Sujet Précédent Sujet Suivant

[virus] popups + click to find and fix errors

Fermé
bastien8989 Messages postés 7 Date d'inscription vendredi 29 juin 2007 Statut Membre Dernière intervention 29 juin 2007 - 29 juin 2007 à 14:46
 Utilisateur anonyme - 29 juin 2007 à 18:50
Bonjour à tous,

Tout d'abord, je précise que je ne suis pas très doué en informatique, bien que je débrouille à peu près pour tout ce qui est basique.
Là j'ai un problème qui m'embète bien, j'ai des dixaines de popups qui envahissent mon écran (j'ai chargé un bloqueur de popups pour qu'ils ne "m'attaquent" plus, mais cela ralenti mon PC. Les popups sont du type "winantiviruspro" "errorsafe" et "systèmedoctor", mais il s'agit aussi des fois de pubs.
J'ai aussi une icône qui est apparue sur mon bureau qui s'apelle "click to find and fix errors". Comme j'ai pas trop confiance dans ce genre de chose je l'ai supprimée, mais elle est revenue après redémarage.

Je fait donc appel à vos expérences et à vos connaissances pour me venir en aide.

Merci d'avance et bonne journée à tous.

Bastien.

Je poste aussi directement un log hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 14:46, on 2007-06-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\autoupdatev2.exe
C:\apps\ABoard\AOSD.exe
C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\kamjvhxu.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Famille VERRY\Mes documents\Bastien\PubCruncher\PubCruncher.exe
C:\Documents and Settings\Famille VERRY\Bureau\hijackthis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F36119C-1E32-4CF6-8FB2-88BC33414CA6} - C:\WINDOWS\system32\jkkjh.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\hkldqwer.dll
O2 - BHO: (no name) - {311D65FE-8519-DEE6-4F17-8F8DCB228E99} - C:\WINDOWS\system32\tpdwbvm.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\cbxxxvt.dll
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\knxicrrd.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe
O4 - HKCU\..\Run: [Tvadk] "C:\Documents and Settings\Famille VERRY\Mes documents\W?nSxS\w?auclt.exe"
O4 - HKCU\..\Run: [Sra] "C:\DOCUME~1\FAMILL~1\MESDOC~1\SCURIT~1\lsass.exe" -vt ndrv
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - F:\Internet Cleaner\ICleaner.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - F:\Internet Cleaner\ICleaner.exe (file missing) (HKCU)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: cbxxxvt - C:\WINDOWS\SYSTEM32\cbxxxvt.dll
O20 - Winlogon Notify: igfxnet - C:\WINDOWS\SYSTEM32\avi32.dll
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\system32\jkkjh.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\kamjvhxu.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - Unknown owner - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe (file missing)
A voir également:

9 réponses

Réponse 1 / 9
Utilisateur anonyme
29 juin 2007 à 15:13
Bonjour

Installe cet anti-virus pour commencer, toujours en avoir un.

Avast (anti-virus) : gratuit en français
----> http://www.infos-du-net.com/telecharger/avast-Edition-Home,0301-387.html



Ensuite :

Télécharge VundoFix
---> http://www.atribune.org/ccount/click.php?id=4

Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..

double clic dessus choisis "start for vundo"
attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
un message te demandera si tu veux supprimes les fichiers sur "yes"
Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer si non, fais le par toi même
Une fois qu'il a redémarré colle le rapport C:\vundofix.txt


ET


Télécharge lopxp :
---> http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip

dézippe-le sur ton bureau puis double-clic sur le fichier "lopxpMH.bat"
quand il a terminé, un rapport s'ouvre : fais un copier-coller du rapport puis mets le ici
2
Réponse 2 / 9
bastien8989 Messages postés 7 Date d'inscription vendredi 29 juin 2007 Statut Membre Dernière intervention 29 juin 2007
29 juin 2007 à 15:42
Bon, j'ai mis un peu de temps, mais j'y suis arrivé (après environ cinq redémarages).

rapport vundofix:


VundoFix V6.5.4

Checking Java version...

Scan started at 15:25:49 29/06/2007

Listing files found while scanning....

C:\windows\system32\bdaxbevu.dll
C:\WINDOWS\system32\cbxxxvt.dll
C:\windows\system32\drrcixnk.ini
C:\windows\system32\ectmuede.dll
C:\windows\system32\edeumtce.ini
C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hkldqwer.dll
C:\WINDOWS\system32\jkkjh.dll
C:\windows\system32\kamjvhxu.exe
C:\windows\system32\khicngqq.dll
C:\WINDOWS\system32\knxicrrd.dll
C:\windows\system32\pnxwnpsx.dll
C:\windows\system32\qqgncihk.ini
C:\windows\system32\sdfxfkxv.exe

Beginning removal...

Attempting to delete C:\windows\system32\bdaxbevu.dll
C:\windows\system32\bdaxbevu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxxxvt.dll
C:\WINDOWS\system32\cbxxxvt.dll Could not be deleted.

Attempting to delete C:\windows\system32\drrcixnk.ini
C:\windows\system32\drrcixnk.ini Has been deleted!

Attempting to delete C:\windows\system32\ectmuede.dll
C:\windows\system32\ectmuede.dll Has been deleted!

Attempting to delete C:\windows\system32\edeumtce.ini
C:\windows\system32\edeumtce.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hkldqwer.dll
C:\WINDOWS\system32\hkldqwer.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\jkkjh.dll Could not be deleted.

Attempting to delete C:\windows\system32\kamjvhxu.exe
C:\windows\system32\kamjvhxu.exe Has been deleted!

Attempting to delete C:\windows\system32\khicngqq.dll
C:\windows\system32\khicngqq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\knxicrrd.dll
C:\WINDOWS\system32\knxicrrd.dll Has been deleted!

Attempting to delete C:\windows\system32\pnxwnpsx.dll
C:\windows\system32\pnxwnpsx.dll Has been deleted!

Attempting to delete C:\windows\system32\qqgncihk.ini
C:\windows\system32\qqgncihk.ini Has been deleted!

Attempting to delete C:\windows\system32\sdfxfkxv.exe
C:\windows\system32\sdfxfkxv.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cbxxxvt.dll
C:\WINDOWS\system32\cbxxxvt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\jkkjh.dll Has been deleted!

Performing Repairs to the registry.
Done!
0
Réponse 3 / 9
bastien8989 Messages postés 7 Date d'inscription vendredi 29 juin 2007 Statut Membre Dernière intervention 29 juin 2007
29 juin 2007 à 15:43
Et a présent le rapport lopxp

Rapport lopxpMH2 version 2.0 fait à 15:43:07.14 le 2007-06-29
C:\Documents and Settings\Famille VERRY\Bureau

******************************************
## Répertoires Application Data

Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est ECF5-6554

Répertoire de C:\Documents and Settings\Administrateur\Application Data

2007-06-28 11:08 <REP> .
2007-06-28 11:08 <REP> ..
2007-06-28 11:08 <REP> Identities
2007-06-28 11:08 <REP> Microsoft
2007-06-29 15:30 <REP> Mozilla
2007-06-28 11:08 <REP> Real
2007-06-28 11:08 <REP> Sonic
2007-06-28 11:08 62 desktop.ini
1 fichier(s) 62 octets
7 Rép(s) 48,294,629,376 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est ECF5-6554

Répertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data

2007-06-28 11:08 <REP> .
2007-06-28 11:08 <REP> ..
2007-06-28 11:08 <REP> Microsoft
2007-06-29 15:30 <REP> Mozilla
2007-06-28 11:08 <REP> Powercinema
2007-06-28 11:08 3,712,656 IconCache.db
1 fichier(s) 3,712,656 octets
5 Rép(s) 48,294,629,376 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est ECF5-6554

