Trojandownloader
Résolu
caf06
Messages postés
13
Date d'inscription
Statut
Membre
Dernière intervention
-
caf06 -
caf06 -
Bonjour,
apres divers telechargement d'antispyware, voici le dernier rapport pris avec bitdefender
Résumé:
C:\hp\bin\ProcessLogger.exe Infecté: DeepScan:Generic.Malware.P!.5D10CE80
C:\hp\bin\ProcessLogger.exe Désinfection impossible
C:\hp\bin\ProcessLogger.exe Déplacé
C:\WINDOWS\system32\Suwycfii.ini Infecté: Trojan.Vundo.DVS
C:\WINDOWS\system32\Suwycfii.ini Désinfection impossible
C:\WINDOWS\system32\Suwycfii.ini Déplacé
C:\WINDOWS\system32\XEKSuBeg.ini Infecté: Trojan.Vundo.DVS
C:\WINDOWS\system32\XEKSuBeg.ini Désinfection impossible
C:\WINDOWS\system32\XEKSuBeg.ini Déplacé
en gros toute les 5mn, j'ai comme des pop up qui m'avertissent de virus pour finalement me transferer sur des sites d'achat.
apres divers telechargement d'antispyware, voici le dernier rapport pris avec bitdefender
Résumé:
C:\hp\bin\ProcessLogger.exe Infecté: DeepScan:Generic.Malware.P!.5D10CE80
C:\hp\bin\ProcessLogger.exe Désinfection impossible
C:\hp\bin\ProcessLogger.exe Déplacé
C:\WINDOWS\system32\Suwycfii.ini Infecté: Trojan.Vundo.DVS
C:\WINDOWS\system32\Suwycfii.ini Désinfection impossible
C:\WINDOWS\system32\Suwycfii.ini Déplacé
C:\WINDOWS\system32\XEKSuBeg.ini Infecté: Trojan.Vundo.DVS
C:\WINDOWS\system32\XEKSuBeg.ini Désinfection impossible
C:\WINDOWS\system32\XEKSuBeg.ini Déplacé
en gros toute les 5mn, j'ai comme des pop up qui m'avertissent de virus pour finalement me transferer sur des sites d'achat.
43 réponses
bonjour, cyril
peut tu prendre le relais,je vois pas ou est infection.
merci pour ton aide
je vais suivre et continué d'apprendre
peut tu prendre le relais,je vois pas ou est infection.
merci pour ton aide
je vais suivre et continué d'apprendre
Re ,,
Télécharge http://www.suspectfile.com/systemscan/ ( Systemscan )
→ Double clic dessus (ferme ton antivirus le temps du téléchargement s'il te détecte quoi que ce soit et réactive le après)
→ Clique sur Unselect all
Coche uniquement ces cases :
_ Recent Files, 30 days
_ Registry run keys
_ Suspicious files
Puis clique sur scan now, sois patient.
Une fois le scan terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
A++
On verra plus tard sur ce que tu dois garder ou non ;))
Télécharge http://www.suspectfile.com/systemscan/ ( Systemscan )
→ Double clic dessus (ferme ton antivirus le temps du téléchargement s'il te détecte quoi que ce soit et réactive le après)
→ Clique sur Unselect all
Coche uniquement ces cases :
_ Recent Files, 30 days
_ Registry run keys
_ Suspicious files
Puis clique sur scan now, sois patient.
Une fois le scan terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
A++
On verra plus tard sur ce que tu dois garder ou non ;))
et bien et bien, encore beaucoup de lecture, dis donc.. :
SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)
Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\HP_Propriétaire\Bureau\antivirus\sys67517.exe
Running in: User mode
Date: 2008-05-02
Time: 18:21:57
Output limited to:
-Recent files
-Registry Run Keys
-Suspicious Files
===================== RECENT FILES =====================
Showing files newer than 30 days
----- recent files in C:\
01-05-2008 04:26:25 (DIR) 0 byte 1 days old -- kav
01-05-2008 13:18:04 (DIR) 0 byte 1 days old -- Documents and Settings
01-05-2008 13:19:45 (DIR) 0 byte 1 days old -- RECYCLER
01-05-2008 13:26:57 (DIR) 0 byte 1 days old -- Config.Msi
01-05-2008 18:17:36 5851 byte 1 days old -- rapport.txt
02-05-2008 04:39:04 1095 byte 0 days old -- TCleaner.txt
02-05-2008 17:22:45 (DIR) 0 byte 0 days old -- WINDOWS
02-05-2008 17:41:11 (DIR) 0 byte 0 days old -- _OTMoveIt
02-05-2008 17:41:12 (DIR) 0 byte 0 days old -- Program Files
02-05-2008 17:43:17 805306368 byte 0 days old -- pagefile.sys
02-05-2008 17:43:18 1072222208 byte 0 days old -- hiberfil.sys
24-04-2008 05:59:28 (DIR) 0 byte 8 days old -- Downloads
----- recent files in C:\WINDOWS\
01-05-2008 04:47:04 (DIR) 0 byte 1 days old -- Downloaded Program Files
01-05-2008 05:52:56 (DIR) 0 byte 1 days old -- inf
01-05-2008 13:24:45 (DIR) 0 byte 1 days old -- Installer
01-05-2008 18:57:53 53248 byte 1 days old -- PSEXESVC.EXE
01-05-2008 18:57:55 (DIR) 0 byte 1 days old -- erdnt
01-05-2008 19:00:13 227 byte 1 days old -- system.ini
02-05-2008 04:42:02 (DIR) 0 byte 0 days old -- system32
02-05-2008 07:29:26 (DIR) 0 byte 0 days old -- Minidump
02-05-2008 07:29:26 (DIR) 0 byte 0 days old -- Debug
02-05-2008 17:29:12 131028 byte 0 days old -- ntbtlog.txt
02-05-2008 17:42:09 32158 byte 0 days old -- SchedLgU.Txt
02-05-2008 17:43:23 2048 byte 0 days old -- bootstat.dat
02-05-2008 17:43:37 (DIR) 0 byte 0 days old -- Temp
02-05-2008 17:43:41 50 byte 0 days old -- wiaservc.log
02-05-2008 17:43:43 159 byte 0 days old -- wiadebug.log
02-05-2008 17:43:55 0 byte 0 days old -- 0.log
02-05-2008 17:44:32 54156 byte 0 days old -- QTFont.qfn
02-05-2008 18:03:07 1550061 byte 0 days old -- WindowsUpdate.log
02-05-2008 18:20:52 (DIR) 0 byte 0 days old -- Prefetch
24-04-2008 05:59:47 (DIR) 0 byte 8 days old -- Registration
29-04-2008 19:34:55 (DIR) 0 byte 3 days old -- Web
29-04-2008 20:03:18 269 byte 3 days old -- wininit.ini
30-04-2008 19:27:12 116 byte 2 days old -- NeroDigital.ini
06-04-2008 19:13:13 (DIR) 0 byte 26 days old -- $NtUninstallQ828026$
10-04-2008 01:58:21 (DIR) 0 byte 22 days old -- $NtUninstallKB945553$
10-04-2008 01:59:43 (DIR) 0 byte 22 days old -- $NtUninstallKB948590$
10-04-2008 02:00:30 (DIR) 0 byte 22 days old -- $NtUninstallKB941693$
10-04-2008 02:01:21 (DIR) 0 byte 22 days old -- $hf_mig$
10-04-2008 02:01:22 (DIR) 0 byte 22 days old -- $NtUninstallKB948881$
----- recent files in C:\WINDOWS\Downloaded Program Files\
----- recent files in C:\WINDOWS\system\
02-05-2008 17:44:20 186 byte 0 days old -- hpsysdrv.DAT
----- recent files in C:\WINDOWS\system32\
01-05-2008 13:05:12 81984 byte 1 days old -- bdod.bin
01-05-2008 13:13:04 0 byte 1 days old -- bdss.log
01-05-2008 18:16:53 3608 byte 1 days old -- tmp.reg
01-05-2008 18:16:53 0 byte 1 days old -- tmp.txt
01-05-2008 18:58:14 (DIR) 0 byte 1 days old -- config
02-05-2008 04:41:59 3072 byte 0 days old -- CONFIG.NT
02-05-2008 05:51:44 (DIR) 0 byte 0 days old -- drivers
02-05-2008 09:44:59 (DIR) 0 byte 0 days old -- CatRoot2
03-04-2008 06:53:02 (DIR) 0 byte 29 days old -- Macromed
24-04-2008 05:21:27 (DIR) 0 byte 8 days old -- dllcache
24-04-2008 05:59:47 (DIR) 0 byte 8 days old -- wbem
24-04-2008 08:10:33 86528 byte 8 days old -- VACFix.exe
28-04-2008 08:03:06 82944 byte 4 days old -- IEDFix.exe
28-04-2008 08:03:06 82944 byte 4 days old -- 404Fix.exe
29-04-2008 19:02:11 16384 byte 3 days old -- Thumbs.db
29-04-2008 19:45:11 0 byte 3 days old -- clkcnt.txt
06-04-2008 07:56:20 19836024 byte 26 days old -- MRT.exe
10-04-2008 08:05:48 309992 byte 22 days old -- FNTCACHE.DAT
----- recent files in C:\WINDOWS\system32\drivers\
01-05-2008 19:00:00 (DIR) 0 byte 1 days old -- etc
02-05-2008 05:42:15 79424 byte 0 days old -- avipbb.sys
----- recent files in C:\WINDOWS\temp\
02-05-2008 07:39:51 (DIR) 0 byte 0 days old -- _avast4_
----- recent files in C:\Program Files\
01-05-2008 05:05:21 (DIR) 0 byte 1 days old -- Fichiers communs
02-05-2008 05:38:48 (DIR) 0 byte 0 days old -- Avira
02-05-2008 05:51:39 (DIR) 0 byte 0 days old -- Grisoft
02-05-2008 07:08:41 (DIR) 0 byte 0 days old -- CCleaner
14-04-2008 19:25:26 (DIR) 0 byte 18 days old -- Téléchargement PHOTOWAYS
27-04-2008 07:00:43 (DIR) 0 byte 5 days old -- LimeWire
30-04-2008 14:39:18 (DIR) 0 byte 2 days old -- Winamp
30-04-2008 14:54:13 (DIR) 0 byte 2 days old -- a-squared Anti-Malware
30-04-2008 15:19:12 (DIR) 0 byte 2 days old -- AviSynth 2.5
30-04-2008 20:02:54 (DIR) 0 byte 2 days old -- InstallShield Installation Information
05-04-2008 22:56:16 (DIR) 0 byte 27 days old -- Bonjour
10-04-2008 02:00:11 (DIR) 0 byte 22 days old -- Internet Explorer
----- recent files in C:\Program Files\Fichiers communs\
01-05-2008 05:06:25 (DIR) 0 byte 1 days old -- Softwin
10-04-2008 02:00:56 (DIR) 0 byte 22 days old -- ODBC
----- recent files in C:\Documents and Settings\HP_Propriétaire\Application Data\
01-05-2008 06:09:37 (DIR) 0 byte 1 days old -- Spyware Terminator
01-05-2008 14:05:30 (DIR) 0 byte 1 days old -- Malwarebytes
02-05-2008 05:51:54 (DIR) 0 byte 0 days old -- Grisoft
29-04-2008 20:56:03 (DIR) 0 byte 3 days old -- LimeWire
30-04-2008 05:26:26 (DIR) 0 byte 2 days old -- STOIK
----- recent files in C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\
02-05-2008 07:39:15 (DIR) 0 byte 0 days old -- Google Toolbar
02-05-2008 09:46:59 (DIR) 0 byte 0 days old -- tosBtExt
02-05-2008 17:44:18 (DIR) 0 byte 0 days old -- WPDNSE
02-05-2008 17:44:22 898 byte 0 days old -- LSBurnWatcher.log
02-05-2008 17:44:32 224 byte 0 days old -- WCESCOMM.LOG
02-05-2008 17:44:58 0 byte 0 days old -- Twunk002.MTX
02-05-2008 17:45:01 1430 byte 0 days old -- MAR2.tmp
02-05-2008 17:45:04 47122 byte 0 days old -- DIO3.tmp
02-05-2008 17:45:26 3015 byte 0 days old -- hpodvd09.log
02-05-2008 17:45:27 47122 byte 0 days old -- DIO5.tmp
02-05-2008 17:46:17 (DIR) 0 byte 0 days old -- WLTB Custom Button Feeds
02-05-2008 17:49:23 170 byte 0 days old -- jusched.log
02-05-2008 18:18:00 156 byte 0 days old -- Twunk001.MTX
02-05-2008 18:18:00 1415 byte 0 days old -- TWAIN.LOG
02-05-2008 18:18:00 3 byte 0 days old -- Twain001.Mtx
02-05-2008 18:20:41 71 byte 0 days old -- systemscan.ini
02-05-2008 18:20:42 16384 byte 0 days old -- ~DFBDAE.tmp
02-05-2008 18:20:42 (DIR) 0 byte 0 days old -- nsr7.tmp
===================== REGISTRY SCAN =====================
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----
[run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"KBD"="C:\HP\KBD\KBD.EXE"
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE"
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
"PS2"="C:\WINDOWS\system32\ps2.exe"
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe"
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"RemoteControl"="\"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe\""
"LWBMOUSE"="C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE"
"LWBKEYBOARD"="C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe"
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"
"SunJavaUpdateSched"="\"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe\""
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\Program Files\iTunes\iTunesHelper.exe\""
"Adobe Photo Downloader"="\"C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe\""
"Adobe Reader Speed Launcher"="\"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\""
"avgnt"="\"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe\" /min"
"!AVG Anti-Spyware"="\"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe\" /minimized"
[run\OptionalComponents]
@=""
[run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
@=""
[run\OptionalComponents\MSFS]
"Installed"="1"
@=""
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"H/PC Connection Agent"="\"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE\""
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"
-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"msnmsgr"="\"C:\Program Files\Windows Live\Messenger\msnmsgr.exe\" /background"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
[Run]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
[Run]
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----
[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
#### HKCR\CLSID\{e57ce738-33e8-4c51-8354-bb4de9d215d1}\InprocServer32 @="C:\WINDOWS\system32\upnpui.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----
[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
#### HKCR\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\InprocServer32 @="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"
[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"
[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installation de logiciel"
"DllName"=expand:"appmgmts.dll"
[Winlogon\Notify]
[Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"
[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
[Winlogon\SpecialAccounts]
[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp;Local Settings\Application Data\Microsoft\Outlook"
"BuildNumber"=dword:00000a28
[Winlogon\Notify]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----
[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"
-----HKLM\System\CurrentControlSet\Control\Session Manager\-----
[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00\00"
[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----
[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----
[run]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
[RunServicesOnce]
-----HKLM\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----
-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----
-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----
[Browser Helper Objects]
[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""
[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll"
"NoExplorer"=dword:00000001
[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\program files\google\googletoolbar1.dll"
[Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
#### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll"
[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
#### HKCR\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServer32 @="C:\Program Files\Windows Live Toolbar\msntb.dll"
@=""
[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\NoExplorer]
@=dword:00000001
-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----
[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"
-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----
-----HKCU\Control Panel\Desktop\-----
[Desktop]
[Desktop\WindowMetrics]
-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----
[command]
@="\"%1\" /S"
-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----
[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"
-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----
[URL]
[URL\DefaultPrefix]
@="http://"
[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"
-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----
[Lsa]
[Lsa\AccessProviders]
[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"
[Lsa\Audit]
[Lsa\Audit\PerUserAuditing]
[Lsa\Audit\PerUserAuditing\System]
[Lsa\Data]
[Lsa\SSO]
[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[Lsa\SspiCache]
[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----
[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."
