793 byte 4 days old -- Sym46.tmp
10/04/2008 14:05:20 123134 byte 4 days old -- SymNRT 4-10-2008 14h5m19s.log
10/04/2008 16:07:00 (DIR) 0 byte 4 days old -- MessengerCache
10/04/2008 23:06:18 (DIR) 0 byte 4 days old -- dxc311203203
10/04/2008 23:14:37 (DIR) 0 byte 4 days old -- 041008225429
10/04/2008 23:30:07 16384 byte 4 days old -- ~DFD242.tmp
11/04/2008 23:58:20 (DIR) 0 byte 3 days old -- Adobe Reader 8__
11/04/2008 23:59:55 589 byte 3 days old -- {AC76BA86-7AD7-1033-7B44-A81200000003}.ini
12/04/2008 00:02:39 (DIR) 0 byte 2 days old -- Adobe_Downloads
12/04/2008 01:05:56 2068 byte 2 days old -- wmplog00.sqm
12/04/2008 01:39:56 0 byte 2 days old -- wmvC0.tmp
12/04/2008 13:32:31 7800 byte 2 days old -- Z@RCD.tmp
12/04/2008 13:32:32 1409 byte 2 days old -- Z@SCE.tmp
12/04/2008 13:32:34 55084 byte 2 days old -- Z@RCF.tmp
12/04/2008 13:32:36 1409 byte 2 days old -- Z@SD2.tmp
12/04/2008 13:32:36 1409 byte 2 days old -- Z@SD0.tmp
12/04/2008 13:32:36 22060 byte 2 days old -- Z@RD3.tmp
12/04/2008 13:32:36 23084 byte 2 days old -- Z@RD1.tmp
12/04/2008 13:32:37 1409 byte 2 days old -- Z@SD6.tmp
12/04/2008 13:32:37 1409 byte 2 days old -- Z@SD4.tmp
12/04/2008 13:32:37 62856 byte 2 days old -- Z@RD7.tmp
12/04/2008 13:32:37 4724 byte 2 days old -- Z@RD5.tmp
12/04/2008 13:32:38 48440 byte 2 days old -- Z@RD9.tmp
12/04/2008 13:32:38 1409 byte 2 days old -- Z@SD8.tmp
12/04/2008 13:32:39 32848 byte 2 days old -- Z@RDD.tmp
12/04/2008 13:32:39 6448 byte 2 days old -- Z@RDB.tmp
12/04/2008 13:32:39 1409 byte 2 days old -- Z@SDA.tmp
12/04/2008 13:32:39 40492 byte 2 days old -- Z@RE1.tmp
12/04/2008 13:32:39 1409 byte 2 days old -- Z@SDC.tmp
12/04/2008 13:32:39 1409 byte 2 days old -- Z@SDE.tmp
12/04/2008 13:32:40 1409 byte 2 days old -- Z@SE2.tmp
12/04/2008 13:32:41 55084 byte 2 days old -- Z@RE3.tmp
12/04/2008 13:32:41 1409 byte 2 days old -- Z@SE4.tmp
===================== REGISTRY SCAN =====================
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
@=dword:00000001
"OemReset"="%systemroot%\OPTIONS\OEMRESET.EXE /AUDIT"
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe"
"SoundMan"="SOUNDMAN.EXE"
"UpdateManager"="\"C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe\" /r"
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe"
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe"
"DeskMateAutoUpdate"="C:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe"
"type32"="\"C:\Program Files\Microsoft IntelliType Pro\type32.exe\""
"IntelliPoint"="\"C:\Program Files\Microsoft IntelliPoint\point32.exe\""
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2006 Pro Evaluation\VirusKeeper.exe"
"CieTest"=""
"SunJavaUpdateSched"="\"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe\""
"Horloge Parlante 2000"="C:\Program Files\Horloge Parlante 2000\Horloge Parlante 2000.exe"
"Adobe Photo Downloader"="\"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe\""
"Adobe Reader Speed Launcher"="\"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\""
"Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide"
"avgnt"="\"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe\" /min"
"ZoneAlarm Client"="\"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe\""
[Run\OptionalComponents]
@=""
[Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""
[Run\OptionalComponents\MSFS]
"Installed"="1"
@=""
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
@=""
"Cld2000.exe"="C:\Program Files\Calendrier\Cld2000.exe"
"ATnotes.exe"="C:\Program Files\ATnotes\ATnotes.exe"
"Felix II"="C:\Program Files\ScreenMates\Felix II\Felix2.exe"
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe"
"IMC"="C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe"
"CopernicSummarizerWatchdog"="\"C:\Program Files\Copernic Summarizer\CSAgent.exe\" /thisismandatory"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden"
"WeatherEye"="C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe"
-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----
[Windows]
"AppInit_DLLs"=""
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----
[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\System32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----
[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
#### HKCR\CLSID\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}\InprocServer32 @="C:\PROGRA~1\WIFD1F~1\MpShHook.dll"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"
[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installation de logiciel"
"DllName"=expand:"appmgmts.dll"
[Winlogon\Notify]
[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"
[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
[Winlogon\Notify\WgaLogon]
"DllName"=expand:"WgaLogon.dll"
[Winlogon\Notify\WgaLogon\Settings]
[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
[Winlogon\SCLogon]
[Winlogon\SpecialAccounts]
[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp;Local Settings\Application Data\Microsoft\Outlook"
"BuildNumber"=dword:00000a28
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----
[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"
-----HKLM\System\CurrentControlSet\Control\Session Manager\-----
[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"
[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----
[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
[RunOnceEx]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
-----HKLM\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----
-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----
-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----
[Browser Helper Objects]
[Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
#### HKCR\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\InprocServer32 @="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"NoExplorer"=dword:00000001
[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""
[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll"
"NoExplorer"=dword:00000001
[Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
@=""
[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\program files\google\googletoolbar1.dll"
[Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
#### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll"
-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----
[URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=""
#### HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 @="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"
-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----
[MSConfig]
[MSConfig\services]
[MSConfig\startupfolder]
[MSConfig\startupreg]
[MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000000
-----HKCU\Control Panel\Desktop\-----
[Desktop]
"SCRNSAVE.EXE"="C:\WINDOWS\System32\ssmarque.scr"
[Desktop\WindowMetrics]
-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----
[command]
@="\"%1\" /S"
-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----
[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"
-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----
[URL]
[URL\DefaultPrefix]
@="http://"
[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"
-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----
[Lsa]
[Lsa\AccessProviders]
[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"
[Lsa\Audit]
[Lsa\Audit\PerUserAuditing]
[Lsa\Audit\PerUserAuditing\System]
[Lsa\Data]
[Lsa\SSO]
[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[Lsa\SspiCache]
[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----
[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Pare-feu Windows / Partage de connexion Internet"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"DependOnGroup"=multi:"\00"
"ObjectName"="LocalSystem"
"Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."
[SharedAccess\Epoch]
"Epoch"=dword:00000fb4
[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
[SharedAccess\Parameters\FirewallPolicy]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enaxxxxx@xxxxxres.dll,-22004"
"445:TCP"="445:TCP:*:Enaxxxxx@xxxxxres.dll,-22005"
"137:UDP"="137:UDP:*:Enaxxxxx@xxxxxres.dll,-22001"
"138:UDP"="138:UDP:*:Enaxxxxx@xxxxxres.dll,-22002"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\WINDOWS\system32\ossproxy.exe"="C:\WINDOWS\system32\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Documents and Settings\Francine\Local Settings\Temp\~osB12.tmp\ossproxy.exe"="C:\Documents and Settings\Francine\Local Settings\Temp\~osB12.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\Program Files\Messager Voila\Messager Voila.exe"="C:\Program Files\Messager Voila\Messager Voila.exe:*:Enabled:Application Messager"
"C:\Documents and Settings\Francine\Local Settings\Temp\~os1B9.tmp\ossproxy.exe"="C:\Documents and Settings\Francine\Local Settings\Temp\~os1B9.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"c:\windows\system32\rk.exe"="c:\windows\system32\rk.exe:*:Enabled:rk.exe"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\Documents and Settings\Francine\Mes documents\smileys msn courrier\incredimail_install.exe"="C:\Documents and Settings\Francine\Mes documents\smileys msn courrier\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\Documents and Settings\Francine\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe"="C:\Documents and Settings\Francine\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\Documents and Settings\Francine\Local Settings\Temporary Internet Files\Content.IE5\PBNZL9KA\incredimail_install[1].exe"="C:\Documents and Settings\Francine\Local Settings\Temporary Internet Files\Content.IE5\PBNZL9KA\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\Pogo Games\Great Escapes Solitaire Collection\solitaire.exe"="C:\Program Files\Pogo Games\Great Escapes Solitaire Collection\solitaire.exe:*:Enabled:solitaire"
"C:\Documents and Settings\Francine\Mes documents\smileys msn courrier\son msn news\mcoview.exe"="C:\Documents and Settings\Francine\Mes documents\smileys msn courrier\son msn news\mcoview.exe:*:Enabled:mcoview"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Orb Networks\Orb\bin\Orb.exe"="C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Orb Networks\Orb\bin\Orb3GPStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\Orb3GPStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Orb Networks\Orb\bin\OrbRMStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbRMStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Orb Networks\Orb\bin\xmltv.exe"="C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:*:Enabled:OrbTVGuide"
"C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:*:Enabled:OrbChannelScan"
"C:\Documents and Settings\Francine\Mes documents\les telechargement oki\Nouveau dossier (2)\mIRC\mirc.exe"="C:\Documents and Settings\Francine\Mes documents\les telechargement oki\Nouveau dossier (2)\mIRC\mirc.exe:*:Enabled:mIRC"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\Orb.exe"="C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\Orb.exe:*:Enabled:Orb"
"C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\OrbTray.exe"="C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\OrbStreamerClient.exe"="C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\xmltv.exe"="C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\xmltv.exe:*:Enabled:OrbTVGuide"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe"="C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22002"
[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"{7AC78802-DE91-4C16-9318-1548550B330C}"=dword:00000001
-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----
-----HKLM\Software\Microsoft\Ole-----
[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
[Ole\AppCompat]
[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----
[Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000000
[Security Center\Monitoring]
"DisableMonitoring"=dword:00000001
[Security Center\Monitoring\AhnlabAntiVirus]
[Security Center\Monitoring\ComputerAssociatesAntiVirus]
[Security Center\Monitoring\KasperskyAntiVirus]
[Security Center\Monitoring\McAfeeAntiVirus]
[Security Center\Monitoring\McAfeeFirewall]
[Security Center\Monitoring\PandaAntiVirus]
[Security Center\Monitoring\PandaFirewall]
[Security Center\Monitoring\SophosAntiVirus]
[Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[Security Center\Monitoring\TinyFirewall]
[Security Center\Monitoring\TrendAntiVirus]
[Security Center\Monitoring\TrendFirewall]
[Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----
[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"RestoreStatus"=dword:00000001
"RestoreSafeModeStatus"=dword:00000000
[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{7DEBC039-111C-4F63-9CCD-9484995A9AC8}"
[SystemRestore\SnapshotCallbacks]
@=""
-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----
[VB and VBA Program Settings]
[VB and VBA Program Settings\-2147483647]
[VB and VBA Program Settings\-2147483647\SOFTWARE]
[VB and VBA Program Settings\-2147483647\SOFTWARE\DomeConnection]
[VB and VBA Program Settings\-2147483647\SOFTWARE\DomeConnection\Settings]
[VB and VBA Program Settings\Carasexe]
[VB and VBA Program Settings\Carasexe\pseudo]
[VB and VBA Program Settings\DirScraZ]
[VB and VBA Program Settings\DirScraZ\Lance]
[VB and VBA Program Settings\easyrencontre]
[VB and VBA Program Settings\easyrencontre\pseudo]
-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
[AdvancedOptions]
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
-----HKLM\Software\Microsoft\Active Setup\Installed Components-----
[Installed Components]
[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"
[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Lecteur Windows Media"
"ComponentID"="WMPACCESS"
[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"
[Installed Components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}]
#### HKCR\CLSID\{0291E591-EA41-4c82-8106-3DC6CE7F7664}\InprocServer32 @="C:\Program Files\Yahoo!\Common\yinsthelper.dll"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\system32\msjava.dll"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
"@="Internet Explorer Classes for Java"
"ComponentID"="IEJAVA"
[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendu VML (Vector Graphics Rendering)"