Répertoire de C:\Documents and Settings\All Users\Application Data

2005-09-22 16:44 <REP> .
2005-09-22 16:44 <REP> ..
2005-09-22 16:44 <REP> Adobe
2007-06-27 10:21 <REP> Apple Computer
2005-09-22 16:44 <REP> Microsoft
2005-10-02 11:19 <REP> Motive
2006-08-28 18:36 <REP> MotiveSysIDs
2005-10-01 17:00 <REP> MSN6
2005-09-22 16:44 <REP> QuickTime
2005-09-22 16:44 <REP> SBSI
2007-06-22 15:13 <REP> Spybot - Search & Destroy
2005-09-23 23:49 <REP> Symantec
2007-06-28 10:31 <REP> TEMP
2006-10-21 18:26 <REP> Trymedia
2005-09-22 22:08 <REP> Ulead Systems
2006-06-30 00:34 <REP> Windows Genuine Advantage
2002-09-30 12:55 62 desktop.ini
1 fichier(s) 62 octets
16 Rép(s) 48,294,629,376 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est ECF5-6554

Répertoire de C:\Documents and Settings\Default User\Application Data

2005-09-22 16:44 <REP> .
2005-09-22 16:44 <REP> ..
2005-09-22 08:26 <REP> Identities
2005-09-22 16:44 <REP> Microsoft
2005-09-22 08:26 <REP> Real
2005-09-22 08:26 <REP> Sonic
2002-09-30 12:55 62 desktop.ini
1 fichier(s) 62 octets
6 Rép(s) 48,294,629,376 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est ECF5-6554

Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

2005-09-22 16:44 <REP> .
2005-09-22 16:44 <REP> ..
2005-09-22 08:26 <REP> Microsoft
2005-09-22 08:26 <REP> Powercinema
2005-09-22 08:26 2,688,796 IconCache.db
1 fichier(s) 2,688,796 octets
4 Rép(s) 48,294,629,376 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est ECF5-6554

Répertoire de C:\Documents and Settings\Famille VERRY\Application Data

2005-09-22 08:28 <REP> .
2005-09-22 08:28 <REP> ..
2005-09-22 23:40 <REP> Adobe
2005-09-22 23:40 <REP> AdobeUM
2007-04-17 15:25 <REP> BitTorrent
2005-09-22 20:14 <REP> CyberLink
2007-06-22 12:25 <REP> dvdcss
2006-10-21 18:26 <REP> funkitron
2007-06-18 16:58 <REP> Google
2005-09-22 08:28 <REP> Identities
2005-09-23 23:55 <REP> IsolatedStorage
2005-09-25 14:00 <REP> Leadertech
2005-09-23 22:26 <REP> Macromedia
2005-09-22 08:28 <REP> Microsoft
2007-01-19 21:09 <REP> Microsoft Games
2007-05-27 18:23 <REP> Mozilla
2005-10-01 17:00 <REP> MSN6
2005-09-22 08:28 <REP> Real
2006-07-24 08:36 <REP> Shareaza
2005-09-22 08:28 <REP> Sonic
2005-09-22 22:23 <REP> Sun
2005-11-11 21:51 <REP> Symantec
2005-09-22 22:14 <REP> Ulead Systems
2005-09-22 08:28 62 desktop.ini
2005-09-23 20:07 33,456 GDIPFONTCACHEV1.DAT
2 fichier(s) 33,518 octets
23 Rép(s) 48,294,625,280 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est ECF5-6554

Répertoire de C:\Documents and Settings\Famille VERRY\Local Settings\Application Data

2005-09-22 08:28 <REP> .
2005-09-22 08:28 <REP> ..
2005-09-22 22:22 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142000}
2005-09-22 23:40 <REP> Adobe
2007-06-27 10:23 <REP> Apple Computer
2005-09-23 23:55 <REP> ApplicationHistory
2007-06-18 16:59 <REP> Google
2005-09-30 17:59 <REP> Identities
2005-09-22 08:28 <REP> Microsoft
2007-05-27 18:23 <REP> Mozilla
2005-09-22 08:28 <REP> Powercinema
2007-04-13 23:33 <REP> Shareaza
2007-04-13 23:33 <REP> WMTools Downloaded Files
2005-09-23 22:54 71,680 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2005-09-23 23:55 136 fusioncache.dat
2005-09-23 23:55 33,456 GDIPFONTCACHEV1.DAT
2007-06-22 23:45 1,577,214 IconCache.db
4 fichier(s) 1,682,486 octets
13 Rép(s) 48,294,625,280 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est ECF5-6554

Répertoire de C:\Documents and Settings\LocalService\Application Data

2005-09-22 16:44 <REP> .
2005-09-22 16:44 <REP> ..
2005-09-22 16:44 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 48,294,625,280 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est ECF5-6554

Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

2005-09-22 16:44 <REP> .
2005-09-22 16:44 <REP> ..
2005-09-22 16:44 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 48,294,625,280 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est ECF5-6554

Répertoire de C:\Documents and Settings\NetworkService\Application Data

2005-09-22 16:44 <REP> .
2005-09-22 16:44 <REP> ..
2005-09-22 16:44 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 48,294,625,280 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est ECF5-6554

Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

2005-09-22 16:44 <REP> .
2005-09-22 16:44 <REP> ..
2005-09-22 16:44 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 48,294,625,280 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est ECF5-6554

Répertoire de C:\Documents and Settings\Propriétaire

Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est ECF5-6554

Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

2005-09-22 16:48 <REP> .
2005-09-22 16:48 <REP> ..
2005-09-22 08:27 <REP> Identities
2005-09-22 16:48 <REP> Microsoft
2005-09-22 08:27 <REP> Real
2005-09-22 08:27 <REP> Sonic
2002-09-30 13:08 62 desktop.ini
1 fichier(s) 62 octets
6 Rép(s) 48,294,621,184 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est ECF5-6554

Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

2005-09-22 16:48 <REP> .
2005-09-22 16:48 <REP> ..
2005-09-22 07:51 <REP> Microsoft
2005-09-22 08:27 <REP> Powercinema
2005-09-22 08:27 2,688,796 IconCache.db
1 fichier(s) 2,688,796 octets
4 Rép(s) 48,294,621,184 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks


C:\WINDOWS\Tasks\Rappel
Rappel inexploitable


C:\WINDOWS\Tasks\Rappel
Rappel inexploitable


C:\WINDOWS\Tasks\Rappel
Rappel inexploitable


C:\WINDOWS\Tasks\Symantec
Symantec inexploitable

******************************************
## Répertoires de C:\Program Files

Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est ECF5-6554

Répertoire de C:\Program Files

2007-06-29 15:16 <REP> .
2007-06-29 15:16 <REP> ..
2006-07-06 08:45 <REP> AC3Filter
2006-07-31 12:23 <REP> Acclaim Entertainment
2005-09-22 16:44 <REP> Adobe
2007-06-29 15:16 <REP> Alwil Software
2007-06-29 15:08 <REP> BitComet
2007-06-29 14:52 <REP> BitTorrent
2007-04-16 18:57 <REP> CCleaner
2005-09-22 16:44 <REP> CyberLink
2005-11-11 15:53 <REP> directx
2006-07-05 12:07 <REP> DivX
2007-06-22 09:45 <REP> EA GAMES
2006-08-16 09:12 <REP> eMule
2007-06-29 14:23 <REP> Fichiers communs
2006-07-01 10:21 <REP> Illustrate
2007-06-14 03:02 <REP> Internet Explorer
2005-09-22 22:22 <REP> Java
2007-04-22 23:04 <REP> K!TV
2005-11-11 16:34 <REP> McFunSoft Video Solution
2005-10-09 11:38 <REP> Messenger
2005-10-02 14:29 <REP> MGI
2007-05-09 23:15 <REP> Microsoft CAPICOM 2.1.0.2
2005-09-22 16:45 <REP> microsoft frontpage
2007-01-19 21:06 <REP> Microsoft Games
2007-06-22 09:46 <REP> microsoft office
2005-09-22 16:45 <REP> Microsoft Visual Studio
2005-10-09 09:12 <REP> Movie Maker
2007-06-28 11:05 <REP> Mozilla Firefox
2005-09-22 16:45 <REP> MSN
2005-09-22 16:45 <REP> MSN Gaming Zone
2007-06-25 21:28 <REP> MSN Messenger
2005-10-09 09:10 <REP> NetMeeting
2006-01-12 23:16 <REP> Norton AntiVirus
2005-09-22 16:45 <REP> Nullsoft
2007-06-14 03:02 <REP> Outlook Express
2005-09-22 16:45 <REP> Real
2007-06-22 19:14 <REP> RealMedia
2007-06-17 23:52 <REP> Smart Projects
2005-09-22 16:46 <REP> Sonic
2006-01-12 23:18 <REP> Symantec
2005-09-25 23:37 <REP> Talkway
2006-07-01 11:54 <REP> Total War
2007-04-29 18:46 <REP> TrackMania Nations ESWC
2006-07-11 12:44 <REP> Ultralingua
2005-09-22 16:46 <REP> Viewpoint
2005-09-24 10:58 <REP> Warcraft III
2006-06-30 00:33 <REP> Windows Media Player
2005-10-09 09:09 <REP> Windows NT
2006-07-11 12:43 <REP> WinRAR
2005-11-11 22:11 <REP> WinZip
2005-09-22 16:46 <REP> xerox
2007-06-25 15:35 <REP> Zoom Player
0 fichier(s) 0 octets
53 Rép(s) 48,294,621,184 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow

* Mozilla Firefox (1 autorisé 2 interdit)

---------- C:\DOCUMENTS AND SETTINGS\FAMILLE VERRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VEPMDN7U.DEFAULT\HOSTPERM.1
host popup 1 fr.play.yahoo.com
host popup 1 www4.ravel-multimedia.fr

******************************************
## Registre

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"


*************** Fin du rapport ****************
0
Réponse 4 / 9
Utilisateur anonyme
29 juin 2007 à 15:49
Tu peux jeter LopXP et Vundofix


¤ Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp

https://www.bitdefender.com/toolbox/



¤ Télécharge ce programme puis double clic dessus (ferme ton antivirus s'il te détecte quoi que ce soit)
http://www.suspectfile.com/systemscan/

* Coche uniquement ces cases, décoche tout le reste :

- Recent Files, 60 days
- Registry Run Key

Puis clic sur scan now, soit patient.
Une fois qu'il aura terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
bastien8989 Messages postés 7 Date d'inscription vendredi 29 juin 2007 Statut Membre Dernière intervention 29 juin 2007
29 juin 2007 à 16:01
bitdefender est entrain de se faire, mais il enest même pas au quart donc il va falloir patienter.
Voici le rapport de suspect file :

SystemScan - www.suspectfile.com - ver. 3.1.2

Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS

Date: 2007-06-29
Time: 15:58:19

Output limited to:
-Recent files
-Registry Run Keys

===================== Recent files (60 days old)=====================

----- recent files in C:\
22-06-2007 09:38:14 (DIR) 0 byte 7 days old -- Team17
22-06-2007 12:25:46 (DIR) 0 byte 7 days old -- MyCloneDVD
22-06-2007 12:25:46 (DIR) 0 byte 7 days old -- TempSDVDClone
22-06-2007 16:20:59 303 byte 7 days old -- Cleanup.txt
22-06-2007 16:33:53 7598 byte 7 days old -- caisslog.txt
23-06-2007 21:27:07 36864 byte 6 days old -- t220
23-06-2007 21:55:19 126976 byte 6 days old -- t220.1
24-06-2007 11:53:58 5622 byte 5 days old -- MACDR001.CST
27-06-2007 11:29:07 (DIR) 0 byte 2 days old -- Config.Msi
28-06-2007 11:02:17 2043 byte 1 days old -- fixnavi.txt
28-06-2007 11:08:11 (DIR) 0 byte 1 days old -- Documents and Settings
28-06-2007 11:09:51 (DIR) 0 byte 1 days old -- RECYCLER
28-06-2007 11:29:52 1906 byte 1 days old -- rapport.txt
29-06-2007 14:17:33 64 byte 0 days old -- ComboFix.txt.bat
29-06-2007 14:22:56 (DIR) 0 byte 0 days old -- QooBox
29-06-2007 14:25:29 (DIR) 0 byte 0 days old -- ComboFix
29-06-2007 15:06:40 (DIR) 0 byte 0 days old -- Downloads
29-06-2007 15:16:45 (DIR) 0 byte 0 days old -- Program Files
29-06-2007 15:34:38 291 byte 0 days old -- BOOT.INI
29-06-2007 15:35:50 (DIR) 0 byte 0 days old -- VundoFix Backups
29-06-2007 15:36:52 2727 byte 0 days old -- VundoFix.txt
29-06-2007 15:37:47 150994944 byte 0 days old -- pagefile.sys
29-06-2007 15:43:09 13004 byte 0 days old -- lop.txt
29-06-2007 15:53:20 (DIR) 0 byte 0 days old -- WINDOWS
29-06-2007 15:58:19 (DIR) 0 byte 0 days old -- suspectfile

----- recent files in C:\WINDOWS\
03-06-2007 21:57:28 130 byte 26 days old -- Merrills.cfg
05-06-2007 05:24:03 87552 byte 24 days old -- catchme.exe
19-05-2007 19:23:56 (DIR) 0 byte 41 days old -- Minidump
19-05-2007 23:31:17 (DIR) 0 byte 41 days old -- WinSxS
27-05-2007 18:28:50 1156 byte 33 days old -- mozver.dat
13-06-2007 11:39:20 (DIR) 0 byte 16 days old -- $hf_mig$
17-06-2007 23:47:50 (DIR) 0 byte 12 days old -- Debug
19-06-2007 10:44:48 316640 byte 10 days old -- WMSysPr9.prx
20-06-2007 02:43:41 (DIR) 0 byte 9 days old -- Help
22-06-2007 09:46:16 239 byte 7 days old -- SIERRA.INI
22-06-2007 10:24:54 396 byte 7 days old -- Ulead32.ini
22-06-2007 10:24:57 52 byte 7 days old -- pex.INI
22-06-2007 12:31:11 (DIR) 0 byte 7 days old -- system
22-06-2007 13:51:11 0 byte 7 days old -- sectors.txt
22-06-2007 15:02:23 (DIR) 0 byte 7 days old -- pss
22-06-2007 15:28:35 (DIR) 0 byte 7 days old -- PIF
22-06-2007 15:33:58 0 byte 7 days old -- pestpatrol5.INI
25-06-2007 21:28:25 71906 byte 4 days old -- call.exe
25-06-2007 23:37:40 40960 byte 4 days old -- retadpu1000627.exe.ren
27-06-2007 10:23:46 54156 byte 2 days old -- QTFont.qfn
27-06-2007 10:23:46 1409 byte 2 days old -- QTFont.for
27-06-2007 11:27:53 (DIR) 0 byte 2 days old -- Installer
29-06-2007 14:17:20 (DIR) 0 byte 0 days old -- Prefetch
29-06-2007 14:25:27 (DIR) 0 byte 0 days old -- Tasks
29-06-2007 15:23:21 32606 byte 0 days old -- SchedLgU.Txt
29-06-2007 15:34:38 633 byte 0 days old -- win.ini
29-06-2007 15:34:38 227 byte 0 days old -- system.ini
29-06-2007 15:37:49 2048 byte 0 days old -- bootstat.dat
29-06-2007 15:38:17 50 byte 0 days old -- wiaservc.log
29-06-2007 15:38:23 159 byte 0 days old -- wiadebug.log
29-06-2007 15:38:24 1299881 byte 0 days old -- WindowsUpdate.log
29-06-2007 15:38:33 0 byte 0 days old -- 0.log
29-06-2007 15:39:40 (DIR) 0 byte 0 days old -- TEMP
29-06-2007 15:41:48 (DIR) 0 byte 0 days old -- system32
29-06-2007 15:53:10 (DIR) 0 byte 0 days old -- LastGood
29-06-2007 15:53:17 (DIR) 0 byte 0 days old -- inf
29-06-2007 15:53:23 10960 byte 0 days old -- setupapi.log
29-06-2007 15:53:23 (DIR) 0 byte 0 days old -- Downloaded Program Files
29-06-2007 15:54:06 (DIR) 0 byte 0 days old -- BDOSCAN8