"DisplayName"="Pare-feu Windows / Partage de connexion Internet"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020
[SharedAccess\Epoch]
"Epoch"=dword:00002ce8
[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
[SharedAccess\Parameters\FirewallPolicy]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0a\waol.exe"="C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22008"
"10243:TCP"="10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
"10280:UDP"="10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
"10281:UDP"="10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
"10282:UDP"="10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
"10283:UDP"="10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
"10284:UDP"="10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\kav\kis7.0\french\setup.exe"="C:\kav\kis7.0\french\setup.exe:*:Enabled:Programme d'installation de Kaspersky Internet Security 7.0"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22008"
"10243:TCP"="10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
"10280:UDP"="10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
"10281:UDP"="10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
"10282:UDP"="10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
"10283:UDP"="10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
"10284:UDP"="10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
"139:TCP"="139:TCP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22002"
[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001
-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----
-----HKLM\Software\Microsoft\Ole-----
[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"
[Ole\AppCompat]
[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""
-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----
[AU]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----
[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000000
[Security Center\Monitoring]
[Security Center\Monitoring\AhnlabAntiVirus]
[Security Center\Monitoring\ComputerAssociatesAntiVirus]
[Security Center\Monitoring\KasperskyAntiVirus]
[Security Center\Monitoring\McAfeeAntiVirus]
[Security Center\Monitoring\McAfeeFirewall]
[Security Center\Monitoring\PandaAntiVirus]
[Security Center\Monitoring\PandaFirewall]
[Security Center\Monitoring\SophosAntiVirus]
[Security Center\Monitoring\SymantecAntiVirus]
[Security Center\Monitoring\SymantecFirewall]
[Security Center\Monitoring\TinyFirewall]
[Security Center\Monitoring\TrendAntiVirus]
[Security Center\Monitoring\TrendFirewall]
[Security Center\Monitoring\ZoneLabsFirewall]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----
[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"RestoreStatus"=dword:00000000
"RestoreSafeModeStatus"=dword:00000000
[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{F75EEC69-6E97-419B-93B4-6A3A275301C4}"
[SystemRestore\SnapshotCallbacks]
@=""
-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----
[VB and VBA Program Settings]
[VB and VBA Program Settings\Euro Add-in]
[VB and VBA Program Settings\Euro Add-in\Wizard Options]
[VB and VBA Program Settings\Julpuz]
[VB and VBA Program Settings\Julpuz\Optionen]
[VB and VBA Program Settings\scrabblepro]
[VB and VBA Program Settings\scrabblepro\1]
-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
[AdvancedOptions]
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
-----HKLM\Software\Microsoft\Active Setup\Installed Components-----
[Installed Components]
[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"
[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"
[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"
[Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}]
#### HKCR\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\InprocServer32 @="C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll"
"@="Viewpoint Media Player"
"ComponentID"="Viewpoint"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Java (Sun)"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\Program Files\Java\jre1.6.0_05\bin\regutils.dll"
[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendu VML (Vector Graphics Rendering)"
"ComponentID"="MSVML"
[Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}]
#### HKCR\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 @="C:\WINDOWS\system32\macromed\Director\SwDir.dll"
"ComponentID"="Director"
"@="Macromedia Shockwave Director 8.5.1"
[Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
#### HKCR\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}\InprocServer32 @="C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll"
"@="Viewpoint Media Player"
"ComponentID"="Viewpoint"
[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""
[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"
[Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]
#### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\SwDir.dll"
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.3"
[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
"@="DirectAnimation"
"ComponentID"="DirectAnimation"
[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.3"
[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"
[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Liaison de données Dynamic HTML pour Java"
"ComponentID"="TridataJava"
[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"
[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"
[Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
"ComponentID"="S867460"
"@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"
[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Création avancée"
"ComponentID"="AdvAuth"
[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"
[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"
[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classes Java DirectAnimation"
"ComponentID"="DAJava"
[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.7"
"ComponentID"="MSVBScript"
[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"
"@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"
[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"
[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"
[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
"@="Web Folders"
"ComponentID"="WebFolders"
"StubPath"=""
[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Carnet d'adresses 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Mise à jour du Bureau Windows"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"
[Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
"@="Fax"
"ComponentID"="Fax"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser"
[Installed Components\{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}]
"ComponentID"="M928366"
"@="Microsoft .NET Framework 1.1 Hotfix (KB928366)"
[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"
[Installed Components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
"@="Fax Provider"
"ComponentID"="Fax Provider"
"StubPath"=""
[Installed Components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
"@=".NET Framework"
"ComponentID"=".NETFramework"
[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"
[Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Planificateur de tâches"
"ComponentID"="MSTASK"
[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"
[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"
[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"
-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Aavmker4
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswFsBlk
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswMon2
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswRdr
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswSP
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi DisplayName REG_SZ avast! Network Shield Support
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi ErrorControl REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Type REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Group REG_SZ PNP_TDI
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Start REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi DependOnService REG_MULTI_SZ tcpip\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Tag REG_DWORD 268435456 (0x10000000)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi\Parameters ProviderStart REG_DWORD 1 (0x1)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\aswTdi\Parameters ProviderStart REG_DWORD 3 (0x3)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswUpdSv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\avast! Antivirus
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\avast! Mail Scanner
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\avast! Web Scanner
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\bdfdll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\bdss
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\BITS\Parameters ServiceDll REG_EXPAND_SZ C:\WINDOWS\system32\qmgr.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\BITS\Parameters ServiceDll REG_EXPAND_SZ %systemroot%\system32\qmgr.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\CiSvc Description REG_SZ Construit un index des contenus et des propriétés des fichiers sur les ordinateurs locaux et distants ; fournit un accès rapide aux fichiers par le biais d'un langage d'interrogation flexible.
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\CiSvc Description REG_SZ Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\CiSvc DisplayName REG_SZ Service d'indexation
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\CiSvc DisplayName REG_SZ Indexing Service
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {8C325E5B-BDEA-428F-BBF5-08C77732B6CE} REG_BINARY 01000000000000000400000000000000DBF51A48FFFFFF0006000000000000000400000000000000DBF51A48C0A8010103000000000000000400000000000000DBF51A48C0A801011C000000000000000400000000000000DBF51A48C0A801FF36000000000000000400000000000000DBF51A48C0A8010135000000000000000100000000000000DBF51A4805000000FC000000000000000000000000000000BEA4194851000000000000001200000000000000DBF51A4803FFFF6E6F6D2D656238356335323336313000003B000000000000000400000000000000DBF51A48000127503A000000000000000400000000000000DBF51A480000A8C033000000000000000400000000000000DBF51A4800015180
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {8C325E5B-BDEA-428F-BBF5-08C77732B6CE} REG_BINARY 010000000000000004000000000000001D881C48FFFFFF00060000000000000004000000000000001D881C48C0A80101030000000000000004000000000000001D881C48C0A80101510000000000000012000000000000001D881C4803FFFF6E6F6D2D656238356335323336313000001C0000000000000004000000000000001D881C48C0A801FF3B0000000000000004000000000000001D881C48000127503A0000000000000004000000000000001D881C480000A8C0330000000000000004000000000000001D881C4800015180360000000000000004000000000000001D881C48C0A80101350000000000000001000000000000001D881C4805000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\eamon
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\easdrv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\EhttpSrv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ekrn
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\epfwtdir
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ERSvc Description REG_SZ Active le rapport d'erreurs pour les services et les applications s'exécutant sur des environnements non standard.
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\ERSvc Description REG_SZ Allows error reporting for services and applictions running in non-standard environments.
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ERSvc DisplayName REG_SZ Service de rapport d'erreurs
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\ERSvc DisplayName REG_SZ Error Reporting Service
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Antivirus
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application Sources REG_MULTI_SZ WSH\0WMIAdapter\0WmdmPmSN\0WinMgmt\0Winlogon\0Windows Product Activation\0Windows 3.1 Migration\0WebClient\0VSS\0VBRuntime\0usnjsvc\0Userinit\0Userenv\0SysmonLog\0Starter\0SpoolerCtrs\0Software Restriction Policies\0Software Installation\0SecurityCenter\0SclgNtfy\0SceSrv\0SceCli\0safrslv\0SAFrdms\0RPC\0Remote Assistance\0PerfProc\0PerfOS\0PerfNet\0Perfmon\0Perflib\0PerfDisk\0Perfctrs\0Outlook\0Offline Files\0Oakley\0ntbackup\0NeroCheck\0MSSQLSERVER/MSDE\0MSSOAP\0MsiInstaller\0MSDTC Client\0MSDTC\0MSDMine\0mnmsrvc\0Microsoft Office 12\0Microsoft Office 10\0Microsoft H.323 Telephony Service Provider\0Microsoft Fax\0LoadPerf\0HelpSvc\0GLFileSync\0Folder Redirection\0File Deployment\0EventSystem\0ESENT\0DrWatson\0DiskQuota\0crypt32\0COM+\0COM\0Ci\0Chkdsk\0Bonjour Service\0AutoEnrollment\0Autochk\0ATI Smart\0ASP.NET 1.1.4322.0\0Application Management\0Application Hang\0Application Error\0.NET Runtime\0Application\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application Sources REG_MULTI_SZ WSH\0WMIAdapter\0WmdmPmSN\0WinMgmt\0Winlogon\0Windows Product Activation\0Windows 3.1 Migration\0WebClient\0VSS\0VBRuntime\0usnjsvc\0Userinit\0Userenv\0SysmonLog\0Starter\0SpoolerCtrs\0Software Restriction Policies\0Software Installation\0SecurityCenter\0SclgNtfy\0SceSrv\0SceCli\0safrslv\0SAFrdms\0RPC\0Remote Assistance\0PerfProc\0PerfOS\0PerfNet\0Perfmon\0Perflib\0PerfDisk\0Perfctrs\0Outlook\0Offline Files\0Oakley\0ntbackup\0NeroCheck\0MSSQLSERVER/MSDE\0MSSOAP\0MsiInstaller\0MSDTC Client\0MSDTC\0MSDMine\0mnmsrvc\0Microsoft Office 12\0Microsoft Office 10\0Microsoft H.323 Telephony Service Provider\0Microsoft Fax\0LoadPerf\0HelpSvc\0H+BEDV AntiVir\0GLFileSync\0Folder Redirection\0File Deployment\0EventSystem\0ESENT\0DrWatson\0DiskQuota\0crypt32\0COM+\0COM\0Ci\0Chkdsk\0Bonjour Service\0AutoEnrollment\0Autochk\0ATI Smart\0ASP.NET 1.1.4322.0\0Application Management\0Application Hang\0Application Error\0.NET Runtime\0Application\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\System Sources REG_MULTI_SZ WZCSVC\0Wudf01000\0WPDClassInstaller\0Workstation\0WMPNetworkSvc\0WindowsMedia\0Windows Update Agent\0Windows Script Host\0Windows Installer 3.1\0Windows File Protection\0Win32k\0wceusbsh\0wanatw\0W32Time\0VolSnap\0viaide\0VgaSave\0USER32\0USB_RNDIS\0UPS\0ultra\0udfs\0tosrfnds\0tosporte\0toside\0TermServSessDir\0TermService\0TermServDevices\0TermDD\0tdi\0TCPMon\0Tcpip\0System Error\0sym_u3\0sym_hi\0symc8xx\0symc810\0StillImage\0SSDPSRV\0Srv\0srservice\0sr\0sparrow\0sndblst\0Simbad\0SideBySide\0sfloppy\0Setup\0Service de stockage amovible\0Service Control Manager\0Server\0serial\0scsiport\0Schedule\0Schannel\0SCardSvr\0Save Dump\0SAM\0rtl8139\0RSVP\0RFUSB\0RemoteAccess\0redbook\0Rdbss\0RasMan\0RasAuto\0ql1280\0ql1240\0ql12160\0ql10wnt\0ql1080\0PSched\0PS2\0Processor\0Print\0PptpMiniport\0PolicyAgent\0PlugPlayManager\0perc2\0pcmcia\0pciide\0pci\0parvdm\0partmgr\0parport\0OSPFMib\0OSPF\0null\0NtServicePack\0ntfs\0npfs\0Nla\0NIC1394\0Netlogon\0NetDDE\0NetBT\0NetBIOS\0NdisWan\0NdisIP\0ndis\0Mup\0msfs\0msadlib\0MrxSmb\0MRxDAV\0mraid35x\0mouhid\0mouclass\0Modem\0ltmodem5\0LsaSrv\0LmHosts\0LDMS\0LDM\0lbrtfdc\0Kerberos\0kbdhid\0kbdclass\0KB929969\0KB928090-IE7\0isapnp\0IPXSAP\0IPXRouterManager\0IPXRIP\0IPXCP\0IPSec\0IPRouterManager\0IPRIP2\0IPNATHLP\0IPMGM\0IPBOOTP\0Internet Explorer 7 Disk\0intelppm\0intelide\0ini910u\0IGMPv2\0i8042prt\0i2omp\0i2omgmt\0Http\0hpn\0ftdisk\0fs_rec\0flpydisk\0Fips\0fdc\0fastfat\0eventlog\0efs\0dpti2o\0Dnscache\0Dnsapi\0dmio\0dmboot\0Distributed Link Tracking Client\0disk\0Dhcp\0DfsSvc\0DfsDriver\0DCOM\0dac960nt\0dac2w2k\0cpqarray\0cmdide\0changer\0cdrom\0Cdm\0cdfs\0cdaudio\0cd20xrnt\0cbidf2k\0Browser\0BITS\0beep\0Atmarpc\0ati2mtag\0Ati HotKey Poller\0atdisk\0atapi\0AsyncMac\0asc3550\0asc3350p\0asc\0Arp1394\0Application Popup\0apphelp\0amsint\0ami0nt\0AmdK8\0aliide\0Alerter\0aic78xx\0aic78u2\0aha154x\0adpu160m\0acpiec\0acpi\0abp480n5\0abiosdsk\0System\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\System Sources REG_MULTI_SZ WZCSVC\0Wudf01000\0WPDClassInstaller\0Workstation\0WMPNetworkSvc\0WindowsMedia\0Windows Update Agent\0Windows Script Host\0Windows Installer 3.1\0Windows File Protection\0Win32k\0wceusbsh\0wanatw\0W32Time\0VolSnap\0viaide\0VgaSave\0USER32\0USB_RNDIS\0UPS\0ultra\0udfs\0tosrfnds\0tosporte\0toside\0TermServSessDir\0TermService\0TermServDevices\0TermDD\0tdi\0TCPMon\0Tcpip\0System Error\0sym_u3\0sym_hi\0symc8xx\0symc810\0StillImage\0SSDPSRV\0Srv\0srservice\0sr\0sparrow\0sndblst\0Simbad\0SideBySide\0sfloppy\0Setup\0Service de stockage amovible\0Service Control Manager\0Server\0serial\0scsiport\0Schedule\0Schannel\0SCardSvr\0Save Dump\0SAM\0rtl8139\0RSVP\0RFUSB\0RemoteAccess\0redbook\0Rdbss\0RasMan\0RasAuto\0ql1280\0ql1240\0ql12160\0ql10wnt\0ql1080\0PSched\0PS2\0Processor\0Print\0PptpMiniport\0PolicyAgent\0PlugPlayManager\0perc2\0pcmcia\0pciide\0pci\0parvdm\0partmgr\0parport\0OSPFMib\0OSPF\0null\0NtServicePack\0ntfs\0npfs\0Nla\0NIC1394\0Netlogon\0NetDDE\0NetBT\0NetBIOS\0NdisWan\0NdisIP\0ndis\0Mup\0msfs\0msadlib\0MrxSmb\0MRxDAV\0mraid35x\0mouhid\0mouclass\0Modem\0ltmodem5\0LsaSrv\0LmHosts\0LDMS\0LDM\0lbrtfdc\0Kerberos\0kbdhid\0kbdclass\0KB929969\0KB928090-IE7\0isapnp\0IPXSAP\0IPXRouterManager\0IPXRIP\0IPXCP\0IPSec\0IPRouterManager\0IPRIP2\0IPNATHLP\0IPMGM\0IPBOOTP\0Internet Explorer 7 Disk\0intelppm\0intelide\0ini910u\0IGMPv2\0i8042prt\0i2omp\0i2omgmt\0Http\0hpn\0ftdisk\0fs_rec\0flpydisk\0Fips\0fdc\0fastfat\0eventlog\0efs\0dpti2o\0Dnscache\0Dnsapi\0dmio\0dmboot\0Distributed Link Tracking Client\0disk\0Dhcp\0DfsSvc\0DfsDriver\0DCOM\0dac960nt\0dac2w2k\0cpqarray\0cmdide\0changer\0cdrom\0Cdm\0cdfs\0cdaudio\0cd20xrnt\0cbidf2k\0Browser\0BITS\0beep\0avgntflt\0Atmarpc\0ati2mtag\0Ati HotKey Poller\0atdisk\0atapi\0AsyncMac\0asc3550\0asc3350p\0asc\0Arp1394\0Application Popup\0apphelp\0amsint\0ami0nt\0AmdK8\0aliide\0Alerter\0aic78xx\0aic78u2\0aha154x\0adpu160m\0acpiec\0acpi\0abp480n5\0abiosdsk\0System\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ImapiService ImagePath REG_SZ C:\WINDOWS\system32\imapi.exe
> Value: HKEY_LOCAL_MACHINE\system\controls
SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)
Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\HP_Propriétaire\Bureau\antivirus\sys67517.exe
Running in: User mode
Date: 2008-05-02
Time: 18:21:57
Output limited to:
-Recent files
-Registry Run Keys
-Suspicious Files
===================== RECENT FILES =====================
Showing files newer than 30 days
----- recent files in C:\
01-05-2008 04:26:25 (DIR) 0 byte 1 days old -- kav
01-05-2008 13:18:04 (DIR) 0 byte 1 days old -- Documents and Settings
01-05-2008 13:19:45 (DIR) 0 byte 1 days old -- RECYCLER
01-05-2008 13:26:57 (DIR) 0 byte 1 days old -- Config.Msi
01-05-2008 18:17:36 5851 byte 1 days old -- rapport.txt
02-05-2008 04:39:04 1095 byte 0 days old -- TCleaner.txt
02-05-2008 17:22:45 (DIR) 0 byte 0 days old -- WINDOWS
02-05-2008 17:41:11 (DIR) 0 byte 0 days old -- _OTMoveIt
02-05-2008 17:41:12 (DIR) 0 byte 0 days old -- Program Files
02-05-2008 17:43:17 805306368 byte 0 days old -- pagefile.sys
02-05-2008 17:43:18 1072222208 byte 0 days old -- hiberfil.sys
24-04-2008 05:59:28 (DIR) 0 byte 8 days old -- Downloads
----- recent files in C:\WINDOWS\
01-05-2008 04:47:04 (DIR) 0 byte 1 days old -- Downloaded Program Files
01-05-2008 05:52:56 (DIR) 0 byte 1 days old -- inf
01-05-2008 13:24:45 (DIR) 0 byte 1 days old -- Installer
01-05-2008 18:57:53 53248 byte 1 days old -- PSEXESVC.EXE
01-05-2008 18:57:55 (DIR) 0 byte 1 days old -- erdnt
01-05-2008 19:00:13 227 byte 1 days old -- system.ini
02-05-2008 04:42:02 (DIR) 0 byte 0 days old -- system32
02-05-2008 07:29:26 (DIR) 0 byte 0 days old -- Minidump
02-05-2008 07:29:26 (DIR) 0 byte 0 days old -- Debug
02-05-2008 17:29:12 131028 byte 0 days old -- ntbtlog.txt
02-05-2008 17:42:09 32158 byte 0 days old -- SchedLgU.Txt
02-05-2008 17:43:23 2048 byte 0 days old -- bootstat.dat
02-05-2008 17:43:37 (DIR) 0 byte 0 days old -- Temp
02-05-2008 17:43:41 50 byte 0 days old -- wiaservc.log
02-05-2008 17:43:43 159 byte 0 days old -- wiadebug.log
02-05-2008 17:43:55 0 byte 0 days old -- 0.log
02-05-2008 17:44:32 54156 byte 0 days old -- QTFont.qfn
02-05-2008 18:03:07 1550061 byte 0 days old -- WindowsUpdate.log
02-05-2008 18:20:52 (DIR) 0 byte 0 days old -- Prefetch
24-04-2008 05:59:47 (DIR) 0 byte 8 days old -- Registration
29-04-2008 19:34:55 (DIR) 0 byte 3 days old -- Web
29-04-2008 20:03:18 269 byte 3 days old -- wininit.ini
30-04-2008 19:27:12 116 byte 2 days old -- NeroDigital.ini
06-04-2008 19:13:13 (DIR) 0 byte 26 days old -- $NtUninstallQ828026$
10-04-2008 01:58:21 (DIR) 0 byte 22 days old -- $NtUninstallKB945553$
10-04-2008 01:59:43 (DIR) 0 byte 22 days old -- $NtUninstallKB948590$
