probleme de virus spyware, pub intempestive, em pc, etc

mon rapport hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:57:08, on 20/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\DS8EP6Y9\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
O2 - BHO: (no name) - {59F176DF-65DC-47A0-A586-3F81E8A84D70} - C:\WINDOWS\system32\urqOHWmk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8EA479BF-A910-4B14-8BB1-CD195871F947} - C:\WINDOWS\system32\byXNHbyw.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {5322c591-ea6d-6b5a-9564-62631ac5c11e} - {e11c5ca1-3626-4659-a5b6-d6ae195c2235} - C:\WINDOWS\system32\tjpxti.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Nocs Bar - {8E1E80F3-A3F0-41d4-BAA7-470442CFC906} - C:\WINDOWS\Downloaded Program Files\Nocs.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [IPPDetect] C:\PROGRA~1\NewSoft\PRESTO~1.PHO\MrPhoto3\MrPhoto3\IPP4Detect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [b0b752e6] rundll32.exe "C:\WINDOWS\system32\yuojfqmy.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ueyykoy] c:\documents and settings\ordi\local settings\application data\ueyykoy.exe ueyykoy
O4 - HKLM\..\Policies\Explorer\Run: [C4yfC5D94y] C:\Documents and Settings\All Users\Application Data\ipcpwdql\ifwtuxmj.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Shareaza Turbo Accelerator.lnk = C:\Program Files\Shareaza Turbo Accelerator\Shareaza Turbo Accelerator.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cc8010b383084d33afc517391c52c87f
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cc8010b383084d33afc517391c52c87f
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Nocs Bar - {9F772CA3-F464-4654-9073-C18749E197E4} - C:\WINDOWS\Downloaded Program Files\Nocs.dll
O9 - Extra 'Tools' menuitem: Nocs Bar - {9F772CA3-F464-4654-9073-C18749E197E4} - C:\WINDOWS\Downloaded Program Files\Nocs.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie....
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O16 - DPF: {8E1E80F3-A3F0-41D4-BAA7-470442CFC906} (Nocs Bar) - http://www.nocs.us/plugin/Nocs.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Register/Branding/olr33...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: byXNHbyw - byXNHbyw.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 9656 bytes

Hello,

Ta version de Navilog est obsolète.
Supprime-la et télécharge la nouvelle.

bonjour je ne trouves pas navilog le dernier peu tu me trouver l adresse
merci

Télécharge Navilog (de Il-Mafioso)

Enregistre-le sur ton Bureau.

Installe-le en double cliquant sur navilog.exe.

Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau) [Clic droit -> "Exécuter en tant qu'administrateur". ( Pour Vista)]

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2, 3 et 4 sans notre accord !

Patiente jusqu'à l'apparition de ce message :
*** Analyse Termine le ..... ***

Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.

Poste le rapport généré.

Le rapport se trouve ici : C:\fixnavi.txt

Si tu as Vista, fais ceci avant :
Désactive l'UAC (Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le)

VOILA MON RAPPORT NAVILOG MERCI

Search Navipromo version 3.6.1 commencé le 20/07/2008 à 18:13:52,34

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "ORDI"

Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

Favorit

*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\ORDI\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\ORDI\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\ORDI\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier Navipromo trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\ORDI\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\ORDI\locals~1\applic~1" :

ueyykoy.dat trouvé !
ueyykoy_nav.dat trouvé !
ueyykoy_navps.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\kmWHOqru.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\ymqfjouy.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 20/07/2008 à 18:18:48,73 ***

RAPPROT KAPPERSKY ON LIGNE


C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-5ddc3bad/MagicApplet.class Infecté : Trojan-Downloader.Java.OpenConnection.ao ignoré

C:\Documents and Settings\ORDI\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-5ddc3bad/OwnClassLoader.class Infecté : Trojan.Java.ClassLoader.au ignoré

C:\Documents and Settings\ORDI\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-5ddc3bad/Installer.class Infecté : Trojan-Downloader.Java.Agent.a ignoré

C:\Documents and Settings\ORDI\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-5ddc3bad ZIP: infecté - 3 ignoré

C:\Documents and Settings\ORDI\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\Local Settings\Historique\History.IE5\MSHist012008072020080721\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\P4PFNI2P\install[1] L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\P4PFNI2P\Navilog1[1].exe/file10 Infecté : not-a-virus:RiskTool.Win32.Reboot.f ignoré

C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\P4PFNI2P\Navilog1[1].exe Inno: infecté - 1 ignoré

C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\PGWIWYPH\index[1].htm Infecté : Exploit.HTML.IESlice.fg ignoré

C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\YHJ1X698\1216551942[2].exe L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\NTUSER.DAT L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Program Files\Navilog1\Reboot.exe Infecté : not-a-virus:RiskTool.Win32.Reboot.f ignoré

C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP392\A0381609.exe Infecté : Trojan.Win32.Obfuscated.aqn ignoré

C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP399\A0385908.exe Infecté : Trojan.Win32.Obfuscated.aqn ignoré

C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP402\A0386058.exe Infecté : Trojan.Win32.Obfuscated.aqn ignoré

C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP428\A0415261.exe Infecté : not-a-virus:RiskTool.Win32.Reboot.f ignoré

C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP428\A0417276.dll L'objet est verrouillé ignoré

C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP428\A0417277.dll L'objet est verrouillé ignoré

C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP429\A0418289.dll L'objet est verrouillé ignoré

C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP429\change.log L'objet est verrouillé ignoré

C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

C:\WINDOWS\Downloaded Program Files\Nocs.dll Infecté : not-a-virus:AdWare.Win32.NocsBar.c ignoré

Re  

Double clique sur le raccourci de Navilog.

Choisis l'option 2 puis valide. (Entrée)

Laisse toi guider.

Ton ordinateur va redémarrer, sinon fais le manuellement.

Ton bureau va disparaître.

Après un certain temps, le Bloc-notes va s'ouvrir.

Sauvegarde le rapport.

Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau

Démarrer -> panneau de configuration -> options internet
Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :

Montorgueil ; VIP

Si tu les trouves, fais ceci :
* Sélectionne chacun de ces certificats et clique sur exporter. Enregistre le/les sur ton bureau.
* Supprime ensuite ceux présents dans l'onglet "certificats" des options de ton naviguateur.

Ensuite pour chacun des certificats présents sur ton bureau :
* Va sur le site Web :
http://www.bleepingcomputer.com/submit-malware.php?chan...
* Copie/colle ceci dans la case 'Link to Topic' :
le nom du certificat (Montorgueil ,......)
* Copie/colle ceci dans la case 'Browse to the File' :
Le certificat correspondant que tu avais exportés vers ton bureau

Si c'est fait, supprime enfin le certificat présent sur ton bureau.

Les programmes suivants installent cette infection :

* Go-astro
* GoRecord
* HotTVPlayer
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* sudoplanet
* Webmediaplayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
* Sur le site www.games-desktop.com (Ne pas aller dessus!)

Poste le rapport sauvegardé auparavant (C:\cleannavi.txt) ainsi qu'un nouveau rapport Hijackthis.

voila le rapprot ccleaner

Clean Navipromo version 3.6.1 commencé le 23/07/2008 à 0:06:14,45

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "ORDI"

Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\ORDI\locals~1\applic~1" *



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\ORDI\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\ORDI\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\ORDI\menudm~1\progra~1" ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\ORDI\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\ORDI\locals~1\applic~1" *


ueyykoy.exe trouvé !
Copie ueyykoy.exe réalisée avec succès !
ueyykoy.exe supprimé !

ueyykoy.dat trouvé !
Copie ueyykoy.dat réalisée avec succès !
ueyykoy.dat supprimé !

ueyykoy_nav.dat trouvé !
Copie ueyykoy_nav.dat réalisée avec succès !
ueyykoy_nav.dat supprimé !

ueyykoy_navps.dat trouvé !
Copie ueyykoy_navps.dat réalisée avec succès !
ueyykoy_navps.dat supprimé !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 23/07/2008 à 0:09:27,15 ***

voila mon rapport hijackthis je tiens a te remerci de prendre du temps a m aider milles merci



Logfile of HijackThis v1.99.1
Scan saved at 00:15:57, on 23/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\9DDO5TLN\hijackthis_hijackthis_1.99.1_anglais_17891[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
O2 - BHO: (no name) - {59F176DF-65DC-47A0-A586-3F81E8A84D70} - C:\WINDOWS\system32\urqOHWmk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8EA479BF-A910-4B14-8BB1-CD195871F947} - C:\WINDOWS\system32\byXNHbyw.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {5322c591-ea6d-6b5a-9564-62631ac5c11e} - {e11c5ca1-3626-4659-a5b6-d6ae195c2235} - C:\WINDOWS\system32\tjpxti.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Nocs Bar - {8E1E80F3-A3F0-41d4-BAA7-470442CFC906} - C:\WINDOWS\Downloaded Program Files\Nocs.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [IPPDetect] C:\PROGRA~1\NewSoft\PRESTO~1.PHO\MrPhoto3\MrPhoto3\IPP4Detect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [b0b752e6] rundll32.exe "C:\WINDOWS\system32\yuojfqmy.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Shareaza Turbo Accelerator.lnk = C:\Program Files\Shareaza Turbo Accelerator\Shareaza Turbo Accelerator.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cc8010b383084d33afc517391c52c87f
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cc8010b383084d33afc517391c52c87f
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Nocs Bar - {9F772CA3-F464-4654-9073-C18749E197E4} - C:\WINDOWS\Downloaded Program Files\Nocs.dll
O9 - Extra 'Tools' menuitem: Nocs Bar - {9F772CA3-F464-4654-9073-C18749E197E4} - C:\WINDOWS\Downloaded Program Files\Nocs.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie....
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O16 - DPF: {8E1E80F3-A3F0-41D4-BAA7-470442CFC906} (Nocs Bar) - http://www.nocs.us/plugin/Nocs.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Register/Branding/olr33...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: byXNHbyw - byXNHbyw.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Re,

Télécharge ComboFix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)

Double clique sur ComboFix.exe.

