Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[résolu] analyse Hijackthis?

sharel

Par sharel
dans Analyses et éradication malwares

 Partager

Messages recommandés

sharel Mega Power Member

sharel

Posté(e)
Posté(e) (modifié)

Bonjour,

alors voila je vous expose mon problème, j'ai le pc d'un copain infecté chez moi et je lui ai proposer de lui nettoyer avec avira antivir, spybot et ad-aware 2007.

son pc met énormément de temps au démarrage, le son au démarrage est hachuré, et le pc ram a mort.

tout cela est arrivé d'un coup d'après se qu'il ma dit donc j'ai directement pensé a une inféction. de plus il m'a dit qu'il utilise norton anti virus et qu'il ne l'a pas mis a jour depuis des années.

l'analyse spybot a donné une entrée, FunWebProducts

l'analyse ad-aware n'a rien donné,

l'analyse avira a trouvé 2 malware, voici les rapports

 

"Virus or unwanted program 'DR/Shopper.L.8 [dropper]'

detected in file 'C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP204\A0061228.exe.

Action performed: Delete file"

 

"Virus or unwanted program 'DR/Shopper.L.8 [dropper]'

detected in file 'C:\Program Files\MultiMedia France Toolbar\MultiMedia - Installer.exe.

Action performed: Delete file"

 

malgres les analyses les problemes persistes dont 1, des que je clique sur le disque dur il me disent "windows ne trouve pas copy.exe" et apres une recherche sur le net il s'avere que sa serai un virus.

Donc je viens vous demander un conseil, es que je doit faire une analyse hijackthis, et si oui comment?

 

merci d'avance pour vos réponses.

Modifié par sharel

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut et bienvenue :P

 

J'aimerai que tu postes le rapport suivant stp >>

 

Télécharge Deckard's System Scanner (DSS) sur ton bureau.

Tu dois possèder les droits administrateurs pour le lancer.

  • Ferme toutes les applications en cours (fenêtres internet etc...)
  • Double-clique sur dss.exe pour lancer le programme.
  • DSS va afficher un message et te proposer d'installer Hijackthis: clique sur OUI.
  • Un nouveau message va te demander de t'assurer que ton pare-feu (si tu en as un) accepte bien la connexion de DSS.exe à internet: clique sur OK et donne lui l'accès si tu reçois une alerte de ton pare-feu.
  • Lorsque le scan est terminé, deux fichiers texte vont s'ouvrir.
  • Poste le contenu du rapport nommé main.txt
  • Si tu ne vois pas le rapport, tu le trouvera dans le dossier suivant > C:\Deckard\System Scanner

Que fait DSS ? >

  • Il créé un point de restauration pour Windows Xp et Vista.
  • Il nettoie les fichiers temporaires, le contenu du dossier Downloaded Program Files, le cache internet,et vide aussi la corbeille sur tous les lecteurs.
  • Il contrôle quelques points névralgiques du système et produit un rapport à soumettre à un analyste.
  • DSS lance automatiquement HijackThis,si tu ne possèdes pas ce programme, il va l'installer et créer un raccourci sur le bureau.

sharel Mega Power Member

sharel

Posté(e)
  • Auteur
Posté(e)

Voici le raport:

 

Deckard's System Scanner v20071014.68

Run by Kévin on 2008-05-14 14:13:04

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- System Restore --------------------------------------------------------------

 

Successfully created a Deckard's System Scanner Restore Point.

 

 

-- Last 5 Restore Point(s) --

32: 2008-05-14 12:14:02 UTC - RP206 - Deckard's System Scanner Restore Point

31: 2008-05-14 11:44:05 UTC - RP205 - Software Distribution Service 3.0

30: 2008-05-12 15:10:17 UTC - RP204 - Installé Ad-Aware 2007

29: 2008-05-12 14:39:18 UTC - RP203 - Avira AntiVir Personal - 12/05/2008 16:38

28: 2008-05-11 20:31:04 UTC - RP202 - Point de vérification système

 

 

-- First Restore Point --

1: 2008-04-02 21:47:59 UTC - RP175 - Point de vérification système

 

 

Backed up registry hives.

Performed disk cleanup.

 

 

 

-- HijackThis Clone ------------------------------------------------------------

 

 

Emulating logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2008-05-14 14:18:17

Platform: Windows XP Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Acer\Acer Arcade\PCMService.exe

C:\Program Files\Launch Manager\LaunchAp.exe

C:\Program Files\Launch Manager\HotkeyApp.exe

C:\Program Files\Launch Manager\OSDCtrl.exe

C:\Program Files\Launch Manager\WButton.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Acer\OrbiCam\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Documents and Settings\Kévin\Bureau\dss.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll (file missing)

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll

O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"

O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"

O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"

O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"

O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [imageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe

O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Acer Empowering Technology.lnk = ?

