aidez moi
je suis continuellement envahi de pud intempestive
type em pc
casino poker et x
j ai fais un rapport navilog


Search Navipromo version 2.0.2 commencé le 20/07/2008 à 13:34:52,60

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 17.05.2007 a 23h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\ORDI\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
http://www.f-secure.com/blacklight [...] _help.html


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.

[+] Started on 07/20/08 at 13:34:57.
[-] ERROR: This version of F-Secure BlackLight has expired.
[+] Exited on 07/20/08 at 13:34:57 (return code = 3).


*** Recherche fichiers ***




*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



Recherche Clé Magic Control

HKEY_CURRENT_USER\Software\Lanconfig trouvé !
HKEY_USERS\S-1-5-21-842925246-73586283-1801674531-1003\Software\Lanconfig trouvé !


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

C:\WINDOWS\system32\kmWHOqru.ini2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\ymqfjouy.ini2 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********


*** Analyse Terminé le 20/07/2008 à 13:35:29,12 ***


et jai fais un nettoyage avec navilog

Clean Navipromo version 2.0.2 commencé le 20/07/2008 à 13:36:41,23

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 17.05.2007 a 23h00 by IL-MAFIOSO

Mode suppression automatique avec prise en charge résultats Blacklight



*** fsbl1.txt non trouvé ***
(Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)


*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


*** Suppression dossiers dans C:\Documents and Settings\ORDI\Application Data ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\ORDI\Local Settings\Temp effectué !


*** Sauvegarde du registre vers dossier Backupnavi***


sauvegarde du registre réalise avec succes !


*** Nettoyage registre ***


Nettoyage registre Ok

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

C:\WINDOWS\system32\kmWHOqru.ini2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\ymqfjouy.ini2 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche et Suppression Heuristique :

*
**
***
****
*****
******
*******
********

3)Contrôle présence clés Rootkit dans le registre :

Aucune autre clés présente dans le registre !

*** Nettoyage termine le 20/07/2008 à 13:39:43,68 ***



svp aidez moi

Hello,

Ta version de Navilog est obsolète.
Supprime-la et télécharge la nouvelle.

Télécharge Navilog (de Il-Mafioso)

• Enregistre-le sur ton Bureau.
• Installe-le en double cliquant sur navilog.exe.
• Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.

(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau) [Clic droit -> "Exécuter en tant qu'administrateur". ( Pour Vista)]

• Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.

! N'utilise pas l'option 2, 3 et 4 sans notre accord !

• Patiente jusqu'à l'apparition de ce message :

*** Analyse Termine le ..... ***

• Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.
• Poste le rapport généré.

Le rapport se trouve ici : C:\fixnavi.txt

Si tu as Vista, fais ceci avant :
Désactive l'UAC (Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le)

RAPPROT KAPPERSKY ON LIGNE


C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-5ddc3bad/MagicApplet.class Infecté : Trojan-Downloader.Java.OpenConnection.ao ignoré

C:\Documents and Settings\ORDI\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-5ddc3bad/OwnClassLoader.class Infecté : Trojan.Java.ClassLoader.au ignoré

C:\Documents and Settings\ORDI\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-5ddc3bad/Installer.class Infecté : Trojan-Downloader.Java.Agent.a ignoré

C:\Documents and Settings\ORDI\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-5ddc3bad ZIP: infecté - 3 ignoré

C:\Documents and Settings\ORDI\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\Local Settings\Historique\History.IE5\MSHist012008072020080721\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\P4PFNI2P\install[1] L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\P4PFNI2P\Navilog1[1].exe/file10 Infecté : not-a-virus:RiskTool.Win32.Reboot.f ignoré

C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\P4PFNI2P\Navilog1[1].exe Inno: infecté - 1 ignoré

C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\PGWIWYPH\index[1].htm Infecté : Exploit.HTML.IESlice.fg ignoré

C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\YHJ1X698\1216551942[2].exe L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\NTUSER.DAT L'objet est verrouillé ignoré

C:\Documents and Settings\ORDI\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Program Files\Navilog1\Reboot.exe Infecté : not-a-virus:RiskTool.Win32.Reboot.f ignoré

C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP392\A0381609.exe Infecté : Trojan.Win32.Obfuscated.aqn ignoré

C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP399\A0385908.exe Infecté : Trojan.Win32.Obfuscated.aqn ignoré

C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP402\A0386058.exe Infecté : Trojan.Win32.Obfuscated.aqn ignoré

C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP428\A0415261.exe Infecté : not-a-virus:RiskTool.Win32.Reboot.f ignoré

C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP428\A0417276.dll L'objet est verrouillé ignoré

C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP428\A0417277.dll L'objet est verrouillé ignoré

C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP429\A0418289.dll L'objet est verrouillé ignoré

C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP429\change.log L'objet est verrouillé ignoré

C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

C:\WINDOWS\Downloaded Program Files\Nocs.dll Infecté : not-a-virus:AdWare.Win32.NocsBar.c ignoré

voila le rapprot ccleaner

Clean Navipromo version 3.6.1 commencé le 23/07/2008 à 0:06:14,45

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "ORDI"

Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\ORDI\locals~1\applic~1" *



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\ORDI\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\ORDI\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\ORDI\menudm~1\progra~1" ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\ORDI\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\ORDI\locals~1\applic~1" *


ueyykoy.exe trouvé !
Copie ueyykoy.exe réalisée avec succès !
ueyykoy.exe supprimé !

ueyykoy.dat trouvé !
Copie ueyykoy.dat réalisée avec succès !
ueyykoy.dat supprimé !

ueyykoy_nav.dat trouvé !
Copie ueyykoy_nav.dat réalisée avec succès !
ueyykoy_nav.dat supprimé !

ueyykoy_navps.dat trouvé !
Copie ueyykoy_navps.dat réalisée avec succès !
ueyykoy_navps.dat supprimé !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 23/07/2008 à 0:09:27,15 ***

Re,

Télécharge ComboFix (de sUBs) sur ton Bureau.

• Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
• Double clique sur ComboFix.exe.
• Accepte la licence en cliquant sur Oui.
• Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

Aide : Comment utiliser ComboFix.

Euh ressaie (sans essayer de le renommer).

sinon ya cette page mais je comprend rien

http://forum.telecharger.01net.com [...] ges-1.html

BEN je nai pa d ordi a dispo

je suis obliger de faire un combofix ya pa d autre moyen

J AIFAIS CE QUE TU MA DIT JAVAIS 22 INFECTIONS MAIS il ne ma pas affiche de rapport ?

excuse moi jai refait un apres nettoyage de malware


voici



Version de la base de données: 982
Windows 5.1.2600 Service Pack 2

19:54:52 23/07/2008
mbam-log-7-23-2008 (19-54-52).txt

Type de recherche: Examen rapide
Eléments examinés: 45464
Temps écoulé: 8 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e11c5ca1-3626-4659-a5b6-d6ae195c2235} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e11c5ca1-3626-4659-a5b6-d6ae195c2235} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\cwindows/downloaded program files/uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\tjpxti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\waeokxdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ylpdci.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.

Peux toujours pas avoir ComboFix ?
Tu peux essayer de le télécharger en mode sans échec avec prise en charge réseau ?

Si vraiment, ça ne marche pas, on va faire la désinfection à l'ancienne

jai essaye en mode sans echec ca ne marche pas non plus desole

voila mais c carrement long



SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)

Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\AT94RJ8C\sys71780[1].exe
Running in: User mode
Date: 24/07/2008
Time: 15:29:29

Output limited to:
-PC accounts
-Recent files
-Duplicates in BAK folders
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Services and Drivers (all)
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Master Boot Record
-Network settings
-Include HOSTS file
-Suspicious Files
-Installed Applications
-Include HIJACKTHIS.log

===================== ACCOUNTS ON THIS PC =====================


Users on this computer:
Is Admin? | Username
------------------
Yes | Administrateur
| HelpAssistant (Disabled)
| Invité (Disabled)
Yes | ORDI
| SUPPORT_388945a0 (Disabled)

### users folders

03/05/2007 00:05:28 (DIR) 0 byte 448 days old -- NetworkService
09/05/2007 13:06:37 (DIR) 0 byte 442 days old -- Default User
09/05/2007 13:06:42 (DIR) 0 byte 442 days old -- All Users
14/05/2007 15:58:40 (DIR) 0 byte 437 days old -- LocalService
24/07/2008 15:29:29 (DIR) 0 byte 0 days old -- ORDI

### startup files in users folders

C:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
C:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
C:\documents and settings\Default User\Menu Démarrer\Programmes\Démarrage\desktop.ini
C:\documents and settings\ORDI\Menu Démarrer\Programmes\Démarrage\desktop.ini
C:\documents and settings\ORDI\Menu Démarrer\Programmes\Démarrage\Shareaza Turbo Accelerator.lnk

===================== RECENT FILES =====================

Showing files newer than 60 days

----- recent files in C:\
13/06/2008 13:47:14 244 byte 41 days old -- sqmnoopt07.sqm
13/06/2008 13:47:15 268 byte 41 days old -- sqmdata07.sqm
18/07/2008 13:12:49 (DIR) 0 byte 6 days old -- Config.Msi
23/07/2008 00:09:27 2682 byte 1 days old -- cleannavi.txt
23/07/2008 12:29:53 12233 byte 1 days old -- lop.txt
23/07/2008 20:56:38 (DIR) 0 byte 1 days old -- Program Files
24/07/2008 12:16:46 (DIR) 0 byte 0 days old -- $VAULT$.AVG
24/07/2008 13:20:01 (DIR) 0 byte 0 days old -- WINDOWS
24/07/2008 13:23:09 2617 byte 0 days old -- Bug.txt
24/07/2008 13:23:58 704643072 byte 0 days old -- pagefile.sys