Accepte la licence en cliquant sur Oui.

Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

Aide : Comment utiliser ComboFix.

je ne peux pas le telecharger
il me met un message d erreur

" you cannot rename combofix as combofix 1
please use another name , preferbaly made up of alphanumeric characters"

Euh ressaie (sans essayer de le renommer).

je nesaye rien je le telecharge c tout
et il me met ce message

sinon ya cette page mais je comprend rien

http://forum.telecharger.01net.com/telecharger/securite...

Re,

Essaie de le télécharge à partir d'un autre ordi, et mets le sur ton bureau à l'aide d'une clef usb.

BEN je nai pa d ordi a dispo

Un ami ? Rien ne presse.
Si vraiment tu ne peux pas, on essaiera autrement.

je suis obliger de faire un combofix ya pa d autre moyen

Plus compliqué sans mais bon tant pis..

Télécharge MalwareByte's Anti-Malware sur ton Bureau.

Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

[#FF0000]Aide : Comment utiliser MBAM.

J AIFAIS CE QUE TU MA DIT JAVAIS 22 INFECTIONS MAIS il ne ma pas affiche de rapport ?

Poste un nouveau rapport HijackThis.

excuse moi jai refait un apres nettoyage de malware


voici



Version de la base de données: 982
Windows 5.1.2600 Service Pack 2

19:54:52 23/07/2008
mbam-log-7-23-2008 (19-54-52).txt

Type de recherche: Examen rapide
Eléments examinés: 45464
Temps écoulé: 8 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e11c5ca1-3626-4659-a5b6-d6ae195c2235} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e11c5ca1-3626-4659-a5b6-d6ae195c2235} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\tjpxti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\waeokxdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ylpdci.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.

voici le rapport hijackthis



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:06, on 23/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
O2 - BHO: (no name) - {59F176DF-65DC-47A0-A586-3F81E8A84D70} - C:\WINDOWS\system32\urqOHWmk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8EA479BF-A910-4B14-8BB1-CD195871F947} - C:\WINDOWS\system32\byXNHbyw.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {5322c591-ea6d-6b5a-9564-62631ac5c11e} - {e11c5ca1-3626-4659-a5b6-d6ae195c2235} - C:\WINDOWS\system32\tjpxti.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Nocs Bar - {8E1E80F3-A3F0-41d4-BAA7-470442CFC906} - C:\WINDOWS\Downloaded Program Files\Nocs.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [IPPDetect] C:\PROGRA~1\NewSoft\PRESTO~1.PHO\MrPhoto3\MrPhoto3\IPP4Detect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [b0b752e6] rundll32.exe "C:\WINDOWS\system32\yuojfqmy.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [C4yfC5D94y] C:\Documents and Settings\All Users\Application Data\ipcpwdql\ifwtuxmj.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Shareaza Turbo Accelerator.lnk = C:\Program Files\Shareaza Turbo Accelerator\Shareaza Turbo Accelerator.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cc8010b383084d33afc517391c52c87f
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cc8010b383084d33afc517391c52c87f
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Nocs Bar - {9F772CA3-F464-4654-9073-C18749E197E4} - C:\WINDOWS\Downloaded Program Files\Nocs.dll
O9 - Extra 'Tools' menuitem: Nocs Bar - {9F772CA3-F464-4654-9073-C18749E197E4} - C:\WINDOWS\Downloaded Program Files\Nocs.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O16 - DPF: {8E1E80F3-A3F0-41D4-BAA7-470442CFC906} (Nocs Bar) - http://www.nocs.us/plugin/Nocs.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Register/Branding/olr33...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: byXNHbyw - byXNHbyw.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 9297 bytes

Peux toujours pas avoir ComboFix ?
Tu peux essayer de le télécharger en mode sans échec avec prise en charge réseau ?

Si vraiment, ça ne marche pas, on va faire la désinfection à l'ancienne  

toujour pas je vais essaye comme tu ma di

jai essaye en mode sans echec ca ne marche pas non plus desole

Bon, tant pis..

Télécharge SystemScan sur ton Bureau.

Double-clique sur l'exécutable pour lancer l'installation.

Clique sur I have read and i agree puis clique sur Proceed.

Coche Recent Files, days old "60" et Hidden Objects.

Clique enfin sur Scan now.

Un rapport va s'ouvrir, poste-le.

Note : Le rapport se trouve ici : Bureau\suspectfile\report.txt

voila mais c carrement long



SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)

Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\AT94RJ8C\sys71780[1].exe
Running in: User mode
Date: 24/07/2008
Time: 15:29:29

Output limited to:
-PC accounts
-Recent files
-Duplicates in BAK folders
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Services and Drivers (all)
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Master Boot Record
-Network settings
-Include HOSTS file
-Suspicious Files
-Installed Applications
-Include HIJACKTHIS.log

===================== ACCOUNTS ON THIS PC =====================


Users on this computer:
Is Admin? | Username
------------------
Yes | Administrateur
| HelpAssistant (Disabled)
| Invité (Disabled)
Yes | ORDI
| SUPPORT_388945a0 (Disabled)

### users folders

03/05/2007 00:05:28 (DIR) 0 byte 448 days old -- NetworkService
09/05/2007 13:06:37 (DIR) 0 byte 442 days old -- Default User
09/05/2007 13:06:42 (DIR) 0 byte 442 days old -- All Users
14/05/2007 15:58:40 (DIR) 0 byte 437 days old -- LocalService
24/07/2008 15:29:29 (DIR) 0 byte 0 days old -- ORDI

### startup files in users folders

C:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
C:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
C:\documents and settings\Default User\Menu Démarrer\Programmes\Démarrage\desktop.ini
C:\documents and settings\ORDI\Menu Démarrer\Programmes\Démarrage\desktop.ini
C:\documents and settings\ORDI\Menu Démarrer\Programmes\Démarrage\Shareaza Turbo Accelerator.lnk

===================== RECENT FILES =====================

Showing files newer than 60 days

----- recent files in C:\
13/06/2008 13:47:14 244 byte 41 days old -- sqmnoopt07.sqm
13/06/2008 13:47:15 268 byte 41 days old -- sqmdata07.sqm
18/07/2008 13:12:49 (DIR) 0 byte 6 days old -- Config.Msi
23/07/2008 00:09:27 2682 byte 1 days old -- cleannavi.txt
23/07/2008 12:29:53 12233 byte 1 days old -- lop.txt
23/07/2008 20:56:38 (DIR) 0 byte 1 days old -- Program Files
24/07/2008 12:16:46 (DIR) 0 byte 0 days old -- $VAULT$.AVG
24/07/2008 13:20:01 (DIR) 0 byte 0 days old -- WINDOWS
24/07/2008 13:23:09 2617 byte 0 days old -- Bug.txt
24/07/2008 13:23:58 704643072 byte 0 days old -- pagefile.sys