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.9.0.1407.1107.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.9.0.1407.1107.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe

O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPCap\rpcapd.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

 

 

--

End of file - 13433 bytes

 

-- File Associations -----------------------------------------------------------

 

All associations okay.

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R0 UBHelper - c:\windows\system32\drivers\ubhelper.sys

R1 Hotkey - c:\windows\system32\drivers\hotkey.sys

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>

R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>

R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>

R2 int15 - c:\windows\system32\drivers\int15.sys

R2 s24trans (Transport RLAN) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

R2 tvicport - c:\windows\system32\drivers\tvicport.sys <Not Verified; EnTech Taiwan; TVicPort Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>

R2 zntport - c:\windows\system32\drivers\zntport.sys <Not Verified; Zeal SoftStudio; NTPort Library>

R3 LVPrcMon (Logitech LVPrcMon Driver) - c:\windows\system32\drivers\lvprcmon.sys

R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

R3 psdfilter - c:\windows\system32\drivers\psdfilter.sys <Not Verified; HiTRUST; >

R3 psdvdisk - c:\windows\system32\drivers\psdvdisk.sys <Not Verified; HiTRUST; >

 

S1 Wbutton - c:\windows\system32\drivers\wbutton.sys (file missing)

S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R2 AcerMemUsageCheckService (Memory Check Service) - c:\acer\empowering technology\eperformance\memcheck.exe <Not Verified; Acer Inc.; >

R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>

R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\acer\acer arcade\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>

R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\acer\acer arcade\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>

R2 CyberLink Media Library Service - "c:\program files\acer\acer arcade\kernel\clml_ntservice\clmlserver.exe" <Not Verified; Cyberlink; Cyberlink Media Library Server>

R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>

R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

 

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe (file missing)

S3 NMIndexingService - "c:\program files\fichiers communs\ahead\lib\nmindexingservice.exe" (file missing)

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Intel® PRO/Wireless 3945ABG Network Connection

Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10018086&REV_02\4&2803E7C1&0&00E2

Manufacturer: Intel Corporation

Name: Intel® PRO/Wireless 3945ABG Network Connection

PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10018086&REV_02\4&2803E7C1&0&00E2

Service: w39n51

 

 

-- Files created between 2008-04-14 and 2008-05-14 -----------------------------

 

2008-05-12 23:47:00 0 d-------- C:\WINDOWS\pss

2008-05-12 17:13:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-12 17:10:45 0 d-------- C:\Program Files\Lavasoft

2008-05-12 17:10:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-05-12 17:05:43 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-05-12 16:39:56 0 d-------- C:\Program Files\Avira

2008-05-12 16:39:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-05-09 23:36:54 0 d-------- C:\Program Files\GUILD WARS

2008-04-25 06:52:36 0 d-------- C:\Documents and Settings\Kévin\Tracing

2008-04-14 11:52:15 0 d-------- C:\Program Files\Fichiers communs\SWF Studio

 

 

-- Find3M Report ---------------------------------------------------------------

 

2008-04-26 20:11:32 116628 --a------ C:\WINDOWS\War3Unin.dat

2008-04-19 18:30:12 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >

2008-04-18 13:56:08 1276 --a------ C:\Documents and Settings\Kévin\Application Data\QuickZip45.ini

2008-04-13 09:11:36 476522 --a------ C:\WINDOWS\system32\perfh00C.dat

2008-04-13 09:11:36 78346 --a------ C:\WINDOWS\system32\perfc00C.dat

2008-04-12 18:38:18 0 d-------- C:\Program Files\Windows Live

2008-03-29 17:02:52 0 d-------- C:\Program Files\GameSpy Arcade

2008-03-04 22:36:22 2829 --a------ C:\WINDOWS\War3Unin.pif

2008-03-04 22:36:22 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>

2008-02-19 15:22:26 23847 --a------ C:\Documents and Settings\Kévin\Application Data\dcdl_prefs

2008-02-17 12:25:14 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"preload"="C:\Windows\RUNXMLPL.exe" [19/05/2005 17:09]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [16/12/2005 16:32]

"RTHDCPL"="RTHDCPL.EXE" [11/01/2006 17:23 C:\WINDOWS\RTHDCPL.exe]

"Alcmtr"="ALCMTR.EXE" [03/05/2005 18:43 C:\WINDOWS\Alcmtr.exe]

"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [11/06/2005 19:51]