"ComponentID"="MSVML"
[Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}]
#### HKCR\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 @="C:\WINDOWS\system32\macromed\Director\SwDir.dll"
"ComponentID"="Director"
"@="Macromedia Shockwave Director 10.1"
[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""
[Installed Components\{2298d453-bcae-4519-bf33-1cbf3faf1524}]
"@="Q867801"
"ComponentID"="Q867801"
[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"
[Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]
#### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\SwDir.dll"
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.3"
[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
"@="DirectAnimation"
"ComponentID"="DirectAnimation"
[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.3"
[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"
[Installed Components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}]
#### HKCR\CLSID\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\InprocServer32 @="C:\Program Files\Yahoo!\Common\yinsthelper.dll"
[Installed Components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}]
#### HKCR\CLSID\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}\InprocServer32 @="C:\Program Files\Yahoo!\Common\yinsthelper.dll"
[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Liaison de données Dynamic HTML pour Java"
"ComponentID"="TridataJava"
[Installed Components\{377483c2-e4b4-4ee8-b577-9aed264c8735}]
"@="Q822925"
"ComponentID"="Q822925"
[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"
[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"
[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Création avancée"
"ComponentID"="AdvAuth"
[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"
[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft DirectX"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"
[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classes Java DirectAnimation"
"ComponentID"="DAJava"
[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"
[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
"@="Windows Messenger 4.7"
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"
[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
[Installed Components\{5f3c70b3-ac2f-432c-8f9c-1624df61f54f}]
"@="Microsoft Data Access Components KB870669"
"ComponentID"="KB870669"
[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\System32\msieftp.dll"
[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"
[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"
[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
"@="Web Folders"
"ComponentID"="WebFolders"
[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Carnet d'adresses 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Mise à jour du Bureau Windows"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"StubPath"="c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install"
"ComponentID"="DOTNETFRAMEWORKS"
[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"
[Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"
[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Planificateur de tâches"
"ComponentID"="MSTASK"
[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"
[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"
[Installed Components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
"StubPath"=expand:"rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub"
"ComponentID"="Frontpad_259"
[Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}]
"ComponentID"="Yahoo! Messenger"
[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"
[Installed Components\{f5173cf0-1dfb-4978-8e50-a90169ee7ca9}]
"@="Q823353"
"ComponentID"="Q823353"
[Installed Components\{F5776D81-AE53-4935-8E84-B0B283D8BCEF}]
"@="Q330994"
"ComponentID"="Q330994"
-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aec\{25d1df4a-0fc9-d65e-1ecd-8f4dcde7d8b8} FilteredOffset REG_DWORD -1056632307 (0xC105120D)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\aec\{25d1df4a-0fc9-d65e-1ecd-8f4dcde7d8b8} FilteredOffset REG_DWORD -1057470593 (0xC0F8477F)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ccEvtMgr
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ccProxy
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ccPwdSvc
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ccSetMgr
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ContentFilter\Performance WbemAdapFileSignature REG_BINARY CC51CA425040C6F0B56214D93E7EE8C4
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\ContentFilter\Performance WbemAdapFileSignature REG_BINARY FA3329E6261ED553FB0A3195E27BE0F0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ContentIndex\Performance WbemAdapFileSignature REG_BINARY CC51CA425040C6F0B56214D93E7EE8C4
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\ContentIndex\Performance WbemAdapFileSignature REG_BINARY FA3329E6261ED553FB0A3195E27BE0F0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {7AC78802-DE91-4C16-9318-1548550B330C} REG_BINARY 3600000000000000040000000000000097F66141C0A801013300000000000000040000000000000097F661410007E90006000000000000000C0000000000000097F6614118C8F10A18C8F11218C8F10E0300000000000
SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)
Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\Francine\Local Settings\Temporary Internet Files\Content.IE5\YIWAB21A\sys31596[1].exe
Running in: User mode
Date: 4/14/2008
Time: 3:52:08 PM
Output limited to:
-Recent files
-Registry Run Keys
-Suspicious Files
===================== RECENT FILES =====================
Showing files newer than 30 days
----- recent files in C:\
14/04/2008 03:07:26 474 byte 0 days old -- Raccourci vers Mes documents.lnk
14/04/2008 13:51:53 (DIR) 0 byte 0 days old -- Program Files
14/04/2008 14:21:25 352321536 byte 0 days old -- pagefile.sys
14/04/2008 14:23:52 (DIR) 0 byte 0 days old -- WINDOWS
14/04/2008 15:26:17 525 byte 0 days old -- hpfr3420.xml
14/04/2008 15:26:17 294 byte 0 days old -- hpfr3425.log
10/04/2008 13:57:45 (DIR) 0 byte 4 days old -- _OTMoveIt
12/04/2008 15:54:15 (DIR) 0 byte 2 days old -- Config.Msi
----- recent files in C:\WINDOWS\
03/04/2008 15:10:47 282 byte 11 days old -- system.ini
03/04/2008 18:43:18 (DIR) 0 byte 11 days old -- Registration
22/03/2008 04:34:56 796672 byte 23 days old -- GPInstall.exe
27/03/2008 16:03:01 97342 byte 18 days old -- wmsetup.log
29/03/2008 12:40:30 (DIR) 0 byte 16 days old -- Help
31/03/2008 15:28:21 (DIR) 0 byte 14 days old -- assembly
31/03/2008 15:28:23 (DIR) 0 byte 14 days old -- Microsoft.NET
04/04/2008 12:52:11 (DIR) 0 byte 10 days old -- network diagnostic
04/04/2008 16:26:46 1035310 byte 10 days old -- setupapi.log.0.old
04/04/2008 18:01:15 (DIR) 0 byte 10 days old -- WinSxS
14/04/2008 13:52:17 (DIR) 0 byte 0 days old -- Prefetch
14/04/2008 14:20:38 32586 byte 0 days old -- SchedLgU.Txt
14/04/2008 14:21:31 2048 byte 0 days old -- bootstat.dat
14/04/2008 14:22:21 50 byte 0 days old -- wiaservc.log
14/04/2008 14:23:53 0 byte 0 days old -- 0.log
14/04/2008 14:25:22 (DIR) 0 byte 0 days old -- Tasks
14/04/2008 14:30:24 159 byte 0 days old -- wiadebug.log
14/04/2008 14:47:07 1886657 byte 0 days old -- WindowsUpdate.log
14/04/2008 14:49:00 2678 byte 0 days old -- setupact.log
14/04/2008 15:26:12 (DIR) 0 byte 0 days old -- system32
14/04/2008 15:46:45 (DIR) 0 byte 0 days old -- Internet Logs
14/04/2008 15:50:13 (DIR) 0 byte 0 days old -- Temp
05/04/2008 12:12:26 (DIR) 0 byte 9 days old -- SxsCaPendDel
08/04/2008 20:38:18 (DIR) 0 byte 6 days old -- $NtUninstallKB945553$
08/04/2008 20:39:28 16046 byte 6 days old -- KB945553.log
08/04/2008 20:43:44 (DIR) 0 byte 6 days old -- $NtUninstallKB948590$
08/04/2008 20:43:52 15967 byte 6 days old -- KB948590.log
08/04/2008 20:44:05 (DIR) 0 byte 6 days old -- ie7updates
08/04/2008 20:45:07 131194 byte 6 days old -- updspapi.log
08/04/2008 20:45:54 24896 byte 6 days old -- KB947864-IE7.log
08/04/2008 20:46:49 (DIR) 0 byte 6 days old -- $NtUninstallKB941693$
08/04/2008 20:47:13 24314 byte 6 days old -- KB941693.log
08/04/2008 20:47:14 1355 byte 6 days old -- imsins.BAK
08/04/2008 20:50:24 (DIR) 0 byte 6 days old -- $hf_mig$
08/04/2008 20:50:32 (DIR) 0 byte 6 days old -- $NtUninstallKB948881$
08/04/2008 20:50:52 887606 byte 6 days old -- FaxSetup.log
08/04/2008 20:50:54 174857 byte 6 days old -- ocgen.log
08/04/2008 20:50:54 18401 byte 6 days old -- msgsocm.log
08/04/2008 20:50:55 20305 byte 6 days old -- ocmsn.log
08/04/2008 20:50:55 322389 byte 6 days old -- tsoc.log
08/04/2008 20:50:55 19644 byte 6 days old -- KB948881.log
08/04/2008 20:50:55 1355 byte 6 days old -- imsins.log
08/04/2008 20:50:56 139028 byte 6 days old -- iis6.log
08/04/2008 20:50:56 318582 byte 6 days old -- comsetup.log
08/04/2008 20:50:56 73363 byte 6 days old -- ntdtcsetup.log
09/04/2008 23:24:20 1084 byte 5 days old -- win.ini
11/04/2008 18:35:22 18960 byte 3 days old -- setupapi.log
11/04/2008 19:41:28 (DIR) 0 byte 3 days old -- BDOSCAN8
12/04/2008 01:51:28 448 byte 2 days old -- ulead32.ini
12/04/2008 14:51:30 (DIR) 0 byte 2 days old -- Installer
12/04/2008 16:03:13 187598 byte 2 days old -- ntbtlog.txt
12/04/2008 16:11:41 (DIR) 0 byte 2 days old -- Downloaded Program Files
12/04/2008 16:11:53 (DIR) 0 byte 2 days old -- inf
12/04/2008 16:15:15 15 byte 2 days old -- popcinfo.dat
----- recent files in C:\WINDOWS\Downloaded Program Files\
20/03/2008 15:10:04 367 byte 25 days old -- LegitCheckControl.inf
----- recent files in C:\WINDOWS\system\
----- recent files in C:\WINDOWS\system32\
03/04/2008 18:43:18 (DIR) 0 byte 11 days old -- wbem
03/04/2008 18:43:44 (DIR) 0 byte 11 days old -- config
20/03/2008 04:09:22 1845376 byte 25 days old -- win32k.sys
20/03/2008 18:06:36 1480232 byte 25 days old -- LegitCheckControl.DLL
31/03/2008 14:28:51 (DIR) 0 byte 14 days old -- mui
31/03/2008 14:30:58 960440 byte 14 days old -- PerfStringBackup.INI
31/03/2008 14:30:59 73020 byte 14 days old -- perfc00C.dat
31/03/2008 14:30:59 464474 byte 14 days old -- perfh00C.dat
31/03/2008 14:30:59 397560 byte 14 days old -- perfh009.dat
31/03/2008 14:30:59 59780 byte 14 days old -- perfc009.dat
04/04/2008 17:27:43 15360 byte 10 days old -- Thumbs.db
14/04/2008 14:24:13 58727 byte 0 days old -- vsconfig.xml
14/04/2008 14:25:33 (DIR) 0 byte 0 days old -- CatRoot2
06/04/2008 01:56:20 19836024 byte 8 days old -- MRT.exe
08/04/2008 20:46:52 (DIR) 0 byte 6 days old -- dllcache
08/04/2008 21:19:52 192976 byte 6 days old -- FNTCACHE.DAT
10/04/2008 19:03:32 3072 byte 4 days old -- CONFIG.NT
10/04/2008 23:00:24 (DIR) 0 byte 4 days old -- drivers
10/04/2008 23:11:12 4212 byte 4 days old -- zllictbl.dat
12/04/2008 14:26:26 1158 byte 2 days old -- wpa.dbl
12/04/2008 15:54:14 (DIR) 0 byte 2 days old -- ZoneLabs
----- recent files in C:\WINDOWS\system32\drivers\
14/04/2008 14:20:55 161252 byte 0 days old -- fidbox.idx
14/04/2008 15:50:08 13709344 byte 0 days old -- fidbox.dat
10/04/2008 12:15:32 (DIR) 0 byte 4 days old -- etc
10/04/2008 19:18:33 61632 byte 4 days old -- avipbb.sys
10/04/2008 23:00:24 74396 byte 4 days old -- klin.dat
10/04/2008 23:00:24 75932 byte 4 days old -- klick.dat
----- recent files in C:\WINDOWS\temp\
02/04/2008 10:47:28 16384 byte 12 days old -- Perflib_Perfdata_594.dat
03/04/2008 18:31:46 16384 byte 11 days old -- Perflib_Perfdata_598.dat
03/04/2008 18:45:05 16384 byte 11 days old -- Perflib_Perfdata_590.dat
22/03/2008 12:08:48 16384 byte 23 days old -- Perflib_Perfdata_548.dat
25/03/2008 05:41:36 16384 byte 20 days old -- Perflib_Perfdata_4ac.dat
25/03/2008 05:53:29 16384 byte 20 days old -- Perflib_Perfdata_4b8.dat
27/03/2008 21:18:03 16384 byte 18 days old -- Perflib_Perfdata_544.dat
04/04/2008 00:04:02 16384 byte 10 days old -- Perflib_Perfdata_59c.dat
04/04/2008 13:59:56 16384 byte 10 days old -- Perflib_Perfdata_588.dat
04/04/2008 16:26:30 596 byte 10 days old -- hpzcoi10.log
04/04/2008 16:26:31 596 byte 10 days old -- hpzcoi11.log
04/04/2008 16:26:32 848 byte 10 days old -- hpzcoi13.log
04/04/2008 16:26:32 893 byte 10 days old -- hpzcoi12.log
04/04/2008 17:37:20 7168 byte 10 days old -- Thumbs.db
14/04/2008 02:09:09 154 byte 0 days old -- dw.log
14/04/2008 02:09:46 (DIR) 0 byte 0 days old -- MPTelemetrySubmit
14/04/2008 14:21:50 256 byte 0 days old -- ZLT00108.TMP
14/04/2008 14:21:54 256 byte 0 days old -- ZLT00115.TMP
14/04/2008 14:42:33 35210 byte 0 days old -- MpCmdRun.log
14/04/2008 15:45:18 255 byte 0 days old -- WGAErrLog.txt
05/04/2008 12:12:54 16384 byte 9 days old -- Perflib_Perfdata_5ac.dat
08/04/2008 10:07:23 409 byte 6 days old -- WGANotify.settings
10/04/2008 18:50:25 16384 byte 4 days old -- Perflib_Perfdata_578.dat
10/04/2008 22:57:40 (DIR) 0 byte 4 days old -- _avast4_
10/04/2008 23:14:58 256 byte 4 days old -- ZLT06088.TMP
10/04/2008 23:15:03 256 byte 4 days old -- ZLT0609b.TMP
11/04/2008 02:03:34 33302 byte 3 days old -- MpSigStub.log
12/04/2008 20:24:16 256 byte 2 days old -- ZLT07a29.TMP
12/04/2008 20:24:17 256 byte 2 days old -- ZLT07a2c.TMP
----- recent files in C:\Program Files\
02/04/2008 10:11:38 (DIR) 0 byte 12 days old -- Yahoo!
21/03/2008 12:20:38 (DIR) 0 byte 24 days old -- MSN Messenger
25/03/2008 23:38:00 (DIR) 0 byte 20 days old -- Icons francine
28/03/2008 19:26:01 (DIR) 0 byte 17 days old -- Spybot - Search & Destroy
29/03/2008 12:28:38 (DIR) 0 byte 16 days old -- Windows Defender
14/04/2008 13:52:07 (DIR) 0 byte 0 days old -- CleanUp!
08/04/2008 21:19:48 (DIR) 0 byte 6 days old -- Internet Explorer
10/04/2008 11:58:03 (DIR) 0 byte 4 days old -- Trend Micro
10/04/2008 12:17:09 (DIR) 0 byte 4 days old -- Lopxp
10/04/2008 19:13:40 (DIR) 0 byte 4 days old -- Avira
10/04/2008 22:57:01 (DIR) 0 byte 4 days old -- Zone Labs
12/04/2008 01:30:20 (DIR) 0 byte 2 days old -- Fichiers communs
12/04/2008 14:51:25 (DIR) 0 byte 2 days old -- Photo Story 3 for Windows
12/04/2008 16:25:13 (DIR) 0 byte 2 days old -- clean
----- recent files in C:\Program Files\Fichiers communs\
----- recent files in C:\Documents and Settings\Francine\Application Data\
28/03/2008 19:26:00 (DIR) 0 byte 17 days old -- FunWebProducts
12/04/2008 00:04:27 (DIR) 0 byte 2 days old -- Adobe
----- recent files in C:\DOCUME~1\Francine\LOCALS~1\Temp\
04/04/2008 17:50:33 (DIR) 0 byte 10 days old -- STOPzilla!