----- recent files in C:\WINDOWS\Downloaded Program Files\

----- recent files in C:\WINDOWS\system\
22-06-2007 12:31:11 53760 byte 7 days old -- ppacklib.dll

----- recent files in C:\WINDOWS\system32\
04-05-2007 14:36:14 3079680 byte 56 days old -- mshtml.dll
16-05-2007 17:13:53 683520 byte 44 days old -- inetcomm.dll
16-05-2007 17:15:53 40960 byte 44 days old -- avi32.dll
06-06-2007 08:38:41 15747032 byte 23 days old -- MRT.exe
19-06-2007 11:41:38 145216 byte 10 days old -- FNTCACHE.DAT
22-06-2007 12:31:11 237568 byte 7 days old -- lame_enc.dll
22-06-2007 12:31:11 753664 byte 7 days old -- agsaamg.dll
22-06-2007 12:31:11 372736 byte 7 days old -- agsaamc.dll
22-06-2007 12:31:11 538624 byte 7 days old -- agsaamb.dll
22-06-2007 12:31:11 331776 byte 7 days old -- agsaama.dll
22-06-2007 12:31:11 360448 byte 7 days old -- agsaamf.ocx
22-06-2007 12:31:11 551424 byte 7 days old -- agsaame.dll
22-06-2007 12:31:11 544256 byte 7 days old -- agsaamd.dll
22-06-2007 12:31:12 90112 byte 7 days old -- agsaami.dll
22-06-2007 12:31:12 626688 byte 7 days old -- agsaamh.dll
22-06-2007 12:31:12 2846720 byte 7 days old -- agsaamj.dll
22-06-2007 12:31:16 41 byte 7 days old -- winitn.dll
25-06-2007 22:17:06 6369 byte 4 days old -- hjkkj.bak1.ren
26-06-2007 10:19:39 4672 byte 3 days old -- rlhpijoq.exe
26-06-2007 14:31:03 681984 byte 3 days old -- CDUninst.exe
26-06-2007 23:12:34 (DIR) 0 byte 3 days old -- dllcache
26-06-2007 23:12:46 (DIR) 0 byte 3 days old -- CatRoot
28-06-2007 10:18:29 973970 byte 1 days old -- hjkkj.bak2.ren
28-06-2007 10:21:46 128576 byte 1 days old -- bxbcgujs.dll.ren
28-06-2007 10:22:02 465 byte 1 days old -- sjugcbxb.ini.ren
28-06-2007 10:34:06 955778 byte 1 days old -- hjkkj.ini.ren
28-06-2007 11:11:48 0 byte 1 days old -- tmp.txt
28-06-2007 11:11:48 2594 byte 1 days old -- tmp.reg
28-06-2007 15:40:56 143 byte 1 days old -- mcrh.tmp
29-06-2007 12:29:27 2238 byte 0 days old -- ClickToFindandFixErrors_Intl.ico
29-06-2007 15:06:40 2560 byte 0 days old -- BitCometRes.dll
29-06-2007 15:17:06 3121 byte 0 days old -- CONFIG.NT
29-06-2007 15:17:08 (DIR) 0 byte 0 days old -- drivers
29-06-2007 15:21:17 (DIR) 0 byte 0 days old -- config
29-06-2007 15:39:10 1170 byte 0 days old -- wpa.dbl
29-06-2007 15:53:10 (DIR) 0 byte 0 days old -- CatRoot2

----- recent files in C:\WINDOWS\system32\drivers\
19-06-2007 11:39:51 682232 byte 10 days old -- sptd.sys
22-06-2007 12:25:04 47360 byte 7 days old -- Pcouffin.sys
27-06-2007 22:20:18 72832 byte 2 days old -- core.sys
27-06-2007 22:20:19 164787 byte 2 days old -- core.cache.dsk

----- recent files in C:\WINDOWS\temp\
29-06-2007 15:35:53 16384 byte 0 days old -- Perflib_Perfdata_5c4.dat
29-06-2007 15:37:57 16384 byte 0 days old -- Perflib_Perfdata_584.dat
29-06-2007 15:38:01 255 byte 0 days old -- WGAErrLog.txt
29-06-2007 15:39:13 409 byte 0 days old -- WGANotify.settings
29-06-2007 15:55:53 (DIR) 0 byte 0 days old -- _avast4_

----- recent files in C:\Program Files\
14-06-2007 03:02:40 (DIR) 0 byte 15 days old -- Outlook Express
14-06-2007 03:02:55 (DIR) 0 byte 15 days old -- Internet Explorer
17-06-2007 23:52:44 (DIR) 0 byte 12 days old -- Smart Projects
22-06-2007 09:45:54 (DIR) 0 byte 7 days old -- EA GAMES
22-06-2007 09:46:44 (DIR) 0 byte 7 days old -- microsoft office
22-06-2007 19:14:19 (DIR) 0 byte 7 days old -- RealMedia
25-06-2007 15:35:30 (DIR) 0 byte 4 days old -- Zoom Player
25-06-2007 21:28:47 (DIR) 0 byte 4 days old -- MSN Messenger
28-06-2007 11:05:43 (DIR) 0 byte 1 days old -- Mozilla Firefox
29-06-2007 14:23:16 (DIR) 0 byte 0 days old -- Fichiers communs
29-06-2007 14:27:24 (DIR) 0 byte 0 days old -- InstallShield Installation Information
29-06-2007 14:52:48 (DIR) 0 byte 0 days old -- BitTorrent
29-06-2007 15:08:59 (DIR) 0 byte 0 days old -- BitComet
29-06-2007 15:16:45 (DIR) 0 byte 0 days old -- Alwil Software
09-05-2007 23:15:01 (DIR) 0 byte 51 days old -- Microsoft CAPICOM 2.1.0.2

----- recent files in C:\Program Files\Fichiers communs\
14-06-2007 03:02:40 (DIR) 0 byte 15 days old -- System

===================== REGISTRY SCAN =====================


-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"VCSPlayer"="\"C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe\""
"UpdateManager"="\"c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe\" /r"
"TkBellExe"="\"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe\" -osboot"
"SoundMan"="SOUNDMAN.EXE"
"PCMService"="\"c:\Apps\Powercinema\PCMService.exe\""
"Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe"
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
"ATIModeChange"="Ati2mdxx.exe"
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe"
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"

[Run\OptionalComponents]