"AGRSMMSG"="AGRSMMSG.exe" [09/09/2005 11:20 C:\WINDOWS\AGRSMMSG.exe]

"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [11/05/2005 17:15]

"@"="" []

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [05/08/2004 05:00]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [05/08/2004 05:00]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [05/08/2004 05:00]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [05/08/2004 05:00]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [19/01/2006 00:43]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [19/01/2006 00:43]

"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [23/03/2006 00:12]

"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [25/07/2005 13:36]

"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [19/04/2006 15:08]

"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [16/09/2003 14:28]

"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [25/07/2005 10:45]

"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [20/04/2006 09:23]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [17/03/2006 15:00]

"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [30/03/2006 18:47]

"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [15/03/2006 22:12]

"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [31/03/2006 16:39]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [28/04/2006 16:43]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [06/04/2006 19:22]

"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [06/04/2006 19:00]

"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [06/04/2006 19:06]

"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [01/11/2004 18:22]

"ImageItEncrypt"="C:\WINDOWS\system32\ImageItEncrypt.exe" [30/12/2005 14:02]

"EoEngine"="C:\Program Files\EoRezo\EoEngine.exe" []

"EoWeather"="" []

"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [17/04/2004 11:41]

"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [13/04/2004 05:07]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [25/12/2007 00:47]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [25/01/2008 18:54]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12/02/2008 10:06]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 05:00]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [07/11/2007 15:34]

"Steam"="c:\program files\steam\steam.exe" [09/05/2008 22:41]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" []

"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" []

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [27/01/2008 11:41]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [24/08/2007 14:46:20]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c15fa99c-202b-11dd-9105-0013024bbc56}]

Auto\command- AdobeR.exe e

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb45b3ef-523d-11dc-8f7d-806d6172696f}]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

 

 

 

 

-- Hosts -----------------------------------------------------------------------

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

 

8373 more entries in hosts file.

 

 

-- End of Deckard's System Scanner: finished at 2008-05-14 14:20:24 ------------

Thanos Devil Member !

Thanos

Posté(e)
Posté(e) (modifié)

salut :P

 

On peux voir que la principale infection a été éradiquée (sans doute par Antivir).

De quoi s'agissait t'il ?

Une infection qui se propage via les supports amovibles (clés usb/disque dur amovibles etc).

Je te conseille de lire ce très bon topic de Gof qui explique le processus en détail > http://forum.zebulon.fr/infections-par-sup...es-t131959.html

L'infection n'est manifestement plus présente, ce qui explique le message que tu reçois au démarrage du pc >

"windows ne trouve pas copy.exe"

Ne t'étonne pas du fait que le pc rame...! il y a un nombre impressionnant d'applications qui se lancent au démarrage du pc. On va faire le ménage.

Notes:

- EoRezo est un logiciel connu pour afficher des pubs.

- Fais les manipulations qui suivent dans l'ordre .

 

1) Commence par désactiver le teatimer de Spybot en passant par les options de Spybot: une fois dans le logiciel, il faut aller dans le menu "Mode" => coche "Mode avancé" => "Outils"(en bas de page)=> "Résident" => et tu décoches cette case: "Résident Teatimer" . Tu ne doit plus voir l'icône du Teatimer dans la barre de tâches!

Ne fais pas l'impasse sur cette étape, car ca peut faire échouer la procédure de désinfection !

Tu réactiveras cette protection plus tard si tu le désire.

 

2) Passe par le menu Démarrer/Panneau de Configuration > Ajouter/Supprimer des Programmes et désinstalle ces programmes si tu trouves >>

 

EoRezo

Ask Toolbar

 

3) Démarre Hijackthis, clique sur "Do a system scan only", et coche les lignes suivantes :

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

 

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (file missing)

 

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

 

O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll (file missing)

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

 

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

-Ferme tous les programmes et clique sur "Fix Checked"

 

Note: certaines lignes n'apparaitront peut être plus, ne t'étonne pas et continue la procédure.

 

4) Avant de faire l'étape qui suit, n'oublie pas brancher ta clé usb/ton disque dur externe.

 

Télécharge Malwarebyte's sur ton Bureau.

 

Installe et lance un scan complêt du pc avec Malwarebyte's: une fois le nettoyage achevé, un rapport va apparaitre, poste le.

Note: il est fort possible que ton pc doive redémarrer pour terminer le nettoyage.