14/04/2008 02:22:14 16384 byte 0 days old -- ~DF9F.tmp
14/04/2008 14:24:15 (DIR) 0 byte 0 days old -- WPDNSE
14/04/2008 14:25:32 156 byte 0 days old -- Twunk001.MTX
14/04/2008 14:25:32 408 byte 0 days old -- TWAIN.LOG
14/04/2008 14:25:36 4 byte 0 days old -- Twain001.Mtx
14/04/2008 14:27:53 114688 byte 0 days old -- ~DF5FAA.tmp
14/04/2008 14:27:53 512 byte 0 days old -- ~DF5FE1.tmp
14/04/2008 14:27:58 114688 byte 0 days old -- ~DF70EB.tmp
14/04/2008 14:27:58 512 byte 0 days old -- ~DF7199.tmp
14/04/2008 14:29:32 952 byte 0 days old -- jusched.log
14/04/2008 14:35:28 (DIR) 0 byte 0 days old -- hsperfdata_Francine
14/04/2008 14:35:34 1664 byte 0 days old -- java_install_reg.log
14/04/2008 15:50:07 111 byte 0 days old -- systemscan.ini
14/04/2008 15:50:13 16384 byte 0 days old -- ~DFFD0.tmp
14/04/2008 15:50:14 (DIR) 0 byte 0 days old -- nsu19.tmp
10/04/2008 13:46:30 170793 byte 4 days old -- Sym3F.tmp
10/04/2008 13:46:32 122972 byte 4 days old -- SymNRT 4-10-2008 13h46m30s.log
10/04/2008 14:01:57 0 byte 4 days old -- Twunk002.MTX
10/04/2008 14:05:19 170793 byte 4 days old -- Sym46.tmp
10/04/2008 14:05:20 123134 byte 4 days old -- SymNRT 4-10-2008 14h5m19s.log
10/04/2008 16:07:00 (DIR) 0 byte 4 days old -- MessengerCache
10/04/2008 23:06:18 (DIR) 0 byte 4 days old -- dxc311203203
10/04/2008 23:14:37 (DIR) 0 byte 4 days old -- 041008225429
10/04/2008 23:30:07 16384 byte 4 days old -- ~DFD242.tmp
11/04/2008 23:58:20 (DIR) 0 byte 3 days old -- Adobe Reader 8__
11/04/2008 23:59:55 589 byte 3 days old -- {AC76BA86-7AD7-1033-7B44-A81200000003}.ini
12/04/2008 00:02:39 (DIR) 0 byte 2 days old -- Adobe_Downloads
12/04/2008 01:05:56 2068 byte 2 days old -- wmplog00.sqm
12/04/2008 01:39:56 0 byte 2 days old -- wmvC0.tmp
12/04/2008 13:32:31 7800 byte 2 days old -- Z@RCD.tmp
12/04/2008 13:32:32 1409 byte 2 days old -- Z@SCE.tmp
12/04/2008 13:32:34 55084 byte 2 days old -- Z@RCF.tmp
12/04/2008 13:32:36 1409 byte 2 days old -- Z@SD2.tmp
12/04/2008 13:32:36 1409 byte 2 days old -- Z@SD0.tmp
12/04/2008 13:32:36 22060 byte 2 days old -- Z@RD3.tmp
12/04/2008 13:32:36 23084 byte 2 days old -- Z@RD1.tmp
12/04/2008 13:32:37 1409 byte 2 days old -- Z@SD6.tmp
12/04/2008 13:32:37 1409 byte 2 days old -- Z@SD4.tmp
12/04/2008 13:32:37 62856 byte 2 days old -- Z@RD7.tmp
12/04/2008 13:32:37 4724 byte 2 days old -- Z@RD5.tmp
12/04/2008 13:32:38 48440 byte 2 days old -- Z@RD9.tmp
12/04/2008 13:32:38 1409 byte 2 days old -- Z@SD8.tmp
12/04/2008 13:32:39 32848 byte 2 days old -- Z@RDD.tmp
12/04/2008 13:32:39 6448 byte 2 days old -- Z@RDB.tmp
12/04/2008 13:32:39 1409 byte 2 days old -- Z@SDA.tmp
12/04/2008 13:32:39 40492 byte 2 days old -- Z@RE1.tmp
12/04/2008 13:32:39 1409 byte 2 days old -- Z@SDC.tmp
12/04/2008 13:32:39 1409 byte 2 days old -- Z@SDE.tmp
12/04/2008 13:32:40 1409 byte 2 days old -- Z@SE2.tmp
12/04/2008 13:32:41 55084 byte 2 days old -- Z@RE3.tmp
12/04/2008 13:32:41 1409 byte 2 days old -- Z@SE4.tmp
===================== REGISTRY SCAN =====================
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
@=dword:00000001
"OemReset"="%systemroot%\OPTIONS\OEMRESET.EXE /AUDIT"
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe"
"SoundMan"="SOUNDMAN.EXE"
"UpdateManager"="\"C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe\" /r"
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe"
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe"
"DeskMateAutoUpdate"="C:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe"
"type32"="\"C:\Program Files\Microsoft IntelliType Pro\type32.exe\""
"IntelliPoint"="\"C:\Program Files\Microsoft IntelliPoint\point32.exe\""
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2006 Pro Evaluation\VirusKeeper.exe"
"CieTest"=""
"SunJavaUpdateSched"="\"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe\""
"Horloge Parlante 2000"="C:\Program Files\Horloge Parlante 2000\Horloge Parlante 2000.exe"
"Adobe Photo Downloader"="\"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe\""
"Adobe Reader Speed Launcher"="\"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\""
"Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide"
"avgnt"="\"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe\" /min"
"ZoneAlarm Client"="\"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe\""
[Run\OptionalComponents]
@=""
[Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""
[Run\OptionalComponents\MSFS]
"Installed"="1"
@=""
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
@=""
"Cld2000.exe"="C:\Program Files\Calendrier\Cld2000.exe"
"ATnotes.exe"="C:\Program Files\ATnotes\ATnotes.exe"
"Felix II"="C:\Program Files\ScreenMates\Felix II\Felix2.exe"
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe"
"IMC"="C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe"
"CopernicSummarizerWatchdog"="\"C:\Program Files\Copernic Summarizer\CSAgent.exe\" /thisismandatory"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden"
"WeatherEye"="C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe"
-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----
[Windows]
"AppInit_DLLs"=""
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----
[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\System32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----
[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
#### HKCR\CLSID\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}\InprocServer32 @="C:\PROGRA~1\WIFD1F~1\MpShHook.dll"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"
[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installation de logiciel"
"DllName"=expand:"appmgmts.dll"
[Winlogon\Notify]
[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"
[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
[Winlogon\Notify\WgaLogon]
"DllName"=expand:"WgaLogon.dll"
[Winlogon\Notify\WgaLogon\Settings]
[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
[Winlogon\SCLogon]
[Winlogon\SpecialAccounts]
[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp;Local Settings\Application Data\Microsoft\Outlook"
"BuildNumber"=dword:00000a28
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----
[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"
-----HKLM\System\CurrentControlSet\Control\Session Manager\-----
[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"
[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----
[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
[RunOnceEx]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
-----HKLM\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----
-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----
-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----
[Browser Helper Objects]
[Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
#### HKCR\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\InprocServer32 @="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"NoExplorer"=dword:00000001
[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""
[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll"
"NoExplorer"=dword:00000001
[Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
@=""
[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\program files\google\googletoolbar1.dll"
[Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
#### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll"
-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----
[URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=""
#### HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 @="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"
-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----
[MSConfig]
[MSConfig\services]
[MSConfig\startupfolder]
[MSConfig\startupreg]
[MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000000
-----HKCU\Control Panel\Desktop\-----
[Desktop]
"SCRNSAVE.EXE"="C:\WINDOWS\System32\ssmarque.scr"
[Desktop\WindowMetrics]
-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----
[command]
@="\"%1\" /S"
-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----
[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"
-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----
[URL]
[URL\DefaultPrefix]
@="http://"
[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"
-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----
[Lsa]
[Lsa\AccessProviders]
[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"
[Lsa\Audit]
[Lsa\Audit\PerUserAuditing]
[Lsa\Audit\PerUserAuditing\System]
[Lsa\Data]
[Lsa\SSO]
[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[Lsa\SspiCache]
[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----
[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Pare-feu Windows / Partage de connexion Internet"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"DependOnGroup"=multi:"\00"
"ObjectName"="LocalSystem"
"Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."
[SharedAccess\Epoch]
"Epoch"=dword:00000fb4
[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
[SharedAccess\Parameters\FirewallPolicy]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enaxxxxx@xxxxxres.dll,-22004"
"445:TCP"="445:TCP:*:Enaxxxxx@xxxxxres.dll,-22005"
"137:UDP"="137:UDP:*:Enaxxxxx@xxxxxres.dll,-22001"
"138:UDP"="138:UDP:*:Enaxxxxx@xxxxxres.dll,-22002"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\WINDOWS\system32\ossproxy.exe"="C:\WINDOWS\system32\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Documents and Settings\Francine\Local Settings\Temp\~osB12.tmp\ossproxy.exe"="C:\Documents and Settings\Francine\Local Settings\Temp\~osB12.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\Program Files\Messager Voila\Messager Voila.exe"="C:\Program Files\Messager Voila\Messager Voila.exe:*:Enabled:Application Messager"
"C:\Documents and Settings\Francine\Local Settings\Temp\~os1B9.tmp\ossproxy.exe"="C:\Documents and Settings\Francine\Local Settings\Temp\~os1B9.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"c:\windows\system32\rk.exe"="c:\windows\system32\rk.exe:*:Enabled:rk.exe"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\Documents and Settings\Francine\Mes documents\smileys msn courrier\incredimail_install.exe"="C:\Documents and Settings\Francine\Mes documents\smileys msn courrier\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\Documents and Settings\Francine\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe"="C:\Documents and Settings\Francine\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\Documents and Settings\Francine\Local Settings\Temporary Internet Files\Content.IE5\PBNZL9KA\incredimail_install[1].exe"="C:\Documents and Settings\Francine\Local Settings\Temporary Internet Files\Content.IE5\PBNZL9KA\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\Pogo Games\Great Escapes Solitaire Collection\solitaire.exe"="C:\Program Files\Pogo Games\Great Escapes Solitaire Collection\solitaire.exe:*:Enabled:solitaire"
"C:\Documents and Settings\Francine\Mes documents\smileys msn courrier\son msn news\mcoview.exe"="C:\Documents and Settings\Francine\Mes documents\smileys msn courrier\son msn news\mcoview.exe:*:Enabled:mcoview"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Orb Networks\Orb\bin\Orb.exe"="C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Orb Networks\Orb\bin\Orb3GPStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\Orb3GPStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Orb Networks\Orb\bin\OrbRMStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbRMStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Orb Networks\Orb\bin\xmltv.exe"="C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:*:Enabled:OrbTVGuide"
"C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:*:Enabled:OrbChannelScan"
"C:\Documents and Settings\Francine\Mes documents\les telechargement oki\Nouveau dossier (2)\mIRC\mirc.exe"="C:\Documents and Settings\Francine\Mes documents\les telechargement oki\Nouveau dossier (2)\mIRC\mirc.exe:*:Enabled:mIRC"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\Orb.exe"="C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\Orb.exe:*:Enabled:Orb"
"C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\OrbTray.exe"="C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\OrbStreamerClient.exe"="C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\xmltv.exe"="C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\xmltv.exe:*:Enabled:OrbTVGuide"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe"="C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22002"
[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"{7AC78802-DE91-4C16-9318-1548550B330C}"=dword:00000001
-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----
-----HKLM\Software\Microsoft\Ole-----
[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
[Ole\AppCompat]
[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----
[Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000000
[Security Center\Monitoring]
"DisableMonitoring"=dword:00000001
[Security Center\Monitoring\AhnlabAntiVirus]
[Security Center\Monitoring\ComputerAssociatesAntiVirus]
[Security Center\Monitoring\KasperskyAntiVirus]
[Security Center\Monitoring\McAfeeAntiVirus]
[Security Center\Monitoring\McAfeeFirewall]
[Security Center\Monitoring\PandaAntiVirus]
[Security Center\Monitoring\PandaFirewall]
[Security Center\Monitoring\SophosAntiVirus]
[Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[Security Center\Monitoring\TinyFirewall]
[Security Center\Monitoring\TrendAntiVirus]
[Security Center\Monitoring\TrendFirewall]
[Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----
[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"RestoreStatus"=dword:00000001
"RestoreSafeModeStatus"=dword:00000000
[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{7DEBC039-111C-4F63-9CCD-9484995A9AC8}"
[SystemRestore\SnapshotCallbacks]
@=""
-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----
[VB and VBA Program Settings]
[VB and VBA Program Settings\-2147483647]
[VB and VBA Program Settings\-2147483647\SOFTWARE]
[VB and VBA Program Settings\-2147483647\SOFTWARE\DomeConnection]
[VB and VBA Program Settings\-2147483647\SOFTWARE\DomeConnection\Settings]
[VB and VBA Program Settings\Carasexe]
[VB and VBA Program Settings\Carasexe\pseudo]
[VB and VBA Program Settings\DirScraZ]
[VB and VBA Program Settings\DirScraZ\Lance]
[VB and VBA Program Settings\easyrencontre]
[VB and VBA Program Settings\easyrencontre\pseudo]
-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
[AdvancedOptions]
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
-----HKLM\Software\Microsoft\Active Setup\Installed Components-----
[Installed Components]
[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"
[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Lecteur Windows Media"
"ComponentID"="WMPACCESS"
[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"