----- recent files in C:\WINDOWS\
30/05/2008 14:58:31 (DIR) 0 byte 55 days old -- $NtUninstallKB932823-v3$
30/05/2008 14:58:37 11142 byte 55 days old -- KB932823-v3.log
13/06/2008 14:04:58 (DIR) 0 byte 41 days old -- $NtUninstallKB951376$
13/06/2008 14:05:04 7738 byte 41 days old -- KB951376.log
13/06/2008 14:05:10 (DIR) 0 byte 41 days old -- $NtUninstallKB950760$
13/06/2008 14:05:12 6300 byte 41 days old -- KB950760.log
13/06/2008 14:05:15 (DIR) 0 byte 41 days old -- $NtUninstallKB950762$
13/06/2008 14:05:17 8081 byte 41 days old -- KB950762.log
13/06/2008 14:05:21 (DIR) 0 byte 41 days old -- $NtUninstallKB951698$
13/06/2008 14:05:23 12764 byte 41 days old -- KB951698.log
13/06/2008 14:09:58 (DIR) 0 byte 41 days old -- ie7updates
13/06/2008 14:10:14 149832 byte 41 days old -- updspapi.log
13/06/2008 14:10:32 1374 byte 41 days old -- imsins.BAK
13/06/2008 14:10:32 20927 byte 41 days old -- KB950759-IE7.log
20/06/2008 10:29:11 (DIR) 0 byte 34 days old -- $hf_mig$
20/06/2008 10:29:29 (DIR) 0 byte 34 days old -- $NtUninstallKB951376-v2$
20/06/2008 10:29:33 352218 byte 34 days old -- msmqinst.log
20/06/2008 10:29:34 8047 byte 34 days old -- KB951376-v2.log
20/06/2008 10:29:34 45790 byte 34 days old -- ocmsn.log
20/06/2008 10:29:34 550022 byte 34 days old -- ocgen.log
20/06/2008 10:29:34 512127 byte 34 days old -- tsoc.log
20/06/2008 10:29:34 56440 byte 34 days old -- tabletoc.log
20/06/2008 10:29:34 55438 byte 34 days old -- msgsocm.log
20/06/2008 10:29:34 51125 byte 34 days old -- medctroc.Log
20/06/2008 10:29:34 199810 byte 34 days old -- ntdtcsetup.log
20/06/2008 10:29:34 194388 byte 34 days old -- netfxocm.log
20/06/2008 10:29:34 1374 byte 34 days old -- imsins.log
20/06/2008 10:29:34 1104602 byte 34 days old -- FaxSetup.log
20/06/2008 10:29:34 331787 byte 34 days old -- comsetup.log
20/06/2008 10:29:35 1250259 byte 34 days old -- iis6.log
11/07/2008 16:27:40 116849 byte 13 days old -- wmsetup.log
18/07/2008 12:59:35 (DIR) 0 byte 6 days old -- Downloaded Installations
18/07/2008 13:11:08 (DIR) 0 byte 6 days old -- Installer
18/07/2008 16:59:12 (DIR) 0 byte 6 days old -- SoftwareDistribution
18/07/2008 19:20:28 (DIR) 0 byte 6 days old -- network diagnostic
19/07/2008 23:43:06 (DIR) 0 byte 5 days old -- avxoscan
19/07/2008 23:43:24 217 byte 5 days old -- AvxOnline.log
20/07/2008 18:04:19 (DIR) 0 byte 4 days old -- inf
23/07/2008 00:31:04 191790 byte 1 days old -- setupact.log
23/07/2008 12:22:05 (DIR) 0 byte 1 days old -- Downloaded Program Files
23/07/2008 17:46:12 32538 byte 1 days old -- SchedLgU.Txt
23/07/2008 20:53:29 1029353 byte 1 days old -- setupapi.log
24/07/2008 13:20:01 (DIR) 0 byte 0 days old -- CSC
24/07/2008 13:20:10 316002 byte 0 days old -- ntbtlog.txt
24/07/2008 13:22:57 (DIR) 0 byte 0 days old -- system32
24/07/2008 13:24:00 2048 byte 0 days old -- bootstat.dat
24/07/2008 13:24:01 0 byte 0 days old -- 0.log
24/07/2008 13:24:13 159 byte 0 days old -- wiadebug.log
24/07/2008 13:24:14 50 byte 0 days old -- wiaservc.log
24/07/2008 13:24:25 (DIR) 0 byte 0 days old -- Temp
24/07/2008 14:42:04 1211393 byte 0 days old -- WindowsUpdate.log
24/07/2008 15:29:29 (DIR) 0 byte 0 days old -- Prefetch

----- recent files in C:\WINDOWS\Downloaded Program Files\

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
20/06/2008 10:29:30 (DIR) 0 byte 34 days old -- dllcache
20/06/2008 19:05:51 (DIR) 0 byte 34 days old -- FlashAX
25/06/2008 18:15:46 17972344 byte 29 days old -- MRT.exe
18/07/2008 12:42:31 0 byte 6 days old -- bb949698-.txt
18/07/2008 12:43:04 116864 byte 6 days old -- juqfet.dll
18/07/2008 12:43:04 116864 byte 6 days old -- qvevexhd.dll
18/07/2008 12:44:30 613399 byte 6 days old -- jtwmspix.ini
19/07/2008 22:23:21 647863 byte 5 days old -- uyxpufff.ini
19/07/2008 22:28:23 428234 byte 5 days old -- kmWHOqru.ini2
19/07/2008 22:30:51 428234 byte 5 days old -- kmWHOqru.ini
19/07/2008 22:31:28 647983 byte 5 days old -- ymqfjouy.tmp
19/07/2008 22:32:28 294 byte 5 days old -- ymqfjouy.ini
21/07/2008 12:41:22 143 byte 3 days old -- mcrh.tmp
22/07/2008 21:13:45 2206 byte 2 days old -- wpa.dbl
22/07/2008 21:15:40 43581 byte 2 days old -- ymqfjouy.ini2
23/07/2008 17:43:34 (DIR) 0 byte 1 days old -- drivers
23/07/2008 20:53:13 664 byte 1 days old -- d3d9caps.dat
23/07/2008 20:53:14 (DIR) 0 byte 1 days old -- CatRoot2

----- recent files in C:\WINDOWS\system32\drivers\
14/06/2008 19:59:52 272768 byte 40 days old -- bthport.sys
14/06/2008 23:47:04 (DIR) 0 byte 40 days old -- etc
19/07/2008 23:39:36 102664 byte 5 days old -- tmcomm.sys
20/07/2008 20:25:00 17144 byte 4 days old -- mbam.sys
20/07/2008 20:25:04 38472 byte 4 days old -- mbamswissarmy.sys

----- recent files in C:\WINDOWS\temp\

----- recent files in C:\Program Files\
30/06/2008 11:50:27 (DIR) 0 byte 24 days old -- Spybot - Search & Destroy
05/07/2008 11:36:12 (DIR) 0 byte 19 days old -- Adobe
18/07/2008 13:00:11 (DIR) 0 byte 6 days old -- Fichiers communs
18/07/2008 13:08:25 (DIR) 0 byte 6 days old -- Microsoft AntiSpyware
18/07/2008 13:09:37 (DIR) 0 byte 6 days old -- InstallShield Installation Information
18/07/2008 13:11:06 (DIR) 0 byte 6 days old -- Google
18/07/2008 13:20:01 (DIR) 0 byte 6 days old -- Grisoft
18/07/2008 18:25:30 (DIR) 0 byte 6 days old -- download-boosters
19/07/2008 23:40:07 (DIR) 0 byte 5 days old -- Internet Explorer
20/07/2008 17:59:10 (DIR) 0 byte 4 days old -- BHODemon 2
23/07/2008 00:09:27 (DIR) 0 byte 1 days old -- Navilog1
23/07/2008 12:22:08 (DIR) 0 byte 1 days old -- Panda Security
23/07/2008 17:43:37 (DIR) 0 byte 1 days old -- Malwarebytes' Anti-Malware
23/07/2008 20:01:45 (DIR) 0 byte 1 days old -- Trend Micro

----- recent files in C:\Program Files\Fichiers communs\

----- recent files in C:\Documents and Settings\ORDI\Application Data\
18/07/2008 13:21:58 (DIR) 0 byte 6 days old -- Grisoft
23/07/2008 17:43:38 (DIR) 0 byte 1 days old -- Malwarebytes
23/07/2008 20:53:09 (DIR) 0 byte 1 days old -- SecondLife
24/07/2008 13:24:18 (DIR) 0 byte 0 days old -- AVG7

----- recent files in C:\DOCUME~1\ORDI\LOCALS~1\Temp\
23/07/2008 00:11:52 (DIR) 0 byte 1 days old -- WLTB Custom Button Feeds
23/07/2008 12:28:35 (DIR) 0 byte 1 days old -- Rar$EX00.953
23/07/2008 13:37:46 (DIR) 0 byte 1 days old -- MessengerCache
24/07/2008 09:33:47 (DIR) 0 byte 0 days old -- ~nsu.tmp
24/07/2008 13:24:08 (DIR) 0 byte 0 days old -- WPDNSE
24/07/2008 13:29:05 1026 byte 0 days old -- jusched.log
24/07/2008 15:29:02 107 byte 0 days old -- systemscan.ini
24/07/2008 15:29:03 16384 byte 0 days old -- ~DFCA01.tmp
24/07/2008 15:29:29 (DIR) 0 byte 0 days old -- nswB.tmp