Suis les indications pas-à-pas du tutoriel en images de bobette marlow, pour effectuer ce scan > http://forum.telecharger.01net.com/microhe...messages-1.html

 

5) Rend toi sur cette page afin de télécharger le fichier look.bat > http://www.sendspace.com/file/b10s3e

pour cela, clique sur le lien en bas de page > pointright.gifDownload Link: look.bat

Double-clique sur le fichier>> un rapport va s'afficher, poste son contenu dans ton prochain message: si le rapport est trop long, tu peux utiliser un message juste pour ce rapport, ou passer par un site qui te permettra d'héberger le fichier.

Par exemple, tu peux déposer le fichier sur ce site > http://www.cijoint.fr/

Tu cliques sur le bouton Parcourir > une fenêtre s'ouvre, copie/colle ceci à droite du champs Nom de Fichier (en bas de page) > C:\Documents and Settings\Kévin\Bureau\look.txt

clique ensuite sur le bouton Ouvrir : de retour sur la page du site, clique sur le bouton Cliquer ici pour déposer le fichier > relève l'adresse où le fichier a été déposé et poste la dans ta prochaine réponse.

 

Poste stp les rapports suivants >>

 

- le rapport de Malwarebyte's

- le rapport de look.bat

Modifié par Thanos
sharel Mega Power Member

sharel

Posté(e)
  • Auteur
Posté(e) (modifié)

Ok je m'occupe de sa par contre pour HiJackThis, dss ne m'a pas mis de raccourci sur le bureau je crois pas qu'il l'ai installer.

 

 

EDIT: Pour ask toolbar c'est fait par contre il n'y a pas EoRezo.

Il y a EoWeather et EoEngine dans l'ajout/supression, je supprime?

Modifié par sharel
Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

re!

 

Ne t'étonne pas si je tarde parfois à répondre: je quitte le boulot assez tard!

Ok je m'occupe de sa par contre pour HiJackThis, dss ne m'a pas mis de raccourci sur le bureau je crois pas qu'il l'ai installer.

Effectivement! alors tu peux le télécharger directement comme ceci >

 

Clique ICI pour télécharger le fichier d'installation d'HijackThis :

  1. Enregistre HJTInstall.exe sur ton bureau hjt.gif
  2. Double-clique sur HJTInstall.exe pour lancer le programme
  3. Par défaut, il s'installera là || C:\Program Files\Trend Micro\HijackThis
  4. Accepte la license en cliquant sur le bouton "I Accept"

Tutoriel > > http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm

 

coche puis fixe les lignes indiquées dans mon message précédent.

 

EDIT: Pour ask toolbar c'est fait par contre il n'y a pas EoRezo.

Il y a EoWeather et EoEngine dans l'ajout/supression, je supprime?

Oui, tu peux les désinstaller, mais commence d'abord par EoWeather puis EoEngine

sharel Mega Power Member

sharel

Posté(e)
  • Auteur
Posté(e) (modifié)
Ne t'étonne pas si je tarde parfois à répondre: je quitte le boulot assez tard!

 

oki pas de problem, je up juste le sujet pour ne pas qu'il change de page :P

 

voici le log malwarebytes:

Malwarebytes' Anti-Malware 1.12

Version de la base de données: 750

 

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)

Eléments examinés: 88615

Temps écoulé: 1 hour(s), 53 minute(s), 24 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

Modifié par sharel
sharel Mega Power Member

sharel

Posté(e)
  • Auteur
Posté(e)

et voici le log look.bat

 

! REG.EXE VERSION 3.0

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C

BaseClass REG_SZ Drive

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D

BaseClass REG_SZ Drive

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E

BaseClass REG_SZ Drive

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F

BaseClass REG_SZ Drive

_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5FCF5F5F

5F5F5F0001000101EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000100000009000000

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F\Shell

<SANS NOM> REG_SZ AutoRun

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F\Shell\AutoRun

<SANS NOM> REG_SZ &Exécution automatique

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F\Shell\AutoRun\command

<SANS NOM> REG_SZ C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G

BaseClass REG_SZ Drive

_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5FCF5F5F

5F5F5F0001000101EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000100000009000000

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G\Shell

<SANS NOM> REG_SZ AutoRun

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G\Shell\AutoRun

<SANS NOM> REG_SZ &Exécution automatique

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G\Shell\AutoRun\command

<SANS NOM> REG_SZ C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0286bb66-da33-11dc-9096-9a651123ff07}

BaseClass REG_SZ Drive

_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5F010001

00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000010000008060000

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0286bb66-da33-11dc-9096-9a651123ff07}\shell

<SANS NOM> REG_SZ None

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0286bb66-da33-11dc-9096-9a651123ff07}\shell\Autoplay

MUIVerb REG_SZ @shell32.dll,-8504

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0286bb66-da33-11dc-9096-9a651123ff07}\shell\Autoplay\DropTarget

