syntax

salut Tornado pour finir, j'ai installé Firefox sur mon PC comme tu me l'as conseillé. Je compte aussi installer les extensions adblock_basic et Noscript, bien que je ne comprenne pas trop l'utilité des Javascript et ce que ça permet de faire sur un site. voila, merci encore pour le temps que tu m'as consacré. Vous faites tous ça avec les internautes gratuitement, juste pour aider ? si il existe un petit bonhomme jaune qui te tire son chapeau, je te l'enverrai bien !!

salut Tornado merci encore pour tous ces conseils et pour tes lumières je n'ai pr l'instt rien installé d'autre ds ce que tu m'as mis parceq je ne sais pas trop quoi prendre, si c'est vraiment nécessaire et puis tt ça prend qd même bcp de tps au final. J'ai fait un scan Antivir et Hijickthis, voici les reports : scan des hard disk avec Antivir : AntiVir PersonalEdition Classic Report file date: samedi 17 juin 2006 17:23 Scanning for 407966 virus strains and unwanted programs. Licensed to: AntiVir PersonalEdition Classic Serial number: 0000149996-WURGE-0001 Platform: Windows XP Windows version: (Service Pack 1) [5.1.2600] Username: Administrateur Computer name: HPATHLON3000 Version informations: AVSCAN.EXE : 7.0.0.42 557096 11/06/2006 18:32:07 AVSCAN.DLL : 7.0.0.42 53288 11/06/2006 18:32:07 LUKE.DLL : 7.0.0.42 118824 11/06/2006 18:32:08 LUKERES.DLL : 7.0.0.42 25640 11/06/2006 18:32:08 ANTIVIR0.VDF : 6.35.0.1 7371264 11/06/2006 18:32:06 ANTIVIR1.VDF : 6.35.0.5 2048 11/06/2006 18:32:06 ANTIVIR2.VDF : 6.35.0.7 113664 11/06/2006 18:32:06 ANTIVIR3.VDF : 6.35.0.26 57344 11/06/2006 18:32:06 AVEWIN32.DLL : 7.1.0.10 1511936 11/06/2006 18:32:07 AVPREF.DLL : 7.0.0.1 49192 11/06/2006 18:32:07 AVREP.DLL : 6.35.0.2 659496 11/06/2006 18:32:07 AVRPBASE.DLL : 7.0.0.0 2162728 11/06/2006 18:45:15 AVPACK32.DLL : 7.1.0.1 335912 11/06/2006 18:32:07 AVREG.DLL : 6.31.0.90 27688 11/06/2006 18:32:07 NETNT.DLL : 6.32.0.0 6696 11/06/2006 18:32:08 NETNW.DLL : 6.32.0.0 9768 11/06/2006 18:32:08 RCIMAGE.DLL : 7.0.0.71 1642536 11/06/2006 18:32:10 RCTEXT.DLL : 7.0.0.75 77864 11/06/2006 18:32:10 Configuration settings for the scan: Jobname: '%s'.................: Local Hard Disks Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp Boot sectors..................: C,D Scan memory...................: 1 Process scan..................: 1 Scan all files................: 1 Scan archives.................: 1 Recursion depth...............: 20 Smart extensions..............: 1 Skipped archive types.........: 1000,1001,1002,1003,1004, Macro heuristic...............: 1 File heuristic................: 3 Primary action................: 1 Secondary action..............: 0 Start of the scan: samedi 17 juin 2006 17:23 The scan over running processes will be started 12 Processes was scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( 31 files ). Starting the file scan: C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Administrateur\NTUSER.DAT [WARNING] The file could not be opened! C:\Documents and Settings\Administrateur\ntuser.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [WARNING] The file could not be opened! C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp [WARNING] The file could not be opened! C:\WINDOWS\Prefetch\layout.ini [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default [WARNING] The file could not be opened! C:\WINDOWS\system32\config\default.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SAM.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY [WARNING] The file could not be opened! C:\WINDOWS\system32\config\SECURITY.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software [WARNING] The file could not be opened! C:\WINDOWS\system32\config\software.LOG [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system [WARNING] The file could not be opened! C:\WINDOWS\system32\config\system.LOG [WARNING] The file could not be opened! End of the scan: samedi 17 juin 2006 18:21 Used time: 58:02 min The scan has been done completely. 3868 Scanning directories 388735 Files were scanned 0 viruses and/or unwanted programs was found 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 18837 Archives were scanned 17 Warnings 0 Notes et maintenant... Logfile of HijackThis v1.99.1 Scan saved at 14:36:29, on 18/06/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\QuickTime\qttask.exe C:\HP\KBD\KBD.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\VM_STI.EXE C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com.cn R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ixquick.com/fra/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://seek.3721.com/srchasst.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com.cn R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr10.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://seek.3721.com/srchasst.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://seek.3721.com/srchcust.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O16 - DPF: {59CCB4A0-727D-11CF-AC36-00AA00A47DD2} (Timer Object) - http://activex.microsoft.com/controls/iexp...x86/ietimer.cab O16 - DPF: {983AB2CC-3D50-11D9-ADFE-00062919A34C} (ActiveXUpload.UserCtrl) - http://www.photoservice.com/activeX/newUpload.CAB O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...AdSignerADP.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