10-04-2008 02:00:30 (DIR) 0 byte 22 days old -- $NtUninstallKB941693$
10-04-2008 02:01:21 (DIR) 0 byte 22 days old -- $hf_mig$
10-04-2008 02:01:22 (DIR) 0 byte 22 days old -- $NtUninstallKB948881$
----- recent files in C:\WINDOWS\Downloaded Program Files\
----- recent files in C:\WINDOWS\system\
02-05-2008 17:44:20 186 byte 0 days old -- hpsysdrv.DAT
----- recent files in C:\WINDOWS\system32\
01-05-2008 13:05:12 81984 byte 1 days old -- bdod.bin
01-05-2008 13:13:04 0 byte 1 days old -- bdss.log
01-05-2008 18:16:53 3608 byte 1 days old -- tmp.reg
01-05-2008 18:16:53 0 byte 1 days old -- tmp.txt
01-05-2008 18:58:14 (DIR) 0 byte 1 days old -- config
02-05-2008 04:41:59 3072 byte 0 days old -- CONFIG.NT
02-05-2008 05:51:44 (DIR) 0 byte 0 days old -- drivers
02-05-2008 09:44:59 (DIR) 0 byte 0 days old -- CatRoot2
03-04-2008 06:53:02 (DIR) 0 byte 29 days old -- Macromed
24-04-2008 05:21:27 (DIR) 0 byte 8 days old -- dllcache
24-04-2008 05:59:47 (DIR) 0 byte 8 days old -- wbem
24-04-2008 08:10:33 86528 byte 8 days old -- VACFix.exe
28-04-2008 08:03:06 82944 byte 4 days old -- IEDFix.exe
28-04-2008 08:03:06 82944 byte 4 days old -- 404Fix.exe
29-04-2008 19:02:11 16384 byte 3 days old -- Thumbs.db
29-04-2008 19:45:11 0 byte 3 days old -- clkcnt.txt
06-04-2008 07:56:20 19836024 byte 26 days old -- MRT.exe
10-04-2008 08:05:48 309992 byte 22 days old -- FNTCACHE.DAT
----- recent files in C:\WINDOWS\system32\drivers\
01-05-2008 19:00:00 (DIR) 0 byte 1 days old -- etc
02-05-2008 05:42:15 79424 byte 0 days old -- avipbb.sys
----- recent files in C:\WINDOWS\temp\
02-05-2008 07:39:51 (DIR) 0 byte 0 days old -- _avast4_
----- recent files in C:\Program Files\
01-05-2008 05:05:21 (DIR) 0 byte 1 days old -- Fichiers communs
02-05-2008 05:38:48 (DIR) 0 byte 0 days old -- Avira
02-05-2008 05:51:39 (DIR) 0 byte 0 days old -- Grisoft
02-05-2008 07:08:41 (DIR) 0 byte 0 days old -- CCleaner
14-04-2008 19:25:26 (DIR) 0 byte 18 days old -- Téléchargement PHOTOWAYS
27-04-2008 07:00:43 (DIR) 0 byte 5 days old -- LimeWire
30-04-2008 14:39:18 (DIR) 0 byte 2 days old -- Winamp
30-04-2008 14:54:13 (DIR) 0 byte 2 days old -- a-squared Anti-Malware
30-04-2008 15:19:12 (DIR) 0 byte 2 days old -- AviSynth 2.5
30-04-2008 20:02:54 (DIR) 0 byte 2 days old -- InstallShield Installation Information
05-04-2008 22:56:16 (DIR) 0 byte 27 days old -- Bonjour
10-04-2008 02:00:11 (DIR) 0 byte 22 days old -- Internet Explorer
----- recent files in C:\Program Files\Fichiers communs\
01-05-2008 05:06:25 (DIR) 0 byte 1 days old -- Softwin
10-04-2008 02:00:56 (DIR) 0 byte 22 days old -- ODBC
----- recent files in C:\Documents and Settings\HP_Propriétaire\Application Data\
01-05-2008 06:09:37 (DIR) 0 byte 1 days old -- Spyware Terminator
01-05-2008 14:05:30 (DIR) 0 byte 1 days old -- Malwarebytes
02-05-2008 05:51:54 (DIR) 0 byte 0 days old -- Grisoft
29-04-2008 20:56:03 (DIR) 0 byte 3 days old -- LimeWire
30-04-2008 05:26:26 (DIR) 0 byte 2 days old -- STOIK
----- recent files in C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\
02-05-2008 07:39:15 (DIR) 0 byte 0 days old -- Google Toolbar
02-05-2008 09:46:59 (DIR) 0 byte 0 days old -- tosBtExt
02-05-2008 17:44:18 (DIR) 0 byte 0 days old -- WPDNSE
02-05-2008 17:44:22 898 byte 0 days old -- LSBurnWatcher.log
02-05-2008 17:44:32 224 byte 0 days old -- WCESCOMM.LOG
02-05-2008 17:44:58 0 byte 0 days old -- Twunk002.MTX
02-05-2008 17:45:01 1430 byte 0 days old -- MAR2.tmp
02-05-2008 17:45:04 47122 byte 0 days old -- DIO3.tmp
02-05-2008 17:45:26 3015 byte 0 days old -- hpodvd09.log
02-05-2008 17:45:27 47122 byte 0 days old -- DIO5.tmp
02-05-2008 17:46:17 (DIR) 0 byte 0 days old -- WLTB Custom Button Feeds
02-05-2008 17:49:23 170 byte 0 days old -- jusched.log
02-05-2008 18:18:00 156 byte 0 days old -- Twunk001.MTX
02-05-2008 18:18:00 1415 byte 0 days old -- TWAIN.LOG
02-05-2008 18:18:00 3 byte 0 days old -- Twain001.Mtx
02-05-2008 18:20:41 71 byte 0 days old -- systemscan.ini
02-05-2008 18:20:42 16384 byte 0 days old -- ~DFBDAE.tmp
02-05-2008 18:20:42 (DIR) 0 byte 0 days old -- nsr7.tmp
===================== REGISTRY SCAN =====================
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----
[run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"KBD"="C:\HP\KBD\KBD.EXE"
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE"
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
"PS2"="C:\WINDOWS\system32\ps2.exe"
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe"
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"
"RemoteControl"="\"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe\""
"LWBMOUSE"="C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE"
"LWBKEYBOARD"="C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe"
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"
"SunJavaUpdateSched"="\"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe\""
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\Program Files\iTunes\iTunesHelper.exe\""
"Adobe Photo Downloader"="\"C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe\""
"Adobe Reader Speed Launcher"="\"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\""
"avgnt"="\"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe\" /min"
"!AVG Anti-Spyware"="\"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe\" /minimized"
[run\OptionalComponents]
@=""
[run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
@=""
[run\OptionalComponents\MSFS]
"Installed"="1"
@=""
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"H/PC Connection Agent"="\"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE\""
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"
-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"msnmsgr"="\"C:\Program Files\Windows Live\Messenger\msnmsgr.exe\" /background"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
[Run]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
[Run]
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----
[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
#### HKCR\CLSID\{e57ce738-33e8-4c51-8354-bb4de9d215d1}\InprocServer32 @="C:\WINDOWS\system32\upnpui.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----
[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
#### HKCR\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\InprocServer32 @="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"
[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"
[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installation de logiciel"
"DllName"=expand:"appmgmts.dll"
[Winlogon\Notify]
[Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"
[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
[Winlogon\SpecialAccounts]
[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp;Local Settings\Application Data\Microsoft\Outlook"
"BuildNumber"=dword:00000a28
[Winlogon\Notify]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----
[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"
-----HKLM\System\CurrentControlSet\Control\Session Manager\-----
[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00\00"
[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----
[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----
[run]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
[RunServicesOnce]
-----HKLM\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----
-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----
-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----
[Browser Helper Objects]
[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""
[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll"
"NoExplorer"=dword:00000001
[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\program files\google\googletoolbar1.dll"
[Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
#### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll"
[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
#### HKCR\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServer32 @="C:\Program Files\Windows Live Toolbar\msntb.dll"
@=""
[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\NoExplorer]
@=dword:00000001
-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----
[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"
-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----
-----HKCU\Control Panel\Desktop\-----
[Desktop]
[Desktop\WindowMetrics]
-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----
[command]
@="\"%1\" /S"
-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----
[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"
-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----
[URL]
[URL\DefaultPrefix]
@="http://"
[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"
-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----
[Lsa]
[Lsa\AccessProviders]
[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"
[Lsa\Audit]
[Lsa\Audit\PerUserAuditing]
[Lsa\Audit\PerUserAuditing\System]
[Lsa\Data]
[Lsa\SSO]
[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[Lsa\SspiCache]
[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----
[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."
"DisplayName"="Pare-feu Windows / Partage de connexion Internet"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020
[SharedAccess\Epoch]
"Epoch"=dword:00002ce8
[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
[SharedAccess\Parameters\FirewallPolicy]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0a\waol.exe"="C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22008"
"10243:TCP"="10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
"10280:UDP"="10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
"10281:UDP"="10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
"10282:UDP"="10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
"10283:UDP"="10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
"10284:UDP"="10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\kav\kis7.0\french\setup.exe"="C:\kav\kis7.0\french\setup.exe:*:Enabled:Programme d'installation de Kaspersky Internet Security 7.0"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22008"
"10243:TCP"="10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
"10280:UDP"="10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
"10281:UDP"="10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
"10282:UDP"="10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
"10283:UDP"="10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
"10284:UDP"="10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media"
"139:TCP"="139:TCP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22002"
[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001
-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----
-----HKLM\Software\Microsoft\Ole-----
[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"
[Ole\AppCompat]
[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""
-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----
[AU]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----
[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000000
[Security Center\Monitoring]
[Security Center\Monitoring\AhnlabAntiVirus]
[Security Center\Monitoring\ComputerAssociatesAntiVirus]
[Security Center\Monitoring\KasperskyAntiVirus]
[Security Center\Monitoring\McAfeeAntiVirus]
[Security Center\Monitoring\McAfeeFirewall]
[Security Center\Monitoring\PandaAntiVirus]
[Security Center\Monitoring\PandaFirewall]
[Security Center\Monitoring\SophosAntiVirus]
[Security Center\Monitoring\SymantecAntiVirus]
[Security Center\Monitoring\SymantecFirewall]
[Security Center\Monitoring\TinyFirewall]
[Security Center\Monitoring\TrendAntiVirus]
[Security Center\Monitoring\TrendFirewall]
[Security Center\Monitoring\ZoneLabsFirewall]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----
[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"RestoreStatus"=dword:00000000
"RestoreSafeModeStatus"=dword:00000000
[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{F75EEC69-6E97-419B-93B4-6A3A275301C4}"
[SystemRestore\SnapshotCallbacks]
@=""
-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----
[VB and VBA Program Settings]
[VB and VBA Program Settings\Euro Add-in]
[VB and VBA Program Settings\Euro Add-in\Wizard Options]
[VB and VBA Program Settings\Julpuz]
[VB and VBA Program Settings\Julpuz\Optionen]
[VB and VBA Program Settings\scrabblepro]
[VB and VBA Program Settings\scrabblepro\1]
-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
[AdvancedOptions]
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
-----HKLM\Software\Microsoft\Active Setup\Installed Components-----
[Installed Components]
[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"
[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"
[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"
[Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}]
#### HKCR\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\InprocServer32 @="C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll"
"@="Viewpoint Media Player"
"ComponentID"="Viewpoint"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Java (Sun)"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\Program Files\Java\jre1.6.0_05\bin\regutils.dll"
[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendu VML (Vector Graphics Rendering)"
"ComponentID"="MSVML"
[Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}]
#### HKCR\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 @="C:\WINDOWS\system32\macromed\Director\SwDir.dll"
"ComponentID"="Director"
"@="Macromedia Shockwave Director 8.5.1"
[Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
#### HKCR\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}\InprocServer32 @="C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll"
"@="Viewpoint Media Player"
"ComponentID"="Viewpoint"
[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""
[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"
[Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]
#### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\SwDir.dll"
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.3"
[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
"@="DirectAnimation"
"ComponentID"="DirectAnimation"
[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.3"
[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"
[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Liaison de données Dynamic HTML pour Java"
"ComponentID"="TridataJava"
[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"
[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"
[Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
"ComponentID"="S867460"
"@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"
[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Création avancée"
"ComponentID"="AdvAuth"
[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"
[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"
[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classes Java DirectAnimation"
"ComponentID"="DAJava"
[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.7"
"ComponentID"="MSVBScript"
[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"
"@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"
[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"
[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"
[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
"@="Web Folders"
"ComponentID"="WebFolders"
"StubPath"=""
[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Carnet d'adresses 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Mise à jour du Bureau Windows"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install"
[Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
"@="Fax"
"ComponentID"="Fax"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser"
[Installed Components\{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}]
"ComponentID"="M928366"
"@="Microsoft .NET Framework 1.1 Hotfix (KB928366)"
[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"
[Installed Components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
"@="Fax Provider"
"ComponentID"="Fax Provider"
"StubPath"=""
[Installed Components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
"@=".NET Framework"
"ComponentID"=".NETFramework"
[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"
[Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Planificateur de tâches"
"ComponentID"="MSTASK"
[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"
[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"
[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"
-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Aavmker4
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswFsBlk
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswMon2
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswRdr
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswSP
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi DisplayName REG_SZ avast! Network Shield Support
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi ErrorControl REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Type REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Group REG_SZ PNP_TDI
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Start REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi DependOnService REG_MULTI_SZ tcpip\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Tag REG_DWORD 268435456 (0x10000000)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi\Parameters ProviderStart REG_DWORD 1 (0x1)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\aswTdi\Parameters ProviderStart REG_DWORD 3 (0x3)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswUpdSv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\avast! Antivirus
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\avast! Mail Scanner
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\avast! Web Scanner
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\bdfdll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\bdss
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\BITS\Parameters ServiceDll REG_EXPAND_SZ C:\WINDOWS\system32\qmgr.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\BITS\Parameters ServiceDll REG_EXPAND_SZ %systemroot%\system32\qmgr.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\CiSvc Description REG_SZ Construit un index des contenus et des propriétés des fichiers sur les ordinateurs locaux et distants ; fournit un accès rapide aux fichiers par le biais d'un langage d'interrogation flexible.
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\CiSvc Description REG_SZ Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\CiSvc DisplayName REG_SZ Service d'indexation
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\CiSvc DisplayName REG_SZ Indexing Service
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {8C325E5B-BDEA-428F-BBF5-08C77732B6CE} REG_BINARY 01000000000000000400000000000000DBF51A48FFFFFF0006000000000000000400000000000000DBF51A48C0A8010103000000000000000400000000000000DBF51A48C0A801011C000000000000000400000000000000DBF51A48C0A801FF36000000000000000400000000000000DBF51A48C0A8010135000000000000000100000000000000DBF51A4805000000FC000000000000000000000000000000BEA4194851000000000000001200000000000000DBF51A4803FFFF6E6F6D2D656238356335323336313000003B000000000000000400000000000000DBF51A48000127503A000000000000000400000000000000DBF51A480000A8C033000000000000000400000000000000DBF51A4800015180
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {8C325E5B-BDEA-428F-BBF5-08C77732B6CE} REG_BINARY 010000000000000004000000000000001D881C48FFFFFF00060000000000000004000000000000001D881C48C0A80101030000000000000004000000000000001D881C48C0A80101510000000000000012000000000000001D881C4803FFFF6E6F6D2D656238356335323336313000001C0000000000000004000000000000001D881C48C0A801FF3B0000000000000004000000000000001D881C48000127503A0000000000000004000000000000001D881C480000A8C0330000000000000004000000000000001D881C4800015180360000000000000004000000000000001D881C48C0A80101350000000000000001000000000000001D881C4805000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\eamon
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\easdrv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\EhttpSrv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ekrn
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\epfwtdir
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ERSvc Description REG_SZ Active le rapport d'erreurs pour les services et les applications s'exécutant sur des environnements non standard.
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\ERSvc Description REG_SZ Allows error reporting for services and applictions running in non-standard environments.