----- recent files in C:\WINDOWS\
30/05/2008 14:58:31 (DIR) 0 byte 55 days old -- $NtUninstallKB932823-v3$
30/05/2008 14:58:37 11142 byte 55 days old -- KB932823-v3.log
13/06/2008 14:04:58 (DIR) 0 byte 41 days old -- $NtUninstallKB951376$
13/06/2008 14:05:04 7738 byte 41 days old -- KB951376.log
13/06/2008 14:05:10 (DIR) 0 byte 41 days old -- $NtUninstallKB950760$
13/06/2008 14:05:12 6300 byte 41 days old -- KB950760.log
13/06/2008 14:05:15 (DIR) 0 byte 41 days old -- $NtUninstallKB950762$
13/06/2008 14:05:17 8081 byte 41 days old -- KB950762.log
13/06/2008 14:05:21 (DIR) 0 byte 41 days old -- $NtUninstallKB951698$
13/06/2008 14:05:23 12764 byte 41 days old -- KB951698.log
13/06/2008 14:09:58 (DIR) 0 byte 41 days old -- ie7updates
13/06/2008 14:10:14 149832 byte 41 days old -- updspapi.log
13/06/2008 14:10:32 1374 byte 41 days old -- imsins.BAK
13/06/2008 14:10:32 20927 byte 41 days old -- KB950759-IE7.log
20/06/2008 10:29:11 (DIR) 0 byte 34 days old -- $hf_mig$
20/06/2008 10:29:29 (DIR) 0 byte 34 days old -- $NtUninstallKB951376-v2$
20/06/2008 10:29:33 352218 byte 34 days old -- msmqinst.log
20/06/2008 10:29:34 8047 byte 34 days old -- KB951376-v2.log
20/06/2008 10:29:34 45790 byte 34 days old -- ocmsn.log
20/06/2008 10:29:34 550022 byte 34 days old -- ocgen.log
20/06/2008 10:29:34 512127 byte 34 days old -- tsoc.log
20/06/2008 10:29:34 56440 byte 34 days old -- tabletoc.log
20/06/2008 10:29:34 55438 byte 34 days old -- msgsocm.log
20/06/2008 10:29:34 51125 byte 34 days old -- medctroc.Log
20/06/2008 10:29:34 199810 byte 34 days old -- ntdtcsetup.log
20/06/2008 10:29:34 194388 byte 34 days old -- netfxocm.log
20/06/2008 10:29:34 1374 byte 34 days old -- imsins.log
20/06/2008 10:29:34 1104602 byte 34 days old -- FaxSetup.log
20/06/2008 10:29:34 331787 byte 34 days old -- comsetup.log
20/06/2008 10:29:35 1250259 byte 34 days old -- iis6.log
11/07/2008 16:27:40 116849 byte 13 days old -- wmsetup.log
18/07/2008 12:59:35 (DIR) 0 byte 6 days old -- Downloaded Installations
18/07/2008 13:11:08 (DIR) 0 byte 6 days old -- Installer
18/07/2008 16:59:12 (DIR) 0 byte 6 days old -- SoftwareDistribution
18/07/2008 19:20:28 (DIR) 0 byte 6 days old -- network diagnostic
19/07/2008 23:43:06 (DIR) 0 byte 5 days old -- avxoscan
19/07/2008 23:43:24 217 byte 5 days old -- AvxOnline.log
20/07/2008 18:04:19 (DIR) 0 byte 4 days old -- inf
23/07/2008 00:31:04 191790 byte 1 days old -- setupact.log
23/07/2008 12:22:05 (DIR) 0 byte 1 days old -- Downloaded Program Files
23/07/2008 17:46:12 32538 byte 1 days old -- SchedLgU.Txt
23/07/2008 20:53:29 1029353 byte 1 days old -- setupapi.log
24/07/2008 13:20:01 (DIR) 0 byte 0 days old -- CSC
24/07/2008 13:20:10 316002 byte 0 days old -- ntbtlog.txt
24/07/2008 13:22:57 (DIR) 0 byte 0 days old -- system32
24/07/2008 13:24:00 2048 byte 0 days old -- bootstat.dat
24/07/2008 13:24:01 0 byte 0 days old -- 0.log
24/07/2008 13:24:13 159 byte 0 days old -- wiadebug.log
24/07/2008 13:24:14 50 byte 0 days old -- wiaservc.log
24/07/2008 13:24:25 (DIR) 0 byte 0 days old -- Temp
24/07/2008 14:42:04 1211393 byte 0 days old -- WindowsUpdate.log
24/07/2008 15:29:29 (DIR) 0 byte 0 days old -- Prefetch

----- recent files in C:\WINDOWS\Downloaded Program Files\

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
20/06/2008 10:29:30 (DIR) 0 byte 34 days old -- dllcache
20/06/2008 19:05:51 (DIR) 0 byte 34 days old -- FlashAX
25/06/2008 18:15:46 17972344 byte 29 days old -- MRT.exe
18/07/2008 12:42:31 0 byte 6 days old -- bb949698-.txt
18/07/2008 12:43:04 116864 byte 6 days old -- juqfet.dll
18/07/2008 12:43:04 116864 byte 6 days old -- qvevexhd.dll
18/07/2008 12:44:30 613399 byte 6 days old -- jtwmspix.ini
19/07/2008 22:23:21 647863 byte 5 days old -- uyxpufff.ini
19/07/2008 22:28:23 428234 byte 5 days old -- kmWHOqru.ini2
19/07/2008 22:30:51 428234 byte 5 days old -- kmWHOqru.ini
19/07/2008 22:31:28 647983 byte 5 days old -- ymqfjouy.tmp
19/07/2008 22:32:28 294 byte 5 days old -- ymqfjouy.ini
21/07/2008 12:41:22 143 byte 3 days old -- mcrh.tmp
22/07/2008 21:13:45 2206 byte 2 days old -- wpa.dbl
22/07/2008 21:15:40 43581 byte 2 days old -- ymqfjouy.ini2
23/07/2008 17:43:34 (DIR) 0 byte 1 days old -- drivers
23/07/2008 20:53:13 664 byte 1 days old -- d3d9caps.dat
23/07/2008 20:53:14 (DIR) 0 byte 1 days old -- CatRoot2

----- recent files in C:\WINDOWS\system32\drivers\
14/06/2008 19:59:52 272768 byte 40 days old -- bthport.sys
14/06/2008 23:47:04 (DIR) 0 byte 40 days old -- etc
19/07/2008 23:39:36 102664 byte 5 days old -- tmcomm.sys
20/07/2008 20:25:00 17144 byte 4 days old -- mbam.sys
20/07/2008 20:25:04 38472 byte 4 days old -- mbamswissarmy.sys