===================== DUPLICATE FILES IN BAK FOLDERS =====================

No BAK folders found

===================== REGISTRY SCAN =====================


-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"Google Desktop Search"="\"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe\" /startup"
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP"
"SoundMan"="SOUNDMAN.EXE"
"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 \"EPSON Stylus DX3800 Series\" /O6 \"USB001\" /M \"Stylus DX3800\""
"IPPDetect"="C:\PROGRA~1\NewSoft\PRESTO~1.PHO\MrPhoto3\MrPhoto3\IPP4Detect.exe"
"SunJavaUpdateSched"="\"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe\""
"Adobe Reader Speed Launcher"="\"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\""
"!AVG Anti-Spyware"="\"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe\" /minimized"
"b0b752e6"="rundll32.exe \"C:\WINDOWS\system32\yuojfqmy.dll\",b"

[Run\OptionalComponents]
@=""

[Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[Run\OptionalComponents\MSFS]
"Installed"="1"
@=""

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"MsnMsgr"="\"C:\Program Files\Windows Live\Messenger\msnmsgr.exe\" /background"
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[run]
"C4yfC5D94y"="C:\Documents and Settings\All Users\Application Data\ipcpwdql\ifwtuxmj.exe"

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\System32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{8EA479BF-A910-4B14-8BB1-CD195871F947}"=""
#### HKCR\CLSID\{8EA479BF-A910-4B14-8BB1-CD195871F947}\InprocServer32 @="C:\WINDOWS\system32\byXNHbyw.dll"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
#### HKCR\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\InprocServer32 @="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"@="Sans fil"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"@="Planificateur de paquets QoS"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"@="Scripts"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installation de logiciel"
"DllName"=expand:"appmgmts.dll"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"@="Sécurité IP"
"DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\byXNHbyw]
"DllName"="byXNHbyw.dll"

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\WgaLogon]

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp"
"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[RunOnceEx]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]
@=""

[Browser Helper Objects\{59F176DF-65DC-47A0-A586-3F81E8A84D70}]
#### HKCR\CLSID\{59F176DF-65DC-47A0-A586-3F81E8A84D70}\InprocServer32 @="C:\WINDOWS\system32\urqOHWmk.dll"

[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{8EA479BF-A910-4B14-8BB1-CD195871F947}]
#### HKCR\CLSID\{8EA479BF-A910-4B14-8BB1-CD195871F947}\InprocServer32 @="C:\WINDOWS\system32\byXNHbyw.dll"

[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"

[Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
#### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll"

[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
#### HKCR\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServer32 @="C:\Program Files\Windows Live Toolbar\msntb.dll"
@=""

[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\NoExplorer]
@=dword:00000001

[Browser Helper Objects\{e11c5ca1-3626-4659-a5b6-d6ae195c2235}]
#### HKCR\CLSID\{e11c5ca1-3626-4659-a5b6-d6ae195c2235}\InprocServer32 @="C:\WINDOWS\system32\tjpxti.dll"
@="{5322c591-ea6d-6b5a-9564-62631ac5c11e}"

[Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
#### HKCR\CLSID\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\InprocServer32 @="C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll"

[Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\EWPP]
"InternetExplore"="Called\00\00œÛ\12\00q‚óu\08ð\17\00H\00\00\00\15\00\00\00\01\00\00\00\00Ü\12\00\00\00\00\00\01\00\00\00\00\00\00\00Ú…óuÁ@ôw\00\00\00\00\00\00)\05\00Ü\12\00¼ˆ!~„Û\12\00V‚ñu\10}\15\00h‚\01\00\09\00\00\00ØÚ\12\00\05@\00€ÌÛ\12\00\18î‘|p\05’|ÿÿÿÿm\05’|Ùõ\"\05\00\00)\05\00\00\00\00x.)\05\01\00\00\004Ü\12\00\10}\15\00hÏ\19\00ØÛ\12\00dJ\0ew%}\"~,\16\00\01\00\00\00 Ü\12\00 \16#\05ȁ#\05ÿÿÿÿ,Ü\12\00 ê\"\05x.)\05êp\"\05x.)\05\01\00\00\00¿¼\"\05\01\00\00\00\00\00\00\00\08\00)\05\00\00\00\00lÏ\19\00Ï!úw\0b\00\12\00\00\00\00\00\01\00\00\00\08¼\"\05ìÞ\12"
"FileExplorer"="Called\00\00üí)\01å‚óupT \02H\00\00\00\15\00\00\00\00\00\00\00`î)\01\00\00\00\00\00\00\00\00\00\00\00\00N†óuÁ@ôw\00\00\00\00\00\00G\01`î)\01¼ˆ!~äí)\01V‚ñu\08:\13\00h‚\01\00\09\00\00\008í)\01\05@\00€,î)\01\18î‘|p\05’|ÿÿÿÿm\05’|Ùõ\0b\03\00\00G\01\00\00\00\00À.G\01\00\00\00\00”î)\01\08:\13\00tJ\0ew4`\w€\17\1f\02%}\"~80 \02\00\00\00\00€î)\01 \16\0c\03ȁ\0c\03ÿÿÿÿŒî)\01 ê\0b\03À.G\01êp\0b\03À.G\01\01\00\00\00¿¼\0b\03\01\00\00\00\01\00\00\00\08\00G\01\00\00\00\00„\17\1f\02Ï!úw\0b\00)\01\00\00\00\00\00\00\00\00\08¼\0b\03dñ)\01"
"FileBrowser"="Called\00\00\14î-\01q‚óuð\18é\01H\00\00\00\15\00\00\00\00\00\00\00xî-\01\00\00\00\00\00\00\00\00\00\00\00\00Ú…óuÁ@ôw\00\00\00\00\00\00\06\02xî-\01¼ˆ!~üí-\01V‚ñu°ó\0e\00h‚\01\00\09\00\00\00Pí-\01\05@\00€Dî-\01\18î‘|p\05’|ÿÿÿÿm\05’|Ùõÿ\01\00\00\06\02\00\00\00\00\08.\06\02\00\00\00\00¬î-\01°ó\0e\00ˆ\13\18\00Pî-\01dJ\0ew%}\"~¸\14é\01\00\00\00\00˜î-\01 \16\00\02ȁ\00\02ÿÿÿÿ¤î-\01 êÿ\01\08.\06\02êpÿ\01\08.\06\02\01\00\00\00¿¼ÿ\01\01\00\00\00\02\00\00\00\08\00\06\02\00\00\00\00Œ\13\18\00Ï!úw\0b\00-\01\00\00\00\00\00\00\00\00\08¼ÿ\01dñ-\01"

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"
"{e4000b62-fa5d-4b39-b254-0a4c485aaf11}"=""

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----

[MSConfig]

[MSConfig\services]

[MSConfig\startupfolder]

[MSConfig\startupreg]

[MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000000

-----HKCU\Control Panel\Desktop\-----

[Desktop]
"SCRNSAVE.EXE"="C:\WINDOWS\System32\ss3dfo.scr"

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----


[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]

[Lsa\AccessProviders]

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Pare-feu Windows / Partage de connexion Internet"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"DependOnGroup"=multi:"\00"
"ObjectName"="LocalSystem"
"Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."

[SharedAccess\Epoch]
"Epoch"=dword:00004bd3

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:* isaxxxxx@xxxxxres.dll,-22019"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:* isaxxxxx@xxxxxres.dll,-20000"
"C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:* isabled:Shareaza Ultimate File Sharing"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:* isabled:Windows Live Messenger (Phone)"
"C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet isaxxxxx@xxxxxres.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet isaxxxxx@xxxxxres.dll,-22008"
"3389:TCP"="3389:TCP:* isaxxxxx@xxxxxres.dll,-22009"
"139:TCP"="139:TCP:LocalSubNet isaxxxxx@xxxxxres.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet isaxxxxx@xxxxxres.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet isaxxxxx@xxxxxres.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet isaxxxxx@xxxxxres.dll,-22002"
"4887:UDP"="4887:UDP:* isabled:Windows Media Format SDK (IEXPLORE.EXE)"
"4886:UDP"="4886:UDP:* isabled:Windows Media Format SDK (IEXPLORE.EXE)"

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"{82895C8F-354D-43D9-9E72-9212CF2FF418}"=dword:00000001
"{04CDA920-7D47-4403-8321-7FDED7324B22}"=dword:00000001
"{24773ADD-0A25-4A61-B076-3EACA7C5DE03}"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Lecteur Windows Media"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Personnalisation du navigateur"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\System32\msjava.dll"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
"@="Internet Explorer Classes for Java"
"ComponentID"="IEJAVA"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendu VML (Vector Graphics Rendering)"
"ComponentID"="MSVML"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Lecteur Windows Media Microsoft 6.4"

[Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]
#### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\swdir.dll"
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.3"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
"@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.3"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Liaison de données Dynamic HTML pour Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Création avancée"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP E /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"

[Installed Components\{4d64f3ba-f112-4efe-a02e-96680859937c}]
"@="KB918899"
"ComponentID"="KB918899"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classes Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
"@="Windows Messenger 4.7"
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5b7bf89d-d196-4c32-a303-a57b8ab7f18d}]
"@="KB918439"
"ComponentID"="KB918439"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\System32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"

[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
"@=".NET Framework"