[Run\OptionalComponents\IMAIL]
"Installed"="1"

[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[Run\OptionalComponents\MSFS]
"Installed"="1"

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
@SACL=
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"BitTorrent"="\"C:\Program Files\BitTorrent\bittorrent.exe\" --force_start_minimized"
"autoupdatev2"="C:\WINDOWS\system32\autoupdatev2.exe"
"Tvadk"="\"C:\Documents and Settings\Famille VERRY\Mes documents\W?nSxS\w?auclt.exe\""
"Sra"="\"C:\DOCUME~1\FAMILL~1\MESDOC~1\SCURIT~1\lsass.exe\" -vt ndrv"

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[run]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[Run]

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"=""

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%SystemRoot%\System32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\System32\stobject.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{DC192567-65F9-4AB6-ADB7-E13575F81726}"=""

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Mappage de zones Internet Explorer"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"=expand:"iedkcs32.dll"
"@="Personnalisation de Internet Explorer"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installation de logiciel"
"DllName"=expand:"appmgmts.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"

[Winlogon\Notify\igfxnet]
"DllName"="avi32.dll"
"Logoff"="StopProcessAtWinLogoff"
"Logon"="StartProcessAtWinLogon"
"Startup"="StartProcessAtStartup"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=expand:"WgaLogon.dll"

[Winlogon\Notify\WgaLogon\Settings]

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
@SACL=
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp"
"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[RunOnceEx]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]
@SACL=

[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
#### HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32 @="C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll"
@SACL=

[Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
#### HKCR\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\InprocServer32 @="C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll"
@="BitComet ClickCapture"

[Browser Helper Objects\{8D1568BA-3C89-47FB-A8D2-7BBBC26AB4BE}]
#### HKCR\CLSID\{8D1568BA-3C89-47FB-A8D2-7BBBC26AB4BE}\InprocServer32 @="C:\WINDOWS\system32\jkkjh.dll"

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
@SACL=
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\System32\shdocvw.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-----

[startupfolder]

-----HKCU\Control Panel\Desktop\-----

[Desktop]

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\System32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wdigest\00\00"
"LsaPid"=dword:00000310
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
"enabledcom"="y"

[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]
@Class="eed829a3"
"Pattern"=hex:7c,49,0f,41,3c,20,b9,b8,21,6a,7b,39,a2,76,bc,88,65,65,64,38,32,\
39,61,33,00,00,00,00,01,00,00,00,c0,01,00,00,c4,01,00,00,34,ca,06,00,45,9d,\
b5,71,04,00,00,00,10,00,00,00,00,00,00,00,7c,72,54,cd

[Lsa\GBG]
@Class="7c14f6ce"
"GrafBlumGroup"=hex:dd,9c,b8,fc,5b,8a,55,80,2e

[Lsa\JD]
@Class="1421cde0"
"Lookup"=hex:69,e7,7d,50,7f,83

[Lsa\Kerberos]

[Lsa\Kerberos\Domains]

[Lsa\Kerberos\SidCache]

[Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[Lsa\Skew1]
@Class="547262fa"
"SkewMatrix"=hex:4f,02,8d,cb,fd,15,ce,c9,ad,2d,43,1f,4e,34,19,98

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]
"Time"=hex:4a,3d,b4,ba,a7,cc,c5,01

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,fd,fd,8f,41,86,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:80,74,8c,96,41,86,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:80,74,8c,96,41,86,c4,01
"Type"=dword:00000031

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Internet Connection Sharing"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"DependOnGroup"=multi:"\00"
"ObjectName"="LocalSystem"
"Description"="Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection."

[SharedAccess\Epoch]
"Epoch"=dword:00000c9a

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\kamjvhxu.exe"="C:\WINDOWS\system32\kamj"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"9237:TCP"="9237:TCP:*:Enabled:BitComet 9237 TCP"
"9237:UDP"="9237:UDP:*:Enabled:BitComet 9237 UDP"

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"{C7E3BF90-3B1A-440E-BF21-75B9E82C78DF}"=dword:00000001
"{017DA56C-AE4B-4184-9CA8-4CE3894FF6A3}"=dword:00000001
"{59400E24-A36C-4AC9-A8F4-4EAB07061AA9}"=dword:00000001
"{15B9A252-2039-4436-8765-28549615B4CC}"=dword:00000001
"{F55CCDD4-7989-4DA3-B1E1-4327BB265C70}"=dword:00000001
"{FE27AC42-B0FF-4A1C-8361-6EDAC9004D93}"=dword:00000001
"{BD6CFB76-63DF-474C-B735-09E7D1520539}"=dword:00000001
"{BC840197-0E96-442D-9343-F2C9EDEE33D3}"=dword:00000001
"{42B562EA-C4F0-4300-B6BB-3A42DBA1DD80}"=dword:00000001
"{AA3FA9C3-09C5-4E9A-ABF8-275948374615}"=dword:00000001
"{BBB286B8-5860-4100-A102-466953741020}"=dword:00000001
"All"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"RestoreStatus"=dword:00000001
"RestoreSafeModeStatus"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{9AEDEF4B-1977-4657-B854-EFDB21259CFF}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

[VB and VBA Program Settings]

[VB and VBA Program Settings\CCleaner]

[VB and VBA Program Settings\CCleaner\Options]

[VB and VBA Program Settings\frmCDDVDWriter]

[VB and VBA Program Settings\frmCDDVDWriter\WindowInfo]

[VB and VBA Program Settings\WindowsSystem]

[VB and VBA Program Settings\WindowsSystem\acd]

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

[MountPoints2]
@SACL=

[MountPoints2\A]
"BaseClass"="Drive"

[MountPoints2\C]
"BaseClass"="Drive"

[MountPoints2\D]
"BaseClass"="Drive"

[MountPoints2\D\_Autorun]

[MountPoints2\D\_Autorun\DefaultIcon]
@="D:\setup.ico"

[MountPoints2\E]
"BaseClass"="Drive"

[MountPoints2\F]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,cf,5f,5f,5f,\
df,df,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,00,01,00,00,00,08,\
00,00,00

[MountPoints2\G]
"BaseClass"="Drive"

[MountPoints2\I]
"BaseClass"="Drive"

[MountPoints2\J]
@SACL=
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,cf,5f,5f,5f,\
df,df,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,00,01,00,00,00,08,\
00,00,00

[MountPoints2\K]
@SACL=
"BaseClass"="Drive"

[MountPoints2\L]
"BaseClass"="Drive"

[MountPoints2\N]
"BaseClass"="Drive"

[MountPoints2\{0764e482-2224-11db-adb6-000d6155c657}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,01,00,00

[MountPoints2\{0764e482-2224-11db-adb6-000d6155c657}\shell]
@="None"

[MountPoints2\{0764e482-2224-11db-adb6-000d6155c657}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{0764e482-2224-11db-adb6-000d6155c657}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{1496d036-5270-11da-ad6f-000d6155c657}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,07,00,00

[MountPoints2\{1496d036-5270-11da-ad6f-000d6155c657}\shell]
@="None"

[MountPoints2\{1496d036-5270-11da-ad6f-000d6155c657}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{1496d036-5270-11da-ad6f-000d6155c657}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{23986508-2c73-11da-ad2c-000e5061be3b}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,07,00,00

[MountPoints2\{23986508-2c73-11da-ad2c-000e5061be3b}\shell]
@="None"

[MountPoints2\{23986508-2c73-11da-ad2c-000e5061be3b}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{23986508-2c73-11da-ad2c-000e5061be3b}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{3599ad53-2bf7-11da-ad25-000e5061be3b}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00

