rss
Ils ont besoin de votre aide Tous les messages sans réponse
Rechercher : dans
Par : Pertinence Date Nom d'utilisateur
Statut : Non résolu

Virus ( cheval de troi ) récurrant !

Posté par Yuki, le jeudi 20 septembre 2007 à 23:51:55
Salut,

J'ai un virus.
Mon antivirus avast et ( ou ) Avg le repère, le supprime mais il réapparaît toujours...
avg le repère comme étant : une variante de win32/Rootkit.Agent.dp (cheval de Troie)
sa localisation : C:\WINDOWS\System32\ip6fw.sys j'ai souvent ce virus qui revient avec avast : win32 : agent kir et small epg !

Même manuellement si je le supprime, il réapparaît...

Le virus s'active quand je me connecte à internet. Mon pc devient très-lent alors que normalement ça va plus vite (j'écris en mode sans échec avec prise du réseau..).

J'ai essayé avec Ad-Aware et d'autres logiciels que je possède mais il ne voit rien.
Configuration: Windows XP
Firefox 2.0.0.7
Répondre à Yuki  Signaler ce message aux modérateurs Aller au dernier message
64 réponses 1234

1


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
Yuki, le jeudi 20 septembre 2007 à 23:53:09
Logfile of HijackThis v1.99.1
Scan saved at 23:52:32, on 20/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.fr/8SEFRFR030000TBR/InstallSuccess
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: jeanmarcmorandini Toolbar - {58b525f4-b7d7-4600-86f4-46d30a9cc183} - C:\Program Files\jeanmarcmorandini\tbjean.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: jeanmarcmorandini Toolbar - {58b525f4-b7d7-4600-86f4-46d30a9cc183} - C:\Program Files\jeanmarcmorandini\tbjean.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: jeanmarcmorandini Toolbar - {58b525f4-b7d7-4600-86f4-46d30a9cc183} - C:\Program Files\jeanmarcmorandini\tbjean.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1157577326\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mono.exe] C:\WINDOWS\mono.exe
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Performance Monitor] C:\WINDOWS\perfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 2.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?2ce861a41e324­489ac465c2b9d28c6a7
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?2ce861a41e324­489ac465c2b9d28c6a7
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow­.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Performance Monitor - Unknown owner - C:\WINDOWS\perfmon.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Userinit Logon Application - Unknown owner - C:\WINDOWS\userinit.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
   
Répondre à Yuki

31


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
HELMUTH, le lundi 24 septembre 2007 à 00:45:02
salut man! essaye un peu TROJAN GUARDER sinon le mieux c'est kaspersky bye pour + d 1fo.
   
Répondre à HELMUTH

2


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
Yuki, le jeudi 20 septembre 2007 à 23:56:13
avec navilog :

Search Navipromo version 3.1.0 commencé le 20/09/2007 à 23:54:49,40

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 20.09.2007 a 14h00 by IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180


*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Barros\Application Data ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
http://www.f-secure.com/blacklight/blacklight_help.html


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.

[+] Started on 09/20/07 at 23:54:51.
[-] ERROR: F-Secure BlackLight cannot be used in safe mode.
[+] Exited on 09/20/07 at 23:54:51 (return code = 3).


*** Recherche avec GenericNaviSearch ***
!!! Tous Ces résultats peuvent révéler des fichiers légitimes !!!
!!! A verifier impérativement avant toute suppression manuelle !!!

* Scan C:\WINDOWS\system32 *

* Scan C:\Documents and Settings\Barros\local settings\application data *



*** Recherche fichiers ***




*** Recherche cles registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche Heuristique :



3)Recherche Certificats :

Certificat Egroup absent !


*** Analyse Terminé le 20/09/2007 à 23:54:58,18 ***
   
Répondre à Yuki

3


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
Yuki, le vendredi 21 septembre 2007 à 11:45:07
après analyse de mon pc avec AVG antivirus, celui-ci m'à effacé 12 virus, mais après redemarrage le pc est toujours infecté !
   
Répondre à Yuki

4


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
Yuki, le vendredi 21 septembre 2007 à 11:48:26
et là je fait un scan online avec BitDefender : toujours en cours, plus de 30 lignes infectés ( dont certains qu'il ne peut supprimer ! )
   
Répondre à Yuki

5


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
Lyonnais92, le vendredi 21 septembre 2007 à 13:11:51
Bonjour,

Télécharge MSNFix.zip (de !aur3n7) sur ton bureau:
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le (clic droit >> Extraire ici) et place les fichiers dans C:\MSNFix (très important).

Double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt

Quand Bit Defender aura fini, poste aussi le rapport complet (avec nom et emplacement des fichiers infectés).
@+ Ca s'écrit 10 + 10 = 100 et ça s'énonce deux plus deux égal ­quatre.
   
Répondre à Lyonnais92

6


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
Lyonnais92, le vendredi 21 septembre 2007 à 13:13:50
Re,

je recopie ici le rapport de SuspectFile que tu avais mis dans le post d'emmeliness.