[Installed Components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}]
#### HKCR\CLSID\{0291E591-EA41-4c82-8106-3DC6CE7F7664}\InprocServer32 @="C:\Program Files\Yahoo!\Common\yinsthelper.dll"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\system32\msjava.dll"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
"@="Internet Explorer Classes for Java"
"ComponentID"="IEJAVA"
[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendu VML (Vector Graphics Rendering)"
"ComponentID"="MSVML"
[Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}]
#### HKCR\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 @="C:\WINDOWS\system32\macromed\Director\SwDir.dll"
"ComponentID"="Director"
"@="Macromedia Shockwave Director 10.1"
[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""
[Installed Components\{2298d453-bcae-4519-bf33-1cbf3faf1524}]
"@="Q867801"
"ComponentID"="Q867801"
[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"
[Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]
#### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\SwDir.dll"
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.3"
[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
"@="DirectAnimation"
"ComponentID"="DirectAnimation"
[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.3"
[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"
[Installed Components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}]
#### HKCR\CLSID\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\InprocServer32 @="C:\Program Files\Yahoo!\Common\yinsthelper.dll"
[Installed Components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}]
#### HKCR\CLSID\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}\InprocServer32 @="C:\Program Files\Yahoo!\Common\yinsthelper.dll"
[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Liaison de données Dynamic HTML pour Java"
"ComponentID"="TridataJava"
[Installed Components\{377483c2-e4b4-4ee8-b577-9aed264c8735}]
"@="Q822925"
"ComponentID"="Q822925"
[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"
[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"
[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Création avancée"
"ComponentID"="AdvAuth"
[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"
[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft DirectX"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"
[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classes Java DirectAnimation"
"ComponentID"="DAJava"
[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"
[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
"@="Windows Messenger 4.7"
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"
[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
[Installed Components\{5f3c70b3-ac2f-432c-8f9c-1624df61f54f}]
"@="Microsoft Data Access Components KB870669"
"ComponentID"="KB870669"
[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\System32\msieftp.dll"
[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"
[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"
[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
"@="Web Folders"
"ComponentID"="WebFolders"
[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Carnet d'adresses 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Mise à jour du Bureau Windows"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"StubPath"="c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install"
"ComponentID"="DOTNETFRAMEWORKS"
[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"
[Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"
[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Planificateur de tâches"
"ComponentID"="MSTASK"
[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"
[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"
[Installed Components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
"StubPath"=expand:"rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub"
"ComponentID"="Frontpad_259"
[Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}]
"ComponentID"="Yahoo! Messenger"
[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"
[Installed Components\{f5173cf0-1dfb-4978-8e50-a90169ee7ca9}]
"@="Q823353"
"ComponentID"="Q823353"
[Installed Components\{F5776D81-AE53-4935-8E84-B0B283D8BCEF}]
"@="Q330994"
"ComponentID"="Q330994"
-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aec\{25d1df4a-0fc9-d65e-1ecd-8f4dcde7d8b8} FilteredOffset REG_DWORD -1056632307 (0xC105120D)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\aec\{25d1df4a-0fc9-d65e-1ecd-8f4dcde7d8b8} FilteredOffset REG_DWORD -1057470593 (0xC0F8477F)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ccEvtMgr
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ccProxy
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ccPwdSvc
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ccSetMgr
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ContentFilter\Performance WbemAdapFileSignature REG_BINARY CC51CA425040C6F0B56214D93E7EE8C4
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\ContentFilter\Performance WbemAdapFileSignature REG_BINARY FA3329E6261ED553FB0A3195E27BE0F0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ContentIndex\Performance WbemAdapFileSignature REG_BINARY CC51CA425040C6F0B56214D93E7EE8C4
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\ContentIndex\Performance WbemAdapFileSignature REG_BINARY FA3329E6261ED553FB0A3195E27BE0F0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {7AC78802-DE91-4C16-9318-1548550B330C} REG_BINARY 3600000000000000040000000000000097F66141C0A801013300000000000000040000000000000097F661410007E90006000000000000000C0000000000000097F6614118C8F10A18C8F11218C8F10E0300000000000
Cyrildu17 ,voila le rapport systemscan ,,, tu es bon de pouvoir lire tout sa wowww Puce
sa fait deux fois j essaie de t envoyer sa , tres slow a partir
SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)
Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\Francine\Local Settings\Temporary Internet Files\Content.IE5\YIWAB21A\sys31596[1].exe
Running in: User mode
Date: 4/14/2008
Time: 3:52:08 PM
Output limited to:
-Recent files
-Registry Run Keys
-Suspicious Files
===================== RECENT FILES =====================
Showing files newer than 30 days
----- recent files in C:\
14/04/2008 03:07:26 474 byte 0 days old -- Raccourci vers Mes documents.lnk
14/04/2008 13:51:53 (DIR) 0 byte 0 days old -- Program Files
14/04/2008 14:21:25 352321536 byte 0 days old -- pagefile.sys
14/04/2008 14:23:52 (DIR) 0 byte 0 days old -- WINDOWS
14/04/2008 15:26:17 525 byte 0 days old -- hpfr3420.xml
14/04/2008 15:26:17 294 byte 0 days old -- hpfr3425.log
10/04/2008 13:57:45 (DIR) 0 byte 4 days old -- _OTMoveIt
12/04/2008 15:54:15 (DIR) 0 byte 2 days old -- Config.Msi
----- recent files in C:\WINDOWS\
03/04/2008 15:10:47 282 byte 11 days old -- system.ini
03/04/2008 18:43:18 (DIR) 0 byte 11 days old -- Registration
22/03/2008 04:34:56 796672 byte 23 days old -- GPInstall.exe
27/03/2008 16:03:01 97342 byte 18 days old -- wmsetup.log
29/03/2008 12:40:30 (DIR) 0 byte 16 days old -- Help
31/03/2008 15:28:21 (DIR) 0 byte 14 days old -- assembly
31/03/2008 15:28:23 (DIR) 0 byte 14 days old -- Microsoft.NET
04/04/2008 12:52:11 (DIR) 0 byte 10 days old -- network diagnostic
04/04/2008 16:26:46 1035310 byte 10 days old -- setupapi.log.0.old
04/04/2008 18:01:15 (DIR) 0 byte 10 days old -- WinSxS
14/04/2008 13:52:17 (DIR) 0 byte 0 days old -- Prefetch
14/04/2008 14:20:38 32586 byte 0 days old -- SchedLgU.Txt
14/04/2008 14:21:31 2048 byte 0 days old -- bootstat.dat
14/04/2008 14:22:21 50 byte 0 days old -- wiaservc.log
14/04/2008 14:23:53 0 byte 0 days old -- 0.log
14/04/2008 14:25:22 (DIR) 0 byte 0 days old -- Tasks
14/04/2008 14:30:24 159 byte 0 days old -- wiadebug.log
14/04/2008 14:47:07 1886657 byte 0 days old -- WindowsUpdate.log
14/04/2008 14:49:00 2678 byte 0 days old -- setupact.log
14/04/2008 15:26:12 (DIR) 0 byte 0 days old -- system32
14/04/2008 15:46:45 (DIR) 0 byte 0 days old -- Internet Logs
14/04/2008 15:50:13 (DIR) 0 byte 0 days old -- Temp
05/04/2008 12:12:26 (DIR) 0 byte 9 days old -- SxsCaPendDel
08/04/2008 20:38:18 (DIR) 0 byte 6 days old -- $NtUninstallKB945553$
08/04/2008 20:39:28 16046 byte 6 days old -- KB945553.log
08/04/2008 20:43:44 (DIR) 0 byte 6 days old -- $NtUninstallKB948590$
08/04/2008 20:43:52 15967 byte 6 days old -- KB948590.log
08/04/2008 20:44:05 (DIR) 0 byte 6 days old -- ie7updates
08/04/2008 20:45:07 131194 byte 6 days old -- updspapi.log
08/04/2008 20:45:54 24896 byte 6 days old -- KB947864-IE7.log
08/04/2008 20:46:49 (DIR) 0 byte 6 days old -- $NtUninstallKB941693$
08/04/2008 20:47:13 24314 byte 6 days old -- KB941693.log
08/04/2008 20:47:14 1355 byte 6 days old -- imsins.BAK
08/04/2008 20:50:24 (DIR) 0 byte 6 days old -- $hf_mig$
08/04/2008 20:50:32 (DIR) 0 byte 6 days old -- $NtUninstallKB948881$
08/04/2008 20:50:52 887606 byte 6 days old -- FaxSetup.log
08/04/2008 20:50:54 174857 byte 6 days old -- ocgen.log
08/04/2008 20:50:54 18401 byte 6 days old -- msgsocm.log
08/04/2008 20:50:55 20305 byte 6 days old -- ocmsn.log
08/04/2008 20:50:55 322389 byte 6 days old -- tsoc.log
08/04/2008 20:50:55 19644 byte 6 days old -- KB948881.log
08/04/2008 20:50:55 1355 byte 6 days old -- imsins.log
08/04/2008 20:50:56 139028 byte 6 days old -- iis6.log
08/04/2008 20:50:56 318582 byte 6 days old -- comsetup.log
08/04/2008 20:50:56 73363 byte 6 days old -- ntdtcsetup.log
09/04/2008 23:24:20 1084 byte 5 days old -- win.ini
11/04/2008 18:35:22 18960 byte 3 days old -- setupapi.log
11/04/2008 19:41:28 (DIR) 0 byte 3 days old -- BDOSCAN8
12/04/2008 01:51:28 448 byte 2 days old -- ulead32.ini
12/04/2008 14:51:30 (DIR) 0 byte 2 days old -- Installer
12/04/2008 16:03:13 187598 byte 2 days old -- ntbtlog.txt
12/04/2008 16:11:41 (DIR) 0 byte 2 days old -- Downloaded Program Files
12/04/2008 16:11:53 (DIR) 0 byte 2 days old -- inf
12/04/2008 16:15:15 15 byte 2 days old -- popcinfo.dat
----- recent files in C:\WINDOWS\Downloaded Program Files\
20/03/2008 15:10:04 367 byte 25 days old -- LegitCheckControl.inf
----- recent files in C:\WINDOWS\system\
----- recent files in C:\WINDOWS\system32\
03/04/2008 18:43:18 (DIR) 0 byte 11 days old -- wbem
03/04/2008 18:43:44 (DIR) 0 byte 11 days old -- config
20/03/2008 04:09:22 1845376 byte 25 days old -- win32k.sys
20/03/2008 18:06:36 1480232 byte 25 days old -- LegitCheckControl.DLL
31/03/2008 14:28:51 (DIR) 0 byte 14 days old -- mui
31/03/2008 14:30:58 960440 byte 14 days old -- PerfStringBackup.INI
31/03/2008 14:30:59 73020 byte 14 days old -- perfc00C.dat
31/03/2008 14:30:59 464474 byte 14 days old -- perfh00C.dat
31/03/2008 14:30:59 397560 byte 14 days old -- perfh009.dat
31/03/2008 14:30:59 59780 byte 14 days old -- perfc009.dat
04/04/2008 17:27:43 15360 byte 10 days old -- Thumbs.db
14/04/2008 14:24:13 58727 byte 0 days old -- vsconfig.xml
14/04/2008 14:25:33 (DIR) 0 byte 0 days old -- CatRoot2
06/04/2008 01:56:20 19836024 byte 8 days old -- MRT.exe
08/04/2008 20:46:52 (DIR) 0 byte 6 days old -- dllcache
08/04/2008 21:19:52 192976 byte 6 days old -- FNTCACHE.DAT
10/04/2008 19:03:32 3072 byte 4 days old -- CONFIG.NT
10/04/2008 23:00:24 (DIR) 0 byte 4 days old -- drivers
10/04/2008 23:11:12 4212 byte 4 days old -- zllictbl.dat
12/04/2008 14:26:26 1158 byte 2 days old -- wpa.dbl
12/04/2008 15:54:14 (DIR) 0 byte 2 days old -- ZoneLabs
----- recent files in C:\WINDOWS\system32\drivers\
14/04/2008 14:20:55 161252 byte 0 days old -- fidbox.idx
14/04/2008 15:50:08 13709344 byte 0 days old -- fidbox.dat
10/04/2008 12:15:32 (DIR) 0 byte 4 days old -- etc
10/04/2008 19:18:33 61632 byte 4 days old -- avipbb.sys
10/04/2008 23:00:24 74396 byte 4 days old -- klin.dat
10/04/2008 23:00:24 75932 byte 4 days old -- klick.dat
----- recent files in C:\WINDOWS\temp\
02/04/2008 10:47:28 16384 byte 12 days old -- Perflib_Perfdata_594.dat
03/04/2008 18:31:46 16384 byte 11 days old -- Perflib_Perfdata_598.dat
03/04/2008 18:45:05 16384 byte 11 days old -- Perflib_Perfdata_590.dat
22/03/2008 12:08:48 16384 byte 23 days old -- Perflib_Perfdata_548.dat
25/03/2008 05:41:36 16384 byte 20 days old -- Perflib_Perfdata_4ac.dat
25/03/2008 05:53:29 16384 byte 20 days old -- Perflib_Perfdata_4b8.dat
27/03/2008 21:18:03 16384 byte 18 days old -- Perflib_Perfdata_544.dat
04/04/2008 00:04:02 16384 byte 10 days old -- Perflib_Perfdata_59c.dat
04/04/2008 13:59:56 16384 byte 10 days old -- Perflib_Perfdata_588.dat
04/04/2008 16:26:30 596 byte 10 days old -- hpzcoi10.log
04/04/2008 16:26:31 596 byte 10 days old -- hpzcoi11.log
04/04/2008 16:26:32 848 byte 10 days old -- hpzcoi13.log
04/04/2008 16:26:32 893 byte 10 days old -- hpzcoi12.log
04/04/2008 17:37:20 7168 byte 10 days old -- Thumbs.db
14/04/2008 02:09:09 154 byte 0 days old -- dw.log
14/04/2008 02:09:46 (DIR) 0 byte 0 days old -- MPTelemetrySubmit
14/04/2008 14:21:50 256 byte 0 days old -- ZLT00108.TMP
14/04/2008 14:21:54 256 byte 0 days old -- ZLT00115.TMP
14/04/2008 14:42:33 35210 byte 0 days old -- MpCmdRun.log
14/04/2008 15:45:18 255 byte 0 days old -- WGAErrLog.txt
05/04/2008 12:12:54 16384 byte 9 days old -- Perflib_Perfdata_5ac.dat
08/04/2008 10:07:23 409 byte 6 days old -- WGANotify.settings
10/04/2008 18:50:25 16384 byte 4 days old -- Perflib_Perfdata_578.dat
10/04/2008 22:57:40 (DIR) 0 byte 4 days old -- _avast4_
10/04/2008 23:14:58 256 byte 4 days old -- ZLT06088.TMP
10/04/2008 23:15:03 256 byte 4 days old -- ZLT0609b.TMP
11/04/2008 02:03:34 33302 byte 3 days old -- MpSigStub.log
12/04/2008 20:24:16 256 byte 2 days old -- ZLT07a29.TMP
12/04/2008 20:24:17 256 byte 2 days old -- ZLT07a2c.TMP
----- recent files in C:\Program Files\
02/04/2008 10:11:38 (DIR) 0 byte 12 days old -- Yahoo!
21/03/2008 12:20:38 (DIR) 0 byte 24 days old -- MSN Messenger
25/03/2008 23:38:00 (DIR) 0 byte 20 days old -- Icons francine
28/03/2008 19:26:01 (DIR) 0 byte 17 days old -- Spybot - Search & Destroy
29/03/2008 12:28:38 (DIR) 0 byte 16 days old -- Windows Defender
14/04/2008 13:52:07 (DIR) 0 byte 0 days old -- CleanUp!
08/04/2008 21:19:48 (DIR) 0 byte 6 days old -- Internet Explorer
10/04/2008 11:58:03 (DIR) 0 byte 4 days old -- Trend Micro
10/04/2008 12:17:09 (DIR) 0 byte 4 days old -- Lopxp
10/04/2008 19:13:40 (DIR) 0 byte 4 days old -- Avira
10/04/2008 22:57:01 (DIR) 0 byte 4 days old -- Zone Labs
12/04/2008 01:30:20 (DIR) 0 byte 2 days old -- Fichiers communs
12/04/2008 14:51:25 (DIR) 0 byte 2 days old -- Photo Story 3 for Windows
12/04/2008 16:25:13 (DIR) 0 byte 2 days old -- clean
----- recent files in C:\Program Files\Fichiers communs\
----- recent files in C:\Documents and Settings\Francine\Application Data\
28/03/2008 19:26:00 (DIR) 0 byte 17 days old -- FunWebProducts
12/04/2008 00:04:27 (DIR) 0 byte 2 days old -- Adobe
----- recent files in C:\DOCUME~1\Francine\LOCALS~1\Temp\
04/04/2008 17:50:33 (DIR) 0 byte 10 days old -- STOPzilla!