----- recent files in C:\WINDOWS\temp\

----- recent files in C:\Program Files\
30/06/2008 11:50:27 (DIR) 0 byte 24 days old -- Spybot - Search & Destroy
05/07/2008 11:36:12 (DIR) 0 byte 19 days old -- Adobe
18/07/2008 13:00:11 (DIR) 0 byte 6 days old -- Fichiers communs
18/07/2008 13:08:25 (DIR) 0 byte 6 days old -- Microsoft AntiSpyware
18/07/2008 13:09:37 (DIR) 0 byte 6 days old -- InstallShield Installation Information
18/07/2008 13:11:06 (DIR) 0 byte 6 days old -- Google
18/07/2008 13:20:01 (DIR) 0 byte 6 days old -- Grisoft
18/07/2008 18:25:30 (DIR) 0 byte 6 days old -- download-boosters
19/07/2008 23:40:07 (DIR) 0 byte 5 days old -- Internet Explorer
20/07/2008 17:59:10 (DIR) 0 byte 4 days old -- BHODemon 2
23/07/2008 00:09:27 (DIR) 0 byte 1 days old -- Navilog1
23/07/2008 12:22:08 (DIR) 0 byte 1 days old -- Panda Security
23/07/2008 17:43:37 (DIR) 0 byte 1 days old -- Malwarebytes' Anti-Malware
23/07/2008 20:01:45 (DIR) 0 byte 1 days old -- Trend Micro

----- recent files in C:\Program Files\Fichiers communs\

----- recent files in C:\Documents and Settings\ORDI\Application Data\
18/07/2008 13:21:58 (DIR) 0 byte 6 days old -- Grisoft
23/07/2008 17:43:38 (DIR) 0 byte 1 days old -- Malwarebytes
23/07/2008 20:53:09 (DIR) 0 byte 1 days old -- SecondLife
24/07/2008 13:24:18 (DIR) 0 byte 0 days old -- AVG7

----- recent files in C:\DOCUME~1\ORDI\LOCALS~1\Temp\
23/07/2008 00:11:52 (DIR) 0 byte 1 days old -- WLTB Custom Button Feeds
23/07/2008 12:28:35 (DIR) 0 byte 1 days old -- Rar$EX00.953
23/07/2008 13:37:46 (DIR) 0 byte 1 days old -- MessengerCache
24/07/2008 09:33:47 (DIR) 0 byte 0 days old -- ~nsu.tmp
24/07/2008 13:24:08 (DIR) 0 byte 0 days old -- WPDNSE
24/07/2008 13:29:05 1026 byte 0 days old -- jusched.log
24/07/2008 15:29:02 107 byte 0 days old -- systemscan.ini
24/07/2008 15:29:03 16384 byte 0 days old -- ~DFCA01.tmp
24/07/2008 15:29:29 (DIR) 0 byte 0 days old -- nswB.tmp

===================== DUPLICATE FILES IN BAK FOLDERS =====================

No BAK folders found

===================== REGISTRY SCAN =====================


-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"Google Desktop Search"="\"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe\" /startup"
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP"
"SoundMan"="SOUNDMAN.EXE"
"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 \"EPSON Stylus DX3800 Series\" /O6 \"USB001\" /M \"Stylus DX3800\""
"IPPDetect"="C:\PROGRA~1\NewSoft\PRESTO~1.PHO\MrPhoto3\MrPhoto3\IPP4Detect.exe"
"SunJavaUpdateSched"="\"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe\""
"Adobe Reader Speed Launcher"="\"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\""
"!AVG Anti-Spyware"="\"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe\" /minimized"
"b0b752e6"="rundll32.exe \"C:\WINDOWS\system32\yuojfqmy.dll\",b"

[Run\OptionalComponents]
@=""

[Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[Run\OptionalComponents\MSFS]
"Installed"="1"
@=""

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"MsnMsgr"="\"C:\Program Files\Windows Live\Messenger\msnmsgr.exe\" /background"
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[run]
"C4yfC5D94y"="C:\Documents and Settings\All Users\Application Data\ipcpwdql\ifwtuxmj.exe"

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\System32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{8EA479BF-A910-4B14-8BB1-CD195871F947}"=""
#### HKCR\CLSID\{8EA479BF-A910-4B14-8BB1-CD195871F947}\InprocServer32 @="C:\WINDOWS\system32\byXNHbyw.dll"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
#### HKCR\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\InprocServer32 @="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"@="Sans fil"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"@="Planificateur de paquets QoS"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"@="Scripts"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installation de logiciel"
"DllName"=expand:"appmgmts.dll"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"@="Sécurité IP"
"DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\byXNHbyw]
"DllName"="byXNHbyw.dll"

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\WgaLogon]

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp"
"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[RunOnceEx]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]
@=""

[Browser Helper Objects\{59F176DF-65DC-47A0-A586-3F81E8A84D70}]
#### HKCR\CLSID\{59F176DF-65DC-47A0-A586-3F81E8A84D70}\InprocServer32 @="C:\WINDOWS\system32\urqOHWmk.dll"

[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll"
"NoExplorer"=dword:00000001

[Browser Helper Objects\{8EA479BF-A910-4B14-8BB1-CD195871F947}]
#### HKCR\CLSID\{8EA479BF-A910-4B14-8BB1-CD195871F947}\InprocServer32 @="C:\WINDOWS\system32\byXNHbyw.dll"

[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"

[Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
#### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll"

[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
#### HKCR\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServer32 @="C:\Program Files\Windows Live Toolbar\msntb.dll"
@=""

[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\NoExplorer]
@=dword:00000001

[Browser Helper Objects\{e11c5ca1-3626-4659-a5b6-d6ae195c2235}]
#### HKCR\CLSID\{e11c5ca1-3626-4659-a5b6-d6ae195c2235}\InprocServer32 @="C:\WINDOWS\system32\tjpxti.dll"
@="{5322c591-ea6d-6b5a-9564-62631ac5c11e}"

[Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
#### HKCR\CLSID\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\InprocServer32 @="C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll"

[Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\EWPP]
"InternetExplore"="Called\00\00œÛ\12\00q‚óu\08ð\17\00H\00\00\00\15\00\00\00\01\00\00\00\00Ü\12\00\00\00\00\00\01\00\00\00\00\00\00\00Ú…óuÁ@ôw\00\00\00\00\00\00)\05\00Ü\12\00¼ˆ!~„Û\12\00V‚ñu\10}\15\00h‚\01\00\09\00\00\00ØÚ\12\00\05@\00€ÌÛ\12\00\18î‘|p\05’|ÿÿÿÿm\05’|Ùõ\"\05\00\00)\05\00\00\00\00x.)\05\01\00\00\004Ü\12\00\10}\15\00hÏ\19\00ØÛ\12\00dJ\0ew%}\"~,\16\00\01\00\00\00 Ü\12\00 \16#\05ȁ#\05ÿÿÿÿ,Ü\12\00 ê\"\05x.)\05êp\"\05x.)\05\01\00\00\00¿¼\"\05\01\00\00\00\00\00\00\00\08\00)\05\00\00\00\00lÏ\19\00Ï!úw\0b\00\12\00\00\00\00\00\01\00\00\00\08¼\"\05ìÞ\12"
"FileExplorer"="Called\00\00üí)\01å‚óupT \02H\00\00\00\15\00\00\00\00\00\00\00`î)\01\00\00\00\00\00\00\00\00\00\00\00\00N†óuÁ@ôw\00\00\00\00\00\00G\01`î)\01¼ˆ!~äí)\01V‚ñu\08:\13\00h‚\01\00\09\00\00\008í)\01\05@\00€,î)\01\18î‘|p\05’|ÿÿÿÿm\05’|Ùõ\0b\03\00\00G\01\00\00\00\00À.G\01\00\00\00\00”î)\01\08:\13\00tJ\0ew4`\w€\17\1f\02%}\"~80 \02\00\00\00\00€î)\01 \16\0c\03ȁ\0c\03ÿÿÿÿŒî)\01 ê\0b\03À.G\01êp\0b\03À.G\01\01\00\00\00¿¼\0b\03\01\00\00\00\01\00\00\00\08\00G\01\00\00\00\00„\17\1f\02Ï!úw\0b\00)\01\00\00\00\00\00\00\00\00\08¼\0b\03dñ)\01"
"FileBrowser"="Called\00\00\14î-\01q‚óuð\18é\01H\00\00\00\15\00\00\00\00\00\00\00xî-\01\00\00\00\00\00\00\00\00\00\00\00\00Ú…óuÁ@ôw\00\00\00\00\00\00\06\02xî-\01¼ˆ!~üí-\01V‚ñu°ó\0e\00h‚\01\00\09\00\00\00Pí-\01\05@\00€Dî-\01\18î‘|p\05’|ÿÿÿÿm\05’|Ùõÿ\01\00\00\06\02\00\00\00\00\08.\06\02\00\00\00\00¬î-\01°ó\0e\00ˆ\13\18\00Pî-\01dJ\0ew%}\"~¸\14é\01\00\00\00\00˜î-\01 \16\00\02ȁ\00\02ÿÿÿÿ¤î-\01 êÿ\01\08.\06\02êpÿ\01\08.\06\02\01\00\00\00¿¼ÿ\01\01\00\00\00\02\00\00\00\08\00\06\02\00\00\00\00Œ\13\18\00Ï!úw\0b\00-\01\00\00\00\00\00\00\00\00\08¼ÿ\01dñ-\01"

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"
"{e4000b62-fa5d-4b39-b254-0a4c485aaf11}"=""

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----

[MSConfig]

[MSConfig\services]

[MSConfig\startupfolder]

[MSConfig\startupreg]

[MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000000

-----HKCU\Control Panel\Desktop\-----

[Desktop]
"SCRNSAVE.EXE"="C:\WINDOWS\System32\ss3dfo.scr"

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]

[Lsa\AccessProviders]

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Pare-feu Windows / Partage de connexion Internet"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"DependOnGroup"=multi:"\00"
"ObjectName"="LocalSystem"
"Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."

[SharedAccess\Epoch]
"Epoch"=dword:00004bd3

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*isaxxxxx@xxxxxres.dll,-22019"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*isaxxxxx@xxxxxres.dll,-20000"
"C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*isabled:Shareaza Ultimate File Sharing"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*isabled:Windows Live Messenger (Phone)"
"C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNetisaxxxxx@xxxxxres.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNetisaxxxxx@xxxxxres.dll,-22008"
"3389:TCP"="3389:TCP:*isaxxxxx@xxxxxres.dll,-22009"
"139:TCP"="139:TCP:LocalSubNetisaxxxxx@xxxxxres.dll,-22004"
"445:TCP"="445:TCP:LocalSubNetisaxxxxx@xxxxxres.dll,-22005"
"137:UDP"="137:UDP:LocalSubNetisaxxxxx@xxxxxres.dll,-22001"
"138:UDP"="138:UDP:LocalSubNetisaxxxxx@xxxxxres.dll,-22002"
"4887:UDP"="4887:UDP:*isabled:Windows Media Format SDK (IEXPLORE.EXE)"
"4886:UDP"="4886:UDP:*isabled:Windows Media Format SDK (IEXPLORE.EXE)"