SystemScan - www.suspectfile.com - ver. 3.2.0

Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS

Date: 20/09/2007
Time: 22:45:21

Output limited to:
-Recent files
-PC accounts
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Services and Drivers (all)
-Duplicates in BAK folders
-Svchost.exe instances
-Network settings
-Include HOSTS file
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Suspicious Files
-Installed Applications

===================== Accounts on this PC =====================


Users on this computer:
Is Admin? | Username
------------------
Yes | Administrateur
| ASPNET
Yes | Barros
| HelpAssistant (Disabled)
| Invité (Disabled)
| SUPPORT_388945a0 (Disabled)

### users folders

25/05/2006 20:30:50 (DIR) 0 byte 483 days old -- LocalService
25/05/2006 20:30:50 (DIR) 0 byte 483 days old -- NetworkService
06/09/2006 20:25:10 (DIR) 0 byte 379 days old -- Default User
06/09/2006 20:25:13 (DIR) 0 byte 379 days old -- All Users
20/09/2007 12:05:26 (DIR) 0 byte 0 days old -- Barros
20/09/2007 13:07:58 (DIR) 0 byte 0 days old -- Administrateur

===================== Recent files (30 days old)=====================

----- recent files in C:\
12/09/2007 23:32:53 (DIR) 0 byte 8 days old -- Séries-files
18/09/2007 15:37:34 71525 byte 2 days old -- hpfr3500.log
20/09/2007 12:17:33 216 byte 0 days old -- boot.ini
20/09/2007 13:07:57 (DIR) 0 byte 0 days old -- Documents and Settings
20/09/2007 13:10:05 (DIR) 0 byte 0 days old -- RECYCLER
20/09/2007 21:39:09 266621 byte 0 days old -- MSNFix.zip
20/09/2007 21:52:18 (DIR) 0 byte 0 days old -- Program Files
20/09/2007 22:04:59 838860800 byte 0 days old -- pagefile.sys
20/09/2007 22:36:37 (DIR) 0 byte 0 days old -- WINDOWS
20/09/2007 22:42:24 (DIR) 0 byte 0 days old -- MSNFix
20/09/2007 22:45:21 (DIR) 0 byte 0 days old -- suspectfile

----- recent files in C:\WINDOWS\
24/08/2007 09:35:00 (DIR) 0 byte 27 days old -- Help
24/08/2007 20:22:45 215783 byte 27 days old -- setupact.log
29/08/2007 08:25:48 (DIR) 0 byte 22 days old -- $hf_mig$
29/08/2007 12:52:37 (DIR) 0 byte 22 days old -- $NtUninstallKB933360$
29/08/2007 12:52:44 23518 byte 22 days old -- KB933360.log
31/08/2007 01:19:27 (DIR) 0 byte 20 days old -- $NtUninstallKB939683$
31/08/2007 01:19:31 7127 byte 20 days old -- KB939683.log
17/09/2007 16:16:18 388096 byte 3 days old -- mono.exe
18/09/2007 15:40:46 54156 byte 2 days old -- QTFont.qfn
20/09/2007 06:58:41 20464 byte 0 days old -- preconfig.log
20/09/2007 06:59:51 2157 byte 0 days old -- DAASINST.LOG
20/09/2007 07:00:17 75342 byte 0 days old -- FSAVINST.LOG
20/09/2007 07:00:18 110 byte 0 days old -- FSAVES_inst.log
20/09/2007 07:00:19 6631 byte 0 days old -- FSHIPS.LOG
20/09/2007 07:00:19 6359 byte 0 days old -- FSASWINS.LOG
20/09/2007 07:00:23 100891 byte 0 days old -- fsauains.LOG
20/09/2007 07:00:24 1971 byte 0 days old -- fsdginst.log
20/09/2007 07:00:24 52988 byte 0 days old -- fstnbins.LOG
20/09/2007 07:00:25 17410 byte 0 days old -- FSGUIINS.LOG
20/09/2007 07:00:26 215328 byte 0 days old -- FSPROD.log
20/09/2007 07:00:26 4649 byte 0 days old -- FSSYSUPD.LOG
20/09/2007 07:00:26 1274118 byte 0 days old -- FSSETUP.log
20/09/2007 07:00:26 3085623 byte 0 days old -- FSSFM.log
20/09/2007 07:00:26 696 byte 0 days old -- FSSSINST.log
20/09/2007 07:00:26 6059 byte 0 days old -- FSPSINST.LOG
20/09/2007 07:00:26 16483 byte 0 days old -- HELPINST.LOG
20/09/2007 07:00:26 1410 byte 0 days old -- FSSCINST.log
20/09/2007 07:00:26 17321 byte 0 days old -- fsmainst.log
20/09/2007 07:00:26 19698 byte 0 days old -- fsavunin.log
20/09/2007 07:00:26 611 byte 0 days old -- fsav_db_setup.log
20/09/2007 07:00:26 9954 byte 0 days old -- FSAVCSIN.LOG
20/09/2007 07:00:26 3898 byte 0 days old -- UNINPLUG.log
20/09/2007 07:00:26 155337 byte 0 days old -- RunSetup.log
20/09/2007 07:00:26 4115 byte 0 days old -- FSGKIAIN.log
20/09/2007 07:00:26 3383 byte 0 days old -- FSLDIN.LOG
20/09/2007 07:00:26 3490 byte 0 days old -- FSGemini.LOG
20/09/2007 07:56:54 (DIR) 0 byte 0 days old -- Minidump
20/09/2007 08:10:00 8318 byte 0 days old -- pegasus_inst.log
20/09/2007 08:10:00 912 byte 0 days old -- FSGEMINST.LOG
20/09/2007 08:10:02 21714 byte 0 days old -- fwinst.log
20/09/2007 08:10:03 29011 byte 0 days old -- fwesinst.log
20/09/2007 08:10:12 1251729 byte 0 days old -- FSISU.log
20/09/2007 08:10:12 1580 byte 0 days old -- FSPSUNI.LOG
20/09/2007 12:17:33 227 byte 0 days old -- system.ini
20/09/2007 12:17:33 621 byte 0 days old -- win.ini
20/09/2007 12:19:26 3760 byte 0 days old -- POSTINSTALL.LOG
20/09/2007 12:51:07 1917 byte 0 days old -- imsins.BAK
20/09/2007 12:52:29 911824 byte 0 days old -- FaxSetup.log
20/09/2007 12:52:31 183962 byte 0 days old -- ntdtcsetup.log
20/09/2007 12:52:31 45259 byte 0 days old -- msgsocm.log
20/09/2007 12:52:31 350474 byte 0 days old -- tsoc.log
20/09/2007 12:52:31 49488 byte 0 days old -- ocmsn.log
20/09/2007 12:52:31 305764 byte 0 days old -- comsetup.log
20/09/2007 12:52:31 437196 byte 0 days old -- ocgen.log
20/09/2007 12:52:31 1917 byte 0 days old -- imsins.log
20/09/2007 12:52:31 141672 byte 0 days old -- iis6.log
20/09/2007 13:03:17 (DIR) 0 byte 0 days old -- Downloaded Program Files
20/09/2007 13:34:02 106312 byte 0 days old -- FSUNINST.log
20/09/2007 14:03:52 25003 byte 0 days old -- Q-Klez.log
20/09/2007 14:04:17 7997 byte 0 days old -- fsihcomptest.log
20/09/2007 14:09:30 8941 byte 0 days old -- fswil.log
20/09/2007 14:46:09 3647 byte 0 days old -- FSPRODRM.LOG
20/09/2007 14:46:09 5026 byte 0 days old -- fssgpex.LOG
20/09/2007 15:32:32 935310824 byte 0 days old -- FSDEPH.log
20/09/2007 15:32:42 1259395292 byte 0 days old -- uninstaller.log
20/09/2007 15:55:20 152260 byte 0 days old -- ih8.config.xml.log
20/09/2007 15:55:20 30872 byte 0 days old -- ih8.fssg.xml.log
20/09/2007 15:55:23 859954 byte 0 days old -- fsinstaller.log
20/09/2007 16:08:47 50 byte 0 days old -- wiaservc.log
20/09/2007 16:14:42 216 byte 0 days old -- wiadebug.log
20/09/2007 16:35:05 (DIR) 0 byte 0 days old -- inf
20/09/2007 17:05:37 116 byte 0 days old -- NeroDigital.ini
20/09/2007 20:00:02 309878 byte 0 days old -- setupapi.log
20/09/2007 20:28:05 105 byte 0 days old -- FSSTM.LOG
20/09/2007 20:42:42 14542 byte 0 days old -- userinit.exe
20/09/2007 21:59:37 (DIR) 0 byte 0 days old -- Prefetch
20/09/2007 21:59:40 (DIR) 0 byte 0 days old -- Installer
20/09/2007 22:00:21 32516 byte 0 days old -- SchedLgU.Txt
20/09/2007 22:01:04 (DIR) 0 byte 0 days old -- temp
20/09/2007 22:04:16 1225116 byte 0 days old -- WindowsUpdate.log
20/09/2007 22:05:04 2048 byte 0 days old -- bootstat.dat
20/09/2007 22:05:41 0 byte 0 days old -- 0.log
20/09/2007 22:22:38 1493150 byte 0 days old -- ntbtlog.txt
20/09/2007 22:36:06 3 byte 0 days old -- presreg.txt
20/09/2007 22:36:27 114 byte 0 days old -- presf.txt
20/09/2007 22:36:27 (DIR) 0 byte 0 days old -- system32
20/09/2007 22:36:37 753 byte 0 days old -- msnfix.txt