CLSID REG_SZ {f26a669a-bcbb-4e37-abf9-7325da15f931}

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dc818ae-8f72-11dc-8fef-0013024bbc56}

BaseClass REG_SZ Drive

_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5FCF5F5F

5F5F5FCFCF5F5F5F5FCFCFCFCFCF010101EEFFFFFFFFFFFFFFFFFFFFFFFFFF000010000008000000

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dc818ae-8f72-11dc-8fef-0013024bbc56}\shell

<SANS NOM> REG_SZ None

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dc818ae-8f72-11dc-8fef-0013024bbc56}\shell\Autoplay

MUIVerb REG_SZ @shell32.dll,-8504

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dc818ae-8f72-11dc-8fef-0013024bbc56}\shell\Autoplay\DropTarget

CLSID REG_SZ {f26a669a-bcbb-4e37-abf9-7325da15f931}

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2147dd42-a0df-11dc-9013-0013024bbc56}

BaseClass REG_SZ Drive

_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5FCF5F5F

5F5F5FCFCF5F5F5F5FCFCFCFCFCF010101EEFFFFFFFFFFFFFFFFFFFFFFFFFF000010000008000000

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2147dd42-a0df-11dc-9013-0013024bbc56}\shell

<SANS NOM> REG_SZ None

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2147dd42-a0df-11dc-9013-0013024bbc56}\shell\Autoplay

MUIVerb REG_SZ @shell32.dll,-8504

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2147dd42-a0df-11dc-9013-0013024bbc56}\shell\Autoplay\DropTarget

CLSID REG_SZ {f26a669a-bcbb-4e37-abf9-7325da15f931}

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b1fe236-fb71-11dc-90c7-0013024bbc56}

BaseClass REG_SZ Drive

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e9d19f0-8250-11dc-8fdd-93d7ae1aee07}

BaseClass REG_SZ Drive

_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5F005F5F

5F5F5FCFCF5F5F5F5F010100EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000010000008010000

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e9d19f0-8250-11dc-8fdd-93d7ae1aee07}\shell

<SANS NOM> REG_SZ None

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e9d19f0-8250-11dc-8fdd-93d7ae1aee07}\shell\Autoplay

MUIVerb REG_SZ @shell32.dll,-8504

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e9d19f0-8250-11dc-8fdd-93d7ae1aee07}\shell\Autoplay\DropTarget

CLSID REG_SZ {f26a669a-bcbb-4e37-abf9-7325da15f931}

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{441dadc2-5627-11dc-8f8a-0013024bbc56}

BaseClass REG_SZ Drive

_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5F005F5F

5F5F5FCFCF5F5F5F5F010100EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000010000008010000

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{441dadc2-5627-11dc-8f8a-0013024bbc56}\shell

<SANS NOM> REG_SZ None

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{441dadc2-5627-11dc-8f8a-0013024bbc56}\shell\Autoplay

MUIVerb REG_SZ @shell32.dll,-8504

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{441dadc2-5627-11dc-8f8a-0013024bbc56}\shell\Autoplay\DropTarget

CLSID REG_SZ {f26a669a-bcbb-4e37-abf9-7325da15f931}

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cc1fb92-21b0-11dd-910a-0016d3416725}

BaseClass REG_SZ Drive

_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5F005F5F

5F5F5FCFCF5F5F5F5F010100EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000010000008010000

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cc1fb92-21b0-11dd-910a-0016d3416725}\shell

<SANS NOM> REG_SZ None

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cc1fb92-21b0-11dd-910a-0016d3416725}\shell\Autoplay

MUIVerb REG_SZ @shell32.dll,-8504

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cc1fb92-21b0-11dd-910a-0016d3416725}\shell\Autoplay\DropTarget

CLSID REG_SZ {f26a669a-bcbb-4e37-abf9-7325da15f931}

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97ac3c32-d3f0-11dc-908a-df2ec696fc07}

BaseClass REG_SZ Drive

_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5F005F5F

5F5F5FCFCF5F5F5F5F010100EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000010000008040000

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97ac3c32-d3f0-11dc-908a-df2ec696fc07}\shell

<SANS NOM> REG_SZ None

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97ac3c32-d3f0-11dc-908a-df2ec696fc07}\shell\Autoplay

MUIVerb REG_SZ @shell32.dll,-8504

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97ac3c32-d3f0-11dc-908a-df2ec696fc07}\shell\Autoplay\DropTarget

CLSID REG_SZ {f26a669a-bcbb-4e37-abf9-7325da15f931}

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97ac3c33-d3f0-11dc-908a-df2ec696fc07}