salut Tornado voila, j'ai terminé ta procédure. ça a pris du tps ms ça s'est bien passé. pour ZoneAlarm, c'est seulement la version de base que j'ai. Je n'ai pas pu configurer ttes les options dt ils parlent ds le tuto questions: qu'est-ce q Sonic update manager ? et qu'est-ce q msicuu2.exe qui correspond à l'application Win32 Cabinet Self-Extractor ? (j'ai ça sur mon bureau c'est peut-être un des programme que tu m'as fait télécharger?) sinon, je relancerai un scan Antivir pour voir s'il reste qqch de nocif sur mon PC A+

ils sont marrants tes petits bonhommes ! encore désolé, mais je ne comprend pas : "EDIT : Voilà... c'est fait !" tu ne m'as pas mis le lien ? où dois-je aller chercher ?

salut tornado j'ai commencé à suivre ta procédure mais je suis bloqué à la désinstallation de Norton : le lien que tu as mis vers le tuto est le même que celui de Windows update. J'attend dc de savoir comment le désinstaller proprement ; sinon je compte prendre l'option ZoneAlarm+Antivir(que tu m'as déjà fait télécharger) A+

salut Tornado j'ai supprimé les clés vertes de JV16 et après 2 redémarrages, a priori aucun problème. Si j'ai bien compris je garde JV16 et je supprime Regseeker. J'ai supprimé regseeker par l'explorateur j'attend tes nouvelles instructions A+

salut Tornado Maintenant visiblement Windows ne tente plus d'installer qqchose au démarrage. je dois garder tt les logiciels que tu m'as fais télécharger ? pour Norton, je veux bien en mettre un autre à la place, mais seulement à la condition qu'il soit + efficace et gratuit (si possible pas trop compliqué aussi ) pour les mises à jour Windows, merci je viens de les faire et je les ferai les prochaines fois que ça m'est demandé A+

ah ! merci Tornado ça a marché ! Windows tente maintenant d'installer autre chose, mais je n'ai plus de msg d'erreur comment puis-je maintenant désinstaller msicuu2.exe et les autres logiciels qui ne me servent plus ? que dois-je garder comme antivirus ou anti-malware ou pare-feu... (le moins possible ce serait bien !) dernière question : Windows me propose parfois des mises à jour automatiques au démarrage. Faut-il les lancer ? merci encore

merci oui je suis patient j'ai supprimé blbeta.exe et killbox (et ses ss-dossiers) pr le reste, je reviens seulemt mardi soir (pas pressé!)

