Se connecter / S'enregistrer
Votre question

probleme de virus spyware, pub intempestive, em pc, etc

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
20 Juillet 2008 13:54:37

aidez moi
je suis continuellement envahi de pud intempestive
type em pc
casino poker et x
j ai fais un rapport navilog


Search Navipromo version 2.0.2 commencé le 20/07/2008 à 13:34:52,60

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 17.05.2007 a 23h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\ORDI\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
http://www.f-secure.com/blacklight/blacklight_help.html


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.

[+] Started on 07/20/08 at 13:34:57.
[-] ERROR: This version of F-Secure BlackLight has expired.
[+] Exited on 07/20/08 at 13:34:57 (return code = 3).


*** Recherche fichiers ***




*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



Recherche Clé Magic Control

HKEY_CURRENT_USER\Software\Lanconfig trouvé !
HKEY_USERS\S-1-5-21-842925246-73586283-1801674531-1003\Software\Lanconfig trouvé !


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

C:\WINDOWS\system32\kmWHOqru.ini2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\ymqfjouy.ini2 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********


*** Analyse Terminé le 20/07/2008 à 13:35:29,12 ***


et jai fais un nettoyage avec navilog

Clean Navipromo version 2.0.2 commencé le 20/07/2008 à 13:36:41,23

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 17.05.2007 a 23h00 by IL-MAFIOSO

Mode suppression automatique avec prise en charge résultats Blacklight



*** fsbl1.txt non trouvé ***
(Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)


*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


*** Suppression dossiers dans C:\Documents and Settings\ORDI\Application Data ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\ORDI\Local Settings\Temp effectué !


*** Sauvegarde du registre vers dossier Backupnavi***


sauvegarde du registre réalise avec succes !


*** Nettoyage registre ***


Nettoyage registre Ok

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

C:\WINDOWS\system32\kmWHOqru.ini2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\ymqfjouy.ini2 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche et Suppression Heuristique :

*
**
***
****
*****
******
*******
********

3)Contrôle présence clés Rootkit dans le registre :

Aucune autre clés présente dans le registre !

*** Nettoyage termine le 20/07/2008 à 13:39:43,68 ***



svp aidez moi

Autres pages sur : probleme virus spyware pub intempestive

20 Juillet 2008 14:00:21

mon rapport hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:57:08, on 20/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\DS8EP6Y9\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
O2 - BHO: (no name) - {59F176DF-65DC-47A0-A586-3F81E8A84D70} - C:\WINDOWS\system32\urqOHWmk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8EA479BF-A910-4B14-8BB1-CD195871F947} - C:\WINDOWS\system32\byXNHbyw.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {5322c591-ea6d-6b5a-9564-62631ac5c11e} - {e11c5ca1-3626-4659-a5b6-d6ae195c2235} - C:\WINDOWS\system32\tjpxti.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Nocs Bar - {8E1E80F3-A3F0-41d4-BAA7-470442CFC906} - C:\WINDOWS\Downloaded Program Files\Nocs.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [IPPDetect] C:\PROGRA~1\NewSoft\PRESTO~1.PHO\MrPhoto3\MrPhoto3\IPP4Detect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [b0b752e6] rundll32.exe "C:\WINDOWS\system32\yuojfqmy.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ueyykoy] c:\documents and settings\ordi\local settings\application data\ueyykoy.exe ueyykoy
O4 - HKLM\..\Policies\Explorer\Run: [C4yfC5D94y] C:\Documents and Settings\All Users\Application Data\ipcpwdql\ifwtuxmj.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Shareaza Turbo Accelerator.lnk = C:\Program Files\Shareaza Turbo Accelerator\Shareaza Turbo Accelerator.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cc8010b383084d33afc517391c52c87f
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cc8010b383084d33afc517391c52c87f
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Nocs Bar - {9F772CA3-F464-4654-9073-C18749E197E4} - C:\WINDOWS\Downloaded Program Files\Nocs.dll
O9 - Extra 'Tools' menuitem: Nocs Bar - {9F772CA3-F464-4654-9073-C18749E197E4} - C:\WINDOWS\Downloaded Program Files\Nocs.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie....
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O16 - DPF: {8E1E80F3-A3F0-41D4-BAA7-470442CFC906} (Nocs Bar) - http://www.nocs.us/plugin/Nocs.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Register/Branding/olr33...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: byXNHbyw - byXNHbyw.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 9656 bytes
20 Juillet 2008 14:47:34

Hello,

Ta version de Navilog est obsolète.
Supprime-la et télécharge la nouvelle.
Contenus similaires
20 Juillet 2008 17:53:11

bonjour je ne trouves pas navilog le dernier peu tu me trouver l adresse
merci
20 Juillet 2008 17:58:56

Télécharge Navilog (de Il-Mafioso)

  • Enregistre-le sur ton Bureau.
  • Installe-le en double cliquant sur navilog.exe.
  • Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
    (Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau) [Clic droit -> "Exécuter en tant qu'administrateur". ( Pour Vista)]
  • Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
    ! N'utilise pas l'option 2, 3 et 4 sans notre accord !
  • Patiente jusqu'à l'apparition de ce message :
    *** Analyse Termine le ..... ***
  • Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.
  • Poste le rapport généré.

    Le rapport se trouve ici : C:\fixnavi.txt

    Si tu as Vista, fais ceci avant :
    Désactive l'UAC (Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le)
    20 Juillet 2008 18:24:28

    VOILA MON RAPPORT NAVILOG MERCI

    Search Navipromo version 3.6.1 commencé le 20/07/2008 à 18:13:52,34

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "ORDI"

    Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.13
    Système de fichiers : NTFS

    Recherche executé en mode normal

    *** Recherche Programmes installés ***

    Favorit

    *** Recherche dossiers dans "C:\WINDOWS" ***


    *** Recherche dossiers dans "C:\Program Files" ***


    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


    *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\ORDI\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\ORDI\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\ORDI\menudm~1\progra~1" ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun Fichier Navipromo trouvé


    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\WINDOWS\system32" *

    * Recherche dans "C:\Documents and Settings\ORDI\locals~1\applic~1" *



    *** Recherche fichiers ***



    *** Recherche clés spécifiques dans le Registre ***


    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :


    2)Recherche Heuristique :

    * Dans "C:\WINDOWS\system32" :


    * Dans "C:\Documents and Settings\ORDI\locals~1\applic~1" :

    ueyykoy.dat trouvé !
    ueyykoy_nav.dat trouvé !
    ueyykoy_navps.dat trouvé !

    3)Recherche Certificats :

    Certificat Egroup trouvé !
    Certificat Electronic-Group trouvé !
    Certificat OOO-Favorit trouvé !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche fichiers connus :

    C:\WINDOWS\system32\kmWHOqru.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\ymqfjouy.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


    *** Analyse terminée le 20/07/2008 à 18:18:48,73 ***


    20 Juillet 2008 19:00:48

    RAPPROT KAPPERSKY ON LIGNE


    C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log L'objet est verrouillé ignoré

    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log L'objet est verrouillé ignoré

    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck L'objet est verrouillé ignoré

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré

    C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

    C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré

    C:\Documents and Settings\ORDI\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml L'objet est verrouillé ignoré

    C:\Documents and Settings\ORDI\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-5ddc3bad/MagicApplet.class Infecté : Trojan-Downloader.Java.OpenConnection.ao ignoré

    C:\Documents and Settings\ORDI\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-5ddc3bad/OwnClassLoader.class Infecté : Trojan.Java.ClassLoader.au ignoré

    C:\Documents and Settings\ORDI\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-5ddc3bad/Installer.class Infecté : Trojan-Downloader.Java.Agent.a ignoré

    C:\Documents and Settings\ORDI\Application Data\Sun\Java\Deployment\cache\6.0\59\107cd1bb-5ddc3bad ZIP: infecté - 3 ignoré

    C:\Documents and Settings\ORDI\Cookies\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\ORDI\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\ORDI\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\ORDI\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

    C:\Documents and Settings\ORDI\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\ORDI\Local Settings\Historique\History.IE5\MSHist012008072020080721\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\P4PFNI2P\install[1] L'objet est verrouillé ignoré

    C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\P4PFNI2P\Navilog1[1].exe/file10 Infecté : not-a-virus:RiskTool.Win32.Reboot.f ignoré

    C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\P4PFNI2P\Navilog1[1].exe Inno: infecté - 1 ignoré

    C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\PGWIWYPH\index[1].htm Infecté : Exploit.HTML.IESlice.fg ignoré

    C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\YHJ1X698\1216551942[2].exe L'objet est verrouillé ignoré

    C:\Documents and Settings\ORDI\NTUSER.DAT L'objet est verrouillé ignoré

    C:\Documents and Settings\ORDI\ntuser.dat.LOG L'objet est verrouillé ignoré

    C:\Program Files\Navilog1\Reboot.exe Infecté : not-a-virus:RiskTool.Win32.Reboot.f ignoré

    C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

    C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP392\A0381609.exe Infecté : Trojan.Win32.Obfuscated.aqn ignoré

    C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP399\A0385908.exe Infecté : Trojan.Win32.Obfuscated.aqn ignoré

    C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP402\A0386058.exe Infecté : Trojan.Win32.Obfuscated.aqn ignoré

    C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP428\A0415261.exe Infecté : not-a-virus:RiskTool.Win32.Reboot.f ignoré

    C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP428\A0417276.dll L'objet est verrouillé ignoré

    C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP428\A0417277.dll L'objet est verrouillé ignoré

    C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP429\A0418289.dll L'objet est verrouillé ignoré

    C:\System Volume Information\_restore{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}\RP429\change.log L'objet est verrouillé ignoré

    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\Downloaded Program Files\Nocs.dll Infecté : not-a-virus:AdWare.Win32.NocsBar.c ignoré
    20 Juillet 2008 19:54:38

    Re :) 

  • Double clique sur le raccourci de Navilog.
  • Choisis l'option 2 puis valide. (Entrée)
  • Laisse toi guider.
  • Ton ordinateur va redémarrer, sinon fais le manuellement.
  • Ton bureau va disparaître.
  • Après un certain temps, le Bloc-notes va s'ouvrir.
  • Sauvegarde le rapport.
  • Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

    Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
    Tapes explorer et valide. Cela te fera apparaitre ton bureau


    Démarrer -> panneau de configuration -> options internet
    Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :

    Montorgueil ; VIP

    Si tu les trouves, fais ceci :
    * Sélectionne chacun de ces certificats et clique sur exporter. Enregistre le/les sur ton bureau.
    * Supprime ensuite ceux présents dans l'onglet "certificats" des options de ton naviguateur.

    Ensuite pour chacun des certificats présents sur ton bureau :
    * Va sur le site Web :
    http://www.bleepingcomputer.com/submit-malware.php?chan...
    * Copie/colle ceci dans la case 'Link to Topic' :
    le nom du certificat (Montorgueil ,......)
    * Copie/colle ceci dans la case 'Browse to the File' :
    Le certificat correspondant que tu avais exportés vers ton bureau

    Si c'est fait, supprime enfin le certificat présent sur ton bureau.

    Les programmes suivants installent cette infection :

    * Go-astro
    * GoRecord
    * HotTVPlayer
    * MailSkinner
    * Messenger Skinner
    * Instant Access
    * InternetGameBox
    * sudoplanet
    * Webmediaplayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
    * Sur le site www.games-desktop.com (Ne pas aller dessus!)