14/04/2008 02:22:14 16384 byte 0 days old -- ~DF9F.tmp
14/04/2008 14:24:15 (DIR) 0 byte 0 days old -- WPDNSE
14/04/2008 14:25:32 156 byte 0 days old -- Twunk001.MTX
14/04/2008 14:25:32 408 byte 0 days old -- TWAIN.LOG
14/04/2008 14:25:36 4 byte 0 days old -- Twain001.Mtx
14/04/2008 14:27:53 114688 byte 0 days old -- ~DF5FAA.tmp
14/04/2008 14:27:53 512 byte 0 days old -- ~DF5FE1.tmp
14/04/2008 14:27:58 114688 byte 0 days old -- ~DF70EB.tmp
14/04/2008 14:27:58 512 byte 0 days old -- ~DF7199.tmp
14/04/2008 14:29:32 952 byte 0 days old -- jusched.log
14/04/2008 14:35:28 (DIR) 0 byte 0 days old -- hsperfdata_Francine
14/04/2008 14:35:34 1664 byte 0 days old -- java_install_reg.log
14/04/2008 15:50:07 111 byte 0 days old -- systemscan.ini
14/04/2008 15:50:13 16384 byte 0 days old -- ~DFFD0.tmp
14/04/2008 15:50:14 (DIR) 0 byte 0 days old -- nsu19.tmp
10/04/2008 13:46:30 170793 byte 4 days old -- Sym3F.tmp
10/04/2008 13:46:32 122972 byte 4 days old -- SymNRT 4-10-2008 13h46m30s.log
10/04/2008 14:01:57 0 byte 4 days old -- Twunk002.MTX
10/04/2008 14:05:19 170793 byte 4 days old -- Sym46.tmp
10/04/2008 14:05:20 123134 byte 4 days old -- SymNRT 4-10-2008 14h5m19s.log
10/04/2008 16:07:00 (DIR) 0 byte 4 days old -- MessengerCache
10/04/2008 23:06:18 (DIR) 0 byte 4 days old -- dxc311203203
10/04/2008 23:14:37 (DIR) 0 byte 4 days old -- 041008225429
10/04/2008 23:30:07 16384 byte 4 days old -- ~DFD242.tmp
11/04/2008 23:58:20 (DIR) 0 byte 3 days old -- Adobe Reader 8__
11/04/2008 23:59:55 589 byte 3 days old -- {AC76BA86-7AD7-1033-7B44-A81200000003}.ini
12/04/2008 00:02:39 (DIR) 0 byte 2 days old -- Adobe_Downloads
12/04/2008 01:05:56 2068 byte 2 days old -- wmplog00.sqm
12/04/2008 01:39:56 0 byte 2 days old -- wmvC0.tmp
12/04/2008 13:32:31 7800 byte 2 days old -- Z@RCD.tmp
12/04/2008 13:32:32 1409 byte 2 days old -- Z@SCE.tmp
12/04/2008 13:32:34 55084 byte 2 days old -- Z@RCF.tmp
12/04/2008 13:32:36 1409 byte 2 days old -- Z@SD2.tmp
12/04/2008 13:32:36 1409 byte 2 days old -- Z@SD0.tmp
12/04/2008 13:32:36 22060 byte 2 days old -- Z@RD3.tmp
12/04/2008 13:32:36 23084 byte 2 days old -- Z@RD1.tmp
12/04/2008 13:32:37 1409 byte 2 days old -- Z@SD6.tmp
12/04/2008 13:32:37 1409 byte 2 days old -- Z@SD4.tmp
12/04/2008 13:32:37 62856 byte 2 days old -- Z@RD7.tmp
12/04/2008 13:32:37 4724 byte 2 days old -- Z@RD5.tmp
12/04/2008 13:32:38 48440 byte 2 days old -- Z@RD9.tmp
12/04/2008 13:32:38 1409 byte 2 days old -- Z@SD8.tmp
12/04/2008 13:32:39 32848 byte 2 days old -- Z@RDD.tmp
12/04/2008 13:32:39 6448 byte 2 days old -- Z@RDB.tmp
12/04/2008 13:32:39 1409 byte 2 days old -- Z@SDA.tmp
12/04/2008 13:32:39 40492 byte 2 days old -- Z@RE1.tmp
12/04/2008 13:32:39 1409 byte 2 days old -- Z@SDC.tmp
12/04/2008 13:32:39 1409 byte 2 days old -- Z@SDE.tmp
12/04/2008 13:32:40 1409 byte 2 days old -- Z@SE2.tmp
12/04/2008 13:32:41 55084 byte 2 days old -- Z@RE3.tmp
12/04/2008 13:32:41 1409 byte 2 days old -- Z@SE4.tmp
===================== REGISTRY SCAN =====================
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
@=dword:00000001
"OemReset"="%systemroot%\OPTIONS\OEMRESET.EXE /AUDIT"
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe"
"SoundMan"="SOUNDMAN.EXE"
"UpdateManager"="\"C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe\" /r"
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe"
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe"
"DeskMateAutoUpdate"="C:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe"
"type32"="\"C:\Program Files\Microsoft IntelliType Pro\type32.exe\""
"IntelliPoint"="\"C:\Program Files\Microsoft IntelliPoint\point32.exe\""
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2006 Pro Evaluation\VirusKeeper.exe"
"CieTest"=""
"SunJavaUpdateSched"="\"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe\""
"Horloge Parlante 2000"="C:\Program Files\Horloge Parlante 2000\Horloge Parlante 2000.exe"
"Adobe Photo Downloader"="\"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe\""
"Adobe Reader Speed Launcher"="\"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\""
"Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide"
"avgnt"="\"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe\" /min"
"ZoneAlarm Client"="\"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe\""
[Run\OptionalComponents]
@=""
[Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""
[Run\OptionalComponents\MSFS]
"Installed"="1"
@=""
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
@=""
"Cld2000.exe"="C:\Program Files\Calendrier\Cld2000.exe"
"ATnotes.exe"="C:\Program Files\ATnotes\ATnotes.exe"
"Felix II"="C:\Program Files\ScreenMates\Felix II\Felix2.exe"
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe"
"IMC"="C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe"
"CopernicSummarizerWatchdog"="\"C:\Program Files\Copernic Summarizer\CSAgent.exe\" /thisismandatory"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden"
"WeatherEye"="C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe"
-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----
[Windows]
"AppInit_DLLs"=""
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----
[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\System32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----
[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
#### HKCR\CLSID\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}\InprocServer32 @="C:\PROGRA~1\WIFD1F~1\MpShHook.dll"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"
[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installation de logiciel"
"DllName"=expand:"appmgmts.dll"
[Winlogon\Notify]
[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"
[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
[Winlogon\Notify\WgaLogon]
"DllName"=expand:"WgaLogon.dll"
[Winlogon\Notify\WgaLogon\Settings]
[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
[Winlogon\SCLogon]
[Winlogon\SpecialAccounts]
[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp;Local Settings\Application Data\Microsoft\Outlook"
"BuildNumber"=dword:00000a28
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----
[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"
-----HKLM\System\CurrentControlSet\Control\Session Manager\-----
[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"
[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----
[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
[RunOnceEx]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
-----HKLM\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----
-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----
-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----
[Browser Helper Objects]
[Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
#### HKCR\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\InprocServer32 @="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"NoExplorer"=dword:00000001
[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""
[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll"
"NoExplorer"=dword:00000001
[Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
@=""
[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\program files\google\googletoolbar1.dll"
[Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
#### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll"
-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----
[URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=""
#### HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 @="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"
-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----
[MSConfig]
[MSConfig\services]
[MSConfig\startupfolder]
[MSConfig\startupreg]
[MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000000
-----HKCU\Control Panel\Desktop\-----
[Desktop]
"SCRNSAVE.EXE"="C:\WINDOWS\System32\ssmarque.scr"
[Desktop\WindowMetrics]
-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----
[command]
@="\"%1\" /S"
-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----
[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"
-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----
[URL]
[URL\DefaultPrefix]
@="http://"
[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"
-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----
[Lsa]
[Lsa\AccessProviders]
[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"
[Lsa\Audit]
[Lsa\Audit\PerUserAuditing]
[Lsa\Audit\PerUserAuditing\System]
[Lsa\Data]
[Lsa\SSO]
[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[Lsa\SspiCache]
[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----
[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Pare-feu Windows / Partage de connexion Internet"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"DependOnGroup"=multi:"\00"
"ObjectName"="LocalSystem"
"Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."
[SharedAccess\Epoch]
"Epoch"=dword:00000fb4
[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
[SharedAccess\Parameters\FirewallPolicy]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enaxxxxx@xxxxxres.dll,-22004"
"445:TCP"="445:TCP:*:Enaxxxxx@xxxxxres.dll,-22005"
"137:UDP"="137:UDP:*:Enaxxxxx@xxxxxres.dll,-22001"
"138:UDP"="138:UDP:*:Enaxxxxx@xxxxxres.dll,-22002"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\WINDOWS\system32\ossproxy.exe"="C:\WINDOWS\system32\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Documents and Settings\Francine\Local Settings\Temp\~osB12.tmp\ossproxy.exe"="C:\Documents and Settings\Francine\Local Settings\Temp\~osB12.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\Program Files\Messager Voila\Messager Voila.exe"="C:\Program Files\Messager Voila\Messager Voila.exe:*:Enabled:Application Messager"
"C:\Documents and Settings\Francine\Local Settings\Temp\~os1B9.tmp\ossproxy.exe"="C:\Documents and Settings\Francine\Local Settings\Temp\~os1B9.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"c:\windows\system32\rk.exe"="c:\windows\system32\rk.exe:*:Enabled:rk.exe"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\Documents and Settings\Francine\Mes documents\smileys msn courrier\incredimail_install.exe"="C:\Documents and Settings\Francine\Mes documents\smileys msn courrier\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\Documents and Settings\Francine\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe"="C:\Documents and Settings\Francine\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\Documents and Settings\Francine\Local Settings\Temporary Internet Files\Content.IE5\PBNZL9KA\incredimail_install[1].exe"="C:\Documents and Settings\Francine\Local Settings\Temporary Internet Files\Content.IE5\PBNZL9KA\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\Pogo Games\Great Escapes Solitaire Collection\solitaire.exe"="C:\Program Files\Pogo Games\Great Escapes Solitaire Collection\solitaire.exe:*:Enabled:solitaire"
"C:\Documents and Settings\Francine\Mes documents\smileys msn courrier\son msn news\mcoview.exe"="C:\Documents and Settings\Francine\Mes documents\smileys msn courrier\son msn news\mcoview.exe:*:Enabled:mcoview"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Orb Networks\Orb\bin\Orb.exe"="C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Orb Networks\Orb\bin\Orb3GPStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\Orb3GPStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Orb Networks\Orb\bin\OrbRMStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbRMStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Orb Networks\Orb\bin\xmltv.exe"="C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:*:Enabled:OrbTVGuide"
"C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:*:Enabled:OrbChannelScan"
"C:\Documents and Settings\Francine\Mes documents\les telechargement oki\Nouveau dossier (2)\mIRC\mirc.exe"="C:\Documents and Settings\Francine\Mes documents\les telechargement oki\Nouveau dossier (2)\mIRC\mirc.exe:*:Enabled:mIRC"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\Orb.exe"="C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\Orb.exe:*:Enabled:Orb"
"C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\OrbTray.exe"="C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\OrbStreamerClient.exe"="C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\xmltv.exe"="C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\xmltv.exe:*:Enabled:OrbTVGuide"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe"="C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22002"
[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"{7AC78802-DE91-4C16-9318-1548550B330C}"=dword:00000001
-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----
-----HKLM\Software\Microsoft\Ole-----
[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
[Ole\AppCompat]
[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----
[Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000000
[Security Center\Monitoring]
"DisableMonitoring"=dword:00000001
[Security Center\Monitoring\AhnlabAntiVirus]
[Security Center\Monitoring\ComputerAssociatesAntiVirus]
[Security Center\Monitoring\KasperskyAntiVirus]
[Security Center\Monitoring\McAfeeAntiVirus]
[Security Center\Monitoring\McAfeeFirewall]
[Security Center\Monitoring\PandaAntiVirus]
[Security Center\Monitoring\PandaFirewall]
[Security Center\Monitoring\SophosAntiVirus]
[Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[Security Center\Monitoring\TinyFirewall]
[Security Center\Monitoring\TrendAntiVirus]
[Security Center\Monitoring\TrendFirewall]
[Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----
[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"RestoreStatus"=dword:00000001
"RestoreSafeModeStatus"=dword:00000000
[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{7DEBC039-111C-4F63-9CCD-9484995A9AC8}"
[SystemRestore\SnapshotCallbacks]
@=""
-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----
[VB and VBA Program Settings]
[VB and VBA Program Settings\-2147483647]
[VB and VBA Program Settings\-2147483647\SOFTWARE]
[VB and VBA Program Settings\-2147483647\SOFTWARE\DomeConnection]
[VB and VBA Program Settings\-2147483647\SOFTWARE\DomeConnection\Settings]
[VB and VBA Program Settings\Carasexe]
[VB and VBA Program Settings\Carasexe\pseudo]
[VB and VBA Program Settings\DirScraZ]
[VB and VBA Program Settings\DirScraZ\Lance]
[VB and VBA Program Settings\easyrencontre]
[VB and VBA Program Settings\easyrencontre\pseudo]
-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
[AdvancedOptions]
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
-----HKLM\Software\Microsoft\Active Setup\Installed Components-----
[Installed Components]
[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"
[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Lecteur Windows Media"
"ComponentID"="WMPACCESS"