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ERSvc DisplayName REG_SZ Service de rapport d'erreurs
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\ERSvc DisplayName REG_SZ Error Reporting Service
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Antivirus
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application Sources REG_MULTI_SZ WSH\0WMIAdapter\0WmdmPmSN\0WinMgmt\0Winlogon\0Windows Product Activation\0Windows 3.1 Migration\0WebClient\0VSS\0VBRuntime\0usnjsvc\0Userinit\0Userenv\0SysmonLog\0Starter\0SpoolerCtrs\0Software Restriction Policies\0Software Installation\0SecurityCenter\0SclgNtfy\0SceSrv\0SceCli\0safrslv\0SAFrdms\0RPC\0Remote Assistance\0PerfProc\0PerfOS\0PerfNet\0Perfmon\0Perflib\0PerfDisk\0Perfctrs\0Outlook\0Offline Files\0Oakley\0ntbackup\0NeroCheck\0MSSQLSERVER/MSDE\0MSSOAP\0MsiInstaller\0MSDTC Client\0MSDTC\0MSDMine\0mnmsrvc\0Microsoft Office 12\0Microsoft Office 10\0Microsoft H.323 Telephony Service Provider\0Microsoft Fax\0LoadPerf\0HelpSvc\0GLFileSync\0Folder Redirection\0File Deployment\0EventSystem\0ESENT\0DrWatson\0DiskQuota\0crypt32\0COM+\0COM\0Ci\0Chkdsk\0Bonjour Service\0AutoEnrollment\0Autochk\0ATI Smart\0ASP.NET 1.1.4322.0\0Application Management\0Application Hang\0Application Error\0.NET Runtime\0Application\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application Sources REG_MULTI_SZ WSH\0WMIAdapter\0WmdmPmSN\0WinMgmt\0Winlogon\0Windows Product Activation\0Windows 3.1 Migration\0WebClient\0VSS\0VBRuntime\0usnjsvc\0Userinit\0Userenv\0SysmonLog\0Starter\0SpoolerCtrs\0Software Restriction Policies\0Software Installation\0SecurityCenter\0SclgNtfy\0SceSrv\0SceCli\0safrslv\0SAFrdms\0RPC\0Remote Assistance\0PerfProc\0PerfOS\0PerfNet\0Perfmon\0Perflib\0PerfDisk\0Perfctrs\0Outlook\0Offline Files\0Oakley\0ntbackup\0NeroCheck\0MSSQLSERVER/MSDE\0MSSOAP\0MsiInstaller\0MSDTC Client\0MSDTC\0MSDMine\0mnmsrvc\0Microsoft Office 12\0Microsoft Office 10\0Microsoft H.323 Telephony Service Provider\0Microsoft Fax\0LoadPerf\0HelpSvc\0H+BEDV AntiVir\0GLFileSync\0Folder Redirection\0File Deployment\0EventSystem\0ESENT\0DrWatson\0DiskQuota\0crypt32\0COM+\0COM\0Ci\0Chkdsk\0Bonjour Service\0AutoEnrollment\0Autochk\0ATI Smart\0ASP.NET 1.1.4322.0\0Application Management\0Application Hang\0Application Error\0.NET Runtime\0Application\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\System Sources REG_MULTI_SZ WZCSVC\0Wudf01000\0WPDClassInstaller\0Workstation\0WMPNetworkSvc\0WindowsMedia\0Windows Update Agent\0Windows Script Host\0Windows Installer 3.1\0Windows File Protection\0Win32k\0wceusbsh\0wanatw\0W32Time\0VolSnap\0viaide\0VgaSave\0USER32\0USB_RNDIS\0UPS\0ultra\0udfs\0tosrfnds\0tosporte\0toside\0TermServSessDir\0TermService\0TermServDevices\0TermDD\0tdi\0TCPMon\0Tcpip\0System Error\0sym_u3\0sym_hi\0symc8xx\0symc810\0StillImage\0SSDPSRV\0Srv\0srservice\0sr\0sparrow\0sndblst\0Simbad\0SideBySide\0sfloppy\0Setup\0Service de stockage amovible\0Service Control Manager\0Server\0serial\0scsiport\0Schedule\0Schannel\0SCardSvr\0Save Dump\0SAM\0rtl8139\0RSVP\0RFUSB\0RemoteAccess\0redbook\0Rdbss\0RasMan\0RasAuto\0ql1280\0ql1240\0ql12160\0ql10wnt\0ql1080\0PSched\0PS2\0Processor\0Print\0PptpMiniport\0PolicyAgent\0PlugPlayManager\0perc2\0pcmcia\0pciide\0pci\0parvdm\0partmgr\0parport\0OSPFMib\0OSPF\0null\0NtServicePack\0ntfs\0npfs\0Nla\0NIC1394\0Netlogon\0NetDDE\0NetBT\0NetBIOS\0NdisWan\0NdisIP\0ndis\0Mup\0msfs\0msadlib\0MrxSmb\0MRxDAV\0mraid35x\0mouhid\0mouclass\0Modem\0ltmodem5\0LsaSrv\0LmHosts\0LDMS\0LDM\0lbrtfdc\0Kerberos\0kbdhid\0kbdclass\0KB929969\0KB928090-IE7\0isapnp\0IPXSAP\0IPXRouterManager\0IPXRIP\0IPXCP\0IPSec\0IPRouterManager\0IPRIP2\0IPNATHLP\0IPMGM\0IPBOOTP\0Internet Explorer 7 Disk\0intelppm\0intelide\0ini910u\0IGMPv2\0i8042prt\0i2omp\0i2omgmt\0Http\0hpn\0ftdisk\0fs_rec\0flpydisk\0Fips\0fdc\0fastfat\0eventlog\0efs\0dpti2o\0Dnscache\0Dnsapi\0dmio\0dmboot\0Distributed Link Tracking Client\0disk\0Dhcp\0DfsSvc\0DfsDriver\0DCOM\0dac960nt\0dac2w2k\0cpqarray\0cmdide\0changer\0cdrom\0Cdm\0cdfs\0cdaudio\0cd20xrnt\0cbidf2k\0Browser\0BITS\0beep\0Atmarpc\0ati2mtag\0Ati HotKey Poller\0atdisk\0atapi\0AsyncMac\0asc3550\0asc3350p\0asc\0Arp1394\0Application Popup\0apphelp\0amsint\0ami0nt\0AmdK8\0aliide\0Alerter\0aic78xx\0aic78u2\0aha154x\0adpu160m\0acpiec\0acpi\0abp480n5\0abiosdsk\0System\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\System Sources REG_MULTI_SZ WZCSVC\0Wudf01000\0WPDClassInstaller\0Workstation\0WMPNetworkSvc\0WindowsMedia\0Windows Update Agent\0Windows Script Host\0Windows Installer 3.1\0Windows File Protection\0Win32k\0wceusbsh\0wanatw\0W32Time\0VolSnap\0viaide\0VgaSave\0USER32\0USB_RNDIS\0UPS\0ultra\0udfs\0tosrfnds\0tosporte\0toside\0TermServSessDir\0TermService\0TermServDevices\0TermDD\0tdi\0TCPMon\0Tcpip\0System Error\0sym_u3\0sym_hi\0symc8xx\0symc810\0StillImage\0SSDPSRV\0Srv\0srservice\0sr\0sparrow\0sndblst\0Simbad\0SideBySide\0sfloppy\0Setup\0Service de stockage amovible\0Service Control Manager\0Server\0serial\0scsiport\0Schedule\0Schannel\0SCardSvr\0Save Dump\0SAM\0rtl8139\0RSVP\0RFUSB\0RemoteAccess\0redbook\0Rdbss\0RasMan\0RasAuto\0ql1280\0ql1240\0ql12160\0ql10wnt\0ql1080\0PSched\0PS2\0Processor\0Print\0PptpMiniport\0PolicyAgent\0PlugPlayManager\0perc2\0pcmcia\0pciide\0pci\0parvdm\0partmgr\0parport\0OSPFMib\0OSPF\0null\0NtServicePack\0ntfs\0npfs\0Nla\0NIC1394\0Netlogon\0NetDDE\0NetBT\0NetBIOS\0NdisWan\0NdisIP\0ndis\0Mup\0msfs\0msadlib\0MrxSmb\0MRxDAV\0mraid35x\0mouhid\0mouclass\0Modem\0ltmodem5\0LsaSrv\0LmHosts\0LDMS\0LDM\0lbrtfdc\0Kerberos\0kbdhid\0kbdclass\0KB929969\0KB928090-IE7\0isapnp\0IPXSAP\0IPXRouterManager\0IPXRIP\0IPXCP\0IPSec\0IPRouterManager\0IPRIP2\0IPNATHLP\0IPMGM\0IPBOOTP\0Internet Explorer 7 Disk\0intelppm\0intelide\0ini910u\0IGMPv2\0i8042prt\0i2omp\0i2omgmt\0Http\0hpn\0ftdisk\0fs_rec\0flpydisk\0Fips\0fdc\0fastfat\0eventlog\0efs\0dpti2o\0Dnscache\0Dnsapi\0dmio\0dmboot\0Distributed Link Tracking Client\0disk\0Dhcp\0DfsSvc\0DfsDriver\0DCOM\0dac960nt\0dac2w2k\0cpqarray\0cmdide\0changer\0cdrom\0Cdm\0cdfs\0cdaudio\0cd20xrnt\0cbidf2k\0Browser\0BITS\0beep\0avgntflt\0Atmarpc\0ati2mtag\0Ati HotKey Poller\0atdisk\0atapi\0AsyncMac\0asc3550\0asc3350p\0asc\0Arp1394\0Application Popup\0apphelp\0amsint\0ami0nt\0AmdK8\0aliide\0Alerter\0aic78xx\0aic78u2\0aha154x\0adpu160m\0acpiec\0acpi\0abp480n5\0abiosdsk\0System\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ImapiService ImagePath REG_SZ C:\WINDOWS\system32\imapi.exe
> Value: HKEY_LOCAL_MACHINE\system\controls
je recopie la fin car il ne me semble pas que c'était en entier :
-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Aavmker4
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswFsBlk
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswMon2
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswRdr
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswSP
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi DisplayName REG_SZ avast! Network Shield Support
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi ErrorControl REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Type REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Group REG_SZ PNP_TDI
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Start REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi DependOnService REG_MULTI_SZ tcpip\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Tag REG_DWORD 268435456 (0x10000000)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi\Parameters ProviderStart REG_DWORD 1 (0x1)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\aswTdi\Parameters ProviderStart REG_DWORD 3 (0x3)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswUpdSv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\avast! Antivirus
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\avast! Mail Scanner
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\avast! Web Scanner
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\bdfdll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\bdss
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\BITS\Parameters ServiceDll REG_EXPAND_SZ C:\WINDOWS\system32\qmgr.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\BITS\Parameters ServiceDll REG_EXPAND_SZ %systemroot%\system32\qmgr.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\CiSvc Description REG_SZ Construit un index des contenus et des propriétés des fichiers sur les ordinateurs locaux et distants ; fournit un accès rapide aux fichiers par le biais d'un langage d'interrogation flexible.
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\CiSvc Description REG_SZ Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\CiSvc DisplayName REG_SZ Service d'indexation
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\CiSvc DisplayName REG_SZ Indexing Service
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {8C325E5B-BDEA-428F-BBF5-08C77732B6CE} REG_BINARY 01000000000000000400000000000000DBF51A48FFFFFF0006000000000000000400000000000000DBF51A48C0A8010103000000000000000400000000000000DBF51A48C0A801011C000000000000000400000000000000DBF51A48C0A801FF36000000000000000400000000000000DBF51A48C0A8010135000000000000000100000000000000DBF51A4805000000FC000000000000000000000000000000BEA4194851000000000000001200000000000000DBF51A4803FFFF6E6F6D2D656238356335323336313000003B000000000000000400000000000000DBF51A48000127503A000000000000000400000000000000DBF51A480000A8C033000000000000000400000000000000DBF51A4800015180
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {8C325E5B-BDEA-428F-BBF5-08C77732B6CE} REG_BINARY 010000000000000004000000000000001D881C48FFFFFF00060000000000000004000000000000001D881C48C0A80101030000000000000004000000000000001D881C48C0A80101510000000000000012000000000000001D881C4803FFFF6E6F6D2D656238356335323336313000001C0000000000000004000000000000001D881C48C0A801FF3B0000000000000004000000000000001D881C48000127503A0000000000000004000000000000001D881C480000A8C0330000000000000004000000000000001D881C4800015180360000000000000004000000000000001D881C48C0A80101350000000000000001000000000000001D881C4805000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\eamon
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\easdrv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\EhttpSrv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ekrn
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\epfwtdir
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ERSvc Description REG_SZ Active le rapport d'erreurs pour les services et les applications s'exécutant sur des environnements non standard.
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\ERSvc Description REG_SZ Allows error reporting for services and applictions running in non-standard environments.
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ERSvc DisplayName REG_SZ Service de rapport d'erreurs
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\ERSvc DisplayName REG_SZ Error Reporting Service
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Antivirus
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application Sources REG_MULTI_SZ WSH\0WMIAdapter\0WmdmPmSN\0WinMgmt\0Winlogon\0Windows Product Activation\0Windows 3.1 Migration\0WebClient\0VSS\0VBRuntime\0usnjsvc\0Userinit\0Userenv\0SysmonLog\0Starter\0SpoolerCtrs\0Software Restriction Policies\0Software Installation\0SecurityCenter\0SclgNtfy\0SceSrv\0SceCli\0safrslv\0SAFrdms\0RPC\0Remote Assistance\0PerfProc\0PerfOS\0PerfNet\0Perfmon\0Perflib\0PerfDisk\0Perfctrs\0Outlook\0Offline Files\0Oakley\0ntbackup\0NeroCheck\0MSSQLSERVER/MSDE\0MSSOAP\0MsiInstaller\0MSDTC Client\0MSDTC\0MSDMine\0mnmsrvc\0Microsoft Office 12\0Microsoft Office 10\0Microsoft H.323 Telephony Service Provider\0Microsoft Fax\0LoadPerf\0HelpSvc\0GLFileSync\0Folder Redirection\0File Deployment\0EventSystem\0ESENT\0DrWatson\0DiskQuota\0crypt32\0COM+\0COM\0Ci\0Chkdsk\0Bonjour Service\0AutoEnrollment\0Autochk\0ATI Smart\0ASP.NET 1.1.4322.0\0Application Management\0Application Hang\0Application Error\0.NET Runtime\0Application\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application Sources REG_MULTI_SZ WSH\0WMIAdapter\0WmdmPmSN\0WinMgmt\0Winlogon\0Windows Product Activation\0Windows 3.1 Migration\0WebClient\0VSS\0VBRuntime\0usnjsvc\0Userinit\0Userenv\0SysmonLog\0Starter\0SpoolerCtrs\0Software Restriction Policies\0Software Installation\0SecurityCenter\0SclgNtfy\0SceSrv\0SceCli\0safrslv\0SAFrdms\0RPC\0Remote Assistance\0PerfProc\0PerfOS\0PerfNet\0Perfmon\0Perflib\0PerfDisk\0Perfctrs\0Outlook\0Offline Files\0Oakley\0ntbackup\0NeroCheck\0MSSQLSERVER/MSDE\0MSSOAP\0MsiInstaller\0MSDTC Client\0MSDTC\0MSDMine\0mnmsrvc\0Microsoft Office 12\0Microsoft Office 10\0Microsoft H.323 Telephony Service Provider\0Microsoft Fax\0LoadPerf\0HelpSvc\0H+BEDV AntiVir\0GLFileSync\0Folder Redirection\0File Deployment\0EventSystem\0ESENT\0DrWatson\0DiskQuota\0crypt32\0COM+\0COM\0Ci\0Chkdsk\0Bonjour Service\0AutoEnrollment\0Autochk\0ATI Smart\0ASP.NET 1.1.4322.0\0Application Management\0Application Hang\0Application Error\0.NET Runtime\0Application\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\System Sources REG_MULTI_SZ WZCSVC\0Wudf01000\0WPDClassInstaller\0Workstation\0WMPNetworkSvc\0WindowsMedia\0Windows Update Agent\0Windows Script Host\0Windows Installer 3.1\0Windows File Protection\0Win32k\0wceusbsh\0wanatw\0W32Time\0VolSnap\0viaide\0VgaSave\0USER32\0USB_RNDIS\0UPS\0ultra\0udfs\0tosrfnds\0tosporte\0toside\0TermServSessDir\0TermService\0TermServDevices\0TermDD\0tdi\0TCPMon\0Tcpip\0System Error\0sym_u3\0sym_hi\0symc8xx\0symc810\0StillImage\0SSDPSRV\0Srv\0srservice\0sr\0sparrow\0sndblst\0Simbad\0SideBySide\0sfloppy\0Setup\0Service de stockage amovible\0Service Control Manager\0Server\0serial\0scsiport\0Schedule\0Schannel\0SCardSvr\0Save Dump\0SAM\0rtl8139\0RSVP\0RFUSB\0RemoteAccess\0redbook\0Rdbss\0RasMan\0RasAuto\0ql1280\0ql1240\0ql12160\0ql10wnt\0ql1080\0PSched\0PS2\0Processor\0Print\0PptpMiniport\0PolicyAgent\0PlugPlayManager\0perc2\0pcmcia\0pciide\0pci\0parvdm\0partmgr\0parport\0OSPFMib\0OSPF\0null\0NtServicePack\0ntfs\0npfs\0Nla\0NIC1394\0Netlogon\0NetDDE\0NetBT\0NetBIOS\0NdisWan\0NdisIP\0ndis\0Mup\0msfs\0msadlib\0MrxSmb\0MRxDAV\0mraid35x\0mouhid\0mouclass\0Modem\0ltmodem5\0LsaSrv\0LmHosts\0LDMS\0LDM\0lbrtfdc\0Kerberos\0kbdhid\0kbdclass\0KB929969\0KB928090-IE7\0isapnp\0IPXSAP\0IPXRouterManager\0IPXRIP\0IPXCP\0IPSec\0IPRouterManager\0IPRIP2\0IPNATHLP\0IPMGM\0IPBOOTP\0Internet Explorer 7 Disk\0intelppm\0intelide\0ini910u\0IGMPv2\0i8042prt\0i2omp\0i2omgmt\0Http\0hpn\0ftdisk\0fs_rec\0flpydisk\0Fips\0fdc\0fastfat\0eventlog\0efs\0dpti2o\0Dnscache\0Dnsapi\0dmio\0dmboot\0Distributed Link Tracking Client\0disk\0Dhcp\0DfsSvc\0DfsDriver\0DCOM\0dac960nt\0dac2w2k\0cpqarray\0cmdide\0changer\0cdrom\0Cdm\0cdfs\0cdaudio\0cd20xrnt\0cbidf2k\0Browser\0BITS\0beep\0Atmarpc\0ati2mtag\0Ati HotKey Poller\0atdisk\0atapi\0AsyncMac\0asc3550\0asc3350p\0asc\0Arp1394\0Application Popup\0apphelp\0amsint\0ami0nt\0AmdK8\0aliide\0Alerter\0aic78xx\0aic78u2\0aha154x\0adpu160m\0acpiec\0acpi\0abp480n5\0abiosdsk\0System\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\System Sources REG_MULTI_SZ WZCSVC\0Wudf01000\0WPDClassInstaller\0Workstation\0WMPNetworkSvc\0WindowsMedia\0Windows Update Agent\0Windows Script Host\0Windows Installer 3.1\0Windows File Protection\0Win32k\0wceusbsh\0wanatw\0W32Time\0VolSnap\0viaide\0VgaSave\0USER32\0USB_RNDIS\0UPS\0ultra\0udfs\0tosrfnds\0tosporte\0toside\0TermServSessDir\0TermService\0TermServDevices\0TermDD\0tdi\0TCPMon\0Tcpip\0System Error\0sym_u3\0sym_hi\0symc8xx\0symc810\0StillImage\0SSDPSRV\0Srv\0srservice\0sr\0sparrow\0sndblst\0Simbad\0SideBySide\0sfloppy\0Setup\0Service de stockage amovible\0Service Control Manager\0Server\0serial\0scsiport\0Schedule\0Schannel\0SCardSvr\0Save Dump\0SAM\0rtl8139\0RSVP\0RFUSB\0RemoteAccess\0redbook\0Rdbss\0RasMan\0RasAuto\0ql1280\0ql1240\0ql12160\0ql10wnt\0ql1080\0PSched\0PS2\0Processor\0Print\0PptpMiniport\0PolicyAgent\0PlugPlayManager\0perc2\0pcmcia\0pciide\0pci\0parvdm\0partmgr\0parport\0OSPFMib\0OSPF\0null\0NtServicePack\0ntfs\0npfs\0Nla\0NIC1394\0Netlogon\0NetDDE\0NetBT\0NetBIOS\0NdisWan\0NdisIP\0ndis\0Mup\0msfs\0msadlib\0MrxSmb\0MRxDAV\0mraid35x\0mouhid\0mouclass\0Modem\0ltmodem5\0LsaSrv\0LmHosts\0LDMS\0LDM\0lbrtfdc\0Kerberos\0kbdhid\0kbdclass\0KB929969\0KB928090-IE7\0isapnp\0IPXSAP\0IPXRouterManager\0IPXRIP\0IPXCP\0IPSec\0IPRouterManager\0IPRIP2\0IPNATHLP\0IPMGM\0IPBOOTP\0Internet Explorer 7 Disk\0intelppm\0intelide\0ini910u\0IGMPv2\0i8042prt\0i2omp\0i2omgmt\0Http\0hpn\0ftdisk\0fs_rec\0flpydisk\0Fips\0fdc\0fastfat\0eventlog\0efs\0dpti2o\0Dnscache\0Dnsapi\0dmio\0dmboot\0Distributed Link Tracking Client\0disk\0Dhcp\0DfsSvc\0DfsDriver\0DCOM\0dac960nt\0dac2w2k\0cpqarray\0cmdide\0changer\0cdrom\0Cdm\0cdfs\0cdaudio\0cd20xrnt\0cbidf2k\0Browser\0BITS\0beep\0avgntflt\0Atmarpc\0ati2mtag\0Ati HotKey Poller\0atdisk\0atapi\0AsyncMac\0asc3550\0asc3350p\0asc\0Arp1394\0Application Popup\0apphelp\0amsint\0ami0nt\0AmdK8\0aliide\0Alerter\0aic78xx\0aic78u2\0aha154x\0adpu160m\0acpiec\0acpi\0abp480n5\0abiosdsk\0System\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ImapiService ImagePath REG_SZ C:\WINDOWS\system32\imapi.exe
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\ImapiService ImagePath REG_EXPAND_SZ %systemroot%\system32\imapi.exe
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\lanmanserver\parameters Guid REG_BINARY 58B44F30031E414F8C888BC5CACAA9E0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\lanmanserver\parameters Guid REG_BINARY B433D5424C1C6E488FE7F442423D5812
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\LIVESRV
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MSIServer ImagePath REG_EXPAND_SZ C:\WINDOWS\system32\msiexec.exe /V
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MSIServer ImagePath REG_EXPAND_SZ %systemroot%\system32\msiexec.exe /V
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\RpcSs\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\rpcss.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\RpcSs\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\rpcss.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 12209 (0x2FB1)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Epoch Epoch REG_DWORD 11493 (0x2CE5)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\AOL 9.0a\waol.exe REG_SZ C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\Alice_Triway_WiFi\Wizard\CTD_FirmwareUpgrader.exe REG_SZ C:\Program Files\Alice_Triway_WiFi\Wizard\CTD_FirmwareUpgrader.exe:*:Enabled:CTD_FirmwareUpgrader