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Carnet d'adresses 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Mise à jour du Bureau Windows"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"StubPath"="c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install"
"ComponentID"="DOTNETFRAMEWORKS"

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"

[Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
"ComponentID"=".NETFramework"
"@=".NET Framework"

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Planificateur de tâches"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"

[Installed Components\{dd772a76-bef3-44d7-8b39-502c8504c1f1}]
"@="KB925486"
"ComponentID"="KB925486"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"

[Installed Components\{f15ee071-deb7-4cbb-951f-431c98338d8e}]
"@="KB911567"
"ComponentID"="KB911567"

-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services

Result compared: Identical


-----Comparing registry keys CCS1 vs CCS3 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {82895C8F-354D-43D9-9E72-9212CF2FF418} REG_BINARY FC00000000000000000000000000000003678848060000000000000004000000000000002CB38948C0A80101030000000000000004000000000000002CB38948C0A80101330000000000000004000000000000002CB3894800014CDA3B0000000000000004000000000000002CB3894800011AEC3A0000000000000004000000000000002CB389480000A66D010000000000000004000000000000002CB38948FFFFFF00360000000000000004000000000000002CB38948C0A80101350000000000000001000000000000002CB3894805000000
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {82895C8F-354D-43D9-9E72-9212CF2FF418} REG_BINARY 060000000000000004000000000000002CB38948C0A80101030000000000000004000000000000002CB38948C0A80101330000000000000004000000000000002CB3894800014CDA3B0000000000000004000000000000002CB3894800011AEC3A0000000000000004000000000000002CB389480000A66D010000000000000004000000000000002CB38948FFFFFF00360000000000000004000000000000002CB38948C0A80101350000000000000001000000000000002CB3894805000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 19411 (0x4BD3)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 19408 (0x4BD0)

Result compared: Different


===================== AUTOPLAY SETTINGS =====================

~~~~~~~~~~~~~~~~~~~~~ Registry setting ~~~~~~~~~~~~~~~~~~~~~
(note: default values should be 91 or 95)


-----HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----

[Explorer]
"NoDriveTypeAutoRun"=dword:00000091

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----

[Explorer]
"NoDriveTypeAutoRun"=dword:00000091

Autorun is enabled on:
DRIVE_UNKNOWN = False
DRIVE_NO_ROOT_DIR = True
DRIVE_REMOVABLE = True
DRIVE_FIXED = True
DRIVE_REMOTE = False
DRIVE_CDROM = True
DRIVE_RAMDISK = True
RESERVED = False

~~~~~~~~~~~~~~~~~~~~~ Autorun.inf files ~~~~~~~~~~~~~~~~~~~~~

No autorun.inf files found.

===================== SCHEDULED JOBS =====================

jobs found in C:\WINDOWS:

28/08/2001 14:00:00 65 byte 2522 days old -- C:\WINDOWS\tasks\desktop.ini
24/07/2008 13:24:03 6 byte 0 days old -- C:\WINDOWS\tasks\SA.DAT
24/07/2008 15:17:00 256 byte 0 days old -- C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
~~~~~~~~~~~~~~~~~~~~~
Active jobs:

~~~~~~~~~~~~~~~~~~~~~
Most recent (50) lines in jobs scheduled log:

Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 23/07/2008 19:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 23/07/2008 19:17:01
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 23/07/2008 20:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 23/07/2008 20:17:08
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 23/07/2008 21:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 23/07/2008 21:17:05
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 23/07/2008 22:17:02
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 23/07/2008 22:17:07
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 24/07/2008 10:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 24/07/2008 10:17:02
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 24/07/2008 11:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 24/07/2008 11:17:01
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 24/07/2008 12:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 24/07/2008 12:17:02
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 24/07/2008 13:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 24/07/2008 13:17:01
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 24/07/2008 14:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 24/07/2008 14:17:01
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 24/07/2008 15:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 24/07/2008 15:17:00
Résultat : La tâche s'est terminée avec le code de sortie : (0).

===================== LIST OF ALL SERVICES & DRIVERS =====================

-----HKLM\system\currentcontrolset\services-----

000) "Abiosdsk"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

001) "abp480n5"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

002) "ACPI" - Pilote ACPI Microsoft
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\ACPI.sys
---> TYPE = KERNEL_DRIVER

003) "ACPIEC"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

004) "adpu160m"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

005) "aec" - Suppresseur d'écho acoustique (Noyau Microsoft)
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\aec.sys
---> TYPE = KERNEL_DRIVER

006) "AFD" - Environnement de prise en charge de réseau AFD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\afd.sys
---> TYPE = KERNEL_DRIVER

007) "Aha154x"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

008) "aic78u2"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

009) "aic78xx"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

010) "ALCXWDM" - Service for Realtek AC97 Audio (WDM)
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\ALCXWDM.SYS
---> TYPE = KERNEL_DRIVER

011) "AliIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

012) "amsint"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

013) "Arp1394" - Protocole client ARP 1394
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\arp1394.sys
---> TYPE = KERNEL_DRIVER

014) "asc"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

015) "asc3350p"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

016) "asc3550"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

017) "AsyncMac" - Pilote de média asynchrone RAS
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\asyncmac.sys
---> TYPE = KERNEL_DRIVER

018) "atapi" - Contrôleur de disque dur IDE/ESDI standard
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\atapi.sys
---> TYPE = KERNEL_DRIVER

019) "Atdisk"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

020) "Atmarpc" - Protocole client ATM ARP
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\atmarpc.sys
---> TYPE = KERNEL_DRIVER

021) "audstub" - Pilote audio Stub
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\audstub.sys
---> TYPE = KERNEL_DRIVER

022) "AVG Anti-Spyware Driver" - AVG Anti-Spyware Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
---> TYPE = KERNEL_DRIVER

023) "Avg7Core" - AVG7 Kernel
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\Drivers\avg7core.sys
---> TYPE = KERNEL_DRIVER

024) "Avg7RsW" - AVG7 Wrap Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\Drivers\avg7rsw.sys
---> TYPE = KERNEL_DRIVER

025) "Avg7RsXP" - AVG7 Resident Driver XP
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\Drivers\avg7rsxp.sys
---> TYPE = KERNEL_DRIVER

026) "AvgAsCln" - AVG Anti-Spyware Clean Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\AvgAsCln.sys
---> TYPE = KERNEL_DRIVER

027) "AvgClean" - AVG7 Clean Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\Drivers\avgclean.sys
---> TYPE = KERNEL_DRIVER

028) "AvgTdi" - AVG Network Redirector
---> STAT = (RUNNING) Started automatically
---> FILE = \SystemRoot\System32\Drivers\avgtdi.sys
---> TYPE = KERNEL_DRIVER

029) "Beep"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

030) "catchme"
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\DOCUME~1\ORDI\LOCALS~1\Temp\catchme.sys
---> TYPE = KERNEL_DRIVER

031) "cbidf2k"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

032) "CCDECODE" - Décodeur sous-titre fermé
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\CCDECODE.sys
---> TYPE = KERNEL_DRIVER

033) "cd20xrnt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

034) "Cdaudio"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

035) "Cdfs"
---> STAT = (RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER

036) "Cdrom" - Pilote de CD-ROM
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\cdrom.sys
---> TYPE = KERNEL_DRIVER

037) "Changer"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

038) "CmdIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

039) "Cpqarray"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

040) "dac2w2k"
---> STAT = (RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

041) "dac960nt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

042) "Disk" - Pilote de disque
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\disk.sys
---> TYPE = KERNEL_DRIVER

043) "dmboot"
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmboot.sys
---> TYPE = KERNEL_DRIVER

044) "dmio" - Pilote de Gestionnaire de disque logique
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\dmio.sys
---> TYPE = KERNEL_DRIVER

045) "dmload"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\dmload.sys
---> TYPE = KERNEL_DRIVER

046) "DMusic" - Synthétiseur DLS du noyau Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\DMusic.sys
---> TYPE = KERNEL_DRIVER

047) "dpti2o"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

048) "drmkaud" - Filtre de décodeur DRM (Noyau Microsoft)
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\drmkaud.sys
---> TYPE = KERNEL_DRIVER

049) "Fastfat"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER

050) "Fdc" - Pilote de contrôleur de lecteur de disquettes
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\fdc.sys
---> TYPE = KERNEL_DRIVER

051) "Fips"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

052) "Flpydisk"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

053) "FltMgr" - FltMgr
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\fltmgr.sys
---> TYPE = FILE_SYSTEM_DRIVER

054) "Ftdisk" - Pilote du Gestionnaire de volume
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\ftdisk.sys
---> TYPE = KERNEL_DRIVER

055) "Gpc" - Classificateur de paquets générique
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\msgpc.sys
---> TYPE = KERNEL_DRIVER

056) "hidusb" - Pilote de classe HID Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\hidusb.sys
---> TYPE = KERNEL_DRIVER