  • Poste le rapport sauvegardé auparavant (C:\cleannavi.txt) ainsi qu'un nouveau rapport Hijackthis.
    23 Juillet 2008 00:13:18

    voila le rapprot ccleaner

    Clean Navipromo version 3.6.1 commencé le 23/07/2008 à 0:06:14,45

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "ORDI"

    Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.13
    Système de fichiers : NTFS

    Mode suppression automatique
    avec prise en charge résultats Catchme et GNS


    Nettoyage exécuté au redémarrage de l'ordinateur


    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans "C:\WINDOWS\System32" *


    * Suppression dans "C:\Documents and Settings\ORDI\locals~1\applic~1" *



    *** Suppression dossiers dans "C:\WINDOWS" ***


    *** Suppression dossiers dans "C:\Program Files" ***


    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


    *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\ORDI\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\ORDI\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\ORDI\menudm~1\progra~1" ***



    *** Suppression fichiers ***


    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\ORDI\locals~1\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

    2)Recherche, création sauvegardes et suppression Heuristique :


    * Dans "C:\WINDOWS\system32" *


    * Dans "C:\Documents and Settings\ORDI\locals~1\applic~1" *


    ueyykoy.exe trouvé !
    Copie ueyykoy.exe réalisée avec succès !
    ueyykoy.exe supprimé !

    ueyykoy.dat trouvé !
    Copie ueyykoy.dat réalisée avec succès !
    ueyykoy.dat supprimé !

    ueyykoy_nav.dat trouvé !
    Copie ueyykoy_nav.dat réalisée avec succès !
    ueyykoy_nav.dat supprimé !

    ueyykoy_navps.dat trouvé !
    Copie ueyykoy_navps.dat réalisée avec succès !
    ueyykoy_navps.dat supprimé !


    *** Sauvegarde du Registre vers dossier Safebackup ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok


    *** Certificats ***

    Certificat Egroup supprimé !
    Certificat Electronic-Group supprimé !
    Certificat OOO-Favorit supprimé !
    Certificat Sunny-Day-Design-Ltdt absent !

    *** Nettoyage terminé le 23/07/2008 à 0:09:27,15 ***


    23 Juillet 2008 00:16:59

    voila mon rapport hijackthis je tiens a te remerci de prendre du temps a m aider milles merci



    Logfile of HijackThis v1.99.1
    Scan saved at 00:15:57, on 23/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Windows Live Toolbar\msn_sl.exe
    C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\9DDO5TLN\hijackthis_hijackthis_1.99.1_anglais_17891[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
    O2 - BHO: (no name) - {59F176DF-65DC-47A0-A586-3F81E8A84D70} - C:\WINDOWS\system32\urqOHWmk.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {8EA479BF-A910-4B14-8BB1-CD195871F947} - C:\WINDOWS\system32\byXNHbyw.dll (file missing)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: {5322c591-ea6d-6b5a-9564-62631ac5c11e} - {e11c5ca1-3626-4659-a5b6-d6ae195c2235} - C:\WINDOWS\system32\tjpxti.dll (file missing)
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Nocs Bar - {8E1E80F3-A3F0-41d4-BAA7-470442CFC906} - C:\WINDOWS\Downloaded Program Files\Nocs.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [IPPDetect] C:\PROGRA~1\NewSoft\PRESTO~1.PHO\MrPhoto3\MrPhoto3\IPP4Detect.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [b0b752e6] rundll32.exe "C:\WINDOWS\system32\yuojfqmy.dll",b
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Shareaza Turbo Accelerator.lnk = C:\Program Files\Shareaza Turbo Accelerator\Shareaza Turbo Accelerator.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cc8010b383084d33afc517391c52c87f
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cc8010b383084d33afc517391c52c87f
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Nocs Bar - {9F772CA3-F464-4654-9073-C18749E197E4} - C:\WINDOWS\Downloaded Program Files\Nocs.dll
    O9 - Extra 'Tools' menuitem: Nocs Bar - {9F772CA3-F464-4654-9073-C18749E197E4} - C:\WINDOWS\Downloaded Program Files\Nocs.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie....
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
    O16 - DPF: {8E1E80F3-A3F0-41D4-BAA7-470442CFC906} (Nocs Bar) - http://www.nocs.us/plugin/Nocs.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Register/Branding/olr33...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O20 - Winlogon Notify: byXNHbyw - byXNHbyw.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    23 Juillet 2008 02:10:35

    Re,

    Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    23 Juillet 2008 12:26:25

    je ne peux pas le telecharger
    il me met un message d erreur

    " you cannot rename combofix as combofix 1
    please use another name , preferbaly made up of alphanumeric characters"



    23 Juillet 2008 12:28:48

    Euh ressaie (sans essayer de le renommer).
    23 Juillet 2008 12:35:45

    je nesaye rien je le telecharge c tout
    et il me met ce message
    23 Juillet 2008 12:46:42

    Re,

    Essaie de le télécharge à partir d'un autre ordi, et mets le sur ton bureau à l'aide d'une clef usb.
    23 Juillet 2008 12:47:40

    BEN je nai pa d ordi a dispo
    23 Juillet 2008 12:48:43

    Un ami ? Rien ne presse.
    Si vraiment tu ne peux pas, on essaiera autrement.
    23 Juillet 2008 12:53:31

    je suis obliger de faire un combofix ya pa d autre moyen
    23 Juillet 2008 16:09:18

    Plus compliqué sans mais bon tant pis..

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées :
    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    [#FF0000]Aide
    : Comment utiliser MBAM.
    23 Juillet 2008 19:29:17

    J AIFAIS CE QUE TU MA DIT JAVAIS 22 INFECTIONS MAIS il ne ma pas affiche de rapport ?
    23 Juillet 2008 19:38:20

    Poste un nouveau rapport HijackThis.
    23 Juillet 2008 20:00:24

    excuse moi jai refait un apres nettoyage de malware


    voici



    Version de la base de données: 982
    Windows 5.1.2600 Service Pack 2

    19:54:52 23/07/2008
    mbam-log-7-23-2008 (19-54-52).txt

    Type de recherche: Examen rapide
    Eléments examinés: 45464
    Temps écoulé: 8 minute(s), 12 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 12
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 5

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e11c5ca1-3626-4659-a5b6-d6ae195c2235} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e11c5ca1-3626-4659-a5b6-d6ae195c2235} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\tjpxti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\waeokxdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ylpdci.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.



    23 Juillet 2008 20:03:17

    voici le rapport hijackthis



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:02:06, on 23/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live Toolbar\msn_sl.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
    O2 - BHO: (no name) - {59F176DF-65DC-47A0-A586-3F81E8A84D70} - C:\WINDOWS\system32\urqOHWmk.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {8EA479BF-A910-4B14-8BB1-CD195871F947} - C:\WINDOWS\system32\byXNHbyw.dll (file missing)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: {5322c591-ea6d-6b5a-9564-62631ac5c11e} - {e11c5ca1-3626-4659-a5b6-d6ae195c2235} - C:\WINDOWS\system32\tjpxti.dll (file missing)
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Nocs Bar - {8E1E80F3-A3F0-41d4-BAA7-470442CFC906} - C:\WINDOWS\Downloaded Program Files\Nocs.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [IPPDetect] C:\PROGRA~1\NewSoft\PRESTO~1.PHO\MrPhoto3\MrPhoto3\IPP4Detect.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [b0b752e6] rundll32.exe "C:\WINDOWS\system32\yuojfqmy.dll",b
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKLM\..\Policies\Explorer\Run: [C4yfC5D94y] C:\Documents and Settings\All Users\Application Data\ipcpwdql\ifwtuxmj.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Shareaza Turbo Accelerator.lnk = C:\Program Files\Shareaza Turbo Accelerator\Shareaza Turbo Accelerator.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cc8010b383084d33afc517391c52c87f
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cc8010b383084d33afc517391c52c87f
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Nocs Bar - {9F772CA3-F464-4654-9073-C18749E197E4} - C:\WINDOWS\Downloaded Program Files\Nocs.dll
    O9 - Extra 'Tools' menuitem: Nocs Bar - {9F772CA3-F464-4654-9073-C18749E197E4} - C:\WINDOWS\Downloaded Program Files\Nocs.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
    O16 - DPF: {8E1E80F3-A3F0-41D4-BAA7-470442CFC906} (Nocs Bar) - http://www.nocs.us/plugin/Nocs.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Register/Branding/olr33...
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O20 - Winlogon Notify: byXNHbyw - byXNHbyw.dll (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    --
    End of file - 9297 bytes
    24 Juillet 2008 13:14:56

    Peux toujours pas avoir ComboFix ?
    Tu peux essayer de le télécharger en mode sans échec avec prise en charge réseau ?

    Si vraiment, ça ne marche pas, on va faire la désinfection à l'ancienne :D 
    24 Juillet 2008 13:18:39

    toujour pas je vais essaye comme tu ma di
    24 Juillet 2008 13:26:54

    jai essaye en mode sans echec ca ne marche pas non plus desole
    24 Juillet 2008 14:52:37

    Bon, tant pis..

  • Télécharge SystemScan sur ton Bureau.

  • Double-clique sur l'exécutable pour lancer l'installation.
  • Clique sur I have read and i agree puis clique sur Proceed.
  • Coche Recent Files, days old "60" et Hidden Objects.
  • Clique enfin sur Scan now.
  • Un rapport va s'ouvrir, poste-le.

    Note : Le rapport se trouve ici : Bureau\suspectfile\report.txt
    24 Juillet 2008 15:50:11

    voila mais c carrement long



    SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)

    Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
    System directory: C:\WINDOWS
    SystemScan file: C:\Documents and Settings\ORDI\Local Settings\Temporary Internet Files\Content.IE5\AT94RJ8C\sys71780[1].exe
    Running in: User mode
    Date: 24/07/2008
    Time: 15:29:29

    Output limited to:
    -PC accounts
    -Recent files
    -Duplicates in BAK folders
    -Registry Run Keys
    -Autoplay settings (autorun.inf)
    -Scheduled jobs
    -Services and Drivers (all)
    -Svchost.exe instances
    -Loaded Dlls
    -Alternate Data Sreams
    -Encrypted Files
    -Hidden objects
    -Master Boot Record
    -Network settings
    -Include HOSTS file
    -Suspicious Files
    -Installed Applications
    -Include HIJACKTHIS.log

    ===================== ACCOUNTS ON THIS PC =====================


    Users on this computer:
    Is Admin? | Username
    ------------------
    Yes | Administrateur
    | HelpAssistant (Disabled)
    | Invité (Disabled)
    Yes | ORDI
    | SUPPORT_388945a0 (Disabled)

    ### users folders

    03/05/2007 00:05:28 (DIR) 0 byte 448 days old -- NetworkService
    09/05/2007 13:06:37 (DIR) 0 byte 442 days old -- Default User
    09/05/2007 13:06:42 (DIR) 0 byte 442 days old -- All Users
    14/05/2007 15:58:40 (DIR) 0 byte 437 days old -- LocalService
    24/07/2008 15:29:29 (DIR) 0 byte 0 days old -- ORDI

    ### startup files in users folders

    C:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
    C:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
    C:\documents and settings\Default User\Menu Démarrer\Programmes\Démarrage\desktop.ini
    C:\documents and settings\ORDI\Menu Démarrer\Programmes\Démarrage\desktop.ini
    C:\documents and settings\ORDI\Menu Démarrer\Programmes\Démarrage\Shareaza Turbo Accelerator.lnk

    ===================== RECENT FILES =====================

    Showing files newer than 60 days

    ----- recent files in C:\
    13/06/2008 13:47:14 244 byte 41 days old -- sqmnoopt07.sqm
    13/06/2008 13:47:15 268 byte 41 days old -- sqmdata07.sqm
    18/07/2008 13:12:49 (DIR) 0 byte 6 days old -- Config.Msi
    23/07/2008 00:09:27 2682 byte 1 days old -- cleannavi.txt
    23/07/2008 12:29:53 12233 byte 1 days old -- lop.txt
    23/07/2008 20:56:38 (DIR) 0 byte 1 days old -- Program Files
    24/07/2008 12:16:46 (DIR) 0 byte 0 days old -- $VAULT$.AVG
    24/07/2008 13:20:01 (DIR) 0 byte 0 days old -- WINDOWS
    24/07/2008 13:23:09 2617 byte 0 days old -- Bug.txt
    24/07/2008 13:23:58 704643072 byte 0 days old -- pagefile.sys