----- recent files in C:\WINDOWS\Downloaded Program Files\

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
29/08/2007 12:52:37 249356 byte 22 days old -- TZLog.log
31/08/2007 01:19:28 (DIR) 0 byte 20 days old -- dllcache
06/09/2007 04:50:42 17474680 byte 14 days old -- MRT.exe
19/09/2007 21:07:06 0 byte 1 days old -- 5_exception.nls
20/09/2007 20:23:10 46080 byte 0 days old -- ftp.exe
20/09/2007 20:37:50 (DIR) 0 byte 0 days old -- CatRoot2
20/09/2007 22:03:43 3072 byte 0 days old -- CONFIG.NT
20/09/2007 22:05:44 1158 byte 0 days old -- wpa.dbl
20/09/2007 22:06:53 (DIR) 0 byte 0 days old -- drivers
20/09/2007 22:09:27 1031442 byte 0 days old -- PerfStringBackup.INI
20/09/2007 22:09:28 472238 byte 0 days old -- perfh00C.dat
20/09/2007 22:09:28 64230 byte 0 days old -- perfc009.dat
20/09/2007 22:09:28 77350 byte 0 days old -- perfc00C.dat
20/09/2007 22:09:28 405022 byte 0 days old -- perfh009.dat
20/09/2007 22:36:37 (DIR) 0 byte 0 days old -- Microsoft