057) "hpn"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

058) "HTTP" - HTTP
---> STAT = (RUNNING) Started manually
---> FILE = System32\Drivers\HTTP.sys
---> TYPE = KERNEL_DRIVER

059) "i2omgmt"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

060) "i2omp"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

061) "i8042prt"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

062) "Imapi" - Pilote de filtre de gravure CD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\imapi.sys
---> TYPE = KERNEL_DRIVER

063) "ini910u"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

064) "IntelIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

065) "ip6fw" - Pilote du pare-feu Windows IPv6
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\ip6fw.sys
---> TYPE = KERNEL_DRIVER

066) "IpFilterDriver" - Pilote de filtre de trafic IP
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\ipfltdrv.sys
---> TYPE = KERNEL_DRIVER

067) "IpInIp" - Pilote de tunnelage IP dans IP
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\ipinip.sys
---> TYPE = KERNEL_DRIVER

068) "IpNat" - Traducteur d'adresses réseau IP
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ipnat.sys
---> TYPE = KERNEL_DRIVER

069) "IPSec" - Pilote IPSEC
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\ipsec.sys
---> TYPE = KERNEL_DRIVER

070) "irda" - Protocole IrDA
---> STAT = (RUNNING) Started automatically
---> FILE = System32\DRIVERS\irda.sys
---> TYPE = KERNEL_DRIVER

071) "IRENUM" - Service énumérateur IR
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\irenum.sys
---> TYPE = KERNEL_DRIVER

072) "irsir" - Pilote série infrarouge Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\irsir.sys
---> TYPE = KERNEL_DRIVER

073) "isapnp" - Pilote de bus Plug-and-Play ISA/EISA
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\isapnp.sys
---> TYPE = KERNEL_DRIVER

074) "Kbdclass" - Pilote de la classe Clavier
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\kbdclass.sys
---> TYPE = KERNEL_DRIVER

075) "kbdhid" - Pilote HID de clavier
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\kbdhid.sys
---> TYPE = KERNEL_DRIVER

076) "kmixer" - Mélangeur audio Wave de noyau Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\kmixer.sys
---> TYPE = KERNEL_DRIVER

077) "KSecDD"
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

078) "lbrtfdc"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

079) "MBAMSwissArmy" - MBAMSwissArmy
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\drivers\mbamswissarmy.sys
---> TYPE = KERNEL_DRIVER

080) "mnmdd"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

081) "Modem"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

082) "Mouclass" - Pilote de la classe Souris
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\mouclass.sys
---> TYPE = KERNEL_DRIVER

083) "mouhid" - Pilote HID de souris
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\mouhid.sys
---> TYPE = KERNEL_DRIVER

084) "MountMgr" - Gestionnaire de point de montage
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

085) "mraid35x"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

086) "MRxDAV" - Redirecteur client WebDav
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\mrxdav.sys
---> TYPE = FILE_SYSTEM_DRIVER

087) "MRxSmb" - MRXSMB
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\mrxsmb.sys
---> TYPE = FILE_SYSTEM_DRIVER

088) "Msfs"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = FILE_SYSTEM_DRIVER

089) "MSKSSRV" - Proxy de service de répartition Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSKSSRV.sys
---> TYPE = KERNEL_DRIVER

090) "MSPCLOCK" - Proxy d'horloge de répartition Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPCLOCK.sys
---> TYPE = KERNEL_DRIVER

091) "MSPQM" - Proxy de gestion de qualité de répartition Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPQM.sys
---> TYPE = KERNEL_DRIVER

092) "mssmbios" - Pilote BIOS de gestion de systèmes Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\mssmbios.sys
---> TYPE = KERNEL_DRIVER

093) "MSTEE" - Convertisseur en T/site-à-site de répartition Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSTEE.sys
---> TYPE = KERNEL_DRIVER

094) "Mup" - Mup
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = FILE_SYSTEM_DRIVER

095) "NABTSFEC" - Codec NABTS/FEC VBI
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\NABTSFEC.sys
---> TYPE = KERNEL_DRIVER

096) "NDIS" - Pilote système NDIS
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

097) "NdisIP" - Connection TV/vidéo Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\NdisIP.sys
---> TYPE = KERNEL_DRIVER

098) "NdisTapi" - Pilote TAPI NDIS d'accès distant
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndistapi.sys
---> TYPE = KERNEL_DRIVER

099) "Ndisuio" - NDIS mode utilisateur E/S Protocole
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndisuio.sys
---> TYPE = KERNEL_DRIVER

100) "NdisWan" - Pilote réseau étendu NDIS d'accès distant
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndiswan.sys
---> TYPE = KERNEL_DRIVER

101) "NDProxy" - multi roxy NDIS\00\00
---> STAT = (RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

102) "NetBIOS" - Interface NetBIOS
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\netbios.sys
---> TYPE = FILE_SYSTEM_DRIVER

103) "NetBT" - NetBIOS sur TCP/IP
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\netbt.sys
---> TYPE = KERNEL_DRIVER

104) "NIC1394" - Pilote réseau 1394
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\nic1394.sys
---> TYPE = KERNEL_DRIVER

105) "Npfs"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = FILE_SYSTEM_DRIVER

106) "Ntfs"
---> STAT = (RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER

107) "Null"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

108) "NwlnkFlt" - Pilote de filtre de trafic IPX
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\nwlnkflt.sys
---> TYPE = KERNEL_DRIVER

109) "NwlnkFwd" - Pilote de transfert de trafic IPX
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\nwlnkfwd.sys
---> TYPE = KERNEL_DRIVER

110) "ohci1394" - Contrôleur hôte Texas Instruments IEEE 1394 compatible OHCI (Open Host Controller Interface)
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\ohci1394.sys
---> TYPE = KERNEL_DRIVER

111) "P1120VID" - Creative WebCam NX Ultra
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\P1120Vid.sys
---> TYPE = KERNEL_DRIVER

112) "PALLADIA" - Palladia 300/400 Usb Adsl Modem
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\usbiad.sys
---> TYPE = KERNEL_DRIVER

113) "Parport" - Pilote de port parallèle
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\parport.sys
---> TYPE = KERNEL_DRIVER

114) "PartMgr" - Gestionnaire de partition
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

115) "ParVdm"
---> STAT = (RUNNING) Started automatically
---> TYPE = KERNEL_DRIVER

116) "PCI" - Pilote de bus PCI
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\pci.sys
---> TYPE = KERNEL_DRIVER

117) "PCIDump"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

118) "PCIIde"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\pciide.sys
---> TYPE = KERNEL_DRIVER

119) "Pcmcia"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

120) "PDCOMP"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

121) "PDFRAME"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

122) "PDRELI"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

123) "PDRFRAME"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

124) "p" target="_blank">

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]

[Lsa\AccessProviders]

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Pare-feu Windows / Partage de connexion Internet"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"DependOnGroup"=multi:"\00"
"ObjectName"="LocalSystem"
"Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."

[SharedAccess\Epoch]
"Epoch"=dword:00004bd3

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:* isaxxxxx@xxxxxres.dll,-22019"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:* isaxxxxx@xxxxxres.dll,-20000"
"C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:* isabled:Shareaza Ultimate File Sharing"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:* isabled:Windows Live Messenger (Phone)"
"C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet isaxxxxx@xxxxxres.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet isaxxxxx@xxxxxres.dll,-22008"
"3389:TCP"="3389:TCP:* isaxxxxx@xxxxxres.dll,-22009"
"139:TCP"="139:TCP:LocalSubNet isaxxxxx@xxxxxres.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet isaxxxxx@xxxxxres.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet isaxxxxx@xxxxxres.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet isaxxxxx@xxxxxres.dll,-22002"
"4887:UDP"="4887:UDP:* isabled:Windows Media Format SDK (IEXPLORE.EXE)"
"4886:UDP"="4886:UDP:* isabled:Windows Media Format SDK (IEXPLORE.EXE)"

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"{82895C8F-354D-43D9-9E72-9212CF2FF418}"=dword:00000001
"{04CDA920-7D47-4403-8321-7FDED7324B22}"=dword:00000001
"{24773ADD-0A25-4A61-B076-3EACA7C5DE03}"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Lecteur Windows Media"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Personnalisation du navigateur"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\System32\msjava.dll"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
"@="Internet Explorer Classes for Java"
"ComponentID"="IEJAVA"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendu VML (Vector Graphics Rendering)"
"ComponentID"="MSVML"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Lecteur Windows Media Microsoft 6.4"

[Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]
#### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\swdir.dll"
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.3"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
"@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.3"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Liaison de données Dynamic HTML pour Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Création avancée"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP E /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"

[Installed Components\{4d64f3ba-f112-4efe-a02e-96680859937c}]
"@="KB918899"
"ComponentID"="KB918899"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classes Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
"@="Windows Messenger 4.7"
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5b7bf89d-d196-4c32-a303-a57b8ab7f18d}]
"@="KB918439"
"ComponentID"="KB918439"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\System32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"

[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
"@=".NET Framework"