salut Tornado - c'est après la question "voulez-vous vraiment ajouter...au registre" que l'accès au registre ne fonctionne pas (pr le backup Regseeker) - le fichier clebidon.reg a bien été inscrit au registre - j'ai défragmenté mon disque il y a environ 2 semaines, en même temps que les opérations de nettoyage du virus. Mais j'aimerais bien optimiser le démarrage de mon pc car c'est devenu bien long ! - j'ai voulu supprimer les programmes blbeta et Killbox mais je ne les ai pas trouvé ni dans panneau de config/suppression de prog, ni dans l'explorateur (à part un dossier killbox que je n'arrive pas d'ailleurs à supprimer. Puis-je supprimer uniquement ces 2 fichiers .exe présents sur mon bureau ou dois-je supprimer d'autres fichiers ailleurs ? merci A+

...as d'un + grd nb de programmes et fichiers sur mon ordi. Il faudra qd même que je dégage (tous ?) les programmes téléchargés pour venir à bout de ce virus : jv16 PowerTools, Ewido, hijackthis, ATF-Cleaner, EClea2_0, Activescan (Panda), Antivir, blbeta, Avira, Killbox... A+

salut tornado j'ai uploadé le fichier .zip : The download link is: http://www.sendspace.com/file/9kcvui sinon, j'ai lu l'averstismt contre les P2P et je comprend maintenant que si mon ordi met bcp plus de tps à démarrer qu'avant (et + lent aussi), c'est sans doute à cause d'Emule et non p

oups! mon msg était effectivmt trop long je ne vais donc pas mettre la suite du backup (à moins que tu ne me le demandes!) sinon, j'ai vidé le dossier de sauvegarde d'Hijackthis et j'ai lancé le scan Blacklight dont voici le rapport (rien de trouvé) : 05/21/06 18:57:16 [info]: BlackLight Engine 1.0.36 initialized 05/21/06 18:57:16 [info]: OS: 5.1 build 2600 (Service Pack 1) 05/21/06 18:57:17 [Note]: 7019 4 05/21/06 18:57:17 [Note]: 7005 0 05/21/06 18:59:16 [Note]: 7006 0 05/21/06 18:59:16 [Note]: 7011 1576 05/21/06 18:59:17 [Note]: 7026 0 05/21/06 18:59:17 [Note]: 7026 0 05/21/06 18:59:53 [Note]: FSRAW library version 1.7.1015 05/21/06 19:06:44 [Note]: 7006 0 05/21/06 19:06:44 [Note]: 7011 1576 05/21/06 19:06:44 [Note]: 7026 0 05/21/06 19:06:44 [Note]: 7026 0 05/21/06 19:06:47 [Note]: FSRAW library version 1.7.1015 05/21/06 19:10:43 [Note]: 7007 0 A+