[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"
[Installed Components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}]
#### HKCR\CLSID\{0291E591-EA41-4c82-8106-3DC6CE7F7664}\InprocServer32 @="C:\Program Files\Yahoo!\Common\yinsthelper.dll"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\system32\msjava.dll"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
"@="Internet Explorer Classes for Java"
"ComponentID"="IEJAVA"
[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendu VML (Vector Graphics Rendering)"
"ComponentID"="MSVML"
[Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}]
#### HKCR\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 @="C:\WINDOWS\system32\macromed\Director\SwDir.dll"
"ComponentID"="Director"
"@="Macromedia Shockwave Director 10.1"
[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""
[Installed Components\{2298d453-bcae-4519-bf33-1cbf3faf1524}]
"@="Q867801"
"ComponentID"="Q867801"
[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"
[Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]
#### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\SwDir.dll"
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.3"
[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
"@="DirectAnimation"
"ComponentID"="DirectAnimation"
[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.3"
[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"
[Installed Components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}]
#### HKCR\CLSID\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\InprocServer32 @="C:\Program Files\Yahoo!\Common\yinsthelper.dll"
[Installed Components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}]
#### HKCR\CLSID\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}\InprocServer32 @="C:\Program Files\Yahoo!\Common\yinsthelper.dll"
[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Liaison de données Dynamic HTML pour Java"
"ComponentID"="TridataJava"
[Installed Components\{377483c2-e4b4-4ee8-b577-9aed264c8735}]
"@="Q822925"
"ComponentID"="Q822925"
[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"
[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"
[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Création avancée"
"ComponentID"="AdvAuth"
[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"
[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft DirectX"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"
[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classes Java DirectAnimation"
"ComponentID"="DAJava"
[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"
[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
"@="Windows Messenger 4.7"
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"
[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
[Installed Components\{5f3c70b3-ac2f-432c-8f9c-1624df61f54f}]
"@="Microsoft Data Access Components KB870669"
"ComponentID"="KB870669"
[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\System32\msieftp.dll"
[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"
[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"
[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
"@="Web Folders"
"ComponentID"="WebFolders"
[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Carnet d'adresses 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Mise à jour du Bureau Windows"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"StubPath"="c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install"
"ComponentID"="DOTNETFRAMEWORKS"
[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"
[Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"
[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Planificateur de tâches"
"ComponentID"="MSTASK"
[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"
[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"
[Installed Components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
"StubPath"=expand:"rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub"
"ComponentID"="Frontpad_259"
[Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}]
"ComponentID"="Yahoo! Messenger"
[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"
[Installed Components\{f5173cf0-1dfb-4978-8e50-a90169ee7ca9}]
"@="Q823353"
"ComponentID"="Q823353"
[Installed Components\{F5776D81-AE53-4935-8E84-B0B283D8BCEF}]
"@="Q330994"
"ComponentID"="Q330994"
-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aec\{25d1df4a-0fc9-d65e-1ecd-8f4dcde7d8b8} FilteredOffset REG_DWORD -1056632307 (0xC105120D)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\aec\{25d1df4a-0fc9-d65e-1ecd-8f4dcde7d8b8} FilteredOffset REG_DWORD -1057470593 (0xC0F8477F)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ccEvtMgr
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ccProxy
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ccPwdSvc
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ccSetMgr
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ContentFilter\Performance WbemAdapFileSignature REG_BINARY CC51CA425040C6F0B56214D93E7EE8C4
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\ContentFilter\Performance WbemAdapFileSignature REG_BINARY FA3329E6261ED553FB0A3195E27BE0F0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ContentIndex\Performance WbemAdapFileSignature REG_BINARY CC51CA425040C6F0B56214D93E7EE8C4
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\ContentIndex\Performance WbemAdapFileSignature REG_BINARY FA3329E6261ED553FB0A3195E27BE0F0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {7AC78802-DE91-4C16-9318-1548550B330C} REG_BINARY 3600000000000000040000000000000097F66141C0A801013300000000000000040000000000000097F661410007E9000600000000000
sa fait deux fois j essaie de t envoyer sa , tres slow a partir
SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)
Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\Francine\Local Settings\Temporary Internet Files\Content.IE5\YIWAB21A\sys31596[1].exe
Running in: User mode
Date: 4/14/2008
Time: 3:52:08 PM
Output limited to:
-Recent files
-Registry Run Keys
-Suspicious Files
===================== RECENT FILES =====================
Showing files newer than 30 days
----- recent files in C:\
14/04/2008 03:07:26 474 byte 0 days old -- Raccourci vers Mes documents.lnk
14/04/2008 13:51:53 (DIR) 0 byte 0 days old -- Program Files
14/04/2008 14:21:25 352321536 byte 0 days old -- pagefile.sys
14/04/2008 14:23:52 (DIR) 0 byte 0 days old -- WINDOWS
14/04/2008 15:26:17 525 byte 0 days old -- hpfr3420.xml
14/04/2008 15:26:17 294 byte 0 days old -- hpfr3425.log
10/04/2008 13:57:45 (DIR) 0 byte 4 days old -- _OTMoveIt
12/04/2008 15:54:15 (DIR) 0 byte 2 days old -- Config.Msi
----- recent files in C:\WINDOWS\
03/04/2008 15:10:47 282 byte 11 days old -- system.ini
03/04/2008 18:43:18 (DIR) 0 byte 11 days old -- Registration
22/03/2008 04:34:56 796672 byte 23 days old -- GPInstall.exe
27/03/2008 16:03:01 97342 byte 18 days old -- wmsetup.log
29/03/2008 12:40:30 (DIR) 0 byte 16 days old -- Help
31/03/2008 15:28:21 (DIR) 0 byte 14 days old -- assembly
31/03/2008 15:28:23 (DIR) 0 byte 14 days old -- Microsoft.NET
04/04/2008 12:52:11 (DIR) 0 byte 10 days old -- network diagnostic
04/04/2008 16:26:46 1035310 byte 10 days old -- setupapi.log.0.old
04/04/2008 18:01:15 (DIR) 0 byte 10 days old -- WinSxS
14/04/2008 13:52:17 (DIR) 0 byte 0 days old -- Prefetch
14/04/2008 14:20:38 32586 byte 0 days old -- SchedLgU.Txt
14/04/2008 14:21:31 2048 byte 0 days old -- bootstat.dat
14/04/2008 14:22:21 50 byte 0 days old -- wiaservc.log
14/04/2008 14:23:53 0 byte 0 days old -- 0.log
14/04/2008 14:25:22 (DIR) 0 byte 0 days old -- Tasks
14/04/2008 14:30:24 159 byte 0 days old -- wiadebug.log
14/04/2008 14:47:07 1886657 byte 0 days old -- WindowsUpdate.log
14/04/2008 14:49:00 2678 byte 0 days old -- setupact.log
14/04/2008 15:26:12 (DIR) 0 byte 0 days old -- system32
14/04/2008 15:46:45 (DIR) 0 byte 0 days old -- Internet Logs
14/04/2008 15:50:13 (DIR) 0 byte 0 days old -- Temp
05/04/2008 12:12:26 (DIR) 0 byte 9 days old -- SxsCaPendDel
08/04/2008 20:38:18 (DIR) 0 byte 6 days old -- $NtUninstallKB945553$
08/04/2008 20:39:28 16046 byte 6 days old -- KB945553.log
08/04/2008 20:43:44 (DIR) 0 byte 6 days old -- $NtUninstallKB948590$
08/04/2008 20:43:52 15967 byte 6 days old -- KB948590.log
08/04/2008 20:44:05 (DIR) 0 byte 6 days old -- ie7updates
08/04/2008 20:45:07 131194 byte 6 days old -- updspapi.log
08/04/2008 20:45:54 24896 byte 6 days old -- KB947864-IE7.log
08/04/2008 20:46:49 (DIR) 0 byte 6 days old -- $NtUninstallKB941693$
08/04/2008 20:47:13 24314 byte 6 days old -- KB941693.log
08/04/2008 20:47:14 1355 byte 6 days old -- imsins.BAK
08/04/2008 20:50:24 (DIR) 0 byte 6 days old -- $hf_mig$
08/04/2008 20:50:32 (DIR) 0 byte 6 days old -- $NtUninstallKB948881$
08/04/2008 20:50:52 887606 byte 6 days old -- FaxSetup.log
08/04/2008 20:50:54 174857 byte 6 days old -- ocgen.log
08/04/2008 20:50:54 18401 byte 6 days old -- msgsocm.log
08/04/2008 20:50:55 20305 byte 6 days old -- ocmsn.log
08/04/2008 20:50:55 322389 byte 6 days old -- tsoc.log
08/04/2008 20:50:55 19644 byte 6 days old -- KB948881.log
08/04/2008 20:50:55 1355 byte 6 days old -- imsins.log
08/04/2008 20:50:56 139028 byte 6 days old -- iis6.log
08/04/2008 20:50:56 318582 byte 6 days old -- comsetup.log
08/04/2008 20:50:56 73363 byte 6 days old -- ntdtcsetup.log
09/04/2008 23:24:20 1084 byte 5 days old -- win.ini
11/04/2008 18:35:22 18960 byte 3 days old -- setupapi.log
11/04/2008 19:41:28 (DIR) 0 byte 3 days old -- BDOSCAN8
12/04/2008 01:51:28 448 byte 2 days old -- ulead32.ini
12/04/2008 14:51:30 (DIR) 0 byte 2 days old -- Installer
12/04/2008 16:03:13 187598 byte 2 days old -- ntbtlog.txt
12/04/2008 16:11:41 (DIR) 0 byte 2 days old -- Downloaded Program Files
12/04/2008 16:11:53 (DIR) 0 byte 2 days old -- inf
12/04/2008 16:15:15 15 byte 2 days old -- popcinfo.dat
----- recent files in C:\WINDOWS\Downloaded Program Files\
20/03/2008 15:10:04 367 byte 25 days old -- LegitCheckControl.inf
----- recent files in C:\WINDOWS\system\
----- recent files in C:\WINDOWS\system32\
03/04/2008 18:43:18 (DIR) 0 byte 11 days old -- wbem
03/04/2008 18:43:44 (DIR) 0 byte 11 days old -- config
20/03/2008 04:09:22 1845376 byte 25 days old -- win32k.sys
20/03/2008 18:06:36 1480232 byte 25 days old -- LegitCheckControl.DLL
31/03/2008 14:28:51 (DIR) 0 byte 14 days old -- mui
31/03/2008 14:30:58 960440 byte 14 days old -- PerfStringBackup.INI
31/03/2008 14:30:59 73020 byte 14 days old -- perfc00C.dat
31/03/2008 14:30:59 464474 byte 14 days old -- perfh00C.dat
31/03/2008 14:30:59 397560 byte 14 days old -- perfh009.dat
31/03/2008 14:30:59 59780 byte 14 days old -- perfc009.dat
04/04/2008 17:27:43 15360 byte 10 days old -- Thumbs.db
14/04/2008 14:24:13 58727 byte 0 days old -- vsconfig.xml
14/04/2008 14:25:33 (DIR) 0 byte 0 days old -- CatRoot2
06/04/2008 01:56:20 19836024 byte 8 days old -- MRT.exe
08/04/2008 20:46:52 (DIR) 0 byte 6 days old -- dllcache
08/04/2008 21:19:52 192976 byte 6 days old -- FNTCACHE.DAT
10/04/2008 19:03:32 3072 byte 4 days old -- CONFIG.NT
10/04/2008 23:00:24 (DIR) 0 byte 4 days old -- drivers
10/04/2008 23:11:12 4212 byte 4 days old -- zllictbl.dat
12/04/2008 14:26:26 1158 byte 2 days old -- wpa.dbl
12/04/2008 15:54:14 (DIR) 0 byte 2 days old -- ZoneLabs
----- recent files in C:\WINDOWS\system32\drivers\
14/04/2008 14:20:55 161252 byte 0 days old -- fidbox.idx
14/04/2008 15:50:08 13709344 byte 0 days old -- fidbox.dat
10/04/2008 12:15:32 (DIR) 0 byte 4 days old -- etc
10/04/2008 19:18:33 61632 byte 4 days old -- avipbb.sys
10/04/2008 23:00:24 74396 byte 4 days old -- klin.dat
10/04/2008 23:00:24 75932 byte 4 days old -- klick.dat
----- recent files in C:\WINDOWS\temp\
02/04/2008 10:47:28 16384 byte 12 days old -- Perflib_Perfdata_594.dat
03/04/2008 18:31:46 16384 byte 11 days old -- Perflib_Perfdata_598.dat
03/04/2008 18:45:05 16384 byte 11 days old -- Perflib_Perfdata_590.dat
22/03/2008 12:08:48 16384 byte 23 days old -- Perflib_Perfdata_548.dat
25/03/2008 05:41:36 16384 byte 20 days old -- Perflib_Perfdata_4ac.dat
25/03/2008 05:53:29 16384 byte 20 days old -- Perflib_Perfdata_4b8.dat
27/03/2008 21:18:03 16384 byte 18 days old -- Perflib_Perfdata_544.dat
04/04/2008 00:04:02 16384 byte 10 days old -- Perflib_Perfdata_59c.dat
04/04/2008 13:59:56 16384 byte 10 days old -- Perflib_Perfdata_588.dat
04/04/2008 16:26:30 596 byte 10 days old -- hpzcoi10.log
04/04/2008 16:26:31 596 byte 10 days old -- hpzcoi11.log
04/04/2008 16:26:32 848 byte 10 days old -- hpzcoi13.log
04/04/2008 16:26:32 893 byte 10 days old -- hpzcoi12.log
04/04/2008 17:37:20 7168 byte 10 days old -- Thumbs.db
14/04/2008 02:09:09 154 byte 0 days old -- dw.log
14/04/2008 02:09:46 (DIR) 0 byte 0 days old -- MPTelemetrySubmit
14/04/2008 14:21:50 256 byte 0 days old -- ZLT00108.TMP
14/04/2008 14:21:54 256 byte 0 days old -- ZLT00115.TMP
14/04/2008 14:42:33 35210 byte 0 days old -- MpCmdRun.log
14/04/2008 15:45:18 255 byte 0 days old -- WGAErrLog.txt
05/04/2008 12:12:54 16384 byte 9 days old -- Perflib_Perfdata_5ac.dat
08/04/2008 10:07:23 409 byte 6 days old -- WGANotify.settings
10/04/2008 18:50:25 16384 byte 4 days old -- Perflib_Perfdata_578.dat
10/04/2008 22:57:40 (DIR) 0 byte 4 days old -- _avast4_
10/04/2008 23:14:58 256 byte 4 days old -- ZLT06088.TMP
10/04/2008 23:15:03 256 byte 4 days old -- ZLT0609b.TMP
11/04/2008 02:03:34 33302 byte 3 days old -- MpSigStub.log
12/04/2008 20:24:16 256 byte 2 days old -- ZLT07a29.TMP
12/04/2008 20:24:17 256 byte 2 days old -- ZLT07a2c.TMP
----- recent files in C:\Program Files\
02/04/2008 10:11:38 (DIR) 0 byte 12 days old -- Yahoo!
21/03/2008 12:20:38 (DIR) 0 byte 24 days old -- MSN Messenger
25/03/2008 23:38:00 (DIR) 0 byte 20 days old -- Icons francine
28/03/2008 19:26:01 (DIR) 0 byte 17 days old -- Spybot - Search & Destroy
29/03/2008 12:28:38 (DIR) 0 byte 16 days old -- Windows Defender
14/04/2008 13:52:07 (DIR) 0 byte 0 days old -- CleanUp!
08/04/2008 21:19:48 (DIR) 0 byte 6 days old -- Internet Explorer
10/04/2008 11:58:03 (DIR) 0 byte 4 days old -- Trend Micro
10/04/2008 12:17:09 (DIR) 0 byte 4 days old -- Lopxp
10/04/2008 19:13:40 (DIR) 0 byte 4 days old -- Avira
10/04/2008 22:57:01 (DIR) 0 byte 4 days old -- Zone Labs
12/04/2008 01:30:20 (DIR) 0 byte 2 days old -- Fichiers communs
12/04/2008 14:51:25 (DIR) 0 byte 2 days old -- Photo Story 3 for Windows
12/04/2008 16:25:13 (DIR) 0 byte 2 days old -- clean
----- recent files in C:\Program Files\Fichiers communs\
----- recent files in C:\Documents and Settings\Francine\Application Data\
28/03/2008 19:26:00 (DIR) 0 byte 17 days old -- FunWebProducts
12/04/2008 00:04:27 (DIR) 0 byte 2 days old -- Adobe
----- recent files in C:\DOCUME~1\Francine\LOCALS~1\Temp\
04/04/2008 17:50:33 (DIR) 0 byte 10 days old -- STOPzilla!