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"{82895C8F-354D-43D9-9E72-9212CF2FF418}"=dword:00000001
"{04CDA920-7D47-4403-8321-7FDED7324B22}"=dword:00000001
"{24773ADD-0A25-4A61-B076-3EACA7C5DE03}"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Lecteur Windows Media"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Personnalisation du navigateur"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\System32\msjava.dll"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
"@="Internet Explorer Classes for Java"
"ComponentID"="IEJAVA"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendu VML (Vector Graphics Rendering)"
"ComponentID"="MSVML"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Lecteur Windows Media Microsoft 6.4"

[Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]
#### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\swdir.dll"
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.3"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
"@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
"@="Adobe Shockwave Director 10.3"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /iUserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Liaison de données Dynamic HTML pour Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Création avancée"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APPE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"

[Installed Components\{4d64f3ba-f112-4efe-a02e-96680859937c}]
"@="KB918899"
"ComponentID"="KB918899"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classes Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
"@="Windows Messenger 4.7"
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5b7bf89d-d196-4c32-a303-a57b8ab7f18d}]
"@="KB918439"
"ComponentID"="KB918439"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\System32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"

[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
"@=".NET Framework"

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Carnet d'adresses 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Mise à jour du Bureau Windows"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"StubPath"="c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install"
"ComponentID"="DOTNETFRAMEWORKS"

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"

[Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
"ComponentID"=".NETFramework"
"@=".NET Framework"

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Planificateur de tâches"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"

[Installed Components\{dd772a76-bef3-44d7-8b39-502c8504c1f1}]
"@="KB925486"
"ComponentID"="KB925486"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"

[Installed Components\{f15ee071-deb7-4cbb-951f-431c98338d8e}]
"@="KB911567"
"ComponentID"="KB911567"

-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services

Result compared: Identical


-----Comparing registry keys CCS1 vs CCS3 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {82895C8F-354D-43D9-9E72-9212CF2FF418} REG_BINARY FC00000000000000000000000000000003678848060000000000000004000000000000002CB38948C0A80101030000000000000004000000000000002CB38948C0A80101330000000000000004000000000000002CB3894800014CDA3B0000000000000004000000000000002CB3894800011AEC3A0000000000000004000000000000002CB389480000A66D010000000000000004000000000000002CB38948FFFFFF00360000000000000004000000000000002CB38948C0A80101350000000000000001000000000000002CB3894805000000
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {82895C8F-354D-43D9-9E72-9212CF2FF418} REG_BINARY 060000000000000004000000000000002CB38948C0A80101030000000000000004000000000000002CB38948C0A80101330000000000000004000000000000002CB3894800014CDA3B0000000000000004000000000000002CB3894800011AEC3A0000000000000004000000000000002CB389480000A66D010000000000000004000000000000002CB38948FFFFFF00360000000000000004000000000000002CB38948C0A80101350000000000000001000000000000002CB3894805000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 19411 (0x4BD3)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 19408 (0x4BD0)

Result compared: Different


===================== AUTOPLAY SETTINGS =====================

~~~~~~~~~~~~~~~~~~~~~ Registry setting ~~~~~~~~~~~~~~~~~~~~~
(note: default values should be 91 or 95)


-----HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----

[Explorer]
"NoDriveTypeAutoRun"=dword:00000091

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----

[Explorer]
"NoDriveTypeAutoRun"=dword:00000091

Autorun is enabled on:
DRIVE_UNKNOWN = False
DRIVE_NO_ROOT_DIR = True
DRIVE_REMOVABLE = True
DRIVE_FIXED = True
DRIVE_REMOTE = False
DRIVE_CDROM = True
DRIVE_RAMDISK = True
RESERVED = False

~~~~~~~~~~~~~~~~~~~~~ Autorun.inf files ~~~~~~~~~~~~~~~~~~~~~

No autorun.inf files found.

===================== SCHEDULED JOBS =====================

jobs found in C:\WINDOWS:

28/08/2001 14:00:00 65 byte 2522 days old -- C:\WINDOWS\tasks\desktop.ini
24/07/2008 13:24:03 6 byte 0 days old -- C:\WINDOWS\tasks\SA.DAT
24/07/2008 15:17:00 256 byte 0 days old -- C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
~~~~~~~~~~~~~~~~~~~~~
Active jobs:

~~~~~~~~~~~~~~~~~~~~~
Most recent (50) lines in jobs scheduled log:

Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 23/07/2008 19:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 23/07/2008 19:17:01
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 23/07/2008 20:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 23/07/2008 20:17:08
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 23/07/2008 21:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 23/07/2008 21:17:05
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 23/07/2008 22:17:02
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 23/07/2008 22:17:07
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 24/07/2008 10:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 24/07/2008 10:17:02
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 24/07/2008 11:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 24/07/2008 11:17:01
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 24/07/2008 12:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 24/07/2008 12:17:02
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 24/07/2008 13:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 24/07/2008 13:17:01
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 24/07/2008 14:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 24/07/2008 14:17:01
Résultat : La tâche s'est terminée avec le code de sortie : (0).
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Démarré à 24/07/2008 15:17:00
"Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
Quitté à 24/07/2008 15:17:00
Résultat : La tâche s'est terminée avec le code de sortie : (0).