    ----- recent files in C:\WINDOWS\
    30/05/2008 14:58:31 (DIR) 0 byte 55 days old -- $NtUninstallKB932823-v3$
    30/05/2008 14:58:37 11142 byte 55 days old -- KB932823-v3.log
    13/06/2008 14:04:58 (DIR) 0 byte 41 days old -- $NtUninstallKB951376$
    13/06/2008 14:05:04 7738 byte 41 days old -- KB951376.log
    13/06/2008 14:05:10 (DIR) 0 byte 41 days old -- $NtUninstallKB950760$
    13/06/2008 14:05:12 6300 byte 41 days old -- KB950760.log
    13/06/2008 14:05:15 (DIR) 0 byte 41 days old -- $NtUninstallKB950762$
    13/06/2008 14:05:17 8081 byte 41 days old -- KB950762.log
    13/06/2008 14:05:21 (DIR) 0 byte 41 days old -- $NtUninstallKB951698$
    13/06/2008 14:05:23 12764 byte 41 days old -- KB951698.log
    13/06/2008 14:09:58 (DIR) 0 byte 41 days old -- ie7updates
    13/06/2008 14:10:14 149832 byte 41 days old -- updspapi.log
    13/06/2008 14:10:32 1374 byte 41 days old -- imsins.BAK
    13/06/2008 14:10:32 20927 byte 41 days old -- KB950759-IE7.log
    20/06/2008 10:29:11 (DIR) 0 byte 34 days old -- $hf_mig$
    20/06/2008 10:29:29 (DIR) 0 byte 34 days old -- $NtUninstallKB951376-v2$
    20/06/2008 10:29:33 352218 byte 34 days old -- msmqinst.log
    20/06/2008 10:29:34 8047 byte 34 days old -- KB951376-v2.log
    20/06/2008 10:29:34 45790 byte 34 days old -- ocmsn.log
    20/06/2008 10:29:34 550022 byte 34 days old -- ocgen.log
    20/06/2008 10:29:34 512127 byte 34 days old -- tsoc.log
    20/06/2008 10:29:34 56440 byte 34 days old -- tabletoc.log
    20/06/2008 10:29:34 55438 byte 34 days old -- msgsocm.log
    20/06/2008 10:29:34 51125 byte 34 days old -- medctroc.Log
    20/06/2008 10:29:34 199810 byte 34 days old -- ntdtcsetup.log
    20/06/2008 10:29:34 194388 byte 34 days old -- netfxocm.log
    20/06/2008 10:29:34 1374 byte 34 days old -- imsins.log
    20/06/2008 10:29:34 1104602 byte 34 days old -- FaxSetup.log
    20/06/2008 10:29:34 331787 byte 34 days old -- comsetup.log
    20/06/2008 10:29:35 1250259 byte 34 days old -- iis6.log
    11/07/2008 16:27:40 116849 byte 13 days old -- wmsetup.log
    18/07/2008 12:59:35 (DIR) 0 byte 6 days old -- Downloaded Installations
    18/07/2008 13:11:08 (DIR) 0 byte 6 days old -- Installer
    18/07/2008 16:59:12 (DIR) 0 byte 6 days old -- SoftwareDistribution
    18/07/2008 19:20:28 (DIR) 0 byte 6 days old -- network diagnostic
    19/07/2008 23:43:06 (DIR) 0 byte 5 days old -- avxoscan
    19/07/2008 23:43:24 217 byte 5 days old -- AvxOnline.log
    20/07/2008 18:04:19 (DIR) 0 byte 4 days old -- inf
    23/07/2008 00:31:04 191790 byte 1 days old -- setupact.log
    23/07/2008 12:22:05 (DIR) 0 byte 1 days old -- Downloaded Program Files
    23/07/2008 17:46:12 32538 byte 1 days old -- SchedLgU.Txt
    23/07/2008 20:53:29 1029353 byte 1 days old -- setupapi.log
    24/07/2008 13:20:01 (DIR) 0 byte 0 days old -- CSC
    24/07/2008 13:20:10 316002 byte 0 days old -- ntbtlog.txt
    24/07/2008 13:22:57 (DIR) 0 byte 0 days old -- system32
    24/07/2008 13:24:00 2048 byte 0 days old -- bootstat.dat
    24/07/2008 13:24:01 0 byte 0 days old -- 0.log
    24/07/2008 13:24:13 159 byte 0 days old -- wiadebug.log
    24/07/2008 13:24:14 50 byte 0 days old -- wiaservc.log
    24/07/2008 13:24:25 (DIR) 0 byte 0 days old -- Temp
    24/07/2008 14:42:04 1211393 byte 0 days old -- WindowsUpdate.log
    24/07/2008 15:29:29 (DIR) 0 byte 0 days old -- Prefetch

    ----- recent files in C:\WINDOWS\Downloaded Program Files\

    ----- recent files in C:\WINDOWS\system\

    ----- recent files in C:\WINDOWS\system32\
    20/06/2008 10:29:30 (DIR) 0 byte 34 days old -- dllcache
    20/06/2008 19:05:51 (DIR) 0 byte 34 days old -- FlashAX
    25/06/2008 18:15:46 17972344 byte 29 days old -- MRT.exe
    18/07/2008 12:42:31 0 byte 6 days old -- bb949698-.txt
    18/07/2008 12:43:04 116864 byte 6 days old -- juqfet.dll
    18/07/2008 12:43:04 116864 byte 6 days old -- qvevexhd.dll
    18/07/2008 12:44:30 613399 byte 6 days old -- jtwmspix.ini
    19/07/2008 22:23:21 647863 byte 5 days old -- uyxpufff.ini
    19/07/2008 22:28:23 428234 byte 5 days old -- kmWHOqru.ini2
    19/07/2008 22:30:51 428234 byte 5 days old -- kmWHOqru.ini
    19/07/2008 22:31:28 647983 byte 5 days old -- ymqfjouy.tmp
    19/07/2008 22:32:28 294 byte 5 days old -- ymqfjouy.ini
    21/07/2008 12:41:22 143 byte 3 days old -- mcrh.tmp
    22/07/2008 21:13:45 2206 byte 2 days old -- wpa.dbl
    22/07/2008 21:15:40 43581 byte 2 days old -- ymqfjouy.ini2
    23/07/2008 17:43:34 (DIR) 0 byte 1 days old -- drivers
    23/07/2008 20:53:13 664 byte 1 days old -- d3d9caps.dat
    23/07/2008 20:53:14 (DIR) 0 byte 1 days old -- CatRoot2

    ----- recent files in C:\WINDOWS\system32\drivers\
    14/06/2008 19:59:52 272768 byte 40 days old -- bthport.sys
    14/06/2008 23:47:04 (DIR) 0 byte 40 days old -- etc
    19/07/2008 23:39:36 102664 byte 5 days old -- tmcomm.sys
    20/07/2008 20:25:00 17144 byte 4 days old -- mbam.sys
    20/07/2008 20:25:04 38472 byte 4 days old -- mbamswissarmy.sys

    ----- recent files in C:\WINDOWS\temp\

    ----- recent files in C:\Program Files\
    30/06/2008 11:50:27 (DIR) 0 byte 24 days old -- Spybot - Search & Destroy
    05/07/2008 11:36:12 (DIR) 0 byte 19 days old -- Adobe
    18/07/2008 13:00:11 (DIR) 0 byte 6 days old -- Fichiers communs
    18/07/2008 13:08:25 (DIR) 0 byte 6 days old -- Microsoft AntiSpyware
    18/07/2008 13:09:37 (DIR) 0 byte 6 days old -- InstallShield Installation Information
    18/07/2008 13:11:06 (DIR) 0 byte 6 days old -- Google
    18/07/2008 13:20:01 (DIR) 0 byte 6 days old -- Grisoft
    18/07/2008 18:25:30 (DIR) 0 byte 6 days old -- download-boosters
    19/07/2008 23:40:07 (DIR) 0 byte 5 days old -- Internet Explorer
    20/07/2008 17:59:10 (DIR) 0 byte 4 days old -- BHODemon 2
    23/07/2008 00:09:27 (DIR) 0 byte 1 days old -- Navilog1
    23/07/2008 12:22:08 (DIR) 0 byte 1 days old -- Panda Security
    23/07/2008 17:43:37 (DIR) 0 byte 1 days old -- Malwarebytes' Anti-Malware
    23/07/2008 20:01:45 (DIR) 0 byte 1 days old -- Trend Micro

    ----- recent files in C:\Program Files\Fichiers communs\

    ----- recent files in C:\Documents and Settings\ORDI\Application Data\
    18/07/2008 13:21:58 (DIR) 0 byte 6 days old -- Grisoft
    23/07/2008 17:43:38 (DIR) 0 byte 1 days old -- Malwarebytes
    23/07/2008 20:53:09 (DIR) 0 byte 1 days old -- SecondLife
    24/07/2008 13:24:18 (DIR) 0 byte 0 days old -- AVG7

    ----- recent files in C:\DOCUME~1\ORDI\LOCALS~1\Temp\
    23/07/2008 00:11:52 (DIR) 0 byte 1 days old -- WLTB Custom Button Feeds
    23/07/2008 12:28:35 (DIR) 0 byte 1 days old -- Rar$EX00.953
    23/07/2008 13:37:46 (DIR) 0 byte 1 days old -- MessengerCache
    24/07/2008 09:33:47 (DIR) 0 byte 0 days old -- ~nsu.tmp
    24/07/2008 13:24:08 (DIR) 0 byte 0 days old -- WPDNSE
    24/07/2008 13:29:05 1026 byte 0 days old -- jusched.log
    24/07/2008 15:29:02 107 byte 0 days old -- systemscan.ini
    24/07/2008 15:29:03 16384 byte 0 days old -- ~DFCA01.tmp
    24/07/2008 15:29:29 (DIR) 0 byte 0 days old -- nswB.tmp

    ===================== DUPLICATE FILES IN BAK FOLDERS =====================

    No BAK folders found

    ===================== REGISTRY SCAN =====================


    -----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

    [Run]
    "Google Desktop Search"="\"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe\" /startup"
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP"
    "SoundMan"="SOUNDMAN.EXE"
    "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 \"EPSON Stylus DX3800 Series\" /O6 \"USB001\" /M \"Stylus DX3800\""
    "IPPDetect"="C:\PROGRA~1\NewSoft\PRESTO~1.PHO\MrPhoto3\MrPhoto3\IPP4Detect.exe"
    "SunJavaUpdateSched"="\"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe\""
    "Adobe Reader Speed Launcher"="\"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\""
    "!AVG Anti-Spyware"="\"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe\" /minimized"
    "b0b752e6"="rundll32.exe \"C:\WINDOWS\system32\yuojfqmy.dll\",b"

    [Run\OptionalComponents]
    @=""

    [Run\OptionalComponents\IMAIL]
    "Installed"="1"
    @=""

    [Run\OptionalComponents\MAPI]
    "NoChange"="1"
    "Installed"="1"
    @=""

    [Run\OptionalComponents\MSFS]
    "Installed"="1"
    @=""

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

    [Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    "MsnMsgr"="\"C:\Program Files\Windows Live\Messenger\msnmsgr.exe\" /background"
    "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S"
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

    -----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

    [Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE"

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

    [run]
    "C4yfC5D94y"="C:\Documents and Settings\All Users\Application Data\ipcpwdql\ifwtuxmj.exe"

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

    -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

    [Windows]
    "AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

    [ShellServiceObjectDelayLoad]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    #### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    #### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    #### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    #### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\System32\stobject.dll"
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
    #### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

    [ShellExecuteHooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    #### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
    "{8EA479BF-A910-4B14-8BB1-CD195871F947}"=""
    #### HKCR\CLSID\{8EA479BF-A910-4B14-8BB1-CD195871F947}\InprocServer32 @="C:\WINDOWS\system32\byXNHbyw.dll"
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
    #### HKCR\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\InprocServer32 @="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"