14/04/2008 02:22:14 16384 byte 0 days old -- ~DF9F.tmp
14/04/2008 14:24:15 (DIR) 0 byte 0 days old -- WPDNSE
14/04/2008 14:25:32 156 byte 0 days old -- Twunk001.MTX
14/04/2008 14:25:32 408 byte 0 days old -- TWAIN.LOG
14/04/2008 14:25:36 4 byte 0 days old -- Twain001.Mtx
14/04/2008 14:27:53 114688 byte 0 days old -- ~DF5FAA.tmp
14/04/2008 14:27:53 512 byte 0 days old -- ~DF5FE1.tmp
14/04/2008 14:27:58 114688 byte 0 days old -- ~DF70EB.tmp
14/04/2008 14:27:58 512 byte 0 days old -- ~DF7199.tmp
14/04/2008 14:29:32 952 byte 0 days old -- jusched.log
14/04/2008 14:35:28 (DIR) 0 byte 0 days old -- hsperfdata_Francine
14/04/2008 14:35:34 1664 byte 0 days old -- java_install_reg.log
14/04/2008 15:50:07 111 byte 0 days old -- systemscan.ini
14/04/2008 15:50:13 16384 byte 0 days old -- ~DFFD0.tmp
14/04/2008 15:50:14 (DIR) 0 byte 0 days old -- nsu19.tmp
10/04/2008 13:46:30 170793 byte 4 days old -- Sym3F.tmp
10/04/2008 13:46:32 122972 byte 4 days old -- SymNRT 4-10-2008 13h46m30s.log
10/04/2008 14:01:57 0 byte 4 days old -- Twunk002.MTX
10/04/2008 14:05:19 170793 byte 4 days old -- Sym46.tmp
10/04/2008 14:05:20 123134 byte 4 days old -- SymNRT 4-10-2008 14h5m19s.log
10/04/2008 16:07:00 (DIR) 0 byte 4 days old -- MessengerCache
10/04/2008 23:06:18 (DIR) 0 byte 4 days old -- dxc311203203
10/04/2008 23:14:37 (DIR) 0 byte 4 days old -- 041008225429
10/04/2008 23:30:07 16384 byte 4 days old -- ~DFD242.tmp
11/04/2008 23:58:20 (DIR) 0 byte 3 days old -- Adobe Reader 8__
11/04/2008 23:59:55 589 byte 3 days old -- {AC76BA86-7AD7-1033-7B44-A81200000003}.ini
12/04/2008 00:02:39 (DIR) 0 byte 2 days old -- Adobe_Downloads
12/04/2008 01:05:56 2068 byte 2 days old -- wmplog00.sqm
12/04/2008 01:39:56 0 byte 2 days old -- wmvC0.tmp
12/04/2008 13:32:31 7800 byte 2 days old -- Z@RCD.tmp
12/04/2008 13:32:32 1409 byte 2 days old -- Z@SCE.tmp
12/04/2008 13:32:34 55084 byte 2 days old -- Z@RCF.tmp
12/04/2008 13:32:36 1409 byte 2 days old -- Z@SD2.tmp
12/04/2008 13:32:36 1409 byte 2 days old -- Z@SD0.tmp
12/04/2008 13:32:36 22060 byte 2 days old -- Z@RD3.tmp
12/04/2008 13:32:36 23084 byte 2 days old -- Z@RD1.tmp
12/04/2008 13:32:37 1409 byte 2 days old -- Z@SD6.tmp
12/04/2008 13:32:37 1409 byte 2 days old -- Z@SD4.tmp
12/04/2008 13:32:37 62856 byte 2 days old -- Z@RD7.tmp
12/04/2008 13:32:37 4724 byte 2 days old -- Z@RD5.tmp
12/04/2008 13:32:38 48440 byte 2 days old -- Z@RD9.tmp
12/04/2008 13:32:38 1409 byte 2 days old -- Z@SD8.tmp
12/04/2008 13:32:39 32848 byte 2 days old -- Z@RDD.tmp
12/04/2008 13:32:39 6448 byte 2 days old -- Z@RDB.tmp
12/04/2008 13:32:39 1409 byte 2 days old -- Z@SDA.tmp
12/04/2008 13:32:39 40492 byte 2 days old -- Z@RE1.tmp
12/04/2008 13:32:39 1409 byte 2 days old -- Z@SDC.tmp
12/04/2008 13:32:39 1409 byte 2 days old -- Z@SDE.tmp
12/04/2008 13:32:40 1409 byte 2 days old -- Z@SE2.tmp
12/04/2008 13:32:41 55084 byte 2 days old -- Z@RE3.tmp
12/04/2008 13:32:41 1409 byte 2 days old -- Z@SE4.tmp
===================== REGISTRY SCAN =====================
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
@=dword:00000001
"OemReset"="%systemroot%\OPTIONS\OEMRESET.EXE /AUDIT"
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe"
"SoundMan"="SOUNDMAN.EXE"
"UpdateManager"="\"C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe\" /r"
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe"
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe"
"DeskMateAutoUpdate"="C:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe"
"type32"="\"C:\Program Files\Microsoft IntelliType Pro\type32.exe\""
"IntelliPoint"="\"C:\Program Files\Microsoft IntelliPoint\point32.exe\""
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2006 Pro Evaluation\VirusKeeper.exe"
"CieTest"=""
"SunJavaUpdateSched"="\"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe\""
"Horloge Parlante 2000"="C:\Program Files\Horloge Parlante 2000\Horloge Parlante 2000.exe"
"Adobe Photo Downloader"="\"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe\""
"Adobe Reader Speed Launcher"="\"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\""
"Windows Defender"="\"C:\Program Files\Windows Defender\MSASCui.exe\" -hide"
"avgnt"="\"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe\" /min"
"ZoneAlarm Client"="\"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe\""
[Run\OptionalComponents]
@=""
[Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""
[Run\OptionalComponents\MSFS]
"Installed"="1"
@=""
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
@=""
"Cld2000.exe"="C:\Program Files\Calendrier\Cld2000.exe"
"ATnotes.exe"="C:\Program Files\ATnotes\ATnotes.exe"
"Felix II"="C:\Program Files\ScreenMates\Felix II\Felix2.exe"
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe"
"IMC"="C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe"
"CopernicSummarizerWatchdog"="\"C:\Program Files\Copernic Summarizer\CSAgent.exe\" /thisismandatory"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden"
"WeatherEye"="C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe"
-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----
[Windows]
"AppInit_DLLs"=""
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----
[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\System32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----
[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
#### HKCR\CLSID\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}\InprocServer32 @="C:\PROGRA~1\WIFD1F~1\MpShHook.dll"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"
[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installation de logiciel"
"DllName"=expand:"appmgmts.dll"
[Winlogon\Notify]
[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"
[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
[Winlogon\Notify\WgaLogon]
"DllName"=expand:"WgaLogon.dll"
[Winlogon\Notify\WgaLogon\Settings]
[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
[Winlogon\SCLogon]
[Winlogon\SpecialAccounts]
[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp;Local Settings\Application Data\Microsoft\Outlook"
"BuildNumber"=dword:00000a28
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----
[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"
-----HKLM\System\CurrentControlSet\Control\Session Manager\-----
[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"
[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----
[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
[RunOnceEx]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
-----HKLM\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----
-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----
-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----
[Browser Helper Objects]
[Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
#### HKCR\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\InprocServer32 @="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"NoExplorer"=dword:00000001
[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""
[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll"
"NoExplorer"=dword:00000001
[Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
@=""
[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\program files\google\googletoolbar1.dll"
[Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
#### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll"
-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----
[URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=""
#### HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 @="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"
-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----
[MSConfig]
[MSConfig\services]
[MSConfig\startupfolder]
[MSConfig\startupreg]
[MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000000
-----HKCU\Control Panel\Desktop\-----
[Desktop]
"SCRNSAVE.EXE"="C:\WINDOWS\System32\ssmarque.scr"
[Desktop\WindowMetrics]
-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----
[command]
@="\"%1\" /S"
-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----
[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"
-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----
[URL]
[URL\DefaultPrefix]
@="http://"
[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"
-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----
[Lsa]
[Lsa\AccessProviders]
[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"
[Lsa\Audit]
[Lsa\Audit\PerUserAuditing]
[Lsa\Audit\PerUserAuditing\System]
[Lsa\Data]
[Lsa\SSO]
[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[Lsa\SspiCache]
[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----
[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Pare-feu Windows / Partage de connexion Internet"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"DependOnGroup"=multi:"\00"
"ObjectName"="LocalSystem"
"Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."
[SharedAccess\Epoch]
"Epoch"=dword:00000fb4
[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
[SharedAccess\Parameters\FirewallPolicy]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enaxxxxx@xxxxxres.dll,-22004"
"445:TCP"="445:TCP:*:Enaxxxxx@xxxxxres.dll,-22005"
"137:UDP"="137:UDP:*:Enaxxxxx@xxxxxres.dll,-22001"
"138:UDP"="138:UDP:*:Enaxxxxx@xxxxxres.dll,-22002"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\WINDOWS\system32\ossproxy.exe"="C:\WINDOWS\system32\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Documents and Settings\Francine\Local Settings\Temp\~osB12.tmp\ossproxy.exe"="C:\Documents and Settings\Francine\Local Settings\Temp\~osB12.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\Program Files\Messager Voila\Messager Voila.exe"="C:\Program Files\Messager Voila\Messager Voila.exe:*:Enabled:Application Messager"
"C:\Documents and Settings\Francine\Local Settings\Temp\~os1B9.tmp\ossproxy.exe"="C:\Documents and Settings\Francine\Local Settings\Temp\~os1B9.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"c:\windows\system32\rk.exe"="c:\windows\system32\rk.exe:*:Enabled:rk.exe"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\Documents and Settings\Francine\Mes documents\smileys msn courrier\incredimail_install.exe"="C:\Documents and Settings\Francine\Mes documents\smileys msn courrier\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\Documents and Settings\Francine\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe"="C:\Documents and Settings\Francine\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\Documents and Settings\Francine\Local Settings\Temporary Internet Files\Content.IE5\PBNZL9KA\incredimail_install[1].exe"="C:\Documents and Settings\Francine\Local Settings\Temporary Internet Files\Content.IE5\PBNZL9KA\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\Pogo Games\Great Escapes Solitaire Collection\solitaire.exe"="C:\Program Files\Pogo Games\Great Escapes Solitaire Collection\solitaire.exe:*:Enabled:solitaire"
"C:\Documents and Settings\Francine\Mes documents\smileys msn courrier\son msn news\mcoview.exe"="C:\Documents and Settings\Francine\Mes documents\smileys msn courrier\son msn news\mcoview.exe:*:Enabled:mcoview"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Orb Networks\Orb\bin\Orb.exe"="C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Orb Networks\Orb\bin\Orb3GPStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\Orb3GPStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Orb Networks\Orb\bin\OrbRMStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbRMStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Orb Networks\Orb\bin\xmltv.exe"="C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:*:Enabled:OrbTVGuide"
"C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:*:Enabled:OrbChannelScan"
"C:\Documents and Settings\Francine\Mes documents\les telechargement oki\Nouveau dossier (2)\mIRC\mirc.exe"="C:\Documents and Settings\Francine\Mes documents\les telechargement oki\Nouveau dossier (2)\mIRC\mirc.exe:*:Enabled:mIRC"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\Orb.exe"="C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\Orb.exe:*:Enabled:Orb"
"C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\OrbTray.exe"="C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\OrbStreamerClient.exe"="C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\xmltv.exe"="C:\Documents and Settings\Francine\Mes documents\les telechargement oki\orb\bin\xmltv.exe:*:Enabled:OrbTVGuide"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe"="C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22002"
[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"{7AC78802-DE91-4C16-9318-1548550B330C}"=dword:00000001
-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----
-----HKLM\Software\Microsoft\Ole-----
[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
[Ole\AppCompat]
[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----
[Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000000
[Security Center\Monitoring]
"DisableMonitoring"=dword:00000001
[Security Center\Monitoring\AhnlabAntiVirus]
[Security Center\Monitoring\ComputerAssociatesAntiVirus]
[Security Center\Monitoring\KasperskyAntiVirus]
[Security Center\Monitoring\McAfeeAntiVirus]
[Security Center\Monitoring\McAfeeFirewall]
[Security Center\Monitoring\PandaAntiVirus]
[Security Center\Monitoring\PandaFirewall]
[Security Center\Monitoring\SophosAntiVirus]
[Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[Security Center\Monitoring\TinyFirewall]
[Security Center\Monitoring\TrendAntiVirus]
[Security Center\Monitoring\TrendFirewall]
[Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----
[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"RestoreStatus"=dword:00000001
"RestoreSafeModeStatus"=dword:00000000
[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{7DEBC039-111C-4F63-9CCD-9484995A9AC8}"
[SystemRestore\SnapshotCallbacks]
@=""
-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----
[VB and VBA Program Settings]
[VB and VBA Program Settings\-2147483647]
[VB and VBA Program Settings\-2147483647\SOFTWARE]
[VB and VBA Program Settings\-2147483647\SOFTWARE\DomeConnection]
[VB and VBA Program Settings\-2147483647\SOFTWARE\DomeConnection\Settings]
[VB and VBA Program Settings\Carasexe]
[VB and VBA Program Settings\Carasexe\pseudo]
[VB and VBA Program Settings\DirScraZ]
[VB and VBA Program Settings\DirScraZ\Lance]
[VB and VBA Program Settings\easyrencontre]
[VB and VBA Program Settings\easyrencontre\pseudo]
-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
[AdvancedOptions]
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
-----HKLM\Software\Microsoft\Active Setup\Installed Components-----
[Installed Components]
[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"
[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Lecteur Windows Media"
"ComponentID"="WMPACCESS"
[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"
[Installed Components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}]
#### HKCR\CLSID\{0291E591-EA41-4c82-8106-3DC6CE7F7664}\InprocServer32 @="C:\Program Files\Yahoo!\Common\yinsthelper.dll"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\system32\msjava.dll"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
"@="Internet Explorer Classes for Java"
"ComponentID"="IEJAVA"
[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendu VML (Vector Graphics Rendering)"
"ComponentID"="MSVML"
[Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}]
#### HKCR\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 @="C:\WINDOWS\system32\macromed\Director\SwDir.dll"
"ComponentID"="Director"
"@="Macromedia Shockwave Director 10.1"
[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""
[Installed Components\{2298d453-bcae-4519-bf33-1cbf3faf1524}]
"@="Q867801"
"ComponentID"="Q867801"
[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"
[Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]
#### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\SwDir.dll"
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.3"
[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
"@="DirectAnimation"
"ComponentID"="DirectAnimation"
[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.3"
[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"
[Installed Components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}]
#### HKCR\CLSID\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\InprocServer32 @="C:\Program Files\Yahoo!\Common\yinsthelper.dll"
[Installed Components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}]
#### HKCR\CLSID\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}\InprocServer32 @="C:\Program Files\Yahoo!\Common\yinsthelper.dll"
[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Liaison de données Dynamic HTML pour Java"
"ComponentID"="TridataJava"
[Installed Components\{377483c2-e4b4-4ee8-b577-9aed264c8735}]
"@="Q822925"
"ComponentID"="Q822925"
[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"
[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"
[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Création avancée"
"ComponentID"="AdvAuth"
[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"
[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft DirectX"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"
[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classes Java DirectAnimation"
"ComponentID"="DAJava"
[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"
[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
"@="Windows Messenger 4.7"
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"
[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
[Installed Components\{5f3c70b3-ac2f-432c-8f9c-1624df61f54f}]
"@="Microsoft Data Access Components KB870669"
"ComponentID"="KB870669"
[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\System32\msieftp.dll"
[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"
[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"
[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
"@="Web Folders"
"ComponentID"="WebFolders"
[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Carnet d'adresses 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Mise à jour du Bureau Windows"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"StubPath"="c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install"
"ComponentID"="DOTNETFRAMEWORKS"
[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"
[Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"
[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Planificateur de tâches"
"ComponentID"="MSTASK"
[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"
[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"
[Installed Components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
"StubPath"=expand:"rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub"
"ComponentID"="Frontpad_259"
[Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}]
"ComponentID"="Yahoo! Messenger"
[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"
[Installed Components\{f5173cf0-1dfb-4978-8e50-a90169ee7ca9}]
"@="Q823353"
"ComponentID"="Q823353"
[Installed Components\{F5776D81-AE53-4935-8E84-B0B283D8BCEF}]
"@="Q330994"
"ComponentID"="Q330994"
-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aec\{25d1df4a-0fc9-d65e-1ecd-8f4dcde7d8b8} FilteredOffset REG_DWORD -1056632307 (0xC105120D)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\aec\{25d1df4a-0fc9-d65e-1ecd-8f4dcde7d8b8} FilteredOffset REG_DWORD -1057470593 (0xC0F8477F)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ccEvtMgr
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ccProxy
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ccPwdSvc
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ccSetMgr
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ContentFilter\Performance WbemAdapFileSignature REG_BINARY CC51CA425040C6F0B56214D93E7EE8C4
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\ContentFilter\Performance WbemAdapFileSignature REG_BINARY FA3329E6261ED553FB0A3195E27BE0F0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ContentIndex\Performance WbemAdapFileSignature REG_BINARY CC51CA425040C6F0B56214D93E7EE8C4
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\ContentIndex\Performance WbemAdapFileSignature REG_BINARY FA3329E6261ED553FB0A3195E27BE0F0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {7AC78802-DE91-4C16-9318-1548550B330C} REG_BINARY 3600000000000000040000000000000097F66141C0A801013300000000000000040000000000000097F661410007E9000600000000000
Re ,
ArG j'aime pas quand les rapports sont longs =(
******************************
Dans OTmoveIT , copie/colle ces lignes :
C:\Documents and Settings\Francine\Application Data\FunWebProducts
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\VirusKeeper
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CieTest
MoveIT !