===================== LIST OF ALL SERVICES & DRIVERS =====================

-----HKLM\system\currentcontrolset\services-----

000) "Abiosdsk"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

001) "abp480n5"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

002) "ACPI" - Pilote ACPI Microsoft
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\ACPI.sys
---> TYPE = KERNEL_DRIVER

003) "ACPIEC"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

004) "adpu160m"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

005) "aec" - Suppresseur d'écho acoustique (Noyau Microsoft)
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\aec.sys
---> TYPE = KERNEL_DRIVER

006) "AFD" - Environnement de prise en charge de réseau AFD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\afd.sys
---> TYPE = KERNEL_DRIVER

007) "Aha154x"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

008) "aic78u2"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

009) "aic78xx"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

010) "ALCXWDM" - Service for Realtek AC97 Audio (WDM)
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\ALCXWDM.SYS
---> TYPE = KERNEL_DRIVER

011) "AliIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

012) "amsint"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

013) "Arp1394" - Protocole client ARP 1394
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\arp1394.sys
---> TYPE = KERNEL_DRIVER

014) "asc"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

015) "asc3350p"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

016) "asc3550"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

017) "AsyncMac" - Pilote de média asynchrone RAS
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\asyncmac.sys
---> TYPE = KERNEL_DRIVER

018) "atapi" - Contrôleur de disque dur IDE/ESDI standard
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\atapi.sys
---> TYPE = KERNEL_DRIVER

019) "Atdisk"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

020) "Atmarpc" - Protocole client ATM ARP
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\atmarpc.sys
---> TYPE = KERNEL_DRIVER

021) "audstub" - Pilote audio Stub
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\audstub.sys
---> TYPE = KERNEL_DRIVER

022) "AVG Anti-Spyware Driver" - AVG Anti-Spyware Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
---> TYPE = KERNEL_DRIVER

023) "Avg7Core" - AVG7 Kernel
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\Drivers\avg7core.sys
---> TYPE = KERNEL_DRIVER

024) "Avg7RsW" - AVG7 Wrap Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\Drivers\avg7rsw.sys
---> TYPE = KERNEL_DRIVER

025) "Avg7RsXP" - AVG7 Resident Driver XP
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\Drivers\avg7rsxp.sys
---> TYPE = KERNEL_DRIVER

026) "AvgAsCln" - AVG Anti-Spyware Clean Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\AvgAsCln.sys
---> TYPE = KERNEL_DRIVER

027) "AvgClean" - AVG7 Clean Driver
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\Drivers\avgclean.sys
---> TYPE = KERNEL_DRIVER

028) "AvgTdi" - AVG Network Redirector
---> STAT = (RUNNING) Started automatically
---> FILE = \SystemRoot\System32\Drivers\avgtdi.sys
---> TYPE = KERNEL_DRIVER

029) "Beep"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

030) "catchme"
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\DOCUME~1\ORDI\LOCALS~1\Temp\catchme.sys
---> TYPE = KERNEL_DRIVER

031) "cbidf2k"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

032) "CCDECODE" - Décodeur sous-titre fermé
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\CCDECODE.sys
---> TYPE = KERNEL_DRIVER

033) "cd20xrnt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

034) "Cdaudio"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

035) "Cdfs"
---> STAT = (RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER

036) "Cdrom" - Pilote de CD-ROM
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\cdrom.sys
---> TYPE = KERNEL_DRIVER

037) "Changer"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

038) "CmdIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

039) "Cpqarray"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

040) "dac2w2k"
---> STAT = (RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

041) "dac960nt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

042) "Disk" - Pilote de disque
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\disk.sys
---> TYPE = KERNEL_DRIVER

043) "dmboot"
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmboot.sys
---> TYPE = KERNEL_DRIVER

044) "dmio" - Pilote de Gestionnaire de disque logique
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\dmio.sys
---> TYPE = KERNEL_DRIVER

045) "dmload"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\drivers\dmload.sys
---> TYPE = KERNEL_DRIVER

046) "DMusic" - Synthétiseur DLS du noyau Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\DMusic.sys
---> TYPE = KERNEL_DRIVER

047) "dpti2o"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

048) "drmkaud" - Filtre de décodeur DRM (Noyau Microsoft)
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\drmkaud.sys
---> TYPE = KERNEL_DRIVER

049) "Fastfat"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER

050) "Fdc" - Pilote de contrôleur de lecteur de disquettes
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\fdc.sys
---> TYPE = KERNEL_DRIVER

051) "Fips"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

052) "Flpydisk"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

053) "FltMgr" - FltMgr
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\fltmgr.sys
---> TYPE = FILE_SYSTEM_DRIVER

054) "Ftdisk" - Pilote du Gestionnaire de volume
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\ftdisk.sys
---> TYPE = KERNEL_DRIVER

055) "Gpc" - Classificateur de paquets générique
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\msgpc.sys
---> TYPE = KERNEL_DRIVER

056) "hidusb" - Pilote de classe HID Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\hidusb.sys
---> TYPE = KERNEL_DRIVER

057) "hpn"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

058) "HTTP" - HTTP
---> STAT = (RUNNING) Started manually
---> FILE = System32\Drivers\HTTP.sys
---> TYPE = KERNEL_DRIVER

059) "i2omgmt"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

060) "i2omp"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

061) "i8042prt"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

062) "Imapi" - Pilote de filtre de gravure CD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\imapi.sys
---> TYPE = KERNEL_DRIVER

063) "ini910u"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

064) "IntelIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

065) "ip6fw" - Pilote du pare-feu Windows IPv6
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\ip6fw.sys
---> TYPE = KERNEL_DRIVER

066) "IpFilterDriver" - Pilote de filtre de trafic IP
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\ipfltdrv.sys
---> TYPE = KERNEL_DRIVER

067) "IpInIp" - Pilote de tunnelage IP dans IP
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\ipinip.sys
---> TYPE = KERNEL_DRIVER

068) "IpNat" - Traducteur d'adresses réseau IP
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ipnat.sys
---> TYPE = KERNEL_DRIVER

069) "IPSec" - Pilote IPSEC
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\ipsec.sys
---> TYPE = KERNEL_DRIVER

070) "irda" - Protocole IrDA
---> STAT = (RUNNING) Started automatically
---> FILE = System32\DRIVERS\irda.sys
---> TYPE = KERNEL_DRIVER