    -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

    [Winlogon]
    "Shell"="Explorer.exe"
    "System"=""
    "Userinit"="C:\WINDOWS\system32\userinit.exe,"
    "VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
    "UIHost"=expand:"logonui.exe"
    "LogonType"=dword:00000001
    "WinStationsDisabled"="0"

    [Winlogon\GPExtensions]

    [Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
    "@="Sans fil"
    "DllName"=expand:"gptext.dll"

    [Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
    "@="Folder Redirection"
    "DllName"=expand:"fdeploy.dll"

    [Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
    "@="Quota du disque Microsoft"
    "DllName"=expand:"dskquota.dll"

    [Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
    "@="Planificateur de paquets QoS"
    "DllName"=expand:"gptext.dll"

    [Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
    "@="Scripts"
    "DllName"=expand:"gptext.dll"

    [Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
    "@="Internet Explorer Zonemapping"
    "DllName"=expand:"iedkcs32.dll"

    [Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
    "DllName"=expand:"scecli.dll"
    "@="Security"

    [Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
    "DllName"="iedkcs32.dll"
    "@="Internet Explorer Branding"

    [Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
    "DllName"=expand:"scecli.dll"
    "@="EFS recovery"

    [Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
    "@="Installation de logiciel"
    "DllName"=expand:"appmgmts.dll"

    [Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
    "@="Sécurité IP"
    "DllName"=expand:"gptext.dll"

    [Winlogon\Notify]

    [Winlogon\Notify\byXNHbyw]
    "DllName"="byXNHbyw.dll"

    [Winlogon\Notify\crypt32chain]
    "DllName"=expand:"crypt32.dll"

    [Winlogon\Notify\cryptnet]
    "DllName"=expand:"cryptnet.dll"

    [Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"

    [Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"

    [Winlogon\Notify\Schedule]
    "DllName"=expand:"wlnotify.dll"

    [Winlogon\Notify\sclgntfy]
    "DllName"=expand:"sclgntfy.dll"

    [Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"

    [Winlogon\Notify\termsrv]
    "DllName"=expand:"wlnotify.dll"

    [Winlogon\Notify\WgaLogon]

    [Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"

    [Winlogon\SpecialAccounts]

    [Winlogon\SpecialAccounts\UserList]
    "HelpAssistant"=dword:00000000
    "TsInternetUser"=dword:00000000
    "SQLAgentCmdExec"=dword:00000000
    "NetShowServices"=dword:00000000
    "IWAM_"=dword:00010000
    "IUSR_"=dword:00010000
    "VUSR_"=dword:00010000

    -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

    [Winlogon]
    "ParseAutoexec"="1"
    "ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp"
    "BuildNumber"=dword:00000a28

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

    [Image File Execution Options\Your Image File Name Here without a path]
    "Debugger"="ntsd -d"

    -----HKLM\System\CurrentControlSet\Control\Session Manager\-----

    [Session Manager]
    "BootExecute"=multi:"autocheck autochk *\00\00"

    [Session Manager\SubSystems]
    "Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

    -----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

    [WOW]
    "cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
    "wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

    -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

    [RunOnce]

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

    [RunOnceEx]

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

    [RunServices]

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

    [RunOnce]

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

    [RunServices]

    -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

    -----HKLM\Software\Microsoft\Command Processor\Autorun-----

    -----HKCU\Software\Microsoft\Command Processor\Autorun-----

    -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

    -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

    -----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

    -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

    -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

    -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

    -----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

    -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

    [SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    #### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
    #### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"

    -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

    [Browser Helper Objects]
    @=""

    [Browser Helper Objects\{59F176DF-65DC-47A0-A586-3F81E8A84D70}]
    #### HKCR\CLSID\{59F176DF-65DC-47A0-A586-3F81E8A84D70}\InprocServer32 @="C:\WINDOWS\system32\urqOHWmk.dll"

    [Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    #### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll"
    "NoExplorer"=dword:00000001

    [Browser Helper Objects\{8EA479BF-A910-4B14-8BB1-CD195871F947}]
    #### HKCR\CLSID\{8EA479BF-A910-4B14-8BB1-CD195871F947}\InprocServer32 @="C:\WINDOWS\system32\byXNHbyw.dll"

    [Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    #### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"

    [Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    #### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll"

    [Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    #### HKCR\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServer32 @="C:\Program Files\Windows Live Toolbar\msntb.dll"
    @=""

    [Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\NoExplorer]
    @=dword:00000001

    [Browser Helper Objects\{e11c5ca1-3626-4659-a5b6-d6ae195c2235}]
    #### HKCR\CLSID\{e11c5ca1-3626-4659-a5b6-d6ae195c2235}\InprocServer32 @="C:\WINDOWS\system32\tjpxti.dll"
    @="{5322c591-ea6d-6b5a-9564-62631ac5c11e}"

    [Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
    #### HKCR\CLSID\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\InprocServer32 @="C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll"

    [Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\EWPP]
    "InternetExplore"="Called\00\00œÛ\12\00q‚óu\08ð\17\00H\00\00\00\15\00\00\00\01\00\00\00\00Ü\12\00\00\00\00\00\01\00\00\00\00\00\00\00Ú…óuÁ@ôw\00\00\00\00\00\00)\05\00Ü\12\00¼ˆ!~„Û\12\00V‚ñu\10}\15\00h‚\01\00\09\00\00\00ØÚ\12\00\05@\00€ÌÛ\12\00\18î‘|p\05’|ÿÿÿÿm\05’|Ùõ\"\05\00\00)\05\00\00\00\00x.)\05\01\00\00\004Ü\12\00\10}\15\00hÏ\19\00ØÛ\12\00dJ\0ew%}\"~,\16\00\01\00\00\00 Ü\12\00 \16#\05ȁ#\05ÿÿÿÿ,Ü\12\00 ê\"\05x.)\05êp\"\05x.)\05\01\00\00\00¿¼\"\05\01\00\00\00\00\00\00\00\08\00)\05\00\00\00\00lÏ\19\00Ï!úw\0b\00\12\00\00\00\00\00\01\00\00\00\08¼\"\05ìÞ\12"
    "FileExplorer"="Called\00\00üí)\01å‚óupT \02H\00\00\00\15\00\00\00\00\00\00\00`î)\01\00\00\00\00\00\00\00\00\00\00\00\00N†óuÁ@ôw\00\00\00\00\00\00G\01`î)\01¼ˆ!~äí)\01V‚ñu\08:\13\00h‚\01\00\09\00\00\008í)\01\05@\00€,î)\01\18î‘|p\05’|ÿÿÿÿm\05’|Ùõ\0b\03\00\00G\01\00\00\00\00À.G\01\00\00\00\00”î)\01\08:\13\00tJ\0ew4`\w€\17\1f\02%}\"~80 \02\00\00\00\00€î)\01 \16\0c\03ȁ\0c\03ÿÿÿÿŒî)\01 ê\0b\03À.G\01êp\0b\03À.G\01\01\00\00\00¿¼\0b\03\01\00\00\00\01\00\00\00\08\00G\01\00\00\00\00„\17\1f\02Ï!úw\0b\00)\01\00\00\00\00\00\00\00\00\08¼\0b\03dñ)\01"
    "FileBrowser"="Called\00\00\14î-\01q‚óuð\18é\01H\00\00\00\15\00\00\00\00\00\00\00xî-\01\00\00\00\00\00\00\00\00\00\00\00\00Ú…óuÁ@ôw\00\00\00\00\00\00\06\02xî-\01¼ˆ!~üí-\01V‚ñu°ó\0e\00h‚\01\00\09\00\00\00Pí-\01\05@\00€Dî-\01\18î‘|p\05’|ÿÿÿÿm\05’|Ùõÿ\01\00\00\06\02\00\00\00\00\08.\06\02\00\00\00\00¬î-\01°ó\0e\00ˆ\13\18\00Pî-\01dJ\0ew%}\"~¸\14é\01\00\00\00\00˜î-\01 \16\00\02ȁ\00\02ÿÿÿÿ¤î-\01 êÿ\01\08.\06\02êpÿ\01\08.\06\02\01\00\00\00¿¼ÿ\01\01\00\00\00\02\00\00\00\08\00\06\02\00\00\00\00Œ\13\18\00Ï!úw\0b\00-\01\00\00\00\00\00\00\00\00\08¼ÿ\01dñ-\01"

    -----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

    [URLSearchHooks]
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
    #### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"
    "{e4000b62-fa5d-4b39-b254-0a4c485aaf11}"=""

    -----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----

    [MSConfig]

    [MSConfig\services]

    [MSConfig\startupfolder]

    [MSConfig\startupreg]

    [MSConfig\state]
    "system.ini"=dword:00000000
    "win.ini"=dword:00000000
    "bootini"=dword:00000000
    "services"=dword:00000000
    "startup"=dword:00000000

    -----HKCU\Control Panel\Desktop\-----

    [Desktop]
    "SCRNSAVE.EXE"="C:\WINDOWS\System32\ss3dfo.scr"

    [Desktop\WindowMetrics]

    -----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

    [command]
    @="\"%1\" %*"

    -----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

    [command]
    @="\"%1\" %*"

    -----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

    [command]
    @="\"%1\" %*"

    -----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

    [command]
    @="\"%1\" %*"

    -----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

    [command]
    @="\"%1\" /S"

    -----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

    [Command]
    @="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

    -----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----


    [URL\Prefixes]
    "ftp"="ftp://"
    "gopher"="gopher://"
    "home"="http://"
    "mosaic"="http://"
    "www"="http://"

    -----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

    [Lsa]

    [Lsa\AccessProviders]

    [Lsa\AccessProviders\Windows NT Access Provider]
    "ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

    [Lsa\Audit]

    [Lsa\Audit\PerUserAuditing]

    [Lsa\Audit\PerUserAuditing\System]

    [Lsa\Data]

    [Lsa\SSO]

    [Lsa\SSO\Passport1.4]
    "SSOURL"="
    http://www.passport.com"

    [Lsa\SspiCache]

    [Lsa\SspiCache\digest.dll]
    "Name"="Digest"
    "Comment"="Digest SSPI Authentication Package"

    [Lsa\SspiCache\msapsspc.dll]
    "Name"="DPA"
    "Comment"="DPA Security Package"

    [Lsa\SspiCache\msnsspc.dll]
    "Name"="MSN"
    "Comment"="MSN Security Package"

    -----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

    [SharedAccess]
    "Type"=dword:00000020
    "Start"=dword:00000002
    "ErrorControl"=dword:00000001
    "ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
    "DisplayName"="Pare-feu Windows / Partage de connexion Internet"
    "DependOnService"=multi:"Netman\00WinMgmt\00\00"
    "DependOnGroup"=multi:"\00"
    "ObjectName"="LocalSystem"
    "Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."