salut Tornado j'ai le champ Les options du message et Les icônes de message mais pas celui des fichiers joints ! ja crains que ça fasse trop long mais je peux coller le contenu du backup de Regseeker : REGEDIT4 [HKEY_USERS\S-1-5-21-1425526919-2998857824-1433055648-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Administrative Tools"="C:\\Documents and Settings\\Propriétaire\\Menu Démarrer\\Programmes\\Outils d'administration" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\Namespace] "RemoteDelta"="C:\\WINDOWS\\system32\\config\\systemprofile\\Local Settings\\Application Data\\Microsoft\\Windows Media\\9.0\\WMSDKNSR.XML" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP] "Block"="c:\\hp\\tmp" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\EN] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\FR] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\MX] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NL] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NW] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SP] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SW] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\UK] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\US] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Administrative Tools"="C:\\WINDOWS\\system32\\config\\systemprofile\\Menu Démarrer\\Programmes\\Outils d'administration" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\EN] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\FR] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\MX] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NL] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\NW] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SP] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\SW] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\UK] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\HP\US] [HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Setup\CreatedLinks] "Shortcut1"="C:\\Documents and Settings\\Default User\\Menu Démarrer\\Programmes\\Lecteur Windows Media.lnk" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3] "$DLL"="%SystemRoot%\\system32\\MsSip3.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2] "$DLL"="%SystemRoot%\\system32\\MsSip2.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1] "$DLL"="%SystemRoot%\\system32\\MsSip1.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog] "DefaultLogFileFolder"="%SystemDrive%\\PerfLogs" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sunkfiltp] "ImagePath"="\\??\\C:\\WINDOWS\\System32\\Drivers\\sunkfiltp.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sunkfiltp\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidServ\Parameters] "ServiceDll"="%SystemRoot%\\System32\\hidserv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServSessDir] "EventMessageFile"="%SystemRoot%\\System32\\tssdis.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent] "EventMessageFile"="%SystemRoot%\\System32\\polagent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib] "EventMessageFile"="%SystemRoot%\\System32\\ospfmib.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF] "EventMessageFile"="%SystemRoot%\\System32\\ospf.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2] "EventMessageFile"="%SystemRoot%\\System32\\iprip2.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP] "EventMessageFile"="%SystemRoot%\\System32\\ipbootp.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2] "EventMessageFile"="%SystemRoot%\\System32\\igmpv2.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System] "EventMessageFile"="%systemroot%\\system32\\stisvc.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\abiosdsk] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\abp480n5] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\acpi] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\Drivers\\acpi.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\acpiec] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\Drivers\\acpiec.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\adiusbaw] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\adpu160m] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aha154x] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aic78u2] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aic78xx] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Alerter] "EventMessageFile"="%SystemRoot%\\System32\\netmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\aliide] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\Drivers\\AliIde.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdK7] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\drivers\\amdk7.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ami0nt] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\amsint] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\apphelp] "EventMessageFile"="%SystemRoot%\\System32\\apphelp.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Application Popup] "EventMessageFile"="%SystemRoot%\\System32\\ntdll.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Arp1394] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\asc] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\asc3350p] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\asc3550] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\AsyncMac] "EventMessageFile"="%SystemRoot%\\System32\\mprmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\atapi] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\atdisk] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Ati HotKey Poller] "EventMessageFile"="C:\\WINDOWS\\System32\\Ati2evxx.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ati2mtag] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\drivers\\ati2mtag.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Atmarpc] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\beep] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\BITS] "EventMessageFile"="%systemroot%\\system32\\xpob2res.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Browser] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cbidf2k] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cd20xrnt] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdaudio] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdfs] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Cdm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cdrom] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\changer] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cmdide] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\Drivers\\CmdIde.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\cpqarray] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\dac2w2k] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\dac960nt] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DCOM] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DfsDriver] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DfsSvc] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dhcp] "EventMessageFile"="%SystemRoot%\\System32\\dhcpcsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DirectX] "EventMessageFile"="%SystemRoot%\\System32\\spmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\disk] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Distributed Link Tracking Client] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\dmboot] "EventMessageFile"="%SystemRoot%\\System32\\Drivers\\dmboot.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\dmio] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\Drivers\\dmio.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dnsapi] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Dnscache] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\dpti2o] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\efs] "EventMessageFile"="%SystemRoot%\\System32\\lsasrv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\EL90XBC] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\eventlog] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fastfat] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fdc] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\Drivers\\fdc.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\FETNDISB] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Fips] "EventMessageFile"="%SystemRoot%\\System32\\Drivers\\fips.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\flpydisk] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\Drivers\\flpydisk.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\FsVga] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\drivers\\fsvga.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\fs_rec] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ftdisk] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\Drivers\\FtDisk.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Gestionnaire de session d'aide sur le Bureau à distance] "EventMessageFile"="C:\\WINDOWS\\system32\\sessmgr.