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Carnet d'adresses 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Mise à jour du Bureau Windows"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"StubPath"="c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install"
"ComponentID"="DOTNETFRAMEWORKS"

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"

[Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
"ComponentID"=".NETFramework"
"@=".NET Framework"

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Planificateur de tâches"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"

[Installed Components\{dd772a76-bef3-44d7-8b39-502c8504c1f1}]
"@="KB925486"
"ComponentID"="KB925486"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"

[Installed Components\{f15ee071-deb7-4cbb-951f-431c98338d8e}]
"@="KB911567"
"ComponentID"="KB911567"

-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services

Result compared: Identical


-----Comparing registry keys CCS1 vs CCS3 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {82895C8F-354D-43D9-9E72-9212CF2FF418} REG_BINARY FC00000000000000000000000000000003678848060000000000000004000000000000002CB38948C0A80101030000000000000004000000000000002CB38948C0A80101330000000000000004000000000000002CB3894800014CDA3B0000000000000004000000000000002CB3894800011AEC3A0000000000000004000000000000002CB389480000A66D010000000000000004000000000000002CB38948FFFFFF00360000000000000004000000000000002CB38948C0A80101350000000000000001000000000000002CB3894805000000
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {82895C8F-354D-43D9-9E72-9212CF2FF418} REG_BINARY 060000000000000004000000000000002CB38948C0A80101030000000000000004000000000000002CB38948C0A80101330000000000000004000000000000002CB3894800014CDA3B0000000000000004000000000000002CB3894800011AEC3A0000000000000004000000000000002CB389480000A66D010000000000000004000000000000002CB38948FFFFFF00360000000000000004000000000000002CB38948C0A80101350000000000000001000000000000002CB3894805000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 19411 (0x4BD3)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 19408 (0x4BD0)

Result compared: Different


===================== AUTOPLAY SETTINGS =====================

~~~~~~~~~~~~~~~~~~~~~ Registry setting ~~~~~~~~~~~~~~~~~~~~~
(note: default values should be 91 or 95)


-----HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----

[Explorer]
"NoDriveTypeAutoRun"=dword:00000091

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----

[Explorer]
"NoDriveTypeAutoRun"=dword:00000091

Autorun is enabled on:
DRIVE_UNKNOWN = False
DRIVE_NO_ROOT_DIR = True
DRIVE_REMOVABLE = True
DRIVE_FIXED = True
DRIVE_REMOTE = False
DRIVE_CDROM = True
DRIVE_RAMDISK = True
RESERVED = False

~~~~~~~~~~~~~~~~~~~~~ Autorun.inf files ~~~~~~~~~~~~~~~~~~~~~

No autorun.inf files found.

===================== SCHEDULED JOBS =====================

jobs found in C:\WINDOWS:

28/08/2001 14:00:00 65 byte 2522 days old -- C:\WINDOWS\tasks\desktop.ini
24/07/2008 13:24:03 6 byte 0 days old -- C:\WINDOWS\tasks\SA.DAT
24/07/2008 15:17:00 256 byte 0 days old -- C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
~~~~~~~~~~~~~~~~~~~~~
Active jobs:

~~~~~~~~~~~~~~~~~~~~~
Most recent (50) lines in jobs scheduled log:

Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 23/07/2008 19:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 23/07/2008 19:17:01
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 23/07/2008 20:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 23/07/2008 20:17:08
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 23/07/2008 21:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 23/07/2008 21:17:05
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 23/07/2008 22:17:02
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 23/07/2008 22:17:07
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 24/07/2008 10:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 24/07/2008 10:17:02
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 24/07/2008 11:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 24/07/2008 11:17:01
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 24/07/2008 12:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 24/07/2008 12:17:02
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 24/07/2008 13:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 24/07/2008 13:17:01
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 24/07/2008 14:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 24/07/2008 14:17:01
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 24/07/2008 15:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 24/07/2008 15:17:00
Résultat : La tâche s'est terminée avec le code de sortie : (0).

===================== LIST OF ALL SERVICES & DRIVERS =====================

-----HKLM\system\currentcontrolset\services-----

000) "Abiosdsk"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

001) "abp480n5"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

002) "ACPI" - Pilote ACPI Microsoft
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\ACPI.sys
---> TYPE = KERNEL_DRIVER

003) "ACPIEC"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

004) "adpu160m"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

005) "aec" - Suppresseur d'écho acoustique (Noyau Microsoft)
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\aec.sys
---> TYPE = KERNEL_DRIVER

006) "AFD" - Environnement de prise en charge de réseau AFD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\afd.sys
---> TYPE = KERNEL_DRIVER

007) "Aha154x"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

008) "aic78u2"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

009) "aic78xx"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

010) "ALCXWDM" - Service for Realtek AC97 Audio (WDM)
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\ALCXWDM.SYS
---> TYPE = KERNEL_DRIVER

011) "AliIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

012) "amsint"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

013) "Arp1394" - Protocole client ARP 1394
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\arp1394.sys
---> TYPE = KERNEL_DRIVER

014) "asc"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

015) "asc3350p"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

016) "asc3550"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

017) "AsyncMac" - Pilote de média asynchrone RAS
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\asyncmac.sys
---> TYPE = KERNEL_DRIVER

018) "atapi" - Contrôleur de disque dur IDE/ESDI standard
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\atapi.sys
---> TYPE = KERNEL_DRIVER

019) "Atdisk"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

020) "Atmarpc" - Protocole client ATM ARP
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\atmarpc.sys
---> TYPE = KERNEL_DRIVER

021) "audstub" - Pilote audio Stub
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\audstub.sys
---> TYPE = KERNEL_DRIVER

022) "AVG Anti-Spyware Driver" - AVG Anti-Spyware Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
---> TYPE = KERNEL_DRIVER

023) "Avg7Core" - AVG7 Kernel
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\Drivers\avg7core.sys
---> TYPE = KERNEL_DRIVER

024) "Avg7RsW" - AVG7 Wrap Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\Drivers\avg7rsw.sys
---> TYPE = KERNEL_DRIVER

025) "Avg7RsXP" - AVG7 Resident Driver XP
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\Drivers\avg7rsxp.sys
---> TYPE = KERNEL_DRIVER

026) "AvgAsCln" - AVG Anti-Spyware Clean Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\AvgAsCln.sys
---> TYPE = KERNEL_DRIVER

027) "AvgClean" - AVG7 Clean Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\Drivers\avgclean.sys
---> TYPE = KERNEL_DRIVER

028) "AvgTdi" - AVG Network Redirector
---> STAT = (RUNNING) Started automatically
---> FILE = \SystemRoot\System32\Drivers\avgtdi.sys
---> TYPE = KERNEL_DRIVER

029) "Beep"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

030) "catchme"
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\DOCUME~1\ORDI\LOCALS~1\Temp\catchme.sys
---> TYPE = KERNEL_DRIVER

031) "cbidf2k"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

032) "CCDECODE" - Décodeur sous-titre fermé
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\CCDECODE.sys
---> TYPE = KERNEL_DRIVER

033) "cd20xrnt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

034) "Cdaudio"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

035) "Cdfs"
---> STAT = (RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER

036) "Cdrom" - Pilote de CD-ROM
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\cdrom.sys
---> TYPE = KERNEL_DRIVER

037) "Changer"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

038) "CmdIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

039) "Cpqarray"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

040) "dac2w2k"
---> STAT = (RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

041) "dac960nt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

042) "Disk" - Pilote de disque
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\disk.sys
---> TYPE = KERNEL_DRIVER

043) "dmboot"
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmboot.sys
---> TYPE = KERNEL_DRIVER

044) "dmio" - Pilote de Gestionnaire de disque logique
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\dmio.sys
---> TYPE = KERNEL_DRIVER

045) "dmload"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\dmload.sys
---> TYPE = KERNEL_DRIVER

046) "DMusic" - Synthétiseur DLS du noyau Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\DMusic.sys
---> TYPE = KERNEL_DRIVER

047) "dpti2o"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

048) "drmkaud" - Filtre de décodeur DRM (Noyau Microsoft)
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\drmkaud.sys
---> TYPE = KERNEL_DRIVER

049) "Fastfat"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER

050) "Fdc" - Pilote de contrôleur de lecteur de disquettes
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\fdc.sys
---> TYPE = KERNEL_DRIVER

051) "Fips"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

052) "Flpydisk"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

053) "FltMgr" - FltMgr
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\fltmgr.sys
---> TYPE = FILE_SYSTEM_DRIVER

054) "Ftdisk" - Pilote du Gestionnaire de volume
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\ftdisk.sys
---> TYPE = KERNEL_DRIVER

055) "Gpc" - Classificateur de paquets générique
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\msgpc.sys
---> TYPE = KERNEL_DRIVER

056) "hidusb" - Pilote de classe HID Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\hidusb.sys
---> TYPE = KERNEL_DRIVER