[MountPoints2\{3599ad53-2bf7-11da-ad25-000e5061be3b}\shell]
@="None"

[MountPoints2\{3599ad53-2bf7-11da-ad25-000e5061be3b}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{3599ad53-2bf7-11da-ad25-000e5061be3b}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{58b9592c-82a9-11db-ae0c-000d6155c657}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,00,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,03,00,00

[MountPoints2\{58b9592c-82a9-11db-ae0c-000d6155c657}\Shell]
@="AutoRun"

[MountPoints2\{58b9592c-82a9-11db-ae0c-000d6155c657}\Shell\Auto]

[MountPoints2\{58b9592c-82a9-11db-ae0c-000d6155c657}\Shell\Auto\command]
@="F:\BootIO.exe"

[MountPoints2\{58b9592c-82a9-11db-ae0c-000d6155c657}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{58b9592c-82a9-11db-ae0c-000d6155c657}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{58b9592c-82a9-11db-ae0c-000d6155c657}\Shell\AutoRun]
"Extended"=""
@="&Exécution automatique"

[MountPoints2\{58b9592c-82a9-11db-ae0c-000d6155c657}\Shell\AutoRun\command]
@="C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BootIO.exe"

[MountPoints2\{5fbab06a-d473-11d6-9787-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{5fbab06b-d473-11d6-9787-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{5fbab06c-d473-11d6-9787-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{a8d03ef1-1803-11db-ad9d-000d6155c657}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,02,00,00

[MountPoints2\{a8d03ef1-1803-11db-ad9d-000d6155c657}\Shell]
@="AutoRun"

[MountPoints2\{a8d03ef1-1803-11db-ad9d-000d6155c657}\Shell\Auto]

[MountPoints2\{a8d03ef1-1803-11db-ad9d-000d6155c657}\Shell\Auto\command]
@="F:\BootIO.exe"

[MountPoints2\{a8d03ef1-1803-11db-ad9d-000d6155c657}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{a8d03ef1-1803-11db-ad9d-000d6155c657}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{a8d03ef1-1803-11db-ad9d-000d6155c657}\Shell\AutoRun]
"Extended"=""
@="&Exécution automatique"

[MountPoints2\{a8d03ef1-1803-11db-ad9d-000d6155c657}\Shell\AutoRun\command]
@="C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BootIO.exe"

[MountPoints2\{b2f90242-1a36-11db-ada3-000d6155c657}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00

[MountPoints2\{b2f90242-1a36-11db-ada3-000d6155c657}\shell]
@="None"

[MountPoints2\{b2f90242-1a36-11db-ada3-000d6155c657}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{b2f90242-1a36-11db-ada3-000d6155c657}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{b68006d0-2b2c-11da-ad21-806d6172696f}]
"BaseClass"="Drive"

[MountPoints2\{b68006d1-2b2c-11da-ad21-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,20,00,00,00,09,00,00,00

[MountPoints2\{b68006d1-2b2c-11da-ad21-806d6172696f}\Name]
@="Harry Potter II"

[MountPoints2\{b68006d1-2b2c-11da-ad21-806d6172696f}\_Autorun]

[MountPoints2\{b68006d1-2b2c-11da-ad21-806d6172696f}\_Autorun\DefaultIcon]
@="D:\age2x.ico"

[MountPoints2\{b68006d2-2b2c-11da-ad21-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,df,\
df,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,e0,00,00,00,08,00,00,00

[MountPoints2\{b68006d2-2b2c-11da-ad21-806d6172696f}\Name]
@="The Battle for Middle-earth"

[MountPoints2\{b68006d2-2b2c-11da-ad21-806d6172696f}\_Autorun]

[MountPoints2\{b68006d2-2b2c-11da-ad21-806d6172696f}\_Autorun\DefaultIcon]
@="E:\medieval.ico"

[MountPoints2\{b68006d3-2b2c-11da-ad21-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,20,00,00,00,08,\
00,00,00

[MountPoints2\{b68006d6-2b2c-11da-ad21-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,00,10,00,00,00,00,00,00

[MountPoints2\{b68006d7-2b2c-11da-ad21-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,cf,cf,cf,5f,cf,cf,cf,5f,5f,5f,5f,5f,5f,5f,5f,\
5f,5f,00,00,10,00,00,00,00,00,00

[MountPoints2\{b68006d8-2b2c-11da-ad21-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,02,00,00

[MountPoints2\{b68006d9-2b2c-11da-ad21-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,06,00,00

[MountPoints2\{bffeb724-82d3-11d8-b559-000d6155c657}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{bffeb725-82d3-11d8-b559-000d6155c657}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{bffeb726-82d3-11d8-b559-000d6155c657}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{c97f78d4-82d0-11d8-b555-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{c97f78d5-82d0-11d8-b555-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{c97f78d6-82d0-11d8-b555-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{c97f78d7-82d0-11d8-b555-000d6155c657}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{c97f78d8-82d0-11d8-b555-000d6155c657}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{c97f78d9-82d0-11d8-b555-000d6155c657}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{c97f78da-82d0-11d8-b555-000d6155c657}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{df67819a-3774-11da-ad5c-000d6155c657}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,01,00,00

[MountPoints2\{df67819a-3774-11da-ad5c-000d6155c657}\shell]
@="None"

[MountPoints2\{df67819a-3774-11da-ad5c-000d6155c657}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{df67819a-3774-11da-ad5c-000d6155c657}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{fb5f387e-39ce-11da-ad67-000d6155c657}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,07,00,00

[MountPoints2\{fb5f387e-39ce-11da-ad67-000d6155c657}\shell]
@="None"

[MountPoints2\{fb5f387e-39ce-11da-ad67-000d6155c657}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{fb5f387e-39ce-11da-ad67-000d6155c657}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{fd73458f-f008-11db-ae44-000d6155c657}]
"BaseClass"="Drive"

[MountPoints2\{fd73458f-f008-11db-ae44-000d6155c657}\Shell]
@="AutoRun"

[MountPoints2\{fd73458f-f008-11db-ae44-000d6155c657}\Shell\Auto]

[MountPoints2\{fd73458f-f008-11db-ae44-000d6155c657}\Shell\Auto\command]
@="F:\BootIO.exe"

[MountPoints2\{fd73458f-f008-11db-ae44-000d6155c657}\Shell\AutoRun]
"Extended"=""
@="&Exécution automatique"

[MountPoints2\{fd73458f-f008-11db-ae44-000d6155c657}\Shell\AutoRun\command]
@="C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BootIO.exe"

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Lecteur Windows Media"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\>{9655EDED-E87C-4BC2-8C3C-06700035C2C9}]
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
"@="Personnalisation du navigateur"
"ComponentID"="BRANDING.CAB"

[Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}]
#### HKCR\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\InprocServer32 @="C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll"
"@="Viewpoint Media Player"
"ComponentID"="Viewpoint"

[Installed Components\{057997dd-71e4-43cc-b161-3f8180691a9e}]
"@="Q824145"
"ComponentID"="Q824145"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\System32\msjava.dll"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
"@="Internet Explorer Classes for Java"
"ComponentID"="IEJAVA"

[Installed Components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0e}]
"@="Fichier Lisez-moi d'Internet Explorer"
"ComponentID"="IEREADME"

[Installed Components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0f}]
"@="IEEX"
"ComponentID"="IEEX"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendu VML (Vector Graphics Rendering)"
"ComponentID"="MSVML"

[Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}]
#### HKCR\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\SwDir.dll"
"ComponentID"="Director"
"@="Macromedia Shockwave Director 8.5.1"

[Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
#### HKCR\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}\InprocServer32 @="C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll"
"@="Viewpoint Media Player"
"ComponentID"="Viewpoint"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Windows Media Player"
"StubPath"=""
"@="Lecteur Windows Media Microsoft 6.4"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
#### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\System32\danim.dll"
"@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
"@="Macromedia Shockwave Director 8.5.1"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Liaison de données Dynamic HTML pour Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Logiciel de navigation hors connexion"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Création avancée"
"ComponentID"="AdvAuth"

[Installed Components\{44AA3114-D221-43EC-1C32-1EAC52A2014D}]
"StubPath"="C:\WINDOWS\system32\msnvl.exe"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft DirectX"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Aide sur Internet Explorer"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classes Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBSc
0
Réponse 6 / 9
bastien8989 Messages postés 7 Date d'inscription vendredi 29 juin 2007 Statut Membre Dernière intervention 29 juin 2007
29 juin 2007 à 16:14
bit defender devrait mettre encore 37 minutes donc on a le temps!! ;)
0
Réponse 7 / 9
bastien8989 Messages postés 7 Date d'inscription vendredi 29 juin 2007 Statut Membre Dernière intervention 29 juin 2007
29 juin 2007 à 17:26
problème : je n'ai aps de raport pour bit defender
0
Réponse 8 / 9
bastien8989 Messages postés 7 Date d'inscription vendredi 29 juin 2007 Statut Membre Dernière intervention 29 juin 2007
29 juin 2007 à 17:32
Non en fait je l'ai trouvé





BitDefender Online Scanner







Scan report generated at: Fri, Jun 29, 2007 - 17:23:22









Scan path: C:\;D:\;E:\;I:\;J:\;K:\;L:\;















Statistics

Time


01:29:16

Files


218021

Folders


6444

Boot Sectors


3

Archives


6897

Packed Files


7928







Results

Identified Viruses


21

Infected Files


55

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


54







Engines Info

Virus Definitions


607640

Engine build


AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Documents and Settings\Famille VERRY\Bureau\catchme.zip=>core.sys


Infected with: Rootkit.Agent.EV

C:\Documents and Settings\Famille VERRY\Bureau\catchme.zip=>core.sys


Disinfection failed

C:\Documents and Settings\Famille VERRY\Bureau\catchme.zip=>core.sys


Deleted

C:\Documents and Settings\Famille VERRY\Bureau\catchme.zip


Updated

C:\Documents and Settings\Famille VERRY\Local Settings\Temp\!update.exe


Infected with: Trojan.Downloader.PurityScan.DH

C:\Documents and Settings\Famille VERRY\Local Settings\Temp\!update.exe


Disinfection failed

C:\Documents and Settings\Famille VERRY\Local Settings\Temp\!update.exe


Deleted

C:\QooBox\Quarantine\C\DOCUME~1\FAMILL~1\MESDOC~1\SCURIT~1\lsass.exe.ren.vir


Infected with: Trojan.Downloader.PurityScan.EK

C:\QooBox\Quarantine\C\DOCUME~1\FAMILL~1\MESDOC~1\SCURIT~1\lsass.exe.ren.vir


Disinfection failed

C:\QooBox\Quarantine\C\DOCUME~1\FAMILL~1\MESDOC~1\SCURIT~1\lsass.exe.ren.vir


Deleted

C:\QooBox\Quarantine\C\DOCUME~1\FAMILL~1\MESDOC~1\SCURIT~1\lsass.exe.vir


Infected with: Trojan.Downloader.PurityScan.DH

C:\QooBox\Quarantine\C\DOCUME~1\FAMILL~1\MESDOC~1\SCURIT~1\lsass.exe.vir


Disinfection failed

C:\QooBox\Quarantine\C\DOCUME~1\FAMILL~1\MESDOC~1\SCURIT~1\lsass.exe.vir


Deleted

C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Yazzle1122OinAdmin.exe.vir


Infected with: Trojan.Downloader.PurityScan.CR

C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Yazzle1122OinAdmin.exe.vir


Disinfection failed

C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Yazzle1122OinAdmin.exe.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir=>(NSIS o)=>lzma_solid_nsis0002


Infected with: Trojan.Popwin.BK

C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir=>(NSIS o)=>lzma_solid_nsis0002


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir=>(NSIS o)=>lzma_solid_nsis0002


Deleted

C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir=>(NSIS o)


Update failed

C:\QooBox\Quarantine\C\WINDOWS\b136.exe.vir=>(NSIS o)=>lzma_solid_nsis0002


Infected with: Rootkit.Agent.EV

C:\QooBox\Quarantine\C\WINDOWS\b136.exe.vir=>(NSIS o)=>lzma_solid_nsis0002


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\b136.exe.vir=>(NSIS o)=>lzma_solid_nsis0002


Deleted

C:\QooBox\Quarantine\C\WINDOWS\b136.exe.vir=>(NSIS o)


Update failed

C:\QooBox\Quarantine\C\WINDOWS\services.exe.vir


Infected with: Trojan.Downloader.Autoit.N

C:\QooBox\Quarantine\C\WINDOWS\services.exe.vir


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\services.exe.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\drgqecwn.exe.vir


Infected with: Trojan.Fotomoto.A

C:\QooBox\Quarantine\C\WINDOWS\system32\drgqecwn.exe.vir


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\drgqecwn.exe.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\hqyplrdt.exe.vir


Infected with: Trojan.Fotomoto.A

C:\QooBox\Quarantine\C\WINDOWS\system32\hqyplrdt.exe.vir


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\hqyplrdt.exe.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\taqrxgju.exe.vir


Infected with: Trojan.Fotomoto.A

C:\QooBox\Quarantine\C\WINDOWS\system32\taqrxgju.exe.vir


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\taqrxgju.exe.vir


Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\tdeygcuo.exe.vir


Infected with: Trojan.Fotomoto.A

C:\QooBox\Quarantine\C\WINDOWS\system32\tdeygcuo.exe.vir


Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\tdeygcuo.exe.vir


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP319\A0066595.exe


Infected with: Trojan.Downloader.Dyfuca.EI

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP319\A0066595.exe


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP319\A0066595.exe


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP321\A0067121.dll


Infected with: Trojan.Clicker.GG

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP321\A0067121.dll


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP321\A0067121.dll


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069381.exe=>(NSIS o)=>zlib_nsis0001


Infected with: Trojan.Agent.AAJJ

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069381.exe=>(NSIS o)=>zlib_nsis0001


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069381.exe=>(NSIS o)=>zlib_nsis0001


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069381.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069381.exe=>(NSIS o)=>zlib_nsis0002


Infected with: Trojan.Downloader.JISG

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069381.exe=>(NSIS o)=>zlib_nsis0002


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069381.exe=>(NSIS o)=>zlib_nsis0002


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069381.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069395.exe


Infected with: Trojan.Downloader.Autoit.N

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069395.exe


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069395.exe


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069397.exe=>(NSIS o)=>zlib_nsis0001


Infected with: Trojan.Agent.AAJJ

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069397.exe=>(NSIS o)=>zlib_nsis0001


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069397.exe=>(NSIS o)=>zlib_nsis0001


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069397.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069397.exe=>(NSIS o)=>zlib_nsis0002


Infected with: Trojan.Downloader.JISG

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069397.exe=>(NSIS o)=>zlib_nsis0002


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069397.exe=>(NSIS o)=>zlib_nsis0002


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069397.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069417.exe=>(NSIS o)=>zlib_nsis0001


Infected with: Trojan.Agent.AAJJ

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069417.exe=>(NSIS o)=>zlib_nsis0001


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069417.exe=>(NSIS o)=>zlib_nsis0001


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069417.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069417.exe=>(NSIS o)=>zlib_nsis0002