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\hpn] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\i2omgmt] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\i2omp] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\i8042prt] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\drivers\\i8042prt.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ialm] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ini910u] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\intelide] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\Drivers\\IntelIde.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Internet Explorer 6] "EventMessageFile"="%SystemRoot%\\System32\\spmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPMGM] "EventMessageFile"="%SystemRoot%\\System32\\rtm.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPNATHLP] "EventMessageFile"="%SystemRoot%\\System32\\ipnathlp.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRouterManager] "EventMessageFile"="%SystemRoot%\\System32\\mprmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPSec] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXCP] "EventMessageFile"="%SystemRoot%\\System32\\mprmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXRIP] "EventMessageFile"="%SystemRoot%\\System32\\mprmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXRouterManager] "EventMessageFile"="%SystemRoot%\\System32\\mprmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\IPXSAP] "EventMessageFile"="%SystemRoot%\\System32\\mprmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\isapnp] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\drivers\\isapnp.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdclass] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\drivers\\kbdclass.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Kerberos] "EventMessageFile"="%SystemRoot%\\System32\\kerberos.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\lbrtfdc] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\Drivers\\lbrtfdc.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LDM] "EventMessageFile"="%SystemRoot%\\System32\\dmadmin.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LDMS] "EventMessageFile"="%SystemRoot%\\System32\\dmserver.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LmHosts] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv] "EventMessageFile"="%SystemRoot%\\System32\\lsasrv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Modem] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\Drivers\\Modem.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mouclass] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\drivers\\mouclass.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mouhid] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\drivers\\mouhid.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\mraid35x] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MRxDAV] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MrxSmb] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll;%SystemRoot%\\System32\\iologmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\msadlib] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\msfs] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Mup] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ndis] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NdisIP] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NdisWan] "EventMessageFile"="%SystemRoot%\\System32\\mprmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetBIOS] "EventMessageFile"="%SystemRoot%\\System32\\iologmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetBT] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NetDDE] "EventMessageFile"="%SystemRoot%\\System32\\netdde.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Netlogon] "EventMessageFile"="%SystemRoot%\\System32\\netmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NIC1394] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Nla] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Nokia USB Phone Parent] "EventMessageFile"="%SystemRoot%\\System32\\nmwcdlog.dll;%SystemRoot%\\System32\\drivers\\nmwcd.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\npfs] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ntfs] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\NtServicePack] "EventMessageFile"="%SystemRoot%\\System32\\spmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\null] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\nv] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\drivers\\nv4_mini.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Outlook Express 6] "EventMessageFile"="%SystemRoot%\\System32\\spmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\parport] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\drivers\\parport.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\partmgr] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\parvdm] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\Drivers\\ParVdm.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\pci] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\Drivers\\Pci.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\pciide] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\Drivers\\PciIde.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\pcmcia] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\Drivers\\Pcmcia.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\perc2] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PlugPlayManager] "EventMessageFile"="%SystemRoot%\\System32\\umpnpmgr.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PptpMiniport] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Print] "EventMessageFile"="%SystemRoot%\\System32\\LocalSpl.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Processor] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\drivers\\processr.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PS2] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\drivers\\PS2.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PSched] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\PxHelp20] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql1080] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql10wnt] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql12160] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql1240] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ql1280] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RasAuto] "EventMessageFile"="%SystemRoot%\\System32\\mprmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RasMan] "EventMessageFile"="%SystemRoot%\\System32\\mprmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Rdbss] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\redbook] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\drivers\\redbook.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RemoteAccess] "EventMessageFile"="%SystemRoot%\\System32\\mprmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RSVP] "EventMessageFile"="%SystemRoot%\\System32\\rsvpmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM] "EventMessageFile"="%SystemRoot%\\System32\\samsrv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Save Dump] "EventMessageFile"="%SystemRoot%\\System32\\SaveDump.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\savrt] "EventMessageFile"="c:\\PROGRA~1\\NORTON~1\\savrt.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SCardSvr] "EventMessageFile"="%SystemRoot%\\System32\\SCardSvr.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel] "EventMessageFile"="%SystemRoot%\\system32\\lsasrv.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Schedule] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\scsiport] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\serial] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\drivers\\serial.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Server] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Service Control Manager] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Service de stockage amovible] "EventMessageFile"="%SystemRoot%\\System32\\NTMSEVT.DLL" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Setup] "EventMessageFile"="%SystemRoot%\\System32\\syssetup.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sfloppy] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SideBySide] "EventMessageFile"="%SystemRoot%\\System32\\sxs.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Simbad] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SiS315] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\drivers\\sisgrp.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sndblst] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Software Restriction Policy] "EventMessageFile"="%SystemRoot%\\System32\\ntdll.