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List E:\Fr_main\tools\CTD_FirmwareUpgrader.exe REG_SZ E:\Fr_main\tools\CTD_FirmwareUpgrader.exe:*:Enabled:CTD_FirmwareUpgrader
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\FrostWire\FrostWire.exe REG_SZ C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\Ares\Ares.exe REG_SZ C:\Program Files\Ares\Ares.exe:*:Disabled:Ares p2p for windows
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\services.exe REG_SZ C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\services.exe:*:Enabled:Flash Media
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sp_rsdrv2
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sp_rssrv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} LeaseObtainedTime REG_DWORD 1209640027 (0x4819A45B)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} LeaseObtainedTime REG_DWORD 1209743005 (0x481B369D)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} T1 REG_DWORD 1209683227 (0x481A4D1B)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} T1 REG_DWORD 1209786205 (0x481BDF5D)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} T2 REG_DWORD 1209715627 (0x481ACBAB)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} T2 REG_DWORD 1209818605 (0x481C5DED)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} LeaseTerminatesTime REG_DWORD 1209726427 (0x481AF5DB)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} LeaseTerminatesTime REG_DWORD 1209829405 (0x481C881D)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tosrfbd\CurrentSetup Local_Name REG_BINARY 4E4F4D2D45423835433532333631300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tosrfbd\CurrentSetup Local_Name REG_BINARY 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tosrfbd\CurrentSetup Scan_Enable REG_DWORD 3 (0x3)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tosrfbd\CurrentSetup Scan_Enable REG_DWORD 0 (0x0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tosrfbd\CurrentSetup Class_of_Device REG_DWORD 1048844 (0x10010C)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tosrfbd\CurrentSetup Class_of_Device REG_DWORD 268 (0x10C)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tosrfbd\NewSetup Scan_Enable REG_DWORD 3 (0x3)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tosrfbd\NewSetup Scan_Enable REG_DWORD 0 (0x0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tosrfbd\NewSetup Class_of_Device REG_DWORD 1048844 (0x10010C)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tosrfbd\NewSetup Class_of_Device REG_DWORD 1835276 (0x1C010C)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\UPS Description REG_SZ Gère un onduleur connecté à l'ordinateur.
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\UPS Description REG_SZ Manages an uninterruptible power supply (UPS) connected to the computer.
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\UPS DisplayName REG_SZ Onduleur
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\UPS DisplayName REG_SZ Uninterruptible Power Supply
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\VSSERV
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\W32Time\Parameters ServiceDll REG_EXPAND_SZ C:\WINDOWS\system32\w32time.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\W32Time\Parameters ServiceDll REG_EXPAND_SZ %systemroot%\system32\w32time.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\W32Time\TimeProviders\NtpClient SpecialPollTimeRemaining REG_MULTI_SZ time.windows.com,7a94930\0\0\0\0\0\0\0\0\0\0\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\W32Time\TimeProviders\NtpClient SpecialPollTimeRemaining REG_MULTI_SZ time.windows.com,7a961dc\0\0\0\0\0\0\0\0\0\0\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\XCOMM
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1209640027 (0x4819A45B)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1209743005 (0x481B369D)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip T1 REG_DWORD 1209683227 (0x481A4D1B)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip T1 REG_DWORD 1209786205 (0x481BDF5D)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip T2 REG_DWORD 1209715627 (0x481ACBAB)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip T2 REG_DWORD 1209818605 (0x481C5DED)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1209726427 (0x481AF5DB)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1209829405 (0x481C881D)
Result compared: Different
-----Comparing registry keys CCS1 vs CCS3 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Aavmker4
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswFsBlk
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswMon2
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswRdr
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswSP
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi DisplayName REG_SZ avast! Network Shield Support
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi ErrorControl REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Type REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Group REG_SZ PNP_TDI
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Start REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi DependOnService REG_MULTI_SZ tcpip\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Tag REG_DWORD 268435456 (0x10000000)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi\Parameters ProviderStart REG_DWORD 1 (0x1)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\aswTdi\Parameters ProviderStart REG_DWORD 3 (0x3)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswUpdSv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\avast! Antivirus
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\avast! Mail Scanner
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\avast! Web Scanner
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\bdfdll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\bdss
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\BITS\Parameters ServiceDll REG_EXPAND_SZ C:\WINDOWS\system32\qmgr.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\BITS\Parameters ServiceDll REG_EXPAND_SZ %systemroot%\system32\qmgr.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\CiSvc Description REG_SZ Construit un index des contenus et des propriétés des fichiers sur les ordinateurs locaux et distants ; fournit un accès rapide aux fichiers par le biais d'un langage d'interrogation flexible.
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\CiSvc Description REG_SZ Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\CiSvc DisplayName REG_SZ Service d'indexation
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\CiSvc DisplayName REG_SZ Indexing Service
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {8C325E5B-BDEA-428F-BBF5-08C77732B6CE} REG_BINARY 01000000000000000400000000000000DBF51A48FFFFFF0006000000000000000400000000000000DBF51A48C0A8010103000000000000000400000000000000DBF51A48C0A801011C000000000000000400000000000000DBF51A48C0A801FF36000000000000000400000000000000DBF51A48C0A8010135000000000000000100000000000000DBF51A4805000000FC000000000000000000000000000000BEA4194851000000000000001200000000000000DBF51A4803FFFF6E6F6D2D656238356335323336313000003B000000000000000400000000000000DBF51A48000127503A000000000000000400000000000000DBF51A480000A8C033000000000000000400000000000000DBF51A4800015180
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {8C325E5B-BDEA-428F-BBF5-08C77732B6CE} REG_BINARY 010000000000000004000000000000001D881C48FFFFFF00060000000000000004000000000000001D881C48C0A80101030000000000000004000000000000001D881C48C0A801011C0000000000000004000000000000001D881C48C0A801FF360000000000000004000000000000001D881C48C0A80101350000000000000001000000000000001D881C4805000000FC00000000000000000000000000000046371B48510000000000000012000000000000001D881C4803FFFF6E6F6D2D656238356335323336313000003B0000000000000004000000000000001D881C48000127503A0000000000000004000000000000001D881C480000A8C0330000000000000004000000000000001D881C4800015180
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\eamon
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\easdrv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\EhttpSrv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ekrn
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\epfwtdir
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ERSvc Description REG_SZ Active le rapport d'erreurs pour les services et les applications s'exécutant sur des environnements non standard.
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\ERSvc Description REG_SZ Allows error reporting for services and applictions running in non-standard environments.
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ERSvc DisplayName REG_SZ Service de rapport d'erreurs
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\ERSvc DisplayName REG_SZ Error Reporting Service
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Antivirus
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application Sources REG_MULTI_SZ WSH\0WMIAdapter\0WmdmPmSN\0WinMgmt\0Winlogon\0Windows Product Activation\0Windows 3.1 Migration\0WebClient\0VSS\0VBRuntime\0usnjsvc\0Userinit\0Userenv\0SysmonLog\0Starter\0SpoolerCtrs\0Software Restriction Policies\0Software Installation\0SecurityCenter\0SclgNtfy\0SceSrv\0SceCli\0safrslv\0SAFrdms\0RPC\0Remote Assistance\0PerfProc\0PerfOS\0PerfNet\0Perfmon\0Perflib\0PerfDisk\0Perfctrs\0Outlook\0Offline Files\0Oakley\0ntbackup\0NeroCheck\0MSSQLSERVER/MSDE\0MSSOAP\0MsiInstaller\0MSDTC Client\0MSDTC\0MSDMine\0mnmsrvc\0Microsoft Office 12\0Microsoft Office 10\0Microsoft H.323 Telephony Service Provider\0Microsoft Fax\0LoadPerf\0HelpSvc\0GLFileSync\0Folder Redirection\0File Deployment\0EventSystem\0ESENT\0DrWatson\0DiskQuota\0crypt32\0COM+\0COM\0Ci\0Chkdsk\0Bonjour Service\0AutoEnrollment\0Autochk\0ATI Smart\0ASP.NET 1.1.4322.0\0Application Management\0Application Hang\0Application Error\0.NET Runtime\0Application\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application Sources REG_MULTI_SZ WSH\0WMIAdapter\0WmdmPmSN\0WinMgmt\0Winlogon\0Windows Product Activation\0Windows 3.1 Migration\0WebClient\0VSS\0VBRuntime\0usnjsvc\0Userinit\0Userenv\0SysmonLog\0Starter\0SpoolerCtrs\0Software Restriction Policies\0Software Installation\0SecurityCenter\0SclgNtfy\0SceSrv\0SceCli\0safrslv\0SAFrdms\0RPC\0Remote Assistance\0PerfProc\0PerfOS\0PerfNet\0Perfmon\0Perflib\0PerfDisk\0Perfctrs\0Outlook\0Offline Files\0Oakley\0ntbackup\0NeroCheck\0MSSQLSERVER/MSDE\0MSSOAP\0MsiInstaller\0MSDTC Client\0MSDTC\0MSDMine\0mnmsrvc\0Microsoft Office 12\0Microsoft Office 10\0Microsoft H.323 Telephony Service Provider\0Microsoft Fax\0LoadPerf\0HelpSvc\0H+BEDV AntiVir\0GLFileSync\0Folder Redirection\0File Deployment\0EventSystem\0ESENT\0DrWatson\0DiskQuota\0crypt32\0COM+\0COM\0Ci\0Chkdsk\0Bonjour Service\0AutoEnrollment\0Autochk\0ATI Smart\0ASP.NET 1.1.4322.0\0Application Management\0Application Hang\0Application Error\0.NET Runtime\0Application\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\System Sources REG_MULTI_SZ WZCSVC\0Wudf01000\0WPDClassInstaller\0Workstation\0WMPNetworkSvc\0WindowsMedia\0Windows Update Agent\0Windows Script Host\0Windows Installer 3.1\0Windows File Protection\0Win32k\0wceusbsh\0wanatw\0W32Time\0VolSnap\0viaide\0VgaSave\0USER32\0USB_RNDIS\0UPS\0ultra\0udfs\0tosrfnds\0tosporte\0toside\0TermServSessDir\0TermService\0TermServDevices\0TermDD\0tdi\0TCPMon\0Tcpip\0System Error\0sym_u3\0sym_hi\0symc8xx\0symc810\0StillImage\0SSDPSRV\0Srv\0srservice\0sr\0sparrow\0sndblst\0Simbad\0SideBySide\0sfloppy\0Setup\0Service de stockage amovible\0Service Control Manager\0Server\0serial\0scsiport\0Schedule\0Schannel\0SCardSvr\0Save Dump\0SAM\0rtl8139\0RSVP\0RFUSB\0RemoteAccess\0redbook\0Rdbss\0RasMan\0RasAuto\0ql1280\0ql1240\0ql12160\0ql10wnt\0ql1080\0PSched\0PS2\0Processor\0Print\0PptpMiniport\0PolicyAgent\0PlugPlayManager\0perc2\0pcmcia\0pciide\0pci\0parvdm\0partmgr\0parport\0OSPFMib\0OSPF\0null\0NtServicePack\0ntfs\0npfs\0Nla\0NIC1394\0Netlogon\0NetDDE\0NetBT\0NetBIOS\0NdisWan\0NdisIP\0ndis\0Mup\0msfs\0msadlib\0MrxSmb\0MRxDAV\0mraid35x\0mouhid\0mouclass\0Modem\0ltmodem5\0LsaSrv\0LmHosts\0LDMS\0LDM\0lbrtfdc\0Kerberos\0kbdhid\0kbdclass\0KB929969\0KB928090-IE7\0isapnp\0IPXSAP\0IPXRouterManager\0IPXRIP\0IPXCP\0IPSec\0IPRouterManager\0IPRIP2\0IPNATHLP\0IPMGM\0IPBOOTP\0Internet Explorer 7 Disk\0intelppm\0intelide\0ini910u\0IGMPv2\0i8042prt\0i2omp\0i2omgmt\0Http\0hpn\0ftdisk\0fs_rec\0flpydisk\0Fips\0fdc\0fastfat\0eventlog\0efs\0dpti2o\0Dnscache\0Dnsapi\0dmio\0dmboot\0Distributed Link Tracking Client\0disk\0Dhcp\0DfsSvc\0DfsDriver\0DCOM\0dac960nt\0dac2w2k\0cpqarray\0cmdide\0changer\0cdrom\0Cdm\0cdfs\0cdaudio\0cd20xrnt\0cbidf2k\0Browser\0BITS\0beep\0Atmarpc\0ati2mtag\0Ati HotKey Poller\0atdisk\0atapi\0AsyncMac\0asc3550\0asc3350p\0asc\0Arp1394\0Application Popup\0apphelp\0amsint\0ami0nt\0AmdK8\0aliide\0Alerter\0aic78xx\0aic78u2\0aha154x\0adpu160m\0acpiec\0acpi\0abp480n5\0abiosdsk\0System\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\System Sources REG_MULTI_SZ WZCSVC\0Wudf01000\0WPDClassInstaller\0Workstation\0WMPNetworkSvc\0WindowsMedia\0Windows Update Agent\0Windows Script Host\0Windows Installer 3.1\0Windows File Protection\0Win32k\0wceusbsh\0wanatw\0W32Time\0VolSnap\0viaide\0VgaSave\0USER32\0USB_RNDIS\0UPS\0ultra\0udfs\0tosrfnds\0tosporte\0toside\0TermServSessDir\0TermService\0TermServDevices\0TermDD\0tdi\0TCPMon\0Tcpip\0System Error\0sym_u3\0sym_hi\0symc8xx\0symc810\0StillImage\0SSDPSRV\0Srv\0srservice\0sr\0sparrow\0sndblst\0Simbad\0SideBySide\0sfloppy\0Setup\0Service de stockage amovible\0Service Control Manager\0Server\0serial\0scsiport\0Schedule\0Schannel\0SCardSvr\0Save Dump\0SAM\0rtl8139\0RSVP\0RFUSB\0RemoteAccess\0redbook\0Rdbss\0RasMan\0RasAuto\0ql1280\0ql1240\0ql12160\0ql10wnt\0ql1080\0PSched\0PS2\0Processor\0Print\0PptpMiniport\0PolicyAgent\0PlugPlayManager\0perc2\0pcmcia\0pciide\0pci\0parvdm\0partmgr\0parport\0OSPFMib\0OSPF\0null\0NtServicePack\0ntfs\0npfs\0Nla\0NIC1394\0Netlogon\0NetDDE\0NetBT\0NetBIOS\0NdisWan\0NdisIP\0ndis\0Mup\0msfs\0msadlib\0MrxSmb\0MRxDAV\0mraid35x\0mouhid\0mouclass\0Modem\0ltmodem5\0LsaSrv\0LmHosts\0LDMS\0LDM\0lbrtfdc\0Kerberos\0kbdhid\0kbdclass\0KB929969\0KB928090-IE7\0isapnp\0IPXSAP\0IPXRouterManager\0IPXRIP\0IPXCP\0IPSec\0IPRouterManager\0IPRIP2\0IPNATHLP\0IPMGM\0IPBOOTP\0Internet Explorer 7 Disk\0intelppm\0intelide\0ini910u\0IGMPv2\0i8042prt\0i2omp\0i2omgmt\0Http\0hpn\0ftdisk\0fs_rec\0flpydisk\0Fips\0fdc\0fastfat\0eventlog\0efs\0dpti2o\0Dnscache\0Dnsapi\0dmio\0dmboot\0Distributed Link Tracking Client\0disk\0Dhcp\0DfsSvc\0DfsDriver\0DCOM\0dac960nt\0dac2w2k\0cpqarray\0cmdide\0changer\0cdrom\0Cdm\0cdfs\0cdaudio\0cd20xrnt\0cbidf2k\0Browser\0BITS\0beep\0avgntflt\0Atmarpc\0ati2mtag\0Ati HotKey Poller\0atdisk\0atapi\0AsyncMac\0asc3550\0asc3350p\0asc\0Arp1394\0Application Popup\0apphelp\0amsint\0ami0nt\0AmdK8\0aliide\0Alerter\0aic78xx\0aic78u2\0aha154x\0adpu160m\0acpiec\0acpi\0abp480n5\0abiosdsk\0System\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ImapiService ImagePath REG_SZ C:\WINDOWS\system32\imapi.exe
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\ImapiService ImagePath REG_EXPAND_SZ %systemroot%\system32\imapi.exe
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\lanmanserver\parameters Guid REG_BINARY 58B44F30031E414F8C888BC5CACAA9E0
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\lanmanserver\parameters Guid REG_BINARY B433D5424C1C6E488FE7F442423D5812
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\LIVESRV
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MSIServer ImagePath REG_EXPAND_SZ C:\WINDOWS\system32\msiexec.exe /V
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MSIServer ImagePath REG_EXPAND_SZ %systemroot%\system32\msiexec.exe /V
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\RpcSs\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\rpcss.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\RpcSs\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\rpcss.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 12209 (0x2FB1)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 11496 (0x2CE8)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\AOL 9.0a\waol.exe REG_SZ C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\Alice_Triway_WiFi\Wizard\CTD_FirmwareUpgrader.exe REG_SZ C:\Program Files\Alice_Triway_WiFi\Wizard\CTD_FirmwareUpgrader.exe:*:Enabled:CTD_FirmwareUpgrader
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List E:\Fr_main\tools\CTD_FirmwareUpgrader.exe REG_SZ E:\Fr_main\tools\CTD_FirmwareUpgrader.exe:*:Enabled:CTD_FirmwareUpgrader
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\FrostWire\FrostWire.exe REG_SZ C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\Ares\Ares.exe REG_SZ C:\Program Files\Ares\Ares.exe:*:Disabled:Ares p2p for windows
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\services.exe REG_SZ C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\services.exe:*:Enabled:Flash Media
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sp_rsdrv2
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sp_rssrv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} LeaseObtainedTime REG_DWORD 1209640027 (0x4819A45B)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} LeaseObtainedTime REG_DWORD 1209743005 (0x481B369D)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} T1 REG_DWORD 1209683227 (0x481A4D1B)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} T1 REG_DWORD 1209786205 (0x481BDF5D)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} T2 REG_DWORD 1209715627 (0x481ACBAB)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} T2 REG_DWORD 1209818605 (0x481C5DED)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} LeaseTerminatesTime REG_DWORD 1209726427 (0x481AF5DB)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} LeaseTerminatesTime REG_DWORD 1209829405 (0x481C881D)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tosrfbd\CurrentSetup Class_of_Device REG_DWORD 1048844 (0x10010C)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tosrfbd\CurrentSetup Class_of_Device REG_DWORD 1835276 (0x1C010C)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tosrfbd\NewSetup Class_of_Device REG_DWORD 1048844 (0x10010C)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tosrfbd\NewSetup Class_of_Device REG_DWORD 1835276 (0x1C010C)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\UPS Description REG_SZ Gère un onduleur connecté à l'ordinateur.