----- recent files in C:\WINDOWS\system32\drivers\

----- recent files in C:\WINDOWS\temp\
22/08/2007 09:12:24 0 byte 29 days old -- JET948F.tmp
23/08/2007 08:31:50 0 byte 28 days old -- JET8E26.tmp
24/08/2007 09:32:44 16384 byte 27 days old -- Perflib_Perfdata_548.dat
24/08/2007 09:32:54 0 byte 27 days old -- JET927C.tmp
24/08/2007 16:23:09 0 byte 27 days old -- JET8925.tmp
25/08/2007 09:27:12 0 byte 26 days old -- JET8869.tmp
25/08/2007 20:04:44 0 byte 26 days old -- JET883B.tmp
26/08/2007 12:09:14 16384 byte 25 days old -- Perflib_Perfdata_4b0.dat
26/08/2007 12:09:34 0 byte 25 days old -- JETB555.tmp
27/08/2007 12:40:51 0 byte 24 days old -- JETF00D.tmp
28/08/2007 09:40:10 0 byte 23 days old -- JET9191.tmp
28/08/2007 21:03:26 0 byte 23 days old -- JET858B.tmp
29/08/2007 21:39:53 16384 byte 22 days old -- Perflib_Perfdata_54c.dat
29/08/2007 21:40:02 0 byte 22 days old -- JET8BA6.tmp
29/08/2007 23:29:31 0 byte 22 days old -- JET762A.tmp
30/08/2007 21:40:59 0 byte 21 days old -- JET9AE8.tmp
31/08/2007 18:06:57 0 byte 20 days old -- JET8702.tmp
01/09/2007 14:09:07 0 byte 19 days old -- JET8656.tmp
01/09/2007 23:58:05 0 byte 19 days old -- JET8983.tmp
03/09/2007 12:41:21 16384 byte 17 days old -- Perflib_Perfdata_5fc.dat
03/09/2007 12:41:30 0 byte 17 days old -- JET8731.tmp
04/09/2007 12:47:05 16384 byte 16 days old -- Perflib_Perfdata_618.dat
04/09/2007 12:47:36 0 byte 16 days old -- JETDE0B.tmp
05/09/2007 11:15:09 0 byte 15 days old -- JET7E19.tmp
05/09/2007 21:10:33 16384 byte 15 days old -- Perflib_Perfdata_5ec.dat
05/09/2007 21:11:00 0 byte 15 days old -- JETCD33.tmp
06/09/2007 09:34:56 16384 byte 14 days old -- Perflib_Perfdata_4a4.dat
06/09/2007 09:35:26 0 byte 14 days old -- JETDC27.tmp
06/09/2007 16:41:51 16384 byte 14 days old -- Perflib_Perfdata_4ac.dat
06/09/2007 16:42:27 0 byte 14 days old -- JETF934.tmp
07/09/2007 21:07:12 16384 byte 13 days old -- Perflib_Perfdata_518.dat
07/09/2007 21:07:36 0 byte 13 days old -- JETF443.tmp
08/09/2007 21:53:59 0 byte 12 days old -- JET9347.tmp
10/09/2007 14:45:45 16384 byte 10 days old -- Perflib_Perfdata_550.dat
10/09/2007 14:45:56 0 byte 10 days old -- JET9DD6.tmp
11/09/2007 12:48:05 16384 byte 9 days old -- Perflib_Perfdata_540.dat
11/09/2007 12:48:15 0 byte 9 days old -- JET9858.tmp
12/09/2007 21:20:17 16384 byte 8 days old -- Perflib_Perfdata_544.dat
12/09/2007 21:20:29 0 byte 8 days old -- JET9CCC.tmp
13/09/2007 09:35:36 0 byte 7 days old -- JETD273.tmp
14/09/2007 07:43:27 0 byte 6 days old -- JET8E55.tmp
14/09/2007 18:27:24 0 byte 6 days old -- JET8A00.tmp
15/09/2007 14:26:44 16384 byte 5 days old -- Perflib_Perfdata_50c.dat
15/09/2007 14:27:19 0 byte 5 days old -- JETF4FE.tmp
17/09/2007 13:25:34 0 byte 3 days old -- JETEA50.tmp
18/09/2007 12:29:17 0 byte 2 days old -- JETF7EC.tmp
19/09/2007 21:06:19 0 byte 1 days old -- JET39.tmp
19/09/2007 23:34:16 0 byte 1 days old -- JET6AFF.tmp
20/09/2007 00:00:37 16384 byte 0 days old -- Perflib_Perfdata_52c.dat
20/09/2007 00:41:05 0 byte 0 days old -- JET738A.tmp
20/09/2007 01:01:59 16384 byte 0 days old -- Perflib_Perfdata_524.dat
20/09/2007 05:23:32 0 byte 0 days old -- JET8760.tmp
20/09/2007 06:31:27 16384 byte 0 days old -- Perflib_Perfdata_520.dat
20/09/2007 07:01:59 0 byte 0 days old -- JET5081.tmp
20/09/2007 07:08:55 0 byte 0 days old -- JET516B.tmp
20/09/2007 07:24:12 0 byte 0 days old -- JET4CF8.tmp
20/09/2007 07:30:19 0 byte 0 days old -- JET5B8D.tmp
20/09/2007 07:47:14 0 byte 0 days old -- JET493E.tmp
20/09/2007 07:53:32 (DIR) 0 byte 0 days old -- ih8.tmp
20/09/2007 08:18:17 0 byte 0 days old -- JET566D.tmp
20/09/2007 08:37:53 0 byte 0 days old -- JET538E.tmp
20/09/2007 09:17:32 0 byte 0 days old -- JET5573.tmp
20/09/2007 09:28:23 0 byte 0 days old -- JET5796.tmp
20/09/2007 10:27:28 0 byte 0 days old -- JET5F94.tmp
20/09/2007 10:45:45 0 byte 0 days old -- JET4C6A.tmp
20/09/2007 11:29:53 16384 byte 0 days old -- Perflib_Perfdata_5a8.dat
20/09/2007 11:34:23 16384 byte 0 days old -- Perflib_Perfdata_564.dat
20/09/2007 11:34:32 0 byte 0 days old -- JET7F90.tmp
20/09/2007 11:41:09 16384 byte 0 days old -- Perflib_Perfdata_558.dat
20/09/2007 11:41:23 0 byte 0 days old -- JET9A5B.tmp
20/09/2007 11:51:32 (DIR) 0 byte 0 days old -- fsaua.tmp
20/09/2007 12:11:47 0 byte 0 days old -- JET47F5.tmp
20/09/2007 12:18:22 0 byte 0 days old -- JET4CE7.tmp
20/09/2007 12:42:20 0 byte 0 days old -- JET5A16.tmp
20/09/2007 13:36:55 0 byte 0 days old -- JET4BED.tmp
20/09/2007 16:15:26 0 byte 0 days old -- JET4C2C.tmp
20/09/2007 16:40:34 0 byte 0 days old -- JET56BB.tmp
20/09/2007 20:24:27 0 byte 0 days old -- JET96C0.tmp
20/09/2007 21:26:07 (DIR) 0 byte 0 days old -- _avast4_
20/09/2007 22:04:57 21504 byte 0 days old -- startdrv.exe
20/09/2007 22:05:40 255 byte 0 days old -- WGAErrLog.txt
20/09/2007 22:05:46 409 byte 0 days old -- WGANotify.settings