071) "IRENUM" - Service énumérateur IR
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\irenum.sys
---> TYPE = KERNEL_DRIVER

072) "irsir" - Pilote série infrarouge Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\irsir.sys
---> TYPE = KERNEL_DRIVER

073) "isapnp" - Pilote de bus Plug-and-Play ISA/EISA
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\isapnp.sys
---> TYPE = KERNEL_DRIVER

074) "Kbdclass" - Pilote de la classe Clavier
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\kbdclass.sys
---> TYPE = KERNEL_DRIVER

075) "kbdhid" - Pilote HID de clavier
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\kbdhid.sys
---> TYPE = KERNEL_DRIVER

076) "kmixer" - Mélangeur audio Wave de noyau Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\kmixer.sys
---> TYPE = KERNEL_DRIVER

077) "KSecDD"
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

078) "lbrtfdc"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

079) "MBAMSwissArmy" - MBAMSwissArmy
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\drivers\mbamswissarmy.sys
---> TYPE = KERNEL_DRIVER

080) "mnmdd"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

081) "Modem"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

082) "Mouclass" - Pilote de la classe Souris
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\mouclass.sys
---> TYPE = KERNEL_DRIVER

083) "mouhid" - Pilote HID de souris
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\mouhid.sys
---> TYPE = KERNEL_DRIVER

084) "MountMgr" - Gestionnaire de point de montage
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

085) "mraid35x"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

086) "MRxDAV" - Redirecteur client WebDav
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\mrxdav.sys
---> TYPE = FILE_SYSTEM_DRIVER

087) "MRxSmb" - MRXSMB
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\mrxsmb.sys
---> TYPE = FILE_SYSTEM_DRIVER

088) "Msfs"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = FILE_SYSTEM_DRIVER

089) "MSKSSRV" - Proxy de service de répartition Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSKSSRV.sys
---> TYPE = KERNEL_DRIVER

090) "MSPCLOCK" - Proxy d'horloge de répartition Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPCLOCK.sys
---> TYPE = KERNEL_DRIVER

091) "MSPQM" - Proxy de gestion de qualité de répartition Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPQM.sys
---> TYPE = KERNEL_DRIVER

092) "mssmbios" - Pilote BIOS de gestion de systèmes Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\mssmbios.sys
---> TYPE = KERNEL_DRIVER

093) "MSTEE" - Convertisseur en T/site-à-site de répartition Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSTEE.sys
---> TYPE = KERNEL_DRIVER

094) "Mup" - Mup
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = FILE_SYSTEM_DRIVER

095) "NABTSFEC" - Codec NABTS/FEC VBI
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\NABTSFEC.sys
---> TYPE = KERNEL_DRIVER

096) "NDIS" - Pilote système NDIS
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

097) "NdisIP" - Connection TV/vidéo Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\NdisIP.sys
---> TYPE = KERNEL_DRIVER

098) "NdisTapi" - Pilote TAPI NDIS d'accès distant
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndistapi.sys
---> TYPE = KERNEL_DRIVER

099) "Ndisuio" - NDIS mode utilisateur E/S Protocole
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndisuio.sys
---> TYPE = KERNEL_DRIVER

100) "NdisWan" - Pilote réseau étendu NDIS d'accès distant
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndiswan.sys
---> TYPE = KERNEL_DRIVER

101) "NDProxy" - multiroxy NDIS\00\00
---> STAT = (RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

102) "NetBIOS" - Interface NetBIOS
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\netbios.sys
---> TYPE = FILE_SYSTEM_DRIVER

103) "NetBT" - NetBIOS sur TCP/IP
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\netbt.sys
---> TYPE = KERNEL_DRIVER

104) "NIC1394" - Pilote réseau 1394
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\nic1394.sys
---> TYPE = KERNEL_DRIVER

105) "Npfs"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = FILE_SYSTEM_DRIVER

106) "Ntfs"
---> STAT = (RUNNING) Disabled
---> TYPE = FILE_SYSTEM_DRIVER

107) "Null"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

108) "NwlnkFlt" - Pilote de filtre de trafic IPX
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\nwlnkflt.sys
---> TYPE = KERNEL_DRIVER

109) "NwlnkFwd" - Pilote de transfert de trafic IPX
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\nwlnkfwd.sys
---> TYPE = KERNEL_DRIVER

110) "ohci1394" - Contrôleur hôte Texas Instruments IEEE 1394 compatible OHCI (Open Host Controller Interface)
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\ohci1394.sys
---> TYPE = KERNEL_DRIVER

111) "P1120VID" - Creative WebCam NX Ultra
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\P1120Vid.sys
---> TYPE = KERNEL_DRIVER

112) "PALLADIA" - Palladia 300/400 Usb Adsl Modem
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\usbiad.sys
---> TYPE = KERNEL_DRIVER

113) "Parport" - Pilote de port parallèle
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\parport.sys
---> TYPE = KERNEL_DRIVER

114) "PartMgr" - Gestionnaire de partition
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = KERNEL_DRIVER

115) "ParVdm"
---> STAT = (RUNNING) Started automatically
---> TYPE = KERNEL_DRIVER

116) "PCI" - Pilote de bus PCI
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\pci.sys
---> TYPE = KERNEL_DRIVER

117) "PCIDump"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = KERNEL_DRIVER

118) "PCIIde"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\pciide.sys
---> TYPE = KERNEL_DRIVER

119) "Pcmcia"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = KERNEL_DRIVER

120) "PDCOMP"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

121) "PDFRAME"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

122) "PDRELI"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

123) "PDRFRAME"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = KERNEL_DRIVER

124) "p