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\UPS Description REG_SZ Manages an uninterruptible power supply (UPS) connected to the computer.
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\UPS DisplayName REG_SZ Onduleur
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\UPS DisplayName REG_SZ Uninterruptible Power Supply
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\VSSERV
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\W32Time\Parameters ServiceDll REG_EXPAND_SZ C:\WINDOWS\system32\w32time.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\W32Time\Parameters ServiceDll REG_EXPAND_SZ %systemroot%\system32\w32time.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\W32Time\TimeProviders\NtpClient SpecialPollTimeRemaining REG_MULTI_SZ time.windows.com,7a94930\0\0\0\0\0\0\0\0\0\0\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\W32Time\TimeProviders\NtpClient SpecialPollTimeRemaining REG_MULTI_SZ time.windows.com,7a961dc\0\0\0\0\0\0\0\0\0\0\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\XCOMM
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1209640027 (0x4819A45B)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1209743005 (0x481B369D)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip T1 REG_DWORD 1209683227 (0x481A4D1B)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip T1 REG_DWORD 1209786205 (0x481BDF5D)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip T2 REG_DWORD 1209715627 (0x481ACBAB)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip T2 REG_DWORD 1209818605 (0x481C5DED)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1209726427 (0x481AF5DB)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1209829405 (0x481C881D)
Result compared: Different
===================== SUSPICIOUS FILES =====================
EXE and DLL files packed with runtime packers, found in: C:\; C:\WINDOWS\; C:\WINDOWS\system32\
C:\WINDOWS\Nircmd.exe --> is compressed with UPX
C:\WINDOWS\swreg.exe --> is compressed with UPX
C:\WINDOWS\swsc.exe --> is compressed with UPX
C:\WINDOWS\system32\404Fix.exe --> is compressed with UPX
C:\WINDOWS\system32\IEDFix.exe --> is compressed with UPX
C:\WINDOWS\system32\SrchSTS.exe --> is compressed with UPX
C:\WINDOWS\system32\VACFix.exe --> is compressed with UPX
C:\WINDOWS\system32\VCCLSID.exe --> is compressed with UPX
C:\WINDOWS\system32\WS2Fix.exe --> is compressed with UPX
C:\WINDOWS\system32\MACDec.dll --> is compressed with UPX
==========================================
Scan completed in 1.3 minutes
End of report
~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
SystemScan uses some freeware tools that remain property of their authors:
* SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
* dumphive (Markus Stephany)--> "Registry scan"
* Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules"
* Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log
Thanks to all of them for their hard work
-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Aavmker4
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswFsBlk
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswMon2
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswRdr
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswSP
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi DisplayName REG_SZ avast! Network Shield Support
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi ErrorControl REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Type REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Group REG_SZ PNP_TDI
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Start REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi DependOnService REG_MULTI_SZ tcpip\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Tag REG_DWORD 268435456 (0x10000000)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi\Parameters ProviderStart REG_DWORD 1 (0x1)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\aswTdi\Parameters ProviderStart REG_DWORD 3 (0x3)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswUpdSv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\avast! Antivirus
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\avast! Mail Scanner
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\avast! Web Scanner
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\bdfdll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\bdss
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\BITS\Parameters ServiceDll REG_EXPAND_SZ C:\WINDOWS\system32\qmgr.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\BITS\Parameters ServiceDll REG_EXPAND_SZ %systemroot%\system32\qmgr.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\CiSvc Description REG_SZ Construit un index des contenus et des propriétés des fichiers sur les ordinateurs locaux et distants ; fournit un accès rapide aux fichiers par le biais d'un langage d'interrogation flexible.
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\CiSvc Description REG_SZ Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\CiSvc DisplayName REG_SZ Service d'indexation
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\CiSvc DisplayName REG_SZ Indexing Service
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {8C325E5B-BDEA-428F-BBF5-08C77732B6CE} REG_BINARY 01000000000000000400000000000000DBF51A48FFFFFF0006000000000000000400000000000000DBF51A48C0A8010103000000000000000400000000000000DBF51A48C0A801011C000000000000000400000000000000DBF51A48C0A801FF36000000000000000400000000000000DBF51A48C0A8010135000000000000000100000000000000DBF51A4805000000FC000000000000000000000000000000BEA4194851000000000000001200000000000000DBF51A4803FFFF6E6F6D2D656238356335323336313000003B000000000000000400000000000000DBF51A48000127503A000000000000000400000000000000DBF51A480000A8C033000000000000000400000000000000DBF51A4800015180
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Dhcp\Parameters {8C325E5B-BDEA-428F-BBF5-08C77732B6CE} REG_BINARY 010000000000000004000000000000001D881C48FFFFFF00060000000000000004000000000000001D881C48C0A80101030000000000000004000000000000001D881C48C0A80101510000000000000012000000000000001D881C4803FFFF6E6F6D2D656238356335323336313000001C0000000000000004000000000000001D881C48C0A801FF3B0000000000000004000000000000001D881C48000127503A0000000000000004000000000000001D881C480000A8C0330000000000000004000000000000001D881C4800015180360000000000000004000000000000001D881C48C0A80101350000000000000001000000000000001D881C4805000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\eamon
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\easdrv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\EhttpSrv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ekrn
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\epfwtdir
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ERSvc Description REG_SZ Active le rapport d'erreurs pour les services et les applications s'exécutant sur des environnements non standard.
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\ERSvc Description REG_SZ Allows error reporting for services and applictions running in non-standard environments.
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ERSvc DisplayName REG_SZ Service de rapport d'erreurs
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\ERSvc DisplayName REG_SZ Error Reporting Service
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Antivirus
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application Sources REG_MULTI_SZ WSH\0WMIAdapter\0WmdmPmSN\0WinMgmt\0Winlogon\0Windows Product Activation\0Windows 3.1 Migration\0WebClient\0VSS\0VBRuntime\0usnjsvc\0Userinit\0Userenv\0SysmonLog\0Starter\0SpoolerCtrs\0Software Restriction Policies\0Software Installation\0SecurityCenter\0SclgNtfy\0SceSrv\0SceCli\0safrslv\0SAFrdms\0RPC\0Remote Assistance\0PerfProc\0PerfOS\0PerfNet\0Perfmon\0Perflib\0PerfDisk\0Perfctrs\0Outlook\0Offline Files\0Oakley\0ntbackup\0NeroCheck\0MSSQLSERVER/MSDE\0MSSOAP\0MsiInstaller\0MSDTC Client\0MSDTC\0MSDMine\0mnmsrvc\0Microsoft Office 12\0Microsoft Office 10\0Microsoft H.323 Telephony Service Provider\0Microsoft Fax\0LoadPerf\0HelpSvc\0GLFileSync\0Folder Redirection\0File Deployment\0EventSystem\0ESENT\0DrWatson\0DiskQuota\0crypt32\0COM+\0COM\0Ci\0Chkdsk\0Bonjour Service\0AutoEnrollment\0Autochk\0ATI Smart\0ASP.NET 1.1.4322.0\0Application Management\0Application Hang\0Application Error\0.NET Runtime\0Application\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application Sources REG_MULTI_SZ WSH\0WMIAdapter\0WmdmPmSN\0WinMgmt\0Winlogon\0Windows Product Activation\0Windows 3.1 Migration\0WebClient\0VSS\0VBRuntime\0usnjsvc\0Userinit\0Userenv\0SysmonLog\0Starter\0SpoolerCtrs\0Software Restriction Policies\0Software Installation\0SecurityCenter\0SclgNtfy\0SceSrv\0SceCli\0safrslv\0SAFrdms\0RPC\0Remote Assistance\0PerfProc\0PerfOS\0PerfNet\0Perfmon\0Perflib\0PerfDisk\0Perfctrs\0Outlook\0Offline Files\0Oakley\0ntbackup\0NeroCheck\0MSSQLSERVER/MSDE\0MSSOAP\0MsiInstaller\0MSDTC Client\0MSDTC\0MSDMine\0mnmsrvc\0Microsoft Office 12\0Microsoft Office 10\0Microsoft H.323 Telephony Service Provider\0Microsoft Fax\0LoadPerf\0HelpSvc\0H+BEDV AntiVir\0GLFileSync\0Folder Redirection\0File Deployment\0EventSystem\0ESENT\0DrWatson\0DiskQuota\0crypt32\0COM+\0COM\0Ci\0Chkdsk\0Bonjour Service\0AutoEnrollment\0Autochk\0ATI Smart\0ASP.NET 1.1.4322.0\0Application Management\0Application Hang\0Application Error\0.NET Runtime\0Application\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\System Sources REG_MULTI_SZ WZCSVC\0Wudf01000\0WPDClassInstaller\0Workstation\0WMPNetworkSvc\0WindowsMedia\0Windows Update Agent\0Windows Script Host\0Windows Installer 3.1\0Windows File Protection\0Win32k\0wceusbsh\0wanatw\0W32Time\0VolSnap\0viaide\0VgaSave\0USER32\0USB_RNDIS\0UPS\0ultra\0udfs\0tosrfnds\0tosporte\0toside\0TermServSessDir\0TermService\0TermServDevices\0TermDD\0tdi\0TCPMon\0Tcpip\0System Error\0sym_u3\0sym_hi\0symc8xx\0symc810\0StillImage\0SSDPSRV\0Srv\0srservice\0sr\0sparrow\0sndblst\0Simbad\0SideBySide\0sfloppy\0Setup\0Service de stockage amovible\0Service Control Manager\0Server\0serial\0scsiport\0Schedule\0Schannel\0SCardSvr\0Save Dump\0SAM\0rtl8139\0RSVP\0RFUSB\0RemoteAccess\0redbook\0Rdbss\0RasMan\0RasAuto\0ql1280\0ql1240\0ql12160\0ql10wnt\0ql1080\0PSched\0PS2\0Processor\0Print\0PptpMiniport\0PolicyAgent\0PlugPlayManager\0perc2\0pcmcia\0pciide\0pci\0parvdm\0partmgr\0parport\0OSPFMib\0OSPF\0null\0NtServicePack\0ntfs\0npfs\0Nla\0NIC1394\0Netlogon\0NetDDE\0NetBT\0NetBIOS\0NdisWan\0NdisIP\0ndis\0Mup\0msfs\0msadlib\0MrxSmb\0MRxDAV\0mraid35x\0mouhid\0mouclass\0Modem\0ltmodem5\0LsaSrv\0LmHosts\0LDMS\0LDM\0lbrtfdc\0Kerberos\0kbdhid\0kbdclass\0KB929969\0KB928090-IE7\0isapnp\0IPXSAP\0IPXRouterManager\0IPXRIP\0IPXCP\0IPSec\0IPRouterManager\0IPRIP2\0IPNATHLP\0IPMGM\0IPBOOTP\0Internet Explorer 7 Disk\0intelppm\0intelide\0ini910u\0IGMPv2\0i8042prt\0i2omp\0i2omgmt\0Http\0hpn\0ftdisk\0fs_rec\0flpydisk\0Fips\0fdc\0fastfat\0eventlog\0efs\0dpti2o\0Dnscache\0Dnsapi\0dmio\0dmboot\0Distributed Link Tracking Client\0disk\0Dhcp\0DfsSvc\0DfsDriver\0DCOM\0dac960nt\0dac2w2k\0cpqarray\0cmdide\0changer\0cdrom\0Cdm\0cdfs\0cdaudio\0cd20xrnt\0cbidf2k\0Browser\0BITS\0beep\0Atmarpc\0ati2mtag\0Ati HotKey Poller\0atdisk\0atapi\0AsyncMac\0asc3550\0asc3350p\0asc\0Arp1394\0Application Popup\0apphelp\0amsint\0ami0nt\0AmdK8\0aliide\0Alerter\0aic78xx\0aic78u2\0aha154x\0adpu160m\0acpiec\0acpi\0abp480n5\0abiosdsk\0System\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\System Sources REG_MULTI_SZ WZCSVC\0Wudf01000\0WPDClassInstaller\0Workstation\0WMPNetworkSvc\0WindowsMedia\0Windows Update Agent\0Windows Script Host\0Windows Installer 3.1\0Windows File Protection\0Win32k\0wceusbsh\0wanatw\0W32Time\0VolSnap\0viaide\0VgaSave\0USER32\0USB_RNDIS\0UPS\0ultra\0udfs\0tosrfnds\0tosporte\0toside\0TermServSessDir\0TermService\0TermServDevices\0TermDD\0tdi\0TCPMon\0Tcpip\0System Error\0sym_u3\0sym_hi\0symc8xx\0symc810\0StillImage\0SSDPSRV\0Srv\0srservice\0sr\0sparrow\0sndblst\0Simbad\0SideBySide\0sfloppy\0Setup\0Service de stockage amovible\0Service Control Manager\0Server\0serial\0scsiport\0Schedule\0Schannel\0SCardSvr\0Save Dump\0SAM\0rtl8139\0RSVP\0RFUSB\0RemoteAccess\0redbook\0Rdbss\0RasMan\0RasAuto\0ql1280\0ql1240\0ql12160\0ql10wnt\0ql1080\0PSched\0PS2\0Processor\0Print\0PptpMiniport\0PolicyAgent\0PlugPlayManager\0perc2\0pcmcia\0pciide\0pci\0parvdm\0partmgr\0parport\0OSPFMib\0OSPF\0null\0NtServicePack\0ntfs\0npfs\0Nla\0NIC1394\0Netlogon\0NetDDE\0NetBT\0NetBIOS\0NdisWan\0NdisIP\0ndis\0Mup\0msfs\0msadlib\0MrxSmb\0MRxDAV\0mraid35x\0mouhid\0mouclass\0Modem\0ltmodem5\0LsaSrv\0LmHosts\0LDMS\0LDM\0lbrtfdc\0Kerberos\0kbdhid\0kbdclass\0KB929969\0KB928090-IE7\0isapnp\0IPXSAP\0IPXRouterManager\0IPXRIP\0IPXCP\0IPSec\0IPRouterManager\0IPRIP2\0IPNATHLP\0IPMGM\0IPBOOTP\0Internet Explorer 7 Disk\0intelppm\0intelide\0ini910u\0IGMPv2\0i8042prt\0i2omp\0i2omgmt\0Http\0hpn\0ftdisk\0fs_rec\0flpydisk\0Fips\0fdc\0fastfat\0eventlog\0efs\0dpti2o\0Dnscache\0Dnsapi\0dmio\0dmboot\0Distributed Link Tracking Client\0disk\0Dhcp\0DfsSvc\0DfsDriver\0DCOM\0dac960nt\0dac2w2k\0cpqarray\0cmdide\0changer\0cdrom\0Cdm\0cdfs\0cdaudio\0cd20xrnt\0cbidf2k\0Browser\0BITS\0beep\0avgntflt\0Atmarpc\0ati2mtag\0Ati HotKey Poller\0atdisk\0atapi\0AsyncMac\0asc3550\0asc3350p\0asc\0Arp1394\0Application Popup\0apphelp\0amsint\0ami0nt\0AmdK8\0aliide\0Alerter\0aic78xx\0aic78u2\0aha154x\0adpu160m\0acpiec\0acpi\0abp480n5\0abiosdsk\0System\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ImapiService ImagePath REG_SZ C:\WINDOWS\system32\imapi.exe
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\ImapiService ImagePath REG_EXPAND_SZ %systemroot%\system32\imapi.exe
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\lanmanserver\parameters Guid REG_BINARY 58B44F30031E414F8C888BC5CACAA9E0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\lanmanserver\parameters Guid REG_BINARY B433D5424C1C6E488FE7F442423D5812
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\LIVESRV
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MSIServer ImagePath REG_EXPAND_SZ C:\WINDOWS\system32\msiexec.exe /V
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MSIServer ImagePath REG_EXPAND_SZ %systemroot%\system32\msiexec.exe /V
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\RpcSs\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\rpcss.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\RpcSs\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\rpcss.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 12209 (0x2FB1)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Epoch Epoch REG_DWORD 11493 (0x2CE5)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\AOL 9.0a\waol.exe REG_SZ C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\Alice_Triway_WiFi\Wizard\CTD_FirmwareUpgrader.exe REG_SZ C:\Program Files\Alice_Triway_WiFi\Wizard\CTD_FirmwareUpgrader.exe:*:Enabled:CTD_FirmwareUpgrader
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List E:\Fr_main\tools\CTD_FirmwareUpgrader.exe REG_SZ E:\Fr_main\tools\CTD_FirmwareUpgrader.exe:*:Enabled:CTD_FirmwareUpgrader
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\FrostWire\FrostWire.exe REG_SZ C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\Ares\Ares.exe REG_SZ C:\Program Files\Ares\Ares.exe:*:Disabled:Ares p2p for windows
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\services.exe REG_SZ C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\services.exe:*:Enabled:Flash Media
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sp_rsdrv2
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sp_rssrv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} LeaseObtainedTime REG_DWORD 1209640027 (0x4819A45B)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} LeaseObtainedTime REG_DWORD 1209743005 (0x481B369D)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} T1 REG_DWORD 1209683227 (0x481A4D1B)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} T1 REG_DWORD 1209786205 (0x481BDF5D)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} T2 REG_DWORD 1209715627 (0x481ACBAB)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} T2 REG_DWORD 1209818605 (0x481C5DED)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} LeaseTerminatesTime REG_DWORD 1209726427 (0x481AF5DB)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} LeaseTerminatesTime REG_DWORD 1209829405 (0x481C881D)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tosrfbd\CurrentSetup Local_Name REG_BINARY 4E4F4D2D45423835433532333631300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tosrfbd\CurrentSetup Local_Name REG_BINARY 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tosrfbd\CurrentSetup Scan_Enable REG_DWORD 3 (0x3)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tosrfbd\CurrentSetup Scan_Enable REG_DWORD 0 (0x0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tosrfbd\CurrentSetup Class_of_Device REG_DWORD 1048844 (0x10010C)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tosrfbd\CurrentSetup Class_of_Device REG_DWORD 268 (0x10C)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tosrfbd\NewSetup Scan_Enable REG_DWORD 3 (0x3)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tosrfbd\NewSetup Scan_Enable REG_DWORD 0 (0x0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tosrfbd\NewSetup Class_of_Device REG_DWORD 1048844 (0x10010C)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tosrfbd\NewSetup Class_of_Device REG_DWORD 1835276 (0x1C010C)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\UPS Description REG_SZ Gère un onduleur connecté à l'ordinateur.