----- recent files in C:\Program Files\
02/09/2007 19:44:26 (DIR) 0 byte 18 days old -- BitTorrent
04/09/2007 12:58:26 (DIR) 0 byte 16 days old -- Neuf
06/09/2007 13:40:05 (DIR) 0 byte 14 days old -- TVUPlayer
19/09/2007 21:35:30 (DIR) 0 byte 1 days old -- Mozilla Firefox
19/09/2007 22:58:56 (DIR) 0 byte 1 days old -- Grisoft
20/09/2007 01:01:03 (DIR) 0 byte 0 days old -- YourWare Solutions
20/09/2007 15:55:20 (DIR) 0 byte 0 days old -- Pack Securite
20/09/2007 21:52:24 (DIR) 0 byte 0 days old -- CCleaner
20/09/2007 22:27:08 (DIR) 0 byte 0 days old -- Hijackthis Version Française

----- recent files in C:\Program Files\Fichiers communs\

----- recent files in C:\Documents and Settings\Barros\Application Data\
27/08/2007 19:09:05 (DIR) 0 byte 24 days old -- BitTorrent
06/09/2007 13:39:43 (DIR) 0 byte 14 days old -- TVU Networks
19/09/2007 21:36:23 (DIR) 0 byte 1 days old -- EoRezo
20/09/2007 07:28:33 (DIR) 0 byte 0 days old -- F-Secure
20/09/2007 22:07:00 (DIR) 0 byte 0 days old -- Grisoft