Poste le rapport.
***********************
Va sur ce site --> https://www.virustotal.com/gui/
Copie/colle cette ligne en gras dans le champs de saisie :
C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe
Clique sur ' Envoyer le fichier '
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
-> Poste le moi stp.
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
*******
A+
ArG j'aime pas quand les rapports sont longs =(
******************************
Dans OTmoveIT , copie/colle ces lignes :
C:\Documents and Settings\Francine\Application Data\FunWebProducts
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\VirusKeeper
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CieTest
MoveIT !
Poste le rapport.
***********************
Va sur ce site --> https://www.virustotal.com/gui/
Copie/colle cette ligne en gras dans le champs de saisie :
C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe
Clique sur ' Envoyer le fichier '
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
-> Poste le moi stp.
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
*******
A+
Cyrildu17 ,, petit probleme, je trouve pas OTmoveIT je suis pas sur mes je pense je l ai deleter par erreurs, j ai des rapport du debut dedans et des carreaux qui s ouvre pas , ces tout pardon Puce
Re ,
Par ici pour le re-télécharger :
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
++
Par ici pour le re-télécharger :
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
++
Cyril rapport de moveit, j espere que ces sa, ces tout ce que j ai dans dossier et encore une boite carre avec des tit icon qui s ouvre pas , je vais pour les autre que tu me conseille de telecharger
C:\Documents and Settings\Francine\Application Data\FunWebProducts\Data\Francine moved successfully.
C:\Documents and Settings\Francine\Application Data\FunWebProducts\Data moved successfully.
C:\Documents and Settings\Francine\Application Data\FunWebProducts moved successfully.
< HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\VirusKeeper >
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VirusKeeper not found.
< HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CieTest >
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CieTest not found.
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04142008_170427
C:\Documents and Settings\Francine\Application Data\FunWebProducts\Data\Francine moved successfully.
C:\Documents and Settings\Francine\Application Data\FunWebProducts\Data moved successfully.
C:\Documents and Settings\Francine\Application Data\FunWebProducts moved successfully.
< HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\VirusKeeper >
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VirusKeeper not found.
< HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CieTest >
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CieTest not found.
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04142008_170427
toute mes excuse pour tantot, pour le trop de rapport en meme temps
ces tout ce que sa donne , pour https://www.virustotal.com/gui/ , es ce ok.
0 bytes size received / Se ha recibido un archivo vacio
ces tout ce que sa donne , pour https://www.virustotal.com/gui/ , es ce ok.
0 bytes size received / Se ha recibido un archivo vacio
Cyrildu17,,, es ce possible que le probleme que j ai eu ai affecter mes autres ordi ici a la maison, celui de mon chum, ces page de s'ouvre plus comme a la normal , et celui mon fils aussi a des probleme egalement ce qu "il n'avais pas avant mon probleme a moi ,,,,????? nous sommes brancher par rooter avec file... merci Puce
P.S. es ce qu il peuve faire un ceanup comme tu ma conseille avec mon ordi peuve t'il le faire sur leurs ordi pour commencer.
P.S. es ce qu il peuve faire un ceanup comme tu ma conseille avec mon ordi peuve t'il le faire sur leurs ordi pour commencer.
Re , !
Non je ne pense pas que les autres pc aient été infectés ;)
Ou alors c'est pas de chance ^^
Enfin c'est une possibilité en effet ...
Tu peux me reposter un rapport Hijackthis stp ?
+++
Non je ne pense pas que les autres pc aient été infectés ;)
Ou alors c'est pas de chance ^^
Enfin c'est une possibilité en effet ...
Tu peux me reposter un rapport Hijackthis stp ?
+++
voila pour le rapport hijacker,et je voila dire a propos de celui ci hijacker j'ai jamais ete capable de le mettre comme tu disais enHJT il ses installer dans le c: programme file et j 'ai tout essayer comme tu dit sa marchais pas y a t'il une difference pour le rapport merci Puce
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:01 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Calendrier\Cld2000.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.HJT.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60316
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.canoe.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60316
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60316
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60316
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60316
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DeskMateAutoUpdate] C:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2006 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Horloge Parlante 2000] C:\Program Files\Horloge Parlante 2000\Horloge Parlante 2000.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Felix2.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe
O4 - HKCU\..\Run: [CopernicSummarizerWatchdog] "C:\Program Files\Copernic Summarizer\CSAgent.exe" /thisismandatory
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Yahoo! Widget Engine.lnk = C:\Documents and Settings\Francine\Mes documents\My Widgets\1000alaheure\Yahoo! Widget Engine\YahooWidgetEngine.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Yahoo! Widget Engine.lnk = C:\Documents and Settings\Francine\Mes documents\My Widgets\1000alaheure\Yahoo! Widget Engine\YahooWidgetEngine.exe (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Documents and Settings\Francine\Mes documents\My Widgets\1000alaheure\Yahoo! Widget Engine\YahooWidgetEngine.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Crawler Smileys - {16FE352D-F643-4A81-BC61-2C051F3A757D} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL (file missing)
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Crawler eCards - {82E2B317-7C9C-4F12-B920-AC37D928CD43} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.lapresseaffaires.com
O16 - DPF: Thousand Island Solitaire by pogo - http://game1.pogo.com/v/8.1.2.12/applet/millbrae/millbrae-en_US.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - https://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - https://www.iwin.com/pogo-migration
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:01 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Calendrier\Cld2000.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.HJT.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60316
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.canoe.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60316
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60316
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60316
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60316
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DeskMateAutoUpdate] C:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2006 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Horloge Parlante 2000] C:\Program Files\Horloge Parlante 2000\Horloge Parlante 2000.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Felix2.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe
O4 - HKCU\..\Run: [CopernicSummarizerWatchdog] "C:\Program Files\Copernic Summarizer\CSAgent.exe" /thisismandatory
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Yahoo! Widget Engine.lnk = C:\Documents and Settings\Francine\Mes documents\My Widgets\1000alaheure\Yahoo! Widget Engine\YahooWidgetEngine.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Yahoo! Widget Engine.lnk = C:\Documents and Settings\Francine\Mes documents\My Widgets\1000alaheure\Yahoo! Widget Engine\YahooWidgetEngine.exe (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Documents and Settings\Francine\Mes documents\My Widgets\1000alaheure\Yahoo! Widget Engine\YahooWidgetEngine.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Crawler Smileys - {16FE352D-F643-4A81-BC61-2C051F3A757D} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL (file missing)
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Crawler eCards - {82E2B317-7C9C-4F12-B920-AC37D928CD43} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.lapresseaffaires.com
O16 - DPF: Thousand Island Solitaire by pogo - http://game1.pogo.com/v/8.1.2.12/applet/millbrae/millbrae-en_US.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - https://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - https://www.iwin.com/pogo-migration
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Re ,
J'aurais besoin d'un rapport tout neuf stp :)
Lance Hijackthis > do a system scan and save a log file > et tu me postes le rapport ;)
++
J'aurais besoin d'un rapport tout neuf stp :)
Lance Hijackthis > do a system scan and save a log file > et tu me postes le rapport ;)
++
ces sa que je vient de faire tres cher, je t ai envoyer et fait sa la scan avec kijackers je le refait
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:11 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Calendrier\Cld2000.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.HJT.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60316
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.canoe.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60316
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60316
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60316
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60316
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DeskMateAutoUpdate] C:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2006 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Horloge Parlante 2000] C:\Program Files\Horloge Parlante 2000\Horloge Parlante 2000.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Felix2.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe
O4 - HKCU\..\Run: [CopernicSummarizerWatchdog] "C:\Program Files\Copernic Summarizer\CSAgent.exe" /thisismandatory
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Yahoo! Widget Engine.lnk = C:\Documents and Settings\Francine\Mes documents\My Widgets\1000alaheure\Yahoo! Widget Engine\YahooWidgetEngine.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Yahoo! Widget Engine.lnk = C:\Documents and Settings\Francine\Mes documents\My Widgets\1000alaheure\Yahoo! Widget Engine\YahooWidgetEngine.exe (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Documents and Settings\Francine\Mes documents\My Widgets\1000alaheure\Yahoo! Widget Engine\YahooWidgetEngine.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Crawler Smileys - {16FE352D-F643-4A81-BC61-2C051F3A757D} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL (file missing)
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Crawler eCards - {82E2B317-7C9C-4F12-B920-AC37D928CD43} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.lapresseaffaires.com
O16 - DPF: Thousand Island Solitaire by pogo - http://game1.pogo.com/v/8.1.2.12/applet/millbrae/millbrae-en_US.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - https://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - https://www.iwin.com/pogo-migration
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:11 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Calendrier\Cld2000.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.HJT.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60316
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.canoe.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60316
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60316
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60316
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60316
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DeskMateAutoUpdate] C:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2006 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Horloge Parlante 2000] C:\Program Files\Horloge Parlante 2000\Horloge Parlante 2000.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Felix2.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe
O4 - HKCU\..\Run: [CopernicSummarizerWatchdog] "C:\Program Files\Copernic Summarizer\CSAgent.exe" /thisismandatory
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Yahoo! Widget Engine.lnk = C:\Documents and Settings\Francine\Mes documents\My Widgets\1000alaheure\Yahoo! Widget Engine\YahooWidgetEngine.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Yahoo! Widget Engine.lnk = C:\Documents and Settings\Francine\Mes documents\My Widgets\1000alaheure\Yahoo! Widget Engine\YahooWidgetEngine.exe (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Documents and Settings\Francine\Mes documents\My Widgets\1000alaheure\Yahoo! Widget Engine\YahooWidgetEngine.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Crawler Smileys - {16FE352D-F643-4A81-BC61-2C051F3A757D} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL (file missing)
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Crawler eCards - {82E2B317-7C9C-4F12-B920-AC37D928CD43} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.lapresseaffaires.com
O16 - DPF: Thousand Island Solitaire by pogo - http://game1.pogo.com/v/8.1.2.12/applet/millbrae/millbrae-en_US.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - https://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - https://www.iwin.com/pogo-migration
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Ah ?
Tu habites au Quebec alors ? =P
La date et l'heure de correspondes pas ^^
( 6h de décalage )
****************************************
Euh ...
Norton Internet Security Professional
Tu l'as payé ?
Il se lance au démarrage apparemment mais il n'apparait pas dans les processus lancés ... bizarre
Tu peux m'en dire plus ?
Désinstalle VirusKeeper 2006 Pro Evaluation via ajout et suppression de programme.
*********************************
→ Relance hijackthis , en menu principal choisis ' Do a system scan ' Et fixe ces/cette ligne(s) : ( coche la case à leurs gauches )
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: Crawler Smileys - {16FE352D-F643-4A81-BC61-2C051F3A757D} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL (file missing)
O9 - Extra button: Crawler eCards - {82E2B317-7C9C-4F12-B920-AC37D928CD43} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL (file missing)
Ferme toutes les fenêtres (hormis Hijackthis), y compris ton navigateur web.
→ clique sur ' fixchecked '
*******************
Démarrer > executer > ' services.msc ' ,
- Clic droit sur le service cité - Symantec Lic NetConnect service (CLTNetCnService)
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »
Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html
*****************
Bonne chance
a+
Tu habites au Quebec alors ? =P
La date et l'heure de correspondes pas ^^
( 6h de décalage )
****************************************
Euh ...
Norton Internet Security Professional
Tu l'as payé ?
Il se lance au démarrage apparemment mais il n'apparait pas dans les processus lancés ... bizarre
Tu peux m'en dire plus ?
Désinstalle VirusKeeper 2006 Pro Evaluation via ajout et suppression de programme.
*********************************
→ Relance hijackthis , en menu principal choisis ' Do a system scan ' Et fixe ces/cette ligne(s) : ( coche la case à leurs gauches )
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: Crawler Smileys - {16FE352D-F643-4A81-BC61-2C051F3A757D} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL (file missing)
O9 - Extra button: Crawler eCards - {82E2B317-7C9C-4F12-B920-AC37D928CD43} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL (file missing)
Ferme toutes les fenêtres (hormis Hijackthis), y compris ton navigateur web.
→ clique sur ' fixchecked '
*******************
Démarrer > executer > ' services.msc ' ,
- Clic droit sur le service cité - Symantec Lic NetConnect service (CLTNetCnService)
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »
Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html
*****************
Bonne chance
a+