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sparrow] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sr] "EventMessageFile"="C:\\WINDOWS\\System32\\IoLogMsg.dll;C:\\WINDOWS\\System32\\DRIVERS\\sr.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\srservice] "EventMessageFile"="C:\\WINDOWS\\System32\\srsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Srv] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SSDPSRV] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage] "EventMessageFile"="%SystemRoot%\\System32\\wiaservc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\symc810] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\symc8xx] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sym_hi] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\sym_u3] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\System] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\System Error] "EventMessageFile"="%SystemRoot%\\System32\\faultrep.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Tcpip] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon] "EventMessageFile"="%SystemRoot%\\System32\\tcpmon.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\tdi] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TermDD] "EventMessageFile"="%SystemRoot%\\System32\\ntdll.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServDevices] "EventMessageFile"="%SystemRoot%\\System32\\wlnotify.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TermService] "EventMessageFile"="%SystemRoot%\\System32\\termsrv.dll;%SystemRoot%\\System32\\ntdll.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServSessDir] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\toside] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\Drivers\\TosIde.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\udfs] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ultra] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\UPS] "EventMessageFile"="%SystemRoot%\\System32\\netmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\USER32] "EventMessageFile"="%SystemRoot%\\System32\\user32.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\VgaSave] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\Drivers\\vga.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\viagfx] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\drivers\\vtmini.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\viaide] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\Drivers\\ViaIde.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\VolSnap] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\Drivers\\VolSnap.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\W32Time] "EventMessageFile"="C:\\WINDOWS\\System32\\w32time.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Win32k] "EventMessageFile"="%SystemRoot%\\System32\\win32k.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows File Protection] "EventMessageFile"="%SystemRoot%\\System32\\sfc_os.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Installer 3.1] "EventMessageFile"="%SystemRoot%\\System32\\spmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Script Host] "EventMessageFile"="%SystemRoot%\\System32\\wshext.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Update Agent] "EventMessageFile"="%SystemRoot%\\system32\\wuaucpl.cpl" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WindowsMedia] "EventMessageFile"="%SystemRoot%\\System32\\spmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Workstation] "EventMessageFile"="%SystemRoot%\\System32\\netmsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\WZCSVC] "EventMessageFile"="%SystemRoot%\\System32\\wzcsvc.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\{6080A529-897E-4629-A488-ABA0C29B635E}] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\system32\\drivers\\ialmsbw.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\{D31A0762-0CEB-444e-ACFF-B049A1F6FE91}] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\system32\\drivers\\ialmkchw.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Installation] "EventMessageFile"="%SystemRoot%\\System32\\appmgr.dll" "TypesSupported"=dword:00000007 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ntbackup] "EventMessageFile"="%SystemRoot%\\System32\\ntbackup.exe" "TypesSupported"=dword:00000007 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LiveUpdate] "EventMessageFile"="C:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.exe" "TypesSupported"=dword:00000007 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Folder Redirection] "EventMessageFile"="%SystemRoot%\\System32\\fdeploy.dll" "ParameterMessageFile"="%SystemRoot%\\System32\\kernel32.dll" "TypesSupported"=dword:00000007 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\File Deployment] "EventMessageFile"="%SystemRoot%\\System32\\fdeploy.dll" "ParameterMessageFile"="%SystemRoot%\\System32\\kernel32.dll" "TypesSupported"=dword:00000007 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Management] "EventMessageFile"="%SystemRoot%\\System32\\appmgmts.dll" "ParameterMessageFile"="%SystemRoot%\\System32\\kernel32.dll" "TypesSupported"=dword:00000007 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters] "ServiceDll"="%SystemRoot%\\System32\\appmgmts.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "Posix"="%SystemRoot%\\system32\\psxss.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl] "MinidumpDir"="%SystemRoot%\\Minidump" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl] "DumpFile"="%SystemRoot%\\MEMORY.DMP" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001] "LoggingPath"="C:\\WINDOWS\\ModemLog_Nokia 6630 USB.txt" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Answer] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Clients] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Clients\Ras] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Hangup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Init] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Monitor] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Settings] [HKEY_LOCAL_MACHINE\SYSTEM\Setup] "uniqueid"="C:\\WINDOWS\\JKB" [HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\PlugPlay] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\ProtectedStorage] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\Rpcss] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\SamSs] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\AllowStart\WS2IFSL] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Pid] [HKEY_LOCAL_MACHINE\SYSTEM\Setup\Preinstall] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001] "LoggingPath"="C:\\WINDOWS\\ModemLog_Nokia 6630 USB.txt" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Answer] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Clients] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Clients\Ras] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Hangup] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Init] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Monitor] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Settings] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinTrust\SubjectPackages\MS Subjects 3] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinTrust\SubjectPackages\MS Subjects 2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinTrust\SubjectPackages\MS Subjects 1] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysmonLog] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysmonLog\Log Queries] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sunkfiltp] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sunkfiltp\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidServ\Parameters] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\TermServSessDir] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\PolicyAgent] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\OSPFMib] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\OSPF] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPRIP2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IPBOOTP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\IGMPv2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\abiosdsk] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\abp480n5] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\acpi] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\Drivers\\acpi.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\acpiec] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll;%SystemRoot%\\System32\\Drivers\\acpiec.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\adiusbaw] "EventMessageFile"="%SystemRoot%\\System32\\netevent.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\adpu160m] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aha154x] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aic78u2] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\aic78xx] "EventMessageFile"="%SystemRoot%\\System32\\IoLogMsg.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Alerter] "EventMessageFile"="%SystemRo