----- recent files in C:\DOCUME~1\Barros\LOCALS~1\Temp\
20/09/2007 05:33:18 49152 byte 0 days old -- ~DFF4D1.tmp
20/09/2007 06:58:41 17518 byte 0 days old -- prodsett.ini
20/09/2007 07:09:37 (DIR) 0 byte 0 days old -- WERfc58.dir00
20/09/2007 07:17:51 (DIR) 0 byte 0 days old -- plugtmp
20/09/2007 07:31:24 (DIR) 0 byte 0 days old -- WER12ce.dir00
20/09/2007 07:49:52 (DIR) 0 byte 0 days old -- WERbfef.dir00
20/09/2007 08:09:59 18870 byte 0 days old -- fs-1.tmp
20/09/2007 08:18:58 (DIR) 0 byte 0 days old -- WERfc63.dir00
20/09/2007 08:19:41 95 byte 0 days old -- fsa03164.xml
20/09/2007 08:20:34 15748 byte 0 days old -- fs-4.tmp
20/09/2007 08:38:54 (DIR) 0 byte 0 days old -- WER495e.dir00
20/09/2007 08:40:02 95 byte 0 days old -- fsa02916.xml
20/09/2007 08:44:21 15748 byte 0 days old -- fs-5.tmp
20/09/2007 09:43:17 95 byte 0 days old -- fsa03972.xml
20/09/2007 09:43:43 15748 byte 0 days old -- fs-A.tmp
20/09/2007 10:41:24 426 byte 0 days old -- IMTF.xml
20/09/2007 10:41:24 2026 byte 0 days old -- IMTE.xml
20/09/2007 10:41:25 805418 byte 0 days old -- IMT10.xml
20/09/2007 10:41:39 2026 byte 0 days old -- IMT1B.xml
20/09/2007 10:41:39 426 byte 0 days old -- IMT1C.xml
20/09/2007 10:41:43 1022 byte 0 days old -- IMT1E.dtd
20/09/2007 10:41:43 2787756 byte 0 days old -- IMT1D.xml
20/09/2007 10:41:50 426 byte 0 days old -- IMT29.xml
20/09/2007 10:41:50 2026 byte 0 days old -- IMT28.xml
20/09/2007 10:41:51 805418 byte 0 days old -- IMT2A.xml
20/09/2007 10:41:59 426 byte 0 days old -- IMT36.xml
20/09/2007 10:41:59 805418 byte 0 days old -- IMT37.xml
20/09/2007 10:41:59 2026 byte 0 days old -- IMT35.xml
20/09/2007 10:46:45 (DIR) 0 byte 0 days old -- WER1c68.dir00
20/09/2007 11:07:40 (DIR) 0 byte 0 days old -- plugtmp-1
20/09/2007 11:29:34 (DIR) 0 byte 0 days old -- ~nsu.tmp
20/09/2007 11:38:27 (DIR) 0 byte 0 days old -- WER1e66.dir00
20/09/2007 11:42:09 (DIR) 0 byte 0 days old -- WER4434.dir00
20/09/2007 11:47:37 49152 byte 0 days old -- ~DF78ED.tmp
20/09/2007 11:53:27 95 byte 0 days old -- fsa01736.xml
20/09/2007 11:53:29 (DIR) 0 byte 0 days old -- WERa01a.dir00
20/09/2007 12:12:23 (DIR) 0 byte 0 days old -- WERd56e.dir00
20/09/2007 12:18:51 (DIR) 0 byte 0 days old -- WERb990.dir00
20/09/2007 12:56:56 (DIR) 0 byte 0 days old -- plugtmp-2
20/09/2007 13:49:40 (DIR) 0 byte 0 days old -- Installer
20/09/2007 13:53:39 2 byte 0 days old -- Twain001.Mtx
20/09/2007 13:53:39 0 byte 0 days old -- Twunk002.MTX
20/09/2007 13:53:42 477 byte 0 days old -- TWAIN.LOG
20/09/2007 13:53:42 156 byte 0 days old -- Twunk001.MTX
20/09/2007 14:15:29 (DIR) 0 byte 0 days old -- ih8.tmp
20/09/2007 15:55:18 181003 byte 0 days old -- setupgui.log
20/09/2007 15:55:18 35999 byte 0 days old -- setupguimngr.log
20/09/2007 16:15:45 (DIR) 0 byte 0 days old -- WER97f7.dir00
20/09/2007 18:59:59 (DIR) 0 byte 0 days old -- _avast4_
20/09/2007 20:22:42 (DIR) 0 byte 0 days old -- WPDNSE
20/09/2007 20:35:32 49152 byte 0 days old -- ~DFD7E9.tmp
20/09/2007 21:59:19 (DIR) 0 byte 0 days old -- {4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
20/09/2007 21:59:19 55459 byte 0 days old -- caevents.log
20/09/2007 21:59:19 2665 byte 0 days old -- KLeaner.log
20/09/2007 21:59:40 95258 byte 0 days old -- kl-install-2007-09-20-21-58-55.log
20/09/2007 22:06:20 3404 byte 0 days old -- kl-install-2007-09-20-22-06-18.log
20/09/2007 22:29:35 (DIR) 0 byte 0 days old -- plugtmp-3
20/09/2007 22:45:01 16384 byte 0 days old -- ~DF656E.tmp
20/09/2007 22:45:21 (DIR) 0 byte 0 days old -- nsj87.tmp

===================== Duplicates in BAK folders =====================

No BAK folders found

===================== REGISTRY SCAN =====================


-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----­

[Run]
"TkBellExe"="\"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"HostManager"="C:\Program Files\Fichiers communs\AOL\1157577326\ee\AOLSoftware.exe"
"Adobe Photo Downloader"="\"C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe\""
"Adobe Reader Speed Launcher"="\"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\""
"mono.exe"="C:\WINDOWS\mono.exe"
"startdrv"="C:\WINDOWS\Temp\startdrv.exe"­;
"SoundMax"="\"C:\Program Files\Analog Devices\SoundMAX\smax4.exe\" /tray"
"!AVG Anti-Spyware"="\"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe\" /minimized"

[Run\OptionalComponents]
@=""

[Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
@=""

[Run\OptionalComponents\MSFS]
"Installed"="1"
@=""

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----­

[Run]
@SACL=
"MsnMsgr"="\"C:\Program Files\MSN Messenger\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\Program Files\Messenger\msmsgs.exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"­="\"C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe\""
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9"
"Neuf Media Center"="\"C:\Program Files\Neuf\Media Center\MediaCenter.exe\""
"FreeRAM XP"="\"C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe\" -win"

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentV­ersion\Run-----

[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE&­quot;

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies­\Explorer\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies­\Explorer\Run-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"=""

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVe­rsion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-­a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServ­er32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515­e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServ­er32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA0051­27ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServ­er32 @=expand:"%SystemRoot%\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524­153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServ­er32 @="C:\WINDOWS\system32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-9­4D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServ­er32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer­\ShellExecuteHooks-----

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="&qu­ot;
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServ­er32 @="shell32.dll"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG­ Anti-Spyware 7.5"
#### HKCR\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\InprocServ­er32 @="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,­"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66­}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3­}]
"@="Mappage de zones Internet Explorer"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A­}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B­}]
"DllName"=expand:"iedkcs32.dll"
"@="Personnalisation de Internet Explorer"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A­}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8­}]
"@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui­.dll"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7­}]
"@="Installation de logiciel"
"DllName"=expand:"appmgmts.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"­
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent­"
"StopScreenSaver"="SensStopScreenSaverEvent&q­uot;
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"StartScreenSaver"="WLEventStartScreenSaver&q­uot;
"StopScreenSaver"="WLEventStopScreenSaver&quo­t;
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=expand:"WgaLogon.dll"

[Winlogon\Notify\WgaLogon\Settings]