    [SharedAccess\Epoch]
    "Epoch"=dword:00004bd3

    [SharedAccess\Parameters]
    "ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

    [SharedAccess\Parameters\FirewallPolicy]

    [SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

    [SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=dword:00000001
    "DoNotAllowExceptions"=dword:00000000
    "DisableNotifications"=dword:00000000

    [SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

    [SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:D isaxxxxx@xxxxxres.dll,-22019"
    "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:D isaxxxxx@xxxxxres.dll,-20000"
    "C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:D isabled:Shareaza Ultimate File Sharing"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:D isabled:Windows Live Messenger (Phone)"
    "C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

    [SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP"="1900:UDP:LocalSubNet:D isaxxxxx@xxxxxres.dll,-22007"
    "2869:TCP"="2869:TCP:LocalSubNet:D isaxxxxx@xxxxxres.dll,-22008"
    "3389:TCP"="3389:TCP:*:D isaxxxxx@xxxxxres.dll,-22009"
    "139:TCP"="139:TCP:LocalSubNet:D isaxxxxx@xxxxxres.dll,-22004"
    "445:TCP"="445:TCP:LocalSubNet:D isaxxxxx@xxxxxres.dll,-22005"
    "137:UDP"="137:UDP:LocalSubNet:D isaxxxxx@xxxxxres.dll,-22001"
    "138:UDP"="138:UDP:LocalSubNet:D isaxxxxx@xxxxxres.dll,-22002"
    "4887:UDP"="4887:UDP:*:D isabled:Windows Media Format SDK (IEXPLORE.EXE)"
    "4886:UDP"="4886:UDP:*:D isabled:Windows Media Format SDK (IEXPLORE.EXE)"

    [SharedAccess\Setup]
    "ServiceUpgrade"=dword:00000001

    [SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
    "{82895C8F-354D-43D9-9E72-9212CF2FF418}"=dword:00000001
    "{04CDA920-7D47-4403-8321-7FDED7324B22}"=dword:00000001
    "{24773ADD-0A25-4A61-B076-3EACA7C5DE03}"=dword:00000001

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

    -----HKLM\Software\Microsoft\Ole-----

    [Ole]
    "DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
    "EnableDCOM"="Y"
    "MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
    "MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\

    [Ole\AppCompat]

    [Ole\AppCompat\ActivationSecurityCheckExemptionList]
    "{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
    "{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
    "{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
    "{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

    -----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

    [Security Center]
    "AntiVirusDisableNotify"=dword:00000000
    "FirewallDisableNotify"=dword:00000000
    "UpdatesDisableNotify"=dword:00000000
    "AntiVirusOverride"=dword:00000000
    "FirewallOverride"=dword:00000000

    [Security Center\Monitoring]

    [Security Center\Monitoring\AhnlabAntiVirus]

    [Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [Security Center\Monitoring\KasperskyAntiVirus]

    [Security Center\Monitoring\McAfeeAntiVirus]

    [Security Center\Monitoring\McAfeeFirewall]

    [Security Center\Monitoring\PandaAntiVirus]

    [Security Center\Monitoring\PandaFirewall]

    [Security Center\Monitoring\SophosAntiVirus]

    [Security Center\Monitoring\SymantecAntiVirus]

    [Security Center\Monitoring\SymantecFirewall]

    [Security Center\Monitoring\TinyFirewall]

    [Security Center\Monitoring\TrendAntiVirus]

    [Security Center\Monitoring\TrendFirewall]

    [Security Center\Monitoring\ZoneLabsFirewall]

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

    [SystemRestore]
    "DisableSR"=dword:00000000
    "CreateFirstRunRp"=dword:00000001
    "DSMin"=dword:000000c8
    "DSMax"=dword:00000190
    "RPSessionInterval"=dword:00000000
    "RPGlobalInterval"=dword:00015180
    "RPLifeInterval"=dword:0076a700
    "CompressionBurst"=dword:0000003c
    "TimerInterval"=dword:00000078
    "DiskPercent"=dword:0000000c
    "ThawInterval"=dword:00000384
    "RestoreDiskSpaceError"=dword:00000000

    [SystemRestore\Cfg]
    "DiskPercent"=dword:0000000c
    "MachineGuid"="{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}"

    [SystemRestore\SnapshotCallbacks]
    @=""

    -----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

    -----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

    [AdvancedOptions]

    -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

    -----HKLM\Software\Microsoft\Active Setup\Installed Components-----

    [Installed Components]

    [Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    "@="IE7 Uninstall Stub"
    "ComponentID"="IEUDINIT"
    "StubPath"="C:\WINDOWS\system32\ieudinit.exe"

    [Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
    "Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
    "@="Lecteur Windows Media"
    "ComponentID"="WMPACCESS"

    [Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    "@="Internet Explorer"
    "ComponentID"="IEACCESS"
    "StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"

    [Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "@="Browser Customizations"
    "ComponentiD"="BRANDING.CAB"
    "StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

    [Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    "@="Personnalisation du navigateur"
    "ComponentID"="BRANDING.CAB"
    "StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

    [Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    "@="Outlook Express"
    "ComponentID"="OEACCESS"
    "StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

    [Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
    "@="Microsoft VM"
    "ComponentID"="JAVAVM"
    "KeyFileName"="C:\WINDOWS\System32\msjava.dll"

    [Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
    "@="Internet Explorer Classes for Java"
    "ComponentID"="IEJAVA"

    [Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
    "@="Rendu VML (Vector Graphics Rendering)"
    "ComponentID"="MSVML"

    [Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
    #### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
    "ComponentID"="NetShow"
    "StubPath"=""

    [Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
    "ComponentID"="Microsoft Windows Media Player"
    "StubPath"=""
    "@="Lecteur Windows Media Microsoft 6.4"

    [Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]
    #### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\swdir.dll"
    "ComponentID"="Director"
    "@="Adobe Shockwave Director 10.3"

    [Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
    "@="DirectAnimation"
    "ComponentID"="DirectAnimation"

    [Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
    "ComponentID"="Director"
    "@="Adobe Shockwave Director 10.3"

    [Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    "@="Themes Setup"
    "ComponentID"="Theme Component"
    "StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

    [Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
    "@="Liaison de données Dynamic HTML pour Java"
    "ComponentID"="TridataJava"

    [Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
    "@="Offline Browsing Pack"
    "ComponentID"="MobilePk"

    [Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
    "@="Uniscribe"
    "ComponentID"="USP10"

    [Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
    "@="Création avancée"
    "ComponentID"="AdvAuth"

    [Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    "@="Microsoft Outlook Express 6"
    "ComponentID"="MailNews"
    "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:o E /CALLER:WINNT /user /install"

    [Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    "@="NetMeeting 3.01"
    "ComponentID"="NetMeeting"
    "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

    [Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
    "@="DirectShow"
    "ComponentID"="activemovie"

    [Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
    "@="DirectDrawEx"
    "ComponentID"="DirectDrawEx"

    [Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
    "@="Internet Explorer Help"
    "ComponentID"="HelpCont"

    [Installed Components\{4d64f3ba-f112-4efe-a02e-96680859937c}]
    "@="KB918899"
    "ComponentID"="KB918899"

    [Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
    "@="Classes Java DirectAnimation"
    "ComponentID"="DAJava"

    [Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
    "@="Microsoft Windows Script 5.6"
    "ComponentID"="MSVBScript"

    [Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    "ComponentID"="Messenger"
    "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
    "@="Windows Messenger 4.7"
    "KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"

    [Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
    "(Default)"="Internet Connection Wizard"
    "ComponentID"="ICW"

    [Installed Components\{5b7bf89d-d196-4c32-a303-a57b8ab7f18d}]
    "@="KB918439"
    "ComponentID"="KB918439"

    [Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
    "@="Internet Explorer Setup Tools"
    "ComponentID"="GenSetup"

    [Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
    "@="Browsing Enhancements"
    "ComponentID"="ExtraPack"
    "KeyFileName"="C:\WINDOWS\System32\msieftp.dll"

    [Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    #### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
    "@="Microsoft Windows Media Player"
    "ComponentID"="Microsoft Windows Media Player"
    "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub"

    [Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
    "@="MSN Site Access"
    "ComponentID"="MSN_Auth"

    [Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
    "ComponentID"=".NETFramework"
    "@=".NET Framework"

    [Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    "@="Carnet d'adresses 6"
    "ComponentID"="WAB"
    "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

    [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    "@="Mise à jour du Bureau Windows"
    "ComponentID"="IE4Shell_NT"
    "StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

    [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    "@="Internet Explorer"
    "ComponentID"="BASEIE40_W2K"
    "StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"

    [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

    [Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    "StubPath"="c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install"
    "ComponentID"="DOTNETFRAMEWORKS"

    [Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
    "@="Dynamic HTML Data Binding"
    "ComponentID"="Tridata"

    [Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
    "ComponentID"=".NETFramework"
    "@=".NET Framework"

    [Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
    "@="Internet Explorer Core Fonts"
    "ComponentID"="Fontcore"

    [Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
    "@="Planificateur de tâches"
    "ComponentID"="MSTASK"

    [Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
    "ComponentID"="Windows Movie Maker v2.1"

    [Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    "@="Adobe Flash Player"
    "ComponentID"="Flash"

    [Installed Components\{dd772a76-bef3-44d7-8b39-502c8504c1f1}]
    "@="KB925486"
    "ComponentID"="KB925486"

    [Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
    "@="HTML Help"
    "ComponentID"="HTMLHelp"

    [Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
    "@="Active Directory Service Interface"
    "ComponentID"="ADSI"

    [Installed Components\{f15ee071-deb7-4cbb-951f-431c98338d8e}]
    "@="KB911567"
    "ComponentID"="KB911567"

    -----Comparing registry keys CCS1 vs CCS2 -----
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services

    Result compared: Identical


    -----Comparing registry keys CCS1 vs CCS3 -----
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {82895C8F-354D-43D9-9E72-9212CF2FF418} REG_BINARY FC00000000000000000000000000000003678848060000000000000004000000000000002CB38948C0A80101030000000000000004000000000000002CB38948C0A80101330000000000000004000000000000002CB3894800014CDA3B0000000000000004000000000000002CB3894800011AEC3A0000000000000004000000000000002CB389480000A66D010000000000000004000000000000002CB38948FFFFFF00360000000000000004000000000000002CB38948C0A80101350000000000000001000000000000002CB3894805000000
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {82895C8F-354D-43D9-9E72-9212CF2FF418} REG_BINARY 060000000000000004000000000000002CB38948C0A80101030000000000000004000000000000002CB38948C0A80101330000000000000004000000000000002CB3894800014CDA3B0000000000000004000000000000002CB3894800011AEC3A0000000000000004000000000000002CB389480000A66D010000000000000004000000000000002CB38948FFFFFF00360000000000000004000000000000002CB38948C0A80101350000000000000001000000000000002CB3894805000000
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 19411 (0x4BD3)
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 19408 (0x4BD0)

    Result compared: Different


    ===================== AUTOPLAY SETTINGS =====================

    ~~~~~~~~~~~~~~~~~~~~~ Registry setting ~~~~~~~~~~~~~~~~~~~~~
    (note: default values should be 91 or 95)


    -----HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----

    [Explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----

    [Explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    Autorun is enabled on:
    DRIVE_UNKNOWN = False
    DRIVE_NO_ROOT_DIR = True
    DRIVE_REMOVABLE = True
    DRIVE_FIXED = True
    DRIVE_REMOTE = False
    DRIVE_CDROM = True
    DRIVE_RAMDISK = True
    RESERVED = False

    ~~~~~~~~~~~~~~~~~~~~~ Autorun.inf files ~~~~~~~~~~~~~~~~~~~~~

    No autorun.inf files found.

    ===================== SCHEDULED JOBS =====================

    jobs found in C:\WINDOWS:

    28/08/2001 14:00:00 65 byte 2522 days old -- C:\WINDOWS\tasks\desktop.ini
    24/07/2008 13:24:03 6 byte 0 days old -- C:\WINDOWS\tasks\SA.DAT
    24/07/2008 15:17:00 256 byte 0 days old -- C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    ~~~~~~~~~~~~~~~~~~~~~
    Active jobs:

    ~~~~~~~~~~~~~~~~~~~~~
    Most recent (50) lines in jobs scheduled log:

    Résultat : La tâche s'est terminée avec le code de sortie : (0).
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Démarré à 23/07/2008 19:17:00
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Quitté à 23/07/2008 19:17:01
    Résultat : La tâche s'est terminée avec le code de sortie : (0).
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Démarré à 23/07/2008 20:17:00
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Quitté à 23/07/2008 20:17:08
    Résultat : La tâche s'est terminée avec le code de sortie : (0).
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Démarré à 23/07/2008 21:17:00
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Quitté à 23/07/2008 21:17:05
    Résultat : La tâche s'est terminée avec le code de sortie : (0).
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Démarré à 23/07/2008 22:17:02
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Quitté à 23/07/2008 22:17:07
    Résultat : La tâche s'est terminée avec le code de sortie : (0).
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Démarré à 24/07/2008 10:17:00
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Quitté à 24/07/2008 10:17:02
    Résultat : La tâche s'est terminée avec le code de sortie : (0).
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Démarré à 24/07/2008 11:17:00
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Quitté à 24/07/2008 11:17:01
    Résultat : La tâche s'est terminée avec le code de sortie : (0).
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Démarré à 24/07/2008 12:17:00
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Quitté à 24/07/2008 12:17:02
    Résultat : La tâche s'est terminée avec le code de sortie : (0).
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Démarré à 24/07/2008 13:17:00
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Quitté à 24/07/2008 13:17:01
    Résultat : La tâche s'est terminée avec le code de sortie : (0).
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Démarré à 24/07/2008 14:17:00
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Quitté à 24/07/2008 14:17:01
    Résultat : La tâche s'est terminée avec le code de sortie : (0).
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Démarré à 24/07/2008 15:17:00
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Quitté à 24/07/2008 15:17:00
    Résultat : La tâche s'est terminée avec le code de sortie : (0).