BaseClass REG_SZ Drive

_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5FCF5F5F

5F5F5FCFCF5F5F5F5FCFCFCFCFCF010101EEFFFFFFFFFFFFFFFFFFFFFFFFFF000010000008000000

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97ac3c33-d3f0-11dc-908a-df2ec696fc07}\shell

<SANS NOM> REG_SZ None

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97ac3c33-d3f0-11dc-908a-df2ec696fc07}\shell\Autoplay

MUIVerb REG_SZ @shell32.dll,-8504

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97ac3c33-d3f0-11dc-908a-df2ec696fc07}\shell\Autoplay\DropTarget

CLSID REG_SZ {f26a669a-bcbb-4e37-abf9-7325da15f931}

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6a5f9ae-55aa-11dc-8f89-0016d3416725}

BaseClass REG_SZ Drive

_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5FCF5F5F

5F5F5FCFCF5F5F5F5FCFCFCFCFCF010101EEFFFFFFFFFFFFFFFFFFFFFFFFFF000010000008000000

_LabelFromReg REG_SZ Aime-paix 3

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6a5f9ae-55aa-11dc-8f89-0016d3416725}\shell

<SANS NOM> REG_SZ None

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6a5f9ae-55aa-11dc-8f89-0016d3416725}\shell\Autoplay

MUIVerb REG_SZ @shell32.dll,-8504

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6a5f9ae-55aa-11dc-8f89-0016d3416725}\shell\Autoplay\DropTarget

CLSID REG_SZ {f26a669a-bcbb-4e37-abf9-7325da15f931}

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c15fa99c-202b-11dd-9105-0013024bbc56}

BaseClass REG_SZ Drive

_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5F010001

01EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000010000009040000

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c15fa99c-202b-11dd-9105-0013024bbc56}\Shell

<SANS NOM> REG_SZ Auto

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c15fa99c-202b-11dd-9105-0013024bbc56}\Shell\Auto

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c15fa99c-202b-11dd-9105-0013024bbc56}\Shell\Auto\command

<SANS NOM> REG_SZ AdobeR.exe e

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c15fa99c-202b-11dd-9105-0013024bbc56}\Shell\Autoplay

MUIVerb REG_SZ @shell32.dll,-8504

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c15fa99c-202b-11dd-9105-0013024bbc56}\Shell\Autoplay\DropTarget

CLSID REG_SZ {f26a669a-bcbb-4e37-abf9-7325da15f931}

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c15fa99c-202b-11dd-9105-0013024bbc56}\Shell\AutoRun

Extended REG_SZ

<SANS NOM> REG_SZ &Exécution automatique

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c15fa99c-202b-11dd-9105-0013024bbc56}\Shell\AutoRun\command

<SANS NOM> REG_SZ C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c73c5370-d331-11dc-9085-0013024bbc56}

BaseClass REG_SZ Drive

_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5F005F5F

5F5F5FCFCF5F5F5F5F010100EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000010000008010000

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c73c5370-d331-11dc-9085-0013024bbc56}\shell

<SANS NOM> REG_SZ None

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c73c5370-d331-11dc-9085-0013024bbc56}\shell\Autoplay

MUIVerb REG_SZ @shell32.dll,-8504

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c73c5370-d331-11dc-9085-0013024bbc56}\shell\Autoplay\DropTarget

CLSID REG_SZ {f26a669a-bcbb-4e37-abf9-7325da15f931}

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca5f3f00-0cb0-11dd-90dc-0013024bbc56}

BaseClass REG_SZ Drive

_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5F010001

01EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000100000008070000

_LabelFromReg REG_SZ Grenier

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca5f3f00-0cb0-11dd-90dc-0013024bbc56}\shell

<SANS NOM> REG_SZ None

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca5f3f00-0cb0-11dd-90dc-0013024bbc56}\shell\Autoplay

MUIVerb REG_SZ @shell32.dll,-8504

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca5f3f00-0cb0-11dd-90dc-0013024bbc56}\shell\Autoplay\DropTarget

CLSID REG_SZ {f26a669a-bcbb-4e37-abf9-7325da15f931}

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d33c13dc-e3cf-11dc-909f-0013024bbc56}

BaseClass REG_SZ Drive

_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5FCF5F5F

5F5F5FCFCF5F5F5F5FCFCFCFCFCF010101EEFFFFFFFFFFFFFFFFFFFFFFFFFF000010000008000000

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d33c13dc-e3cf-11dc-909f-0013024bbc56}\shell

<SANS NOM> REG_SZ None

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d33c13dc-e3cf-11dc-909f-0013024bbc56}\shell\Autoplay