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEve­nt"
"Logoff"="UnregisterTicketExpiredNotification­Event"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
@SACL=
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp"
"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss­.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm­.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\nt­vdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-­----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceE­x-----

[RunOnceEx]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServi­ces-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServi­cesOnce-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-­----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceE­x-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServi­ces-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServi­cesOnce-----

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts­\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts­\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts­\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\­Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\­Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\­Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVe­rsion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré­-chargeur Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServ­er32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Dém­on de cache des catégories de composant"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServ­er32 @=expand:"%SystemRoot%\system32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer­\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
#### HKCR\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\InprocServ­er32 @="C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""

[Browser Helper Objects\{58b525f4-b7d7-4600-86f4-46d30a9cc183}]
#### HKCR\CLSID\{58b525f4-b7d7-4600-86f4-46d30a9cc183}\InprocServ­er32 @="C:\Program Files\jeanmarcmorandini\tbjean.dll"
@=""

[Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
#### HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}\InprocServ­er32 @="C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll"
@="EoRezoBHO"

[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServ­er32 @="C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
#### HKCR\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\InprocServ­er32 @="C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll"
@="AOL Toolbar Launcher"

[Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
@=""

[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServ­er32 @="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"

[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
#### HKCR\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServ­er32 @="C:\Program Files\Windows Live Toolbar\msntb.dll"
@=""

[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\NoExplorer]
@=dword:00000001

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
@SACL=
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}"="Rec­herche"
#### HKCR\CLSID\{EA756889-2338-43DB-8F07-D1CA6FB9C90D}\InprocServ­er32 @="C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="&qu­ot;
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServ­er32 @=expand:"%SystemRoot%\system32\shdocvw.dll"
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"="&qu­ot;
#### HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServ­er32 @="C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll"
"{58b525f4-b7d7-4600-86f4-46d30a9cc183}"="&qu­ot;
#### HKCR\CLSID\{58b525f4-b7d7-4600-86f4-46d30a9cc183}\InprocServ­er32 @="C:\Program Files\jeanmarcmorandini\tbjean.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-----

[startupfolder]

-----HKCU\Control Panel\Desktop\-----

[Desktop]
"SCRNSAVE.EXE"="C:\WINDOWS\system32\SSGORG~1.­SCR"

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVe­rsion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wd­igest\00\00"
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:0000­0001
"LsaPid"=dword:00000210
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"

[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\­ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]
@Class="d914ae1b"
"Pattern"=hex:27,8f,ce,66,f1,f7,ab,a7,f1,e7,66,e9,­7c,55,6c,c8,64,39,31,34,61,\
65,31,62,00,00,00,00,76,71,00,00,18,ca,06,00,99,d0,b5,71,04,­ca,06,00,10,00,\
00,00,00,00,00,00,a5,bc,88,fc,a9,e1,14,5d,f6,31,6b,d9

[Lsa\GBG]
@Class="a5e110a9"
"GrafBlumGroup"=hex:9f,b6,fc,d2,6b,9f,63,ef,c1

[Lsa\JD]
@Class="f66bfc5d"
"Lookup"=hex:ac,74,6a,d3,c7,93

[Lsa\Kerberos]

[Lsa\Kerberos\Domains]

[Lsa\Kerberos\SidCache]

[Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[Lsa\Skew1]
@Class="88bc31db"
"SkewMatrix"=hex:ad,24,a7,0b,fc,5c,dd,a2,b8,14,59,­36,a0,f3,1e,65

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]
"Time"=hex:7a,25,c4,cb,ef,d1,c6,01

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,c8,6b,0f,a9,7a,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,c8,6b,0f,a9,7a,c4,01
"Type"=dword:00000031

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,c8,6b,0f,a9,7a,c4,01
"Type"=dword:00000031

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess----­-

[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\­00"
"Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."
"DisplayName"="Pare-feu Windows / Partage de connexion Internet"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\system32\svc­host.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[SharedAccess\Epoch]
"Epoch"=dword:0001131e

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ip­nathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\Author­izedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\Author­izedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\sys­tem32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"­;
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\Auth­orizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\Auth­orizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\sys­tem32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Acer\Acer eConsole\MediaSync.exe"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\Program Files\Acer\Acer eConsole\eConsole.exe"="C:\Program Files\Acer\Acer eConsole\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\Program Files\Acer\Acer eConsole\MediaServerService.exe"="C:\Program Files\Acer\Acer eConsole\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\WINDOWS\system32\mshta.exe"="C:\WINDOWS\s­ystem32\mshta.exe:*:Enabled:Microsoft (R) HTML Application host"
"C:\Program Files\Fichiers communs\NewTech Infosystems\LiveUpdate\LiveUpdate.exe"="C:\Program­ Files\Fichiers communs\NewTech Infosystems\LiveUpdate\LiveUpdate.exe:*:Enabled:LiveUpdate&q­uot;
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"­;
"C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe"="C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Fichiers communs\AOL\1157577326\ee\aolsoftware.exe"="C:\Pro­gram Files\Fichiers communs\AOL\1157577326\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\MaxTV\maxtv.exe"="C:\Program Files\MaxTV\maxtv.exe:*:Enabled:MaxTV Online"
"K:\Emule2\eMule\emule.exe"="K:\Emule2\eMule\­emule.exe:*:Enabled:eMule"
"C:\Program Files\adslTV\adslTV.exe"="C:\Program Files\adslTV\adslTV.exe:*:Enabled:adslTV"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:DNA"
"C:\Program Files\adslTV\vlc.exe"="C:\Program Files\adslTV\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Browser"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"­;
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\WINDOWS\perfmon.exe"="C:\WINDOWS\perfmon.­exe:*:Disabled:perfmon"
"C:\Program Files\Neuf\Media Center\httpd\httpd.exe"="C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0:Enabled:Se­rveur de partage Media Center (Player Neuf Cegetel)"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\Glob­allyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\Glob­allyOpenPorts\List]