    ===================== LIST OF ALL SERVICES & DRIVERS =====================

    -----HKLM\system\currentcontrolset\services-----

    000) "Abiosdsk"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    001) "abp480n5"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    002) "ACPI" - Pilote ACPI Microsoft
    ---> STAT = (RUNNING) Started by operating system loader
    ---> FILE = System32\DRIVERS\ACPI.sys
    ---> TYPE = KERNEL_DRIVER

    003) "ACPIEC"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    004) "adpu160m"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    005) "aec" - Suppresseur d'écho acoustique (Noyau Microsoft)
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = system32\drivers\aec.sys
    ---> TYPE = KERNEL_DRIVER

    006) "AFD" - Environnement de prise en charge de réseau AFD
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = \SystemRoot\System32\drivers\afd.sys
    ---> TYPE = KERNEL_DRIVER

    007) "Aha154x"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    008) "aic78u2"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    009) "aic78xx"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    010) "ALCXWDM" - Service for Realtek AC97 Audio (WDM)
    ---> STAT = (RUNNING) Started manually
    ---> FILE = system32\drivers\ALCXWDM.SYS
    ---> TYPE = KERNEL_DRIVER

    011) "AliIde"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    012) "amsint"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    013) "Arp1394" - Protocole client ARP 1394
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\arp1394.sys
    ---> TYPE = KERNEL_DRIVER

    014) "asc"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    015) "asc3350p"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    016) "asc3550"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    017) "AsyncMac" - Pilote de média asynchrone RAS
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = System32\DRIVERS\asyncmac.sys
    ---> TYPE = KERNEL_DRIVER

    018) "atapi" - Contrôleur de disque dur IDE/ESDI standard
    ---> STAT = (RUNNING) Started by operating system loader
    ---> FILE = System32\DRIVERS\atapi.sys
    ---> TYPE = KERNEL_DRIVER

    019) "Atdisk"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    020) "Atmarpc" - Protocole client ATM ARP
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = System32\DRIVERS\atmarpc.sys
    ---> TYPE = KERNEL_DRIVER

    021) "audstub" - Pilote audio Stub
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\audstub.sys
    ---> TYPE = KERNEL_DRIVER

    022) "AVG Anti-Spyware Driver" - AVG Anti-Spyware Driver
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
    ---> TYPE = KERNEL_DRIVER

    023) "Avg7Core" - AVG7 Kernel
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = \SystemRoot\System32\Drivers\avg7core.sys
    ---> TYPE = KERNEL_DRIVER

    024) "Avg7RsW" - AVG7 Wrap Driver
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = \SystemRoot\System32\Drivers\avg7rsw.sys
    ---> TYPE = KERNEL_DRIVER

    025) "Avg7RsXP" - AVG7 Resident Driver XP
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = \SystemRoot\System32\Drivers\avg7rsxp.sys
    ---> TYPE = KERNEL_DRIVER

    026) "AvgAsCln" - AVG Anti-Spyware Clean Driver
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = System32\DRIVERS\AvgAsCln.sys
    ---> TYPE = KERNEL_DRIVER

    027) "AvgClean" - AVG7 Clean Driver
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = \SystemRoot\System32\Drivers\avgclean.sys
    ---> TYPE = KERNEL_DRIVER

    028) "AvgTdi" - AVG Network Redirector
    ---> STAT = (RUNNING) Started automatically
    ---> FILE = \SystemRoot\System32\Drivers\avgtdi.sys
    ---> TYPE = KERNEL_DRIVER

    029) "Beep"
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> TYPE = KERNEL_DRIVER

    030) "catchme"
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = C:\DOCUME~1\ORDI\LOCALS~1\Temp\catchme.sys
    ---> TYPE = KERNEL_DRIVER

    031) "cbidf2k"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    032) "CCDECODE" - Décodeur sous-titre fermé
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = System32\DRIVERS\CCDECODE.sys
    ---> TYPE = KERNEL_DRIVER

    033) "cd20xrnt"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    034) "Cdaudio"
    ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
    ---> TYPE = KERNEL_DRIVER

    035) "Cdfs"
    ---> STAT = (RUNNING) Disabled
    ---> TYPE = FILE_SYSTEM_DRIVER

    036) "Cdrom" - Pilote de CD-ROM
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = System32\DRIVERS\cdrom.sys
    ---> TYPE = KERNEL_DRIVER

    037) "Changer"
    ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
    ---> TYPE = KERNEL_DRIVER

    038) "CmdIde"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    039) "Cpqarray"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    040) "dac2w2k"
    ---> STAT = (RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    041) "dac960nt"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    042) "Disk" - Pilote de disque
    ---> STAT = (RUNNING) Started by operating system loader
    ---> FILE = System32\DRIVERS\disk.sys
    ---> TYPE = KERNEL_DRIVER

    043) "dmboot"
    ---> STAT = (NOT RUNNING) Disabled
    ---> FILE = System32\drivers\dmboot.sys
    ---> TYPE = KERNEL_DRIVER

    044) "dmio" - Pilote de Gestionnaire de disque logique
    ---> STAT = (RUNNING) Started by operating system loader
    ---> FILE = System32\drivers\dmio.sys
    ---> TYPE = KERNEL_DRIVER

    045) "dmload"
    ---> STAT = (RUNNING) Started by operating system loader
    ---> FILE = System32\drivers\dmload.sys
    ---> TYPE = KERNEL_DRIVER

    046) "DMusic" - Synthétiseur DLS du noyau Microsoft
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = system32\drivers\DMusic.sys
    ---> TYPE = KERNEL_DRIVER

    047) "dpti2o"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    048) "drmkaud" - Filtre de décodeur DRM (Noyau Microsoft)
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = system32\drivers\drmkaud.sys
    ---> TYPE = KERNEL_DRIVER

    049) "Fastfat"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = FILE_SYSTEM_DRIVER

    050) "Fdc" - Pilote de contrôleur de lecteur de disquettes
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\fdc.sys
    ---> TYPE = KERNEL_DRIVER

    051) "Fips"
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> TYPE = KERNEL_DRIVER

    052) "Flpydisk"
    ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
    ---> TYPE = KERNEL_DRIVER

    053) "FltMgr" - FltMgr
    ---> STAT = (RUNNING) Started by operating system loader
    ---> FILE = system32\drivers\fltmgr.sys
    ---> TYPE = FILE_SYSTEM_DRIVER

    054) "Ftdisk" - Pilote du Gestionnaire de volume
    ---> STAT = (RUNNING) Started by operating system loader
    ---> FILE = System32\DRIVERS\ftdisk.sys
    ---> TYPE = KERNEL_DRIVER

    055) "Gpc" - Classificateur de paquets générique
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\msgpc.sys
    ---> TYPE = KERNEL_DRIVER

    056) "hidusb" - Pilote de classe HID Microsoft
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\hidusb.sys
    ---> TYPE = KERNEL_DRIVER

    057) "hpn"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    058) "HTTP" - HTTP
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\Drivers\HTTP.sys
    ---> TYPE = KERNEL_DRIVER

    059) "i2omgmt"
    ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
    ---> TYPE = KERNEL_DRIVER

    060) "i2omp"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    061) "i8042prt"
    ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
    ---> TYPE = KERNEL_DRIVER

    062) "Imapi" - Pilote de filtre de gravure CD
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = System32\DRIVERS\imapi.sys
    ---> TYPE = KERNEL_DRIVER

    063) "ini910u"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    064) "IntelIde"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    065) "ip6fw" - Pilote du pare-feu Windows IPv6
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = system32\drivers\ip6fw.sys
    ---> TYPE = KERNEL_DRIVER

    066) "IpFilterDriver" - Pilote de filtre de trafic IP
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = System32\DRIVERS\ipfltdrv.sys
    ---> TYPE = KERNEL_DRIVER

    067) "IpInIp" - Pilote de tunnelage IP dans IP
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = System32\DRIVERS\ipinip.sys
    ---> TYPE = KERNEL_DRIVER

    068) "IpNat" - Traducteur d'adresses réseau IP
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\ipnat.sys
    ---> TYPE = KERNEL_DRIVER

    069) "IPSec" - Pilote IPSEC
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = System32\DRIVERS\ipsec.sys
    ---> TYPE = KERNEL_DRIVER

    070) "irda" - Protocole IrDA
    ---> STAT = (RUNNING) Started automatically
    ---> FILE = System32\DRIVERS\irda.sys
    ---> TYPE = KERNEL_DRIVER

    071) "IRENUM" - Service énumérateur IR
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\irenum.sys
    ---> TYPE = KERNEL_DRIVER

    072) "irsir" - Pilote série infrarouge Microsoft
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\irsir.sys
    ---> TYPE = KERNEL_DRIVER

    073) "isapnp" - Pilote de bus Plug-and-Play ISA/EISA
    ---> STAT = (RUNNING) Started by operating system loader
    ---> FILE = System32\DRIVERS\isapnp.sys
    ---> TYPE = KERNEL_DRIVER

    074) "Kbdclass" - Pilote de la classe Clavier
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = System32\DRIVERS\kbdclass.sys
    ---> TYPE = KERNEL_DRIVER

    075) "kbdhid" - Pilote HID de clavier
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = System32\DRIVERS\kbdhid.sys
    ---> TYPE = KERNEL_DRIVER

    076) "kmixer" - Mélangeur audio Wave de noyau Microsoft
    ---> STAT = (RUNNING) Started manually
    ---> FILE = system32\drivers\kmixer.sys
    ---> TYPE = KERNEL_DRIVER

    077) "KSecDD"
    ---> STAT = (RUNNING) Started by operating system loader
    ---> TYPE = KERNEL_DRIVER

    078) "lbrtfdc"
    ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
    ---> TYPE = KERNEL_DRIVER

    079) "MBAMSwissArmy" - MBAMSwissArmy
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    ---> TYPE = KERNEL_DRIVER

    080) "mnmdd"
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> TYPE = KERNEL_DRIVER

    081) "Modem"
    ---> STAT = (NOT RUNNING) Started manually
    ---> TYPE = KERNEL_DRIVER

    082) "Mouclass" - Pilote de la classe Souris
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = System32\DRIVERS\mouclass.sys
    ---> TYPE = KERNEL_DRIVER

    083) "mouhid" - Pilote HID de souris
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\mouhid.sys
    ---> TYPE = KERNEL_DRIVER

    084) "MountMgr" - Gestionnaire de point de montage
    ---> STAT = (RUNNING) Started by operating system loader
    ---> TYPE = KERNEL_DRIVER

    085) "mraid35x"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    086) "MRxDAV" - Redirecteur client WebDav
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\mrxdav.sys
    ---> TYPE = FILE_SYSTEM_DRIVER

    087) "MRxSmb" - MRXSMB
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = System32\DRIVERS\mrxsmb.sys
    ---> TYPE = FILE_SYSTEM_DRIVER

    088) "Msfs"
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> TYPE = FILE_SYSTEM_DRIVER

    089) "MSKSSRV" - Proxy de service de répartition Microsoft
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = system32\drivers\MSKSSRV.sys
    ---> TYPE = KERNEL_DRIVER

    090) "MSPCLOCK" - Proxy d'horloge de répartition Microsoft
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = system32\drivers\MSPCLOCK.sys
    ---> TYPE = KERNEL_DRIVER