"C'est donc le fichier .reg qui pose problème ... Pourrais tu l'uploader ? Pour cela, fais-ceci dans ton prochaine réponse : - Depuis le champ "fichiers joints", choisis parcourir..." salut Tornado je ne comprend pas où trouver le champ fichier joint ??? sinon, j'ai fait la procédure, voici le rapport de Panda : Incident Statut Analyse Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\Propriétaire\Cookies\propriétaire@as1.falkag[2].txt Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Propriétaire\Cookies\propriétaire@bluestreak[1].txt Spyware:Cookie/Go No Désinfecté C:\Documents and Settings\Propriétaire\Cookies\propriétaire@go[2].txt Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\Propriétaire\Cookies\propriétaire@hitbox[1].txt Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\Propriétaire\Cookies\propriétaire@microsofteup.112.2o7[1].txt Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\Propriétaire\Cookies\propriétaire@overture[2].txt Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Propriétaire\Cookies\propriétaire@weborama[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Propriétaire\Cookies\propriétaire@xiti[1].txt Outil indésirable:Application/HideWindow.A No Désinfecté C:\hp\bin\FondleWindow.exe Outil indésirable:Application/KillApp.B No Désinfecté C:\hp\bin\KillIt.exe Adware:Adware/BaiduBar No Désinfecté C:\Program Files\HijackThis\backups\backup-20060429-131856-974.dll et maintenant celui d'HijackThis : Logfile of HijackThis v1.99.1 Scan saved at 13:37:35, on 20/05/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe c:\Program Files\Norton Personal Firewall\NISUM.EXE c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe c:\Program Files\Norton Personal Firewall\ccPxySvc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\WINDOWS\System32\ctfmon.exe C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\msiexec.exe c:\Program Files\Norton AntiVirus\SAVScan.exe c:\WINDOWS\System32\MsiExec.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\eMule\emule.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http ://srch-fr10.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http ://www.ixquick.com/fra/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http ://srch-fr10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http ://srch-fr10.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http ://fr10.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C: \Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021 \fr\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c: \Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c: \Program Files\HP\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C: \WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1 \SNDMon.exe /Consumer O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask. exe" -atboottime O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl .dll,NvStartup O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper .exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8 EE8-6164457517F0}\hphupd05.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6 \PcSync2.exe /NoDialog O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1 \Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF- AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C 04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {59CCB4A0-727D-11CF-AC36-00AA00A47DD2} (Timer Object) - http://activex.microsoft.com/controls/iexp...x86/ietimer.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{ABA0D9A8-CACA-4588-8AFE-9FDA0 D6B0FB5}: NameServer = 217.19.192.132 217.19.192.131 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32 \Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C: \Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C: \Program Files\iPod\bin\iPodService.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM .EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C: \Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC .exe A bientôt !