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00­,00,6c,00,00,00,00,00,00,00,\
14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,­01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,­01,00,00,00,00,\
00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,­00,05,12,00,00,\
00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,­00,00,00,00,05,\
20,00,00,00,20,02,00,00
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,0­0,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,­01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,­01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,­00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,0­0,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,­01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,­00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,­00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
"EnableDCOM"="Y"

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1&q­uot;
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1&q­uot;
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1&q­uot;
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1&q­uot;

[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""­

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\­WindowsUpdate\AU\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{6C8E7B52-D81C-4AFE-8CB4-40363­E703700}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

[VB and VBA Program Settings]

[VB and VBA Program Settings\a-d-s-l-t-v]

[VB and VBA Program Settings\a-d-s-l-t-v\p-a-r-e-n-t]

[VB and VBA Program Settings\CCleaner]

[VB and VBA Program Settings\CCleaner\Options]

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVer­sion\Explorer\MountPoints2\-----

[MountPoints2]
@SACL=

[MountPoints2\A]
"BaseClass"="Drive"

[MountPoints2\C]
"BaseClass"="Drive"

[MountPoints2\D]
"BaseClass"="Drive"

[MountPoints2\E]
"BaseClass"="Drive"

[MountPoints2\F]
@SACL=
"BaseClass"="Drive"

[MountPoints2\G]
@SACL=
"BaseClass"="Drive"

[MountPoints2\H]
@SACL=
"BaseClass"="Drive"

[MountPoints2\I]
@SACL=
"BaseClass"="Drive"

[MountPoints2\J]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f­,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,­5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,­5f,5f,5f,5f,5f,\
5f,5f,00,01,00,00,00,08,00,00,00

[MountPoints2\K]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f­,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,­5f,5f,5f,5f,00,\
01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,­ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,09,00,00,00

[MountPoints2\K\_Autorun]

[MountPoints2\K\_Autorun\DefaultIcon]
@="K:\AUTORUN\WDLOGO.ICO"

[MountPoints2\L]
"BaseClass"="Drive"

[MountPoints2\{0b2ffa44-eaf1-11da-87f6-806d6172696f}]
"BaseClass"="Drive"

[MountPoints2\{0b2ffa45-eaf1-11da-87f6-806d6172696f}]
"BaseClass"="Drive"

[MountPoints2\{0b2ffa47-eaf1-11da-87f6-806d6172696f}]
"BaseClass"="Drive"

[MountPoints2\{0b2ffa48-eaf1-11da-87f6-806d6172696f}]
"BaseClass"="Drive"

[MountPoints2\{0b2ffa49-eaf1-11da-87f6-806d6172696f}]
"BaseClass"="Drive"

[MountPoints2\{0b2ffa4a-eaf1-11da-87f6-806d6172696f}]
"BaseClass"="Drive"

[MountPoints2\{35dac936-86c4-11da-86e9-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{35dac937-86c4-11da-86e9-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{35dac938-86c4-11da-86e9-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{35dac939-86c4-11da-86e9-806d6172696f}]
@SACL=
"BaseClass"="Drive"

[MountPoints2\{48d10788-41d3-11db-a13c-0090d098d6dd}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f­,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,­01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,­ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00

[MountPoints2\{48d10788-41d3-11db-a13c-0090d098d6dd}\shell]
@="None"

[MountPoints2\{48d10788-41d3-11db-a13c-0090d098d6dd}\shell\A­utoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{48d10788-41d3-11db-a13c-0090d098d6dd}\shell\A­utoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f93­1}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServ­er32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{530564f6-8243-11db-a1b5-0090d098d6dd}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f­,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,­5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,­ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,01,00,00

[MountPoints2\{530564f6-8243-11db-a1b5-0090d098d6dd}\shell]
@="None"

[MountPoints2\{530564f6-8243-11db-a1b5-0090d098d6dd}\shell\A­utoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{530564f6-8243-11db-a1b5-0090d098d6dd}\shell\A­utoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f93­1}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServ­er32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{604df264-79bd-11db-a1a8-0090d098d6dd}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f­,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,­01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,­ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00

[MountPoints2\{604df264-79bd-11db-a1a8-0090d098d6dd}\shell]
@="None"

[MountPoints2\{604df264-79bd-11db-a1a8-0090d098d6dd}\shell\A­utoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{604df264-79bd-11db-a1a8-0090d098d6dd}\shell\A­utoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f93­1}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServ­er32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{6a0671be-8273-11db-a1b6-0090d098d6dd}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f­,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,­01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,­ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,03,00,00

[MountPoints2\{6a0671be-8273-11db-a1b6-0090d098d6dd}\shell]
@="None"

[MountPoints2\{6a0671be-8273-11db-a1b6-0090d098d6dd}\shell\A­utoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{6a0671be-8273-11db-a1b6-0090d098d6dd}\shell\A­utoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f93­1}"
#### HKCR\CLSID\{f26a6
@+ Ca s'écrit 10 + 10 = 100 et ça s'énonce deux plus deux égal ­quatre.
   
Répondre à Lyonnais92

7


  • Ce message vous semble utile, votez !