    091) "MSPQM" - Proxy de gestion de qualité de répartition Microsoft
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = system32\drivers\MSPQM.sys
    ---> TYPE = KERNEL_DRIVER

    092) "mssmbios" - Pilote BIOS de gestion de systèmes Microsoft
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\mssmbios.sys
    ---> TYPE = KERNEL_DRIVER

    093) "MSTEE" - Convertisseur en T/site-à-site de répartition Microsoft
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = system32\drivers\MSTEE.sys
    ---> TYPE = KERNEL_DRIVER

    094) "Mup" - Mup
    ---> STAT = (RUNNING) Started by operating system loader
    ---> TYPE = FILE_SYSTEM_DRIVER

    095) "NABTSFEC" - Codec NABTS/FEC VBI
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = System32\DRIVERS\NABTSFEC.sys
    ---> TYPE = KERNEL_DRIVER

    096) "NDIS" - Pilote système NDIS
    ---> STAT = (RUNNING) Started by operating system loader
    ---> TYPE = KERNEL_DRIVER

    097) "NdisIP" - Connection TV/vidéo Microsoft
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = System32\DRIVERS\NdisIP.sys
    ---> TYPE = KERNEL_DRIVER

    098) "NdisTapi" - Pilote TAPI NDIS d'accès distant
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\ndistapi.sys
    ---> TYPE = KERNEL_DRIVER

    099) "Ndisuio" - NDIS mode utilisateur E/S Protocole
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\ndisuio.sys
    ---> TYPE = KERNEL_DRIVER

    100) "NdisWan" - Pilote réseau étendu NDIS d'accès distant
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\ndiswan.sys
    ---> TYPE = KERNEL_DRIVER

    101) "NDProxy" - multi:p roxy NDIS\00\00
    ---> STAT = (RUNNING) Started manually
    ---> TYPE = KERNEL_DRIVER

    102) "NetBIOS" - Interface NetBIOS
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = System32\DRIVERS\netbios.sys
    ---> TYPE = FILE_SYSTEM_DRIVER

    103) "NetBT" - NetBIOS sur TCP/IP
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = System32\DRIVERS\netbt.sys
    ---> TYPE = KERNEL_DRIVER

    104) "NIC1394" - Pilote réseau 1394
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\nic1394.sys
    ---> TYPE = KERNEL_DRIVER

    105) "Npfs"
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> TYPE = FILE_SYSTEM_DRIVER

    106) "Ntfs"
    ---> STAT = (RUNNING) Disabled
    ---> TYPE = FILE_SYSTEM_DRIVER

    107) "Null"
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> TYPE = KERNEL_DRIVER

    108) "NwlnkFlt" - Pilote de filtre de trafic IPX
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = System32\DRIVERS\nwlnkflt.sys
    ---> TYPE = KERNEL_DRIVER

    109) "NwlnkFwd" - Pilote de transfert de trafic IPX
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = System32\DRIVERS\nwlnkfwd.sys
    ---> TYPE = KERNEL_DRIVER

    110) "ohci1394" - Contrôleur hôte Texas Instruments IEEE 1394 compatible OHCI (Open Host Controller Interface)
    ---> STAT = (RUNNING) Started by operating system loader
    ---> FILE = System32\DRIVERS\ohci1394.sys
    ---> TYPE = KERNEL_DRIVER

    111) "P1120VID" - Creative WebCam NX Ultra
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = System32\DRIVERS\P1120Vid.sys
    ---> TYPE = KERNEL_DRIVER

    112) "PALLADIA" - Palladia 300/400 Usb Adsl Modem
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = System32\DRIVERS\usbiad.sys
    ---> TYPE = KERNEL_DRIVER

    113) "Parport" - Pilote de port parallèle
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\parport.sys
    ---> TYPE = KERNEL_DRIVER

    114) "PartMgr" - Gestionnaire de partition
    ---> STAT = (RUNNING) Started by operating system loader
    ---> TYPE = KERNEL_DRIVER

    115) "ParVdm"
    ---> STAT = (RUNNING) Started automatically
    ---> TYPE = KERNEL_DRIVER

    116) "PCI" - Pilote de bus PCI
    ---> STAT = (RUNNING) Started by operating system loader
    ---> FILE = System32\DRIVERS\pci.sys
    ---> TYPE = KERNEL_DRIVER

    117) "PCIDump"
    ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
    ---> TYPE = KERNEL_DRIVER

    118) "PCIIde"
    ---> STAT = (RUNNING) Started by operating system loader
    ---> FILE = System32\DRIVERS\pciide.sys
    ---> TYPE = KERNEL_DRIVER

    119) "Pcmcia"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    120) "PDCOMP"
    ---> STAT = (NOT RUNNING) Started manually
    ---> TYPE = KERNEL_DRIVER

    121) "PDFRAME"
    ---> STAT = (NOT RUNNING) Started manually
    ---> TYPE = KERNEL_DRIVER

    122) "PDRELI"
    ---> STAT = (NOT RUNNING) Started manually
    ---> TYPE = KERNEL_DRIVER

    123) "PDRFRAME"
    ---> STAT = (NOT RUNNING) Started manually
    ---> TYPE = KERNEL_DRIVER

    124) "p" target="_blank">

    [URL\DefaultPrefix]
    @="http://"

    [URL\Prefixes]
    "ftp"="ftp://"
    "gopher"="gopher://"
    "home"="http://"
    "mosaic"="http://"
    "www"="http://"

    -----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

    [Lsa]

    [Lsa\AccessProviders]

    [Lsa\AccessProviders\Windows NT Access Provider]
    "ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

    [Lsa\Audit]

    [Lsa\Audit\PerUserAuditing]

    [Lsa\Audit\PerUserAuditing\System]

    [Lsa\Data]

    [Lsa\SSO]

    [Lsa\SSO\Passport1.4]
    "SSOURL"="http://www.passport.com"

    [Lsa\SspiCache]

    [Lsa\SspiCache\digest.dll]
    "Name"="Digest"
    "Comment"="Digest SSPI Authentication Package"

    [Lsa\SspiCache\msapsspc.dll]
    "Name"="DPA"
    "Comment"="DPA Security Package"

    [Lsa\SspiCache\msnsspc.dll]
    "Name"="MSN"
    "Comment"="MSN Security Package"

    -----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

    [SharedAccess]
    "Type"=dword:00000020
    "Start"=dword:00000002
    "ErrorControl"=dword:00000001
    "ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
    "DisplayName"="Pare-feu Windows / Partage de connexion Internet"
    "DependOnService"=multi:"Netman\00WinMgmt\00\00"
    "DependOnGroup"=multi:"\00"
    "ObjectName"="LocalSystem"
    "Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."

    [SharedAccess\Epoch]
    "Epoch"=dword:00004bd3

    [SharedAccess\Parameters]
    "ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

    [SharedAccess\Parameters\FirewallPolicy]

    [SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

    [SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=dword:00000001
    "DoNotAllowExceptions"=dword:00000000
    "DisableNotifications"=dword:00000000

    [SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

    [SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:D isaxxxxx@xxxxxres.dll,-22019"
    "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:D isaxxxxx@xxxxxres.dll,-20000"
    "C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:D isabled:Shareaza Ultimate File Sharing"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:D isabled:Windows Live Messenger (Phone)"
    "C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

    [SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP"="1900:UDP:LocalSubNet:D isaxxxxx@xxxxxres.dll,-22007"
    "2869:TCP"="2869:TCP:LocalSubNet:D isaxxxxx@xxxxxres.dll,-22008"
    "3389:TCP"="3389:TCP:*:D isaxxxxx@xxxxxres.dll,-22009"
    "139:TCP"="139:TCP:LocalSubNet:D isaxxxxx@xxxxxres.dll,-22004"
    "445:TCP"="445:TCP:LocalSubNet:D isaxxxxx@xxxxxres.dll,-22005"
    "137:UDP"="137:UDP:LocalSubNet:D isaxxxxx@xxxxxres.dll,-22001"
    "138:UDP"="138:UDP:LocalSubNet:D isaxxxxx@xxxxxres.dll,-22002"
    "4887:UDP"="4887:UDP:*:D isabled:Windows Media Format SDK (IEXPLORE.EXE)"
    "4886:UDP"="4886:UDP:*:D isabled:Windows Media Format SDK (IEXPLORE.EXE)"

    [SharedAccess\Setup]
    "ServiceUpgrade"=dword:00000001

    [SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
    "{82895C8F-354D-43D9-9E72-9212CF2FF418}"=dword:00000001
    "{04CDA920-7D47-4403-8321-7FDED7324B22}"=dword:00000001
    "{24773ADD-0A25-4A61-B076-3EACA7C5DE03}"=dword:00000001

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

    -----HKLM\Software\Microsoft\Ole-----

    [Ole]
    "DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
    "EnableDCOM"="Y"
    "MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
    "MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\

    [Ole\AppCompat]

    [Ole\AppCompat\ActivationSecurityCheckExemptionList]
    "{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
    "{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
    "{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
    "{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

    -----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

    [Security Center]
    "AntiVirusDisableNotify"=dword:00000000
    "FirewallDisableNotify"=dword:00000000
    "UpdatesDisableNotify"=dword:00000000
    "AntiVirusOverride"=dword:00000000
    "FirewallOverride"=dword:00000000

    [Security Center\Monitoring]

    [Security Center\Monitoring\AhnlabAntiVirus]

    [Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [Security Center\Monitoring\KasperskyAntiVirus]

    [Security Center\Monitoring\McAfeeAntiVirus]

    [Security Center\Monitoring\McAfeeFirewall]

    [Security Center\Monitoring\PandaAntiVirus]

    [Security Center\Monitoring\PandaFirewall]

    [Security Center\Monitoring\SophosAntiVirus]

    [Security Center\Monitoring\SymantecAntiVirus]

    [Security Center\Monitoring\SymantecFirewall]

    [Security Center\Monitoring\TinyFirewall]

    [Security Center\Monitoring\TrendAntiVirus]

    [Security Center\Monitoring\TrendFirewall]

    [Security Center\Monitoring\ZoneLabsFirewall]

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

    [SystemRestore]
    "DisableSR"=dword:00000000
    "CreateFirstRunRp"=dword:00000001
    "DSMin"=dword:000000c8
    "DSMax"=dword:00000190
    "RPSessionInterval"=dword:00000000
    "RPGlobalInterval"=dword:00015180
    "RPLifeInterval"=dword:0076a700
    "CompressionBurst"=dword:0000003c
    "TimerInterval"=dword:00000078
    "DiskPercent"=dword:0000000c
    "ThawInterval"=dword:00000384
    "RestoreDiskSpaceError"=dword:00000000

    [SystemRestore\Cfg]
    "DiskPercent"=dword:0000000c
    "MachineGuid"="{A49057A8-5B20-4879-A65B-37F3BEF5B3BC}"

    [SystemRestore\SnapshotCallbacks]
    @=""

    -----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

    -----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

    -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

    [AdvancedOptions]

    -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

    -----HKLM\Software\Microsoft\Active Setup\Installed Components-----

    [Installed Components]

    [Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    "@="IE7 Uninstall Stub"
    "ComponentID"="IEUDINIT"
    "StubPath"="C:\WINDOWS\system32\ieudinit.exe"

    [Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
    "Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
    "@="Lecteur Windows Media"
    "ComponentID"="WMPACCESS"

    [Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    "@="Internet Explorer"
    "ComponentID"="IEACCESS"
    "StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"

    [Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "@="Browser Customizations"
    "ComponentiD"="BRANDING.CAB"
    "StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

    [Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    "@="Personnalisation du navigateur"
    "ComponentID"="BRANDING.CAB"
    "StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

    [Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    "@="Outlook Express"
    "ComponentID"="OEACCESS"
    "StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

    [Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
    "@="Microsoft VM"
    "ComponentID"="JAVAVM"
    "KeyFileName"="C:\WINDOWS\System32\msjava.dll"

    [Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
    "@="Internet Explorer Classes for Java"
    "ComponentID"="IEJAVA"