MUIVerb REG_SZ @shell32.dll,-8504

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d33c13dc-e3cf-11dc-909f-0013024bbc56}\shell\Autoplay\DropTarget

CLSID REG_SZ {f26a669a-bcbb-4e37-abf9-7325da15f931}

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d805f4ec-0953-11dd-90d8-0013024bbc56}

BaseClass REG_SZ Drive

_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5F010001

01EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000010000008030000

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb45b3ee-523d-11dc-8f7d-806d6172696f}

BaseClass REG_SZ Drive

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb45b3ef-523d-11dc-8f7d-806d6172696f}

BaseClass REG_SZ Drive

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb45b3ef-523d-11dc-8f7d-806d6172696f}\Shell

<SANS NOM> REG_SZ AutoRun

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb45b3ef-523d-11dc-8f7d-806d6172696f}\Shell\AutoRun

<SANS NOM> REG_SZ &Exécution automatique

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb45b3ef-523d-11dc-8f7d-806d6172696f}\Shell\AutoRun\command

<SANS NOM> REG_SZ C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb45b3f0-523d-11dc-8f7d-806d6172696f}

BaseClass REG_SZ Drive

_AutorunStatus REG_BINARY 01000100000100DFDF5F01000101EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF006000000009000000

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb45b3f0-523d-11dc-8f7d-806d6172696f}\Installer

<SANS NOM> REG_SZ install.exe

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb45b3f0-523d-11dc-8f7d-806d6172696f}\Name

<SANS NOM> REG_SZ The Sims 2 Glamour Life Stuff

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb45b3f0-523d-11dc-8f7d-806d6172696f}\_Autorun

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb45b3f0-523d-11dc-8f7d-806d6172696f}\_Autorun\DefaultIcon

<SANS NOM> REG_SZ E:\war3.ico

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edfbb14e-1e9f-11d9-9d2d-806d6172696f}

BaseClass REG_SZ Drive

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edfbb14f-1e9f-11d9-9d2d-806d6172696f}

BaseClass REG_SZ Drive

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edfbb150-1e9f-11d9-9d2d-806d6172696f}

BaseClass REG_SZ Drive

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc624798-cbbe-11da-b80c-806d6172696f}

BaseClass REG_SZ Drive

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc624799-cbbe-11da-b80c-806d6172696f}

BaseClass REG_SZ Drive

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcc25796-2134-11dd-9108-0016d3416725}

BaseClass REG_SZ Drive

_AutorunStatus REG_BINARY 01000100000100DFDF5FDF5F5F5F5FDFDF5F5F5FDFDFDF5F5F5FDFDFDF5F5FDF5F5F5F5F5F005F5F

5F5F5FCFCF5F5F5F5F010100EEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000010000008020000

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcc25796-2134-11dd-9108-0016d3416725}\shell

<SANS NOM> REG_SZ None

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcc25796-2134-11dd-9108-0016d3416725}\shell\Autoplay

MUIVerb REG_SZ @shell32.dll,-8504

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcc25796-2134-11dd-9108-0016d3416725}\shell\Autoplay\DropTarget

CLSID REG_SZ {f26a669a-bcbb-4e37-abf9-7325da15f931}

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{7cc1fb92-21b0-11dd-910a-0016d3416725}

Data REG_BINARY 360B00005C005C003F005C00530054004F0052004100470045002300520065006D006F0076006100

62006C0065004D006500640069006100230037002600320036003700380033006100320061002600

3

000260052004D0023007B00350033006600350036003300300064002D0062003600620066002D003

1

003100640030002D0039003400660032002D00300030006100300063003900310065006600620038

0

062007D0000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

5

C005C003F005C0056006F006C0075006D0065007B00370063006300310066006200390032002D003

2

003100620030002D0031003100640064002D0039003100300061002D003000300031003600640033

0

03400310036003700320035007D005C0000004D00500033000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000004600410054000000000000000000000000000000000000000000000000000000000000000

0

000000000000000000000000000000000000000000000000002F0000001100000004000000019000

0

006000000FF0000001000000000000000000000000000003000000000FFFFFFFFFFFFFFFFFFFFFFF

F

FFFFFFFFFFFFFFFF0000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000

Generation REG_DWORD 0x1

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{eb45b3ee-523d-11dc-8f7d-806d6172696f}

Data REG_BINARY 000000005C005C003F005C00530054004F005200410047004500230056006F006C0075006D006500

230031002600330030006100390036003500390038002600300026005300690067006E0061007400

7

50072006500330034004600450033003400460044004F00660066007300650074004600410030003

8

0046004300300030004C0065006E0067007400680038004300340036004500430034003000300023

0

07B00350033006600350036003300300064002D0062003600620066002D0031003100640030002D0

0

39003400660032002D003000300061003000630039003100650066006200380062007D0000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