057) "hpn"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

058) "HTTP" - HTTP
---> STAT = (RUNNING) Started manually
---> FILE = System32\Drivers\HTTP.sys
---> TYPE = KERNEL_DRIVER

059) "i2omgmt"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

060) "i2omp"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

061) "i8042prt"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

062) "Imapi" - Pilote de filtre de gravure CD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\imapi.sys
---> TYPE = KERNEL_DRIVER

063) "ini910u"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

064) "IntelIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

065) "ip6fw" - Pilote du pare-feu Windows IPv6
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\ip6fw.sys
---> TYPE = KERNEL_DRIVER

066) "IpFilterDriver" - Pilote de filtre de trafic IP
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\ipfltdrv.sys
---> TYPE = KERNEL_DRIVER

067) "IpInIp" - Pilote de tunnelage IP dans IP
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\ipinip.sys
---> TYPE = KERNEL_DRIVER

068) "IpNat" - Traducteur d'adresses réseau IP
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ipnat.sys
---> TYPE = KERNEL_DRIVER

069) "IPSec" - Pilote IPSEC
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\ipsec.sys
---> TYPE = KERNEL_DRIVER

070) "irda" - Protocole IrDA
---> STAT = (RUNNING) Started automatically
---> FILE = System32\DRIVERS\irda.sys
---> TYPE = KERNEL_DRIVER

071) "IRENUM" - Service énumérateur IR
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\irenum.sys
---> TYPE = KERNEL_DRIVER

072) "irsir" - Pilote série infrarouge Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\irsir.sys
---> TYPE = KERNEL_DRIVER

073) "isapnp" - Pilote de bus Plug-and-Play ISA/EISA
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\isapnp.sys
---> TYPE = KERNEL_DRIVER

074) "Kbdclass" - Pilote de la classe Clavier
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\kbdclass.sys
---> TYPE = KERNEL_DRIVER

075) "kbdhid" - Pilote HID de clavier
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\kbdhid.sys
---> TYPE = KERNEL_DRIVER

076) "kmixer" - Mélangeur audio Wave de noyau Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\kmixer.sys
---> TYPE = KERNEL_DRIVER

077) "KSecDD"
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

078) "lbrtfdc"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

079) "MBAMSwissArmy" - MBAMSwissArmy
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\drivers\mbamswissarmy.sys
---> TYPE = KERNEL_DRIVER

080) "mnmdd"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

081) "Modem"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

082) "Mouclass" - Pilote de la classe Souris
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\mouclass.sys
---> TYPE = KERNEL_DRIVER

083) "mouhid" - Pilote HID de souris
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\mouhid.sys
---> TYPE = KERNEL_DRIVER

084) "MountMgr" - Gestionnaire de point de montage
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

085) "mraid35x"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

086) "MRxDAV" - Redirecteur client WebDav
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\mrxdav.sys
---> TYPE = FILE_SYSTEM_DRIVER

087) "MRxSmb" - MRXSMB
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\mrxsmb.sys
---> TYPE = FILE_SYSTEM_DRIVER

088) "Msfs"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = FILE_SYSTEM_DRIVER

089) "MSKSSRV" - Proxy de service de répartition Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSKSSRV.sys
---> TYPE = KERNEL_DRIVER

090) "MSPCLOCK" - Proxy d'horloge de répartition Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPCLOCK.sys
---> TYPE = KERNEL_DRIVER

091) "MSPQM" - Proxy de gestion de qualité de répartition Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPQM.sys
---> TYPE = KERNEL_DRIVER

092) "mssmbios" - Pilote BIOS de gestion de systèmes Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\mssmbios.sys
---> TYPE = KERNEL_DRIVER

093) "MSTEE" - Convertisseur en T/site-à-site de répartition Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSTEE.sys
---> TYPE = KERNEL_DRIVER

094) "Mup" - Mup
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = FILE_SYSTEM_DRIVER

095) "NABTSFEC" - Codec NABTS/FEC VBI
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\NABTSFEC.sys
---> TYPE = KERNEL_DRIVER

096) "NDIS" - Pilote système NDIS
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

097) "NdisIP" - Connection TV/vidéo Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\NdisIP.sys
---> TYPE = KERNEL_DRIVER

098) "NdisTapi" - Pilote TAPI NDIS d'accès distant
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndistapi.sys
---> TYPE = KERNEL_DRIVER

099) "Ndisuio" - NDIS mode utilisateur E/S Protocole
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndisuio.sys
---> TYPE = KERNEL_DRIVER

100) "NdisWan" - Pilote réseau étendu NDIS d'accès distant
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndiswan.sys
---> TYPE = KERNEL_DRIVER

101) "NDProxy" - multi roxy NDIS\00\00
---> STAT = (RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

102) "NetBIOS" - Interface NetBIOS
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\netbios.sys
---> TYPE = FILE_SYSTEM_DRIVER

103) "NetBT" - NetBIOS sur TCP/IP
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\netbt.sys
---> TYPE = KERNEL_DRIVER

104) "NIC1394" - Pilote réseau 1394
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\nic1394.sys
---> TYPE = KERNEL_DRIVER

105) "Npfs"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = FILE_SYSTEM_DRIVER

106) "Ntfs"
---> STAT = (RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER

107) "Null"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

108) "NwlnkFlt" - Pilote de filtre de trafic IPX
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\nwlnkflt.sys
---> TYPE = KERNEL_DRIVER

109) "NwlnkFwd" - Pilote de transfert de trafic IPX
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\nwlnkfwd.sys
---> TYPE = KERNEL_DRIVER

110) "ohci1394" - Contrôleur hôte Texas Instruments IEEE 1394 compatible OHCI (Open Host Controller Interface)
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\ohci1394.sys
---> TYPE = KERNEL_DRIVER

111) "P1120VID" - Creative WebCam NX Ultra
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\P1120Vid.sys
---> TYPE = KERNEL_DRIVER

112) "PALLADIA" - Palladia 300/400 Usb Adsl Modem
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\usbiad.sys
---> TYPE = KERNEL_DRIVER

113) "Parport" - Pilote de port parallèle
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\parport.sys
---> TYPE = KERNEL_DRIVER

114) "PartMgr" - Gestionnaire de partition
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

115) "ParVdm"
---> STAT = (RUNNING) Started automatically
---> TYPE = KERNEL_DRIVER

116) "PCI" - Pilote de bus PCI
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\pci.sys
---> TYPE = KERNEL_DRIVER

117) "PCIDump"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

118) "PCIIde"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\pciide.sys
---> TYPE = KERNEL_DRIVER

119) "Pcmcia"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

120) "PDCOMP"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

121) "PDFRAME"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

122) "PDRELI"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

123) "PDRFRAME"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

124) "p

Télécharge OTMoveIt2 ( de OldTimer).

Enregistre ce fichier sur le Bureau.
Redémarrer en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Imprime, note ou enregistre les informations suivantes. Dans ce mode, tu n'as pas accès à Internet :

Fais un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisissez Exécuter en tant qu'administrateur).

Sélectionne l'intégralité du cadre ci-dessous :

C:\WINDOWS\system32\ymqfjouy.ini2
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\bb949698-.txt
C:\WINDOWS\system32\juqfet.dll
C:\WINDOWS\system32\qvevexhd.dll
C:\WINDOWS\system32\jtwmspix.ini
C:\WINDOWS\system32\uyxpufff.ini
C:\WINDOWS\system32\kmWHOqru.ini2
C:\WINDOWS\system32\kmWHOqru.ini
C:\WINDOWS\system32\ymqfjouy.tmp
C:\WINDOWS\system32\ymqfjouy.ini
C:\WINDOWS\system32\mcrh.tmp

Retourne dans la fenêtre de OTMoveIt2, fais un clic droit dans la zone "Paste List of Files/Folders to Move" (sous la barre bleu clair) puis choisis Coller. (en ayant au préalable fait Copier).

Clique sur le bouton rouge Moveit!.

Copie tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.

Ferme OTMoveIt2

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine t'est demandé, choisis Oui/Yes. Dans ce cas, après le redémarrage, ouvre le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), clique sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuie sur la touche Entrée, navigue jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvre le fichier .log le plus récent; ensuite fais un copier/coller du contenu de ce document en réponse sur le forum.

Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.

**********************

Redémarre normalement.

Télécharge DiagHelp (de Malekal) sur ton Bureau

Dézippe le, ouvre le nouveau dossier DiagHelp, et double-clic sur go.cmd (le .cmd peut ne pas apparaître! )

Choisis l’option 1 dans la fenêtre qui s’ouvrira.
Ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand cela t’est demandé..
ATTENTION : Pendant l'analyse, après le rapport CatchMe, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

A la fin de l'analyse, ton ordi devra peut-être être redémarré... Une fois l'ordinateur redémarré, le rapport va apparaître sur le Bloc-note.. Poste le ici.

Ce dernier se trouve ici : C:\resultat.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de l’envoyer sur http://upload.malekal.com/
Comment Uploader ?

Aide : Comment utiliser DiagHelp.