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\UPS Description REG_SZ Manages an uninterruptible power supply (UPS) connected to the computer.
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\UPS DisplayName REG_SZ Onduleur
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\UPS DisplayName REG_SZ Uninterruptible Power Supply
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\VSSERV
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\W32Time\Parameters ServiceDll REG_EXPAND_SZ C:\WINDOWS\system32\w32time.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\W32Time\Parameters ServiceDll REG_EXPAND_SZ %systemroot%\system32\w32time.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\W32Time\TimeProviders\NtpClient SpecialPollTimeRemaining REG_MULTI_SZ time.windows.com,7a94930\0\0\0\0\0\0\0\0\0\0\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\W32Time\TimeProviders\NtpClient SpecialPollTimeRemaining REG_MULTI_SZ time.windows.com,7a961dc\0\0\0\0\0\0\0\0\0\0\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\XCOMM
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1209640027 (0x4819A45B)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1209743005 (0x481B369D)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip T1 REG_DWORD 1209683227 (0x481A4D1B)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip T1 REG_DWORD 1209786205 (0x481BDF5D)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip T2 REG_DWORD 1209715627 (0x481ACBAB)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip T2 REG_DWORD 1209818605 (0x481C5DED)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1209726427 (0x481AF5DB)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1209829405 (0x481C881D)
Result compared: Different
-----Comparing registry keys CCS1 vs CCS3 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Aavmker4
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswFsBlk
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswMon2
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswRdr
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswSP
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi DisplayName REG_SZ avast! Network Shield Support
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi ErrorControl REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Type REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Group REG_SZ PNP_TDI
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Start REG_DWORD 1 (0x1)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi DependOnService REG_MULTI_SZ tcpip\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi Tag REG_DWORD 268435456 (0x10000000)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswTdi\Parameters ProviderStart REG_DWORD 1 (0x1)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\aswTdi\Parameters ProviderStart REG_DWORD 3 (0x3)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aswUpdSv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\avast! Antivirus
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\avast! Mail Scanner
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\avast! Web Scanner
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\bdfdll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\bdss
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\BITS\Parameters ServiceDll REG_EXPAND_SZ C:\WINDOWS\system32\qmgr.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\BITS\Parameters ServiceDll REG_EXPAND_SZ %systemroot%\system32\qmgr.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\CiSvc Description REG_SZ Construit un index des contenus et des propriétés des fichiers sur les ordinateurs locaux et distants ; fournit un accès rapide aux fichiers par le biais d'un langage d'interrogation flexible.
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\CiSvc Description REG_SZ Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\CiSvc DisplayName REG_SZ Service d'indexation
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\CiSvc DisplayName REG_SZ Indexing Service
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {8C325E5B-BDEA-428F-BBF5-08C77732B6CE} REG_BINARY 01000000000000000400000000000000DBF51A48FFFFFF0006000000000000000400000000000000DBF51A48C0A8010103000000000000000400000000000000DBF51A48C0A801011C000000000000000400000000000000DBF51A48C0A801FF36000000000000000400000000000000DBF51A48C0A8010135000000000000000100000000000000DBF51A4805000000FC000000000000000000000000000000BEA4194851000000000000001200000000000000DBF51A4803FFFF6E6F6D2D656238356335323336313000003B000000000000000400000000000000DBF51A48000127503A000000000000000400000000000000DBF51A480000A8C033000000000000000400000000000000DBF51A4800015180
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {8C325E5B-BDEA-428F-BBF5-08C77732B6CE} REG_BINARY 010000000000000004000000000000001D881C48FFFFFF00060000000000000004000000000000001D881C48C0A80101030000000000000004000000000000001D881C48C0A801011C0000000000000004000000000000001D881C48C0A801FF360000000000000004000000000000001D881C48C0A80101350000000000000001000000000000001D881C4805000000FC00000000000000000000000000000046371B48510000000000000012000000000000001D881C4803FFFF6E6F6D2D656238356335323336313000003B0000000000000004000000000000001D881C48000127503A0000000000000004000000000000001D881C480000A8C0330000000000000004000000000000001D881C4800015180
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\eamon
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\easdrv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\EhttpSrv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ekrn
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\epfwtdir
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ERSvc Description REG_SZ Active le rapport d'erreurs pour les services et les applications s'exécutant sur des environnements non standard.
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\ERSvc Description REG_SZ Allows error reporting for services and applictions running in non-standard environments.
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ERSvc DisplayName REG_SZ Service de rapport d'erreurs
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\ERSvc DisplayName REG_SZ Error Reporting Service
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Antivirus
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application Sources REG_MULTI_SZ WSH\0WMIAdapter\0WmdmPmSN\0WinMgmt\0Winlogon\0Windows Product Activation\0Windows 3.1 Migration\0WebClient\0VSS\0VBRuntime\0usnjsvc\0Userinit\0Userenv\0SysmonLog\0Starter\0SpoolerCtrs\0Software Restriction Policies\0Software Installation\0SecurityCenter\0SclgNtfy\0SceSrv\0SceCli\0safrslv\0SAFrdms\0RPC\0Remote Assistance\0PerfProc\0PerfOS\0PerfNet\0Perfmon\0Perflib\0PerfDisk\0Perfctrs\0Outlook\0Offline Files\0Oakley\0ntbackup\0NeroCheck\0MSSQLSERVER/MSDE\0MSSOAP\0MsiInstaller\0MSDTC Client\0MSDTC\0MSDMine\0mnmsrvc\0Microsoft Office 12\0Microsoft Office 10\0Microsoft H.323 Telephony Service Provider\0Microsoft Fax\0LoadPerf\0HelpSvc\0GLFileSync\0Folder Redirection\0File Deployment\0EventSystem\0ESENT\0DrWatson\0DiskQuota\0crypt32\0COM+\0COM\0Ci\0Chkdsk\0Bonjour Service\0AutoEnrollment\0Autochk\0ATI Smart\0ASP.NET 1.1.4322.0\0Application Management\0Application Hang\0Application Error\0.NET Runtime\0Application\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application Sources REG_MULTI_SZ WSH\0WMIAdapter\0WmdmPmSN\0WinMgmt\0Winlogon\0Windows Product Activation\0Windows 3.1 Migration\0WebClient\0VSS\0VBRuntime\0usnjsvc\0Userinit\0Userenv\0SysmonLog\0Starter\0SpoolerCtrs\0Software Restriction Policies\0Software Installation\0SecurityCenter\0SclgNtfy\0SceSrv\0SceCli\0safrslv\0SAFrdms\0RPC\0Remote Assistance\0PerfProc\0PerfOS\0PerfNet\0Perfmon\0Perflib\0PerfDisk\0Perfctrs\0Outlook\0Offline Files\0Oakley\0ntbackup\0NeroCheck\0MSSQLSERVER/MSDE\0MSSOAP\0MsiInstaller\0MSDTC Client\0MSDTC\0MSDMine\0mnmsrvc\0Microsoft Office 12\0Microsoft Office 10\0Microsoft H.323 Telephony Service Provider\0Microsoft Fax\0LoadPerf\0HelpSvc\0H+BEDV AntiVir\0GLFileSync\0Folder Redirection\0File Deployment\0EventSystem\0ESENT\0DrWatson\0DiskQuota\0crypt32\0COM+\0COM\0Ci\0Chkdsk\0Bonjour Service\0AutoEnrollment\0Autochk\0ATI Smart\0ASP.NET 1.1.4322.0\0Application Management\0Application Hang\0Application Error\0.NET Runtime\0Application\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\System Sources REG_MULTI_SZ WZCSVC\0Wudf01000\0WPDClassInstaller\0Workstation\0WMPNetworkSvc\0WindowsMedia\0Windows Update Agent\0Windows Script Host\0Windows Installer 3.1\0Windows File Protection\0Win32k\0wceusbsh\0wanatw\0W32Time\0VolSnap\0viaide\0VgaSave\0USER32\0USB_RNDIS\0UPS\0ultra\0udfs\0tosrfnds\0tosporte\0toside\0TermServSessDir\0TermService\0TermServDevices\0TermDD\0tdi\0TCPMon\0Tcpip\0System Error\0sym_u3\0sym_hi\0symc8xx\0symc810\0StillImage\0SSDPSRV\0Srv\0srservice\0sr\0sparrow\0sndblst\0Simbad\0SideBySide\0sfloppy\0Setup\0Service de stockage amovible\0Service Control Manager\0Server\0serial\0scsiport\0Schedule\0Schannel\0SCardSvr\0Save Dump\0SAM\0rtl8139\0RSVP\0RFUSB\0RemoteAccess\0redbook\0Rdbss\0RasMan\0RasAuto\0ql1280\0ql1240\0ql12160\0ql10wnt\0ql1080\0PSched\0PS2\0Processor\0Print\0PptpMiniport\0PolicyAgent\0PlugPlayManager\0perc2\0pcmcia\0pciide\0pci\0parvdm\0partmgr\0parport\0OSPFMib\0OSPF\0null\0NtServicePack\0ntfs\0npfs\0Nla\0NIC1394\0Netlogon\0NetDDE\0NetBT\0NetBIOS\0NdisWan\0NdisIP\0ndis\0Mup\0msfs\0msadlib\0MrxSmb\0MRxDAV\0mraid35x\0mouhid\0mouclass\0Modem\0ltmodem5\0LsaSrv\0LmHosts\0LDMS\0LDM\0lbrtfdc\0Kerberos\0kbdhid\0kbdclass\0KB929969\0KB928090-IE7\0isapnp\0IPXSAP\0IPXRouterManager\0IPXRIP\0IPXCP\0IPSec\0IPRouterManager\0IPRIP2\0IPNATHLP\0IPMGM\0IPBOOTP\0Internet Explorer 7 Disk\0intelppm\0intelide\0ini910u\0IGMPv2\0i8042prt\0i2omp\0i2omgmt\0Http\0hpn\0ftdisk\0fs_rec\0flpydisk\0Fips\0fdc\0fastfat\0eventlog\0efs\0dpti2o\0Dnscache\0Dnsapi\0dmio\0dmboot\0Distributed Link Tracking Client\0disk\0Dhcp\0DfsSvc\0DfsDriver\0DCOM\0dac960nt\0dac2w2k\0cpqarray\0cmdide\0changer\0cdrom\0Cdm\0cdfs\0cdaudio\0cd20xrnt\0cbidf2k\0Browser\0BITS\0beep\0Atmarpc\0ati2mtag\0Ati HotKey Poller\0atdisk\0atapi\0AsyncMac\0asc3550\0asc3350p\0asc\0Arp1394\0Application Popup\0apphelp\0amsint\0ami0nt\0AmdK8\0aliide\0Alerter\0aic78xx\0aic78u2\0aha154x\0adpu160m\0acpiec\0acpi\0abp480n5\0abiosdsk\0System\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\System Sources REG_MULTI_SZ WZCSVC\0Wudf01000\0WPDClassInstaller\0Workstation\0WMPNetworkSvc\0WindowsMedia\0Windows Update Agent\0Windows Script Host\0Windows Installer 3.1\0Windows File Protection\0Win32k\0wceusbsh\0wanatw\0W32Time\0VolSnap\0viaide\0VgaSave\0USER32\0USB_RNDIS\0UPS\0ultra\0udfs\0tosrfnds\0tosporte\0toside\0TermServSessDir\0TermService\0TermServDevices\0TermDD\0tdi\0TCPMon\0Tcpip\0System Error\0sym_u3\0sym_hi\0symc8xx\0symc810\0StillImage\0SSDPSRV\0Srv\0srservice\0sr\0sparrow\0sndblst\0Simbad\0SideBySide\0sfloppy\0Setup\0Service de stockage amovible\0Service Control Manager\0Server\0serial\0scsiport\0Schedule\0Schannel\0SCardSvr\0Save Dump\0SAM\0rtl8139\0RSVP\0RFUSB\0RemoteAccess\0redbook\0Rdbss\0RasMan\0RasAuto\0ql1280\0ql1240\0ql12160\0ql10wnt\0ql1080\0PSched\0PS2\0Processor\0Print\0PptpMiniport\0PolicyAgent\0PlugPlayManager\0perc2\0pcmcia\0pciide\0pci\0parvdm\0partmgr\0parport\0OSPFMib\0OSPF\0null\0NtServicePack\0ntfs\0npfs\0Nla\0NIC1394\0Netlogon\0NetDDE\0NetBT\0NetBIOS\0NdisWan\0NdisIP\0ndis\0Mup\0msfs\0msadlib\0MrxSmb\0MRxDAV\0mraid35x\0mouhid\0mouclass\0Modem\0ltmodem5\0LsaSrv\0LmHosts\0LDMS\0LDM\0lbrtfdc\0Kerberos\0kbdhid\0kbdclass\0KB929969\0KB928090-IE7\0isapnp\0IPXSAP\0IPXRouterManager\0IPXRIP\0IPXCP\0IPSec\0IPRouterManager\0IPRIP2\0IPNATHLP\0IPMGM\0IPBOOTP\0Internet Explorer 7 Disk\0intelppm\0intelide\0ini910u\0IGMPv2\0i8042prt\0i2omp\0i2omgmt\0Http\0hpn\0ftdisk\0fs_rec\0flpydisk\0Fips\0fdc\0fastfat\0eventlog\0efs\0dpti2o\0Dnscache\0Dnsapi\0dmio\0dmboot\0Distributed Link Tracking Client\0disk\0Dhcp\0DfsSvc\0DfsDriver\0DCOM\0dac960nt\0dac2w2k\0cpqarray\0cmdide\0changer\0cdrom\0Cdm\0cdfs\0cdaudio\0cd20xrnt\0cbidf2k\0Browser\0BITS\0beep\0avgntflt\0Atmarpc\0ati2mtag\0Ati HotKey Poller\0atdisk\0atapi\0AsyncMac\0asc3550\0asc3350p\0asc\0Arp1394\0Application Popup\0apphelp\0amsint\0ami0nt\0AmdK8\0aliide\0Alerter\0aic78xx\0aic78u2\0aha154x\0adpu160m\0acpiec\0acpi\0abp480n5\0abiosdsk\0System\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ImapiService ImagePath REG_SZ C:\WINDOWS\system32\imapi.exe
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\ImapiService ImagePath REG_EXPAND_SZ %systemroot%\system32\imapi.exe
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\lanmanserver\parameters Guid REG_BINARY 58B44F30031E414F8C888BC5CACAA9E0
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\lanmanserver\parameters Guid REG_BINARY B433D5424C1C6E488FE7F442423D5812
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\LIVESRV
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MSIServer ImagePath REG_EXPAND_SZ C:\WINDOWS\system32\msiexec.exe /V
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MSIServer ImagePath REG_EXPAND_SZ %systemroot%\system32\msiexec.exe /V
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\RpcSs\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\rpcss.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\RpcSs\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\rpcss.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 12209 (0x2FB1)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 11496 (0x2CE8)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\AOL 9.0a\waol.exe REG_SZ C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\Alice_Triway_WiFi\Wizard\CTD_FirmwareUpgrader.exe REG_SZ C:\Program Files\Alice_Triway_WiFi\Wizard\CTD_FirmwareUpgrader.exe:*:Enabled:CTD_FirmwareUpgrader
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List E:\Fr_main\tools\CTD_FirmwareUpgrader.exe REG_SZ E:\Fr_main\tools\CTD_FirmwareUpgrader.exe:*:Enabled:CTD_FirmwareUpgrader
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\FrostWire\FrostWire.exe REG_SZ C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\Ares\Ares.exe REG_SZ C:\Program Files\Ares\Ares.exe:*:Disabled:Ares p2p for windows
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\services.exe REG_SZ C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\services.exe:*:Enabled:Flash Media
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sp_rsdrv2
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\sp_rssrv
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} LeaseObtainedTime REG_DWORD 1209640027 (0x4819A45B)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} LeaseObtainedTime REG_DWORD 1209743005 (0x481B369D)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} T1 REG_DWORD 1209683227 (0x481A4D1B)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} T1 REG_DWORD 1209786205 (0x481BDF5D)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} T2 REG_DWORD 1209715627 (0x481ACBAB)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} T2 REG_DWORD 1209818605 (0x481C5DED)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} LeaseTerminatesTime REG_DWORD 1209726427 (0x481AF5DB)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE} LeaseTerminatesTime REG_DWORD 1209829405 (0x481C881D)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tosrfbd\CurrentSetup Class_of_Device REG_DWORD 1048844 (0x10010C)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tosrfbd\CurrentSetup Class_of_Device REG_DWORD 1835276 (0x1C010C)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tosrfbd\NewSetup Class_of_Device REG_DWORD 1048844 (0x10010C)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tosrfbd\NewSetup Class_of_Device REG_DWORD 1835276 (0x1C010C)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\UPS Description REG_SZ Gère un onduleur connecté à l'ordinateur.