5

C005C003F005C0056006F006C0075006D0065007B00650062003400350062003300650065002D003

5

003200330064002D0031003100640063002D0038006600370064002D003800300036006400360031

0

03700320036003900360066007D005C0000004100430045005200000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000004600410054003300320000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000100000008000000011000

0

006000000FF0000001000000035B47000000000000000003000000000FFFFFFFFFFFFFFFFFFFFFFF

F

FFFFFFFFFFFFFFFF0000

Generation REG_DWORD 0x1

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{eb45b3ef-523d-11dc-8f7d-806d6172696f}

Data REG_BINARY 000000005C005C003F005C00530054004F005200410047004500230056006F006C0075006D006500

230031002600330030006100390036003500390038002600300026005300690067006E0061007400

7

50072006500330034004600450033003400460044004F00660066007300650074003900420045003

7

00370043003000300030004C0065006E006700740068003800450033003500310043003200300030

0

023007B00350033006600350036003300300064002D0062003600620066002D00310031006400300

0

2D0039003400660032002D003000300061003000630039003100650066006200380062007D000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

5

C005C003F005C0056006F006C0075006D0065007B00650062003400350062003300650066002D003

5

003200330064002D0031003100640063002D0038006600370064002D003800300036006400360031

0

03700320036003900360066007D005C0000004100430045005200440041005400410000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000004600410054003300320000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000100000008000000011000

0

006000000FF000000100000005F4E1000000000000000003000600000FFFFFFFFFFFFFFFFFFFFFFF

F

FFFFFFFFFFFFFFFF0000

Generation REG_DWORD 0x1

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\CPC\Volume\{eb45b3f0-523d-11dc-8f7d-806d6172696f}

Data REG_BINARY 000000005C005C003F005C0049004400450023004300640052006F006D0054005300530054006300

6F00720070005F0043004400230044005600440057005F00540053002D004C003600330032004400

5

F005F005F005F005F005F005F005F005F005F005F005F005F005F005F0061006300300030005F005

F

005F005F00230035002600380035006400300063003400320026003000260030002E0031002E0030

0

023007B00350033006600350036003300300064002D0062003600620066002D00310031006400300

0

2D0039003400660032002D003000300061003000630039003100650066006200380062007D000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

5

C005C003F005C0056006F006C0075006D0065007B00650062003400350062003300660030002D003

5

003200330064002D0031003100640063002D0038006600370064002D003800300036006400360031

0

03700320036003900360066007D005C00000049006E00760061006C0069006400000000000000000

0

00000000000000000000000000000000000000000000000000000000000000000000000000000000

0

000000049006E00760061006C0069006400000000000000000000000000000000000000000000000

0

00000000000000000000000000000000000000000000000000000000000100000010000000FF0100

0

0BDADDBBABDADDBBABDADDBBABDADDBBABDADDBBA0000000000000000FFFFFFFFFFFFFFFFFFFFFFF

F

FFFFFFFFFFFFFFFF0000

Generation REG_DWORD 0x1

 

! REG.EXE VERSION 3.0

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot

AlternateShell REG_SZ cmd.exe

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys

<SANS NOM> REG_SZ FSFilter System Recovery

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}

<SANS NOM> REG_SZ Universal Serial Bus controllers

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ CD-ROM Drive

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ DiskDrive

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ Standard floppy disk controller

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ Hdc

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ Keyboard

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ Mouse

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ PCMCIA Adapters

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ SCSIAdapter

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ System

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ Floppy disk drive

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

<SANS NOM> REG_SZ Volume

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

<SANS NOM> REG_SZ Human Interface Devices

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys

<SANS NOM> REG_SZ FSFilter System Recovery

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI

<SANS NOM> REG_SZ Driver Group

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys

<SANS NOM> REG_SZ Driver

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC

<SANS NOM> REG_SZ Service

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}

<SANS NOM> REG_SZ Universal Serial Bus controllers

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ CD-ROM Drive

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ DiskDrive

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ Standard floppy disk controller

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ Hdc

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ Keyboard

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ Mouse

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ Net

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ NetClient

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ NetService

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ NetTrans

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ PCMCIA Adapters

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ SCSIAdapter

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ System

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}

<SANS NOM> REG_SZ Floppy disk drive

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

<SANS NOM> REG_SZ Volume

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

<SANS NOM> REG_SZ Human Interface Devices

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...