Infected with: Trojan.Downloader.JISG

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069417.exe=>(NSIS o)=>zlib_nsis0002


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069417.exe=>(NSIS o)=>zlib_nsis0002


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP324\A0069417.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069432.exe


Infected with: Trojan.Downloader.Autoit.N

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069432.exe


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069432.exe


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069450.exe


Infected with: Trojan.Agent.AAJJ

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069450.exe


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069450.exe


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069508.exe


Infected with: Trojan.Popwin.BK

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069508.exe


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069508.exe


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069509.exe


Infected with: Trojan.Popwin.BK

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069509.exe


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069509.exe


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069570.dll


Infected with: Backdoor.Pcclient.GV

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069570.dll


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069570.dll


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069658.exe


Infected with: Trojan.Agent.Autoit.A

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069658.exe


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069658.exe


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069659.exe


Infected with: Trojan.Agent.AAJJ

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069659.exe


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069659.exe


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069661.exe


Infected with: Trojan.Downloader.Agent.YFI

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069661.exe


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP325\A0069661.exe


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP326\A0069690.exe


Infected with: Trojan.Agent.Autoit.A

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP326\A0069690.exe


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP326\A0069690.exe


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP327\A0069746.exe


Infected with: DeepScan:Generic.Zlob.7.AA8CB2A1

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP327\A0069746.exe


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP327\A0069746.exe


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP328\A0069901.exe


Infected with: Trojan.Downloader.Agent.YFI

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP328\A0069901.exe


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP328\A0069901.exe


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP328\A0069915.exe


Infected with: Trojan.Downloader.Agent.YFI

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP328\A0069915.exe


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP328\A0069915.exe


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP328\A0070958.exe=>(NSIS o)=>zlib_nsis0001


Infected with: Trojan.Purityad.O

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP328\A0070958.exe=>(NSIS o)=>zlib_nsis0001


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP328\A0070958.exe=>(NSIS o)=>zlib_nsis0001


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP328\A0070958.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071091.exe


Infected with: Trojan.Downloader.PurityScan.CR

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071091.exe


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071091.exe


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071094.exe


Infected with: Trojan.Fotomoto.A

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071094.exe


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071094.exe


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071095.exe


Infected with: Trojan.Fotomoto.A

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071095.exe


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071095.exe


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071096.exe


Infected with: Trojan.Fotomoto.A

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071096.exe


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071096.exe


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071097.exe


Infected with: Trojan.Fotomoto.A

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071097.exe


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071097.exe


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071100.exe=>(NSIS o)=>lzma_solid_nsis0002


Infected with: Trojan.Popwin.BK

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071100.exe=>(NSIS o)=>lzma_solid_nsis0002


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071100.exe=>(NSIS o)=>lzma_solid_nsis0002


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071100.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071101.exe=>(NSIS o)=>lzma_solid_nsis0002


Infected with: Rootkit.Agent.EV

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071101.exe=>(NSIS o)=>lzma_solid_nsis0002


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071101.exe=>(NSIS o)=>lzma_solid_nsis0002


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071101.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071102.exe


Infected with: Trojan.Downloader.Autoit.N

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071102.exe


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0071102.exe


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0072051.exe


Infected with: Trojan.Fotomoto.A

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0072051.exe


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0072051.exe


Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0072056.exe


Infected with: Trojan.LowZones.SA

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0072056.exe


Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP330\A0072056.exe


Deleted

C:\VundoFix Backups\kamjvhxu.exe.bad


Infected with: Trojan.Fotomoto.A

C:\VundoFix Backups\kamjvhxu.exe.bad


Disinfection failed

C:\VundoFix Backups\kamjvhxu.exe.bad


Deleted

C:\VundoFix Backups\sdfxfkxv.exe.bad


Infected with: Trojan.LowZones.SA

C:\VundoFix Backups\sdfxfkxv.exe.bad


Disinfection failed

C:\VundoFix Backups\sdfxfkxv.exe.bad


Deleted

C:\WINDOWS\b128.exe=>(NSIS o)=>lzma_solid_nsis0002


Infected with: Trojan.Downloader.Purityscan.EH

C:\WINDOWS\b128.exe=>(NSIS o)=>lzma_solid_nsis0002


Disinfection failed

C:\WINDOWS\b128.exe=>(NSIS o)=>lzma_solid_nsis0002


Deleted

C:\WINDOWS\b128.exe=>(NSIS o)


Update failed

C:\WINDOWS\call.exe=>(NSIS o)=>zlib_nsis0001


Infected with: Trojan.Agent.AAJJ

C:\WINDOWS\call.exe=>(NSIS o)=>zlib_nsis0001


Disinfection failed

C:\WINDOWS\call.exe=>(NSIS o)=>zlib_nsis0001


Deleted

C:\WINDOWS\call.exe=>(NSIS o)


Update failed

C:\WINDOWS\call.exe=>(NSIS o)=>zlib_nsis0002


Infected with: Trojan.Downloader.JISG

C:\WINDOWS\call.exe=>(NSIS o)=>zlib_nsis0002


Disinfection failed

C:\WINDOWS\call.exe=>(NSIS o)=>zlib_nsis0002


Deleted

C:\WINDOWS\call.exe=>(NSIS o)


Update failed

C:\WINDOWS\retadpu1000627.exe.ren


Infected with: Trojan.Downloader.Agent.YFI

C:\WINDOWS\retadpu1000627.exe.ren


Disinfection failed

C:\WINDOWS\retadpu1000627.exe.ren


Deleted

C:\WINDOWS\system32\autoupdatev2.exe


Infected with: Trojan.Clicker.Vb.JP

C:\WINDOWS\system32\autoupdatev2.exe


Disinfection failed

C:\WINDOWS\system32\autoupdatev2.exe


Deleted

C:\WINDOWS\system32\avi32.dll


Infected with: Trojan.Downloader.Small.OW

C:\WINDOWS\system32\avi32.dll


Disinfection failed

C:\WINDOWS\system32\avi32.dll


Delete failed

C:\WINDOWS\system32\down.tmp


Infected with: Trojan.Downloader.Small.OW

C:\WINDOWS\system32\down.tmp


Disinfection failed

C:\WINDOWS\system32\down.tmp


Deleted

C:\WINDOWS\system32\drivers\core.sys


Infected with: Rootkit.Agent.EV

C:\WINDOWS\system32\drivers\core.sys


Disinfection failed

C:\WINDOWS\system32\drivers\core.sys


Deleted

C:\WINDOWS\system32\rlhpijoq.exe


Infected with: Trojan.Clicker.Agent.NP

C:\WINDOWS\system32\rlhpijoq.exe


Disinfection failed

C:\WINDOWS\system32\rlhpijoq.exe


Deleted
0
Réponse 9 / 9
Utilisateur anonyme
29 juin 2007 à 18:50
Rends toi sur cette page :
http://siri.urz.free.fr/upload/

Lien vers le message du forum où le fichier a été demandé : tu mets l'url de cette page
Fichier: : Clic sur choisir, sur la gauche ; poste de travail, choisis C:, Windows, system32, cherche ce fichier ClickToFindandFixErrors_Intl.ico puis clic sur Ouvrir puis Upload.
Patiente

Dis moi quand c'est fait on passera au nettoyage.
0

Discussions similaires

Site de confiance ou non ?
mlle_so -
Jaffeli -

25 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
"Reboot and Select proper Boot Device"
Rodoxx -
Patrick -

5 réponses
Méthode find dans VBA - Recherche de données sous Excel
baissaoui -
baissaoui -

0 réponse
Page bleue : your PC ran into a problem and needs to restart
pitchalou -
Malekal_morte- -

2 réponses