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\UPS Description REG_SZ Manages an uninterruptible power supply (UPS) connected to the computer.
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\UPS DisplayName REG_SZ Onduleur
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\UPS DisplayName REG_SZ Uninterruptible Power Supply
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\VSSERV
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\W32Time\Parameters ServiceDll REG_EXPAND_SZ C:\WINDOWS\system32\w32time.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\W32Time\Parameters ServiceDll REG_EXPAND_SZ %systemroot%\system32\w32time.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\W32Time\TimeProviders\NtpClient SpecialPollTimeRemaining REG_MULTI_SZ time.windows.com,7a94930\0\0\0\0\0\0\0\0\0\0\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\W32Time\TimeProviders\NtpClient SpecialPollTimeRemaining REG_MULTI_SZ time.windows.com,7a961dc\0\0\0\0\0\0\0\0\0\0\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\XCOMM
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1209640027 (0x4819A45B)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1209743005 (0x481B369D)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip T1 REG_DWORD 1209683227 (0x481A4D1B)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip T1 REG_DWORD 1209786205 (0x481BDF5D)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip T2 REG_DWORD 1209715627 (0x481ACBAB)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip T2 REG_DWORD 1209818605 (0x481C5DED)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1209726427 (0x481AF5DB)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{8C325E5B-BDEA-428F-BBF5-08C77732B6CE}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1209829405 (0x481C881D)
Result compared: Different
===================== SUSPICIOUS FILES =====================
EXE and DLL files packed with runtime packers, found in: C:\; C:\WINDOWS\; C:\WINDOWS\system32\
C:\WINDOWS\Nircmd.exe --> is compressed with UPX
C:\WINDOWS\swreg.exe --> is compressed with UPX
C:\WINDOWS\swsc.exe --> is compressed with UPX
C:\WINDOWS\system32\404Fix.exe --> is compressed with UPX
C:\WINDOWS\system32\IEDFix.exe --> is compressed with UPX
C:\WINDOWS\system32\SrchSTS.exe --> is compressed with UPX
C:\WINDOWS\system32\VACFix.exe --> is compressed with UPX
C:\WINDOWS\system32\VCCLSID.exe --> is compressed with UPX
C:\WINDOWS\system32\WS2Fix.exe --> is compressed with UPX
C:\WINDOWS\system32\MACDec.dll --> is compressed with UPX
==========================================
Scan completed in 1.3 minutes
End of report
~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
SystemScan uses some freeware tools that remain property of their authors:
* SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
* dumphive (Markus Stephany)--> "Registry scan"
* Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules"
* Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log
Thanks to all of them for their hard work
Re ,,
Parfait.
Supprime le Fix.reg
Supprime Systemscan ,
Pus relance Toolscleaner ( déja utilisé ici )
********
Tu n'a pas de pare-feu.
Télécharge le pare-feu Kerio
Tutorial en cas de problèmes : https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall
++
Parfait.
Supprime le Fix.reg
Supprime Systemscan ,
Pus relance Toolscleaner ( déja utilisé ici )
********
Tu n'a pas de pare-feu.
Télécharge le pare-feu Kerio
Tutorial en cas de problèmes : https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall
++
excusez j en place une bonsoir bitdefender total security 2008 fait antivrus/firewall/ad-aware/controle parental/Antispam/controle vie privee.voila bonne soiree
tourne tourne petit pc..........
les logiciels qui marchent bien,ca me va bien........
tourne tourne petit pc..........
les logiciels qui marchent bien,ca me va bien........
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
j ai pas dit qu'il avait bitDefender je signalais juste une parenthese....voila bye
tourne tourne petit pc..........
les logiciels qui marchent bien,ca me va bien........
tourne tourne petit pc..........
les logiciels qui marchent bien,ca me va bien........
Re ,,
Poste moi le rapport Toolscleaner.
***********************
→ Télécharge CleanUp452 ( Primary download site ... )
→ Lance-le et choisi l'option ' cleanup! '
→ Poste le rapport.
Tutorial: http://pageperso.aol.fr/balltrap34/democleanup.htm ( merci à balltrap34 )
++
Poste moi le rapport Toolscleaner.
***********************
→ Télécharge CleanUp452 ( Primary download site ... )
→ Lance-le et choisi l'option ' cleanup! '
→ Poste le rapport.
Tutorial: http://pageperso.aol.fr/balltrap34/democleanup.htm ( merci à balltrap34 )
++
la boite .txt est vide.....
(mais je crois avoir lancé deux fois toolscleaner ??)
truc de zarb, je trouve que ma navigation générale rame ???
Autre chose, je n'ai plus les meme presentation sur ma barre de tache, Itunes se presente avec un miniequaizer, Il n'y a plus d'icone pour le bureau mais un onglet à la place ???
Dois je garder tout ce qui a été téléchargé ??
A savoir : Antivir, avg antispyware, ccleaner, tools cleaner, j'en ai peut etre d'autre d'aileurs ????
(mais je crois avoir lancé deux fois toolscleaner ??)
truc de zarb, je trouve que ma navigation générale rame ???
Autre chose, je n'ai plus les meme presentation sur ma barre de tache, Itunes se presente avec un miniequaizer, Il n'y a plus d'icone pour le bureau mais un onglet à la place ???
Dois je garder tout ce qui a été téléchargé ??
A savoir : Antivir, avg antispyware, ccleaner, tools cleaner, j'en ai peut etre d'autre d'aileurs ????
tiens cadeau:
c est bon c est regle........fallait que je netttoie avec plusieurs programmes differents et c est devenu une bombe.....
sans rien toucher d autre:
AVIS AUX FRIANDS DE SCAN GUERISSEURS!!!!!!!!!!!
________________________________________________
recupere ca et fait le tourner sans rien toucher et en fermant tout:
le fichier du meme nom:
https://www.malwarebytes.com/
tu l enregistre sur le bureau et en avant apres avoir ferme toutes les applications.
fais executer examen complet et laisse tourner jusqu a la fin
c'est un peu long 48 mn pour ma part mais j ai beaucoup de prog installes.
_______________________________________________
http://siri.urz.free.fr/Fix/SmitFraudFix.php
bureau-doubleclic et option 1
laisser venir le rapport redemarrer en mode sans echec
option 2 et oui a tout
sauvegarde du rapport....
redemarrer en mode normak
__________________________________________________
http://download.bleepingcomputer.com/suBs/ComboFix.exe
doubleclic et demarrer le scan;il sera
fini a la fin du rapport
___________________________________________________
telecharger sur le bureau:
http://pagesperso-orange.fr/aceRothstein/ToolsCleaner2.exe(sur 1 des deux liens)
ou
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
clique sur recherche et laisse finir le scan
clique sur suppression pour virer tout ca
tu peux affiner avec les options
si tu veux.......
_______________________________________________________
c est bon c est regle........fallait que je netttoie avec plusieurs programmes differents et c est devenu une bombe.....
sans rien toucher d autre:
AVIS AUX FRIANDS DE SCAN GUERISSEURS!!!!!!!!!!!
________________________________________________
recupere ca et fait le tourner sans rien toucher et en fermant tout:
le fichier du meme nom:
https://www.malwarebytes.com/
tu l enregistre sur le bureau et en avant apres avoir ferme toutes les applications.
fais executer examen complet et laisse tourner jusqu a la fin
c'est un peu long 48 mn pour ma part mais j ai beaucoup de prog installes.
_______________________________________________
http://siri.urz.free.fr/Fix/SmitFraudFix.php
bureau-doubleclic et option 1
laisser venir le rapport redemarrer en mode sans echec
option 2 et oui a tout
sauvegarde du rapport....
redemarrer en mode normak
__________________________________________________
http://download.bleepingcomputer.com/suBs/ComboFix.exe
doubleclic et demarrer le scan;il sera
fini a la fin du rapport
___________________________________________________
telecharger sur le bureau:
http://pagesperso-orange.fr/aceRothstein/ToolsCleaner2.exe(sur 1 des deux liens)
ou
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
clique sur recherche et laisse finir le scan
clique sur suppression pour virer tout ca
tu peux affiner avec les options
si tu veux.......
_______________________________________________________
ca m a empeche de reformater et mon pc est devenu une bombe...meme mon modem il me connectait plus il decrochait tout le temps....j ai fait tout ca et....non vraiment j en reviens pas......et en plus c est tout gratuit
A l'ouest quand même ...
Tu m'explique pourquoi avoir utilisé Smitfraudfix ?
au hasard sans doute ...
Et Toolscleaner ?
Quand à Combofix ...
T'as oublié de dire , qu'il a des précautions ... beaucoup de précautions à prendre !
sinon c'est le flinguage de pc assuré .
Sinon pou MBAM ,, à la rigueur je suis d'accord.
voila.
++
Tu m'explique pourquoi avoir utilisé Smitfraudfix ?
au hasard sans doute ...
Et Toolscleaner ?
Quand à Combofix ...
doubleclic et demarrer le scan;il sera fini a la fin du rapport
T'as oublié de dire , qu'il a des précautions ... beaucoup de précautions à prendre !
sinon c'est le flinguage de pc assuré .
Sinon pou MBAM ,, à la rigueur je suis d'accord.
voila.
++
ok je viens de me rendre compte que j avais oublie ca.....que j ai d ailleur oublie de suivre aussi.....
1) Télécharge et installe Malwarebyte's Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK
Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.
Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK
Laisse les Mises à jour se télécharger
*** Referme le programme ***
2) Redémarre en "Mode sans échec"
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.
3) Scan avec Malwarebyte's Anti-Malware
Lance Malwarebyte's Anti-Malware
Onglet "Recherche" >>> coche Executer un exame complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
Suppression des éléments détectés >>>> clique sur Supprimer la sélection
S'il t'es demandé de redémarrer >>> clique sur "Yes"
--> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse.
Y a un mieux non?
1) Télécharge et installe Malwarebyte's Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK
Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.
Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK
Laisse les Mises à jour se télécharger
*** Referme le programme ***
2) Redémarre en "Mode sans échec"
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.
3) Scan avec Malwarebyte's Anti-Malware
Lance Malwarebyte's Anti-Malware
Onglet "Recherche" >>> coche Executer un exame complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
Suppression des éléments détectés >>>> clique sur Supprimer la sélection
S'il t'es demandé de redémarrer >>> clique sur "Yes"
--> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse.
Y a un mieux non?
bonjour
gen-hackman,tu peut laisser cyril s'en occuper,je pense qu'il a presque terminer et ce topic serai plus clair
merci
gen-hackman,tu peut laisser cyril s'en occuper,je pense qu'il a presque terminer et ce topic serai plus clair
merci
Re ,
Pour Itunes , tu peux tenter de réinstaller.
Pour ta barre des tâches , c'est à toi de la modifier ;))
Supprime ,,
_Cleanup
_Toolscleaner
_OtmoveIt ( si présent )
Kerio est installé ?
++
Pour Itunes , tu peux tenter de réinstaller.
Pour ta barre des tâches , c'est à toi de la modifier ;))
Supprime ,,
_Cleanup
_Toolscleaner
_OtmoveIt ( si présent )
Kerio est installé ?
++
Re ,, ok =)
bon pour les lenteurs ...
Tu vas télécharger ce programme que tu garderas et tu pourras d'en servir de temps en temps .
***********************
1) Télécharge Ncleaner sur ton bureau , double clique sur le fichier d'installation et installe le logiciel.
2) Double clique sur l'icône crée sur le bureau et choisi ' cleansystem '
3) A gauche de l'écran , sous ' clean system and applications ' vérifie que seulement les 4 premières cases soit cochées , puis clique sur ' clean now ' > ' analyze '
--- Le programme va rechercher les fichier inutiles ---
Une fois l'analyse terminée , clique sur ' Clean ' et repond ' Yes ' a la demande de confirmation.
Cela terminé , clique sur ' Done '
4) Reprend l'étape 2 et choisi cette fois ci ' Registry clean and repair ' vérifie que toute les cases soient cochées et clique sur ' Clean now ' ( dans la colonne de droite cette fois-ci ) > ' Scan '
--- Le programme va rechercher les clées de registre invalides ---
Une fois le scan terminé , clique sur ' Remove ' et repond ' Yes ' a la demande de confirmation.
Cela terminé , clique sur ' Done '
++
bon pour les lenteurs ...
Tu vas télécharger ce programme que tu garderas et tu pourras d'en servir de temps en temps .
***********************
1) Télécharge Ncleaner sur ton bureau , double clique sur le fichier d'installation et installe le logiciel.
2) Double clique sur l'icône crée sur le bureau et choisi ' cleansystem '
3) A gauche de l'écran , sous ' clean system and applications ' vérifie que seulement les 4 premières cases soit cochées , puis clique sur ' clean now ' > ' analyze '
--- Le programme va rechercher les fichier inutiles ---
Une fois l'analyse terminée , clique sur ' Clean ' et repond ' Yes ' a la demande de confirmation.
Cela terminé , clique sur ' Done '
4) Reprend l'étape 2 et choisi cette fois ci ' Registry clean and repair ' vérifie que toute les cases soient cochées et clique sur ' Clean now ' ( dans la colonne de droite cette fois-ci ) > ' Scan '
--- Le programme va rechercher les clées de registre invalides ---
Une fois le scan terminé , clique sur ' Remove ' et repond ' Yes ' a la demande de confirmation.
Cela terminé , clique sur ' Done '
++
un Grand merci de votre asistance et votre precieux temps..
Moi qui n'y connait pas grand choZe, je me voyais dejà peut etre devoir tout formater.
Enfin merci bcp, j'espère à l'occasion mais pour trinquer un verre, a defaut de flipper devant sa toile..
Bon WE...
Moi qui n'y connait pas grand choZe, je me voyais dejà peut etre devoir tout formater.
Enfin merci bcp, j'espère à l'occasion mais pour trinquer un verre, a defaut de flipper devant sa toile..
Bon WE...
Re ,,
2 secondes il reste ça a faire =)
****************************
Maintenant que ton PC n'est plus infecté, désactive ta "Restauration du système" puis réactive la, ce qui créer un point de restauration sain...
Désactivation :
Clique droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > coche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Applique patiente jusqu’à ce que cela soit marqué "désactivé" puis Ok.
Activation :
Suivre le même chemin ; décoche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Applique attends que cela soit à nouveau sur "surveillance" puis Ok. Redémarre l'ordinateur.
******************
-------------Infos-------------
Ce lien explique ce que sont les pirates , leurs méthodes , comment les contrer , et la prévention ( merci espion3004 )
*****************
Pourquoi sécuriser mon pc ?
Trojan ? =/
**************
Bonne continuation ;)
+++
2 secondes il reste ça a faire =)
****************************
Maintenant que ton PC n'est plus infecté, désactive ta "Restauration du système" puis réactive la, ce qui créer un point de restauration sain...
Désactivation :
Clique droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > coche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Applique patiente jusqu’à ce que cela soit marqué "désactivé" puis Ok.
Activation :
Suivre le même chemin ; décoche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Applique attends que cela soit à nouveau sur "surveillance" puis Ok. Redémarre l'ordinateur.
******************
-------------Infos-------------
Ce lien explique ce que sont les pirates , leurs méthodes , comment les contrer , et la prévention ( merci espion3004 )
*****************
Pourquoi sécuriser mon pc ?
Trojan ? =/
**************
Bonne continuation ;)
+++