    [Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
    "@="Rendu VML (Vector Graphics Rendering)"
    "ComponentID"="MSVML"

    [Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
    #### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
    "ComponentID"="NetShow"
    "StubPath"=""

    [Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
    "ComponentID"="Microsoft Windows Media Player"
    "StubPath"=""
    "@="Lecteur Windows Media Microsoft 6.4"

    [Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]
    #### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\swdir.dll"
    "ComponentID"="Director"
    "@="Adobe Shockwave Director 10.3"

    [Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
    "@="DirectAnimation"
    "ComponentID"="DirectAnimation"

    [Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
    "ComponentID"="Director"
    "@="Adobe Shockwave Director 10.3"

    [Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    "@="Themes Setup"
    "ComponentID"="Theme Component"
    "StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

    [Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
    "@="Liaison de données Dynamic HTML pour Java"
    "ComponentID"="TridataJava"

    [Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
    "@="Offline Browsing Pack"
    "ComponentID"="MobilePk"

    [Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
    "@="Uniscribe"
    "ComponentID"="USP10"

    [Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
    "@="Création avancée"
    "ComponentID"="AdvAuth"

    [Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    "@="Microsoft Outlook Express 6"
    "ComponentID"="MailNews"
    "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:o E /CALLER:WINNT /user /install"

    [Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    "@="NetMeeting 3.01"
    "ComponentID"="NetMeeting"
    "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

    [Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
    "@="DirectShow"
    "ComponentID"="activemovie"

    [Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
    "@="DirectDrawEx"
    "ComponentID"="DirectDrawEx"

    [Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
    "@="Internet Explorer Help"
    "ComponentID"="HelpCont"

    [Installed Components\{4d64f3ba-f112-4efe-a02e-96680859937c}]
    "@="KB918899"
    "ComponentID"="KB918899"

    [Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
    "@="Classes Java DirectAnimation"
    "ComponentID"="DAJava"

    [Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
    "@="Microsoft Windows Script 5.6"
    "ComponentID"="MSVBScript"

    [Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    "ComponentID"="Messenger"
    "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
    "@="Windows Messenger 4.7"
    "KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"

    [Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
    "(Default)"="Internet Connection Wizard"
    "ComponentID"="ICW"

    [Installed Components\{5b7bf89d-d196-4c32-a303-a57b8ab7f18d}]
    "@="KB918439"
    "ComponentID"="KB918439"

    [Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
    "@="Internet Explorer Setup Tools"
    "ComponentID"="GenSetup"

    [Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
    "@="Browsing Enhancements"
    "ComponentID"="ExtraPack"
    "KeyFileName"="C:\WINDOWS\System32\msieftp.dll"

    [Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    #### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
    "@="Microsoft Windows Media Player"
    "ComponentID"="Microsoft Windows Media Player"
    "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub"

    [Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
    "@="MSN Site Access"
    "ComponentID"="MSN_Auth"

    [Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
    "ComponentID"=".NETFramework"
    "@=".NET Framework"

    [Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    "@="Carnet d'adresses 6"
    "ComponentID"="WAB"
    "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

    [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    "@="Mise à jour du Bureau Windows"
    "ComponentID"="IE4Shell_NT"
    "StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

    [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    "@="Internet Explorer"
    "ComponentID"="BASEIE40_W2K"
    "StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"

    [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

    [Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    "StubPath"="c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install"
    "ComponentID"="DOTNETFRAMEWORKS"

    [Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
    "@="Dynamic HTML Data Binding"
    "ComponentID"="Tridata"

    [Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
    "ComponentID"=".NETFramework"
    "@=".NET Framework"

    [Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
    "@="Internet Explorer Core Fonts"
    "ComponentID"="Fontcore"

    [Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
    "@="Planificateur de tâches"
    "ComponentID"="MSTASK"

    [Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
    "ComponentID"="Windows Movie Maker v2.1"

    [Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    "@="Adobe Flash Player"
    "ComponentID"="Flash"

    [Installed Components\{dd772a76-bef3-44d7-8b39-502c8504c1f1}]
    "@="KB925486"
    "ComponentID"="KB925486"

    [Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
    "@="HTML Help"
    "ComponentID"="HTMLHelp"

    [Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
    "@="Active Directory Service Interface"
    "ComponentID"="ADSI"

    [Installed Components\{f15ee071-deb7-4cbb-951f-431c98338d8e}]
    "@="KB911567"
    "ComponentID"="KB911567"

    -----Comparing registry keys CCS1 vs CCS2 -----
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services

    Result compared: Identical


    -----Comparing registry keys CCS1 vs CCS3 -----
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {82895C8F-354D-43D9-9E72-9212CF2FF418} REG_BINARY FC00000000000000000000000000000003678848060000000000000004000000000000002CB38948C0A80101030000000000000004000000000000002CB38948C0A80101330000000000000004000000000000002CB3894800014CDA3B0000000000000004000000000000002CB3894800011AEC3A0000000000000004000000000000002CB389480000A66D010000000000000004000000000000002CB38948FFFFFF00360000000000000004000000000000002CB38948C0A80101350000000000000001000000000000002CB3894805000000
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {82895C8F-354D-43D9-9E72-9212CF2FF418} REG_BINARY 060000000000000004000000000000002CB38948C0A80101030000000000000004000000000000002CB38948C0A80101330000000000000004000000000000002CB3894800014CDA3B0000000000000004000000000000002CB3894800011AEC3A0000000000000004000000000000002CB389480000A66D010000000000000004000000000000002CB38948FFFFFF00360000000000000004000000000000002CB38948C0A80101350000000000000001000000000000002CB3894805000000
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
    < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 19411 (0x4BD3)
    > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 19408 (0x4BD0)

    Result compared: Different


    ===================== AUTOPLAY SETTINGS =====================

    ~~~~~~~~~~~~~~~~~~~~~ Registry setting ~~~~~~~~~~~~~~~~~~~~~
    (note: default values should be 91 or 95)


    -----HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----

    [Explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    -----HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer-----

    [Explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    Autorun is enabled on:
    DRIVE_UNKNOWN = False
    DRIVE_NO_ROOT_DIR = True
    DRIVE_REMOVABLE = True
    DRIVE_FIXED = True
    DRIVE_REMOTE = False
    DRIVE_CDROM = True
    DRIVE_RAMDISK = True
    RESERVED = False

    ~~~~~~~~~~~~~~~~~~~~~ Autorun.inf files ~~~~~~~~~~~~~~~~~~~~~

    No autorun.inf files found.

    ===================== SCHEDULED JOBS =====================

    jobs found in C:\WINDOWS:

    28/08/2001 14:00:00 65 byte 2522 days old -- C:\WINDOWS\tasks\desktop.ini
    24/07/2008 13:24:03 6 byte 0 days old -- C:\WINDOWS\tasks\SA.DAT
    24/07/2008 15:17:00 256 byte 0 days old -- C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    ~~~~~~~~~~~~~~~~~~~~~
    Active jobs:

    ~~~~~~~~~~~~~~~~~~~~~
    Most recent (50) lines in jobs scheduled log:

    Résultat : La tâche s'est terminée avec le code de sortie : (0).
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Démarré à 23/07/2008 19:17:00
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Quitté à 23/07/2008 19:17:01
    Résultat : La tâche s'est terminée avec le code de sortie : (0).
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Démarré à 23/07/2008 20:17:00
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Quitté à 23/07/2008 20:17:08
    Résultat : La tâche s'est terminée avec le code de sortie : (0).
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Démarré à 23/07/2008 21:17:00
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Quitté à 23/07/2008 21:17:05
    Résultat : La tâche s'est terminée avec le code de sortie : (0).
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Démarré à 23/07/2008 22:17:02
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Quitté à 23/07/2008 22:17:07
    Résultat : La tâche s'est terminée avec le code de sortie : (0).
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Démarré à 24/07/2008 10:17:00
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Quitté à 24/07/2008 10:17:02
    Résultat : La tâche s'est terminée avec le code de sortie : (0).
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Démarré à 24/07/2008 11:17:00
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Quitté à 24/07/2008 11:17:01
    Résultat : La tâche s'est terminée avec le code de sortie : (0).
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Démarré à 24/07/2008 12:17:00
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Quitté à 24/07/2008 12:17:02
    Résultat : La tâche s'est terminée avec le code de sortie : (0).
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Démarré à 24/07/2008 13:17:00
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Quitté à 24/07/2008 13:17:01
    Résultat : La tâche s'est terminée avec le code de sortie : (0).
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Démarré à 24/07/2008 14:17:00
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Quitté à 24/07/2008 14:17:01
    Résultat : La tâche s'est terminée avec le code de sortie : (0).
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Démarré à 24/07/2008 15:17:00
    "Vérifier les mises à jour de Windows Live Toolbar.job" (MSNTBUP.EXE)
    Quitté à 24/07/2008 15:17:00
    Résultat : La tâche s'est terminée avec le code de sortie : (0).

    ===================== LIST OF ALL SERVICES & DRIVERS =====================

    -----HKLM\system\currentcontrolset\services-----

    000) "Abiosdsk"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    001) "abp480n5"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    002) "ACPI" - Pilote ACPI Microsoft
    ---> STAT = (RUNNING) Started by operating system loader
    ---> FILE = System32\DRIVERS\ACPI.sys
    ---> TYPE = KERNEL_DRIVER

    003) "ACPIEC"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    004) "adpu160m"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    005) "aec" - Suppresseur d'écho acoustique (Noyau Microsoft)
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = system32\drivers\aec.sys
    ---> TYPE = KERNEL_DRIVER

    006) "AFD" - Environnement de prise en charge de réseau AFD
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = \SystemRoot\System32\drivers\afd.sys
    ---> TYPE = KERNEL_DRIVER

    007) "Aha154x"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    008) "aic78u2"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    009) "aic78xx"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    010) "ALCXWDM" - Service for Realtek AC97 Audio (WDM)
    ---> STAT = (RUNNING) Started manually
    ---> FILE = system32\drivers\ALCXWDM.SYS
    ---> TYPE = KERNEL_DRIVER

    011) "AliIde"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    012) "amsint"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    013) "Arp1394" - Protocole client ARP 1394
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\arp1394.sys
    ---> TYPE = KERNEL_DRIVER

    014) "asc"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    015) "asc3350p"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    016) "asc3550"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    017) "AsyncMac" - Pilote de média asynchrone RAS
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = System32\DRIVERS\asyncmac.sys
    ---> TYPE = KERNEL_DRIVER

    018) "atapi" - Contrôleur de disque dur IDE/ESDI standard
    ---> STAT = (RUNNING) Started by operating system loader
    ---> FILE = System32\DRIVERS\atapi.sys
    ---> TYPE = KERNEL_DRIVER

    019) "Atdisk"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    020) "Atmarpc" - Protocole client ATM ARP
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = System32\DRIVERS\atmarpc.sys
    ---> TYPE = KERNEL_DRIVER

    021) "audstub" - Pilote audio Stub
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\audstub.sys
    ---> TYPE = KERNEL_DRIVER

    022) "AVG Anti-Spyware Driver" - AVG Anti-Spyware Driver
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
    ---> TYPE = KERNEL_DRIVER

    023) "Avg7Core" - AVG7 Kernel
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = \SystemRoot\System32\Drivers\avg7core.sys
    ---> TYPE = KERNEL_DRIVER

    024) "Avg7RsW" - AVG7 Wrap Driver
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = \SystemRoot\System32\Drivers\avg7rsw.sys
    ---> TYPE = KERNEL_DRIVER

    025) "Avg7RsXP" - AVG7 Resident Driver XP
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = \SystemRoot\System32\Drivers\avg7rsxp.sys
    ---> TYPE = KERNEL_DRIVER

    026) "AvgAsCln" - AVG Anti-Spyware Clean Driver
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = System32\DRIVERS\AvgAsCln.sys
    ---> TYPE = KERNEL_DRIVER

    027) "AvgClean" - AVG7 Clean Driver
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = \SystemRoot\System32\Drivers\avgclean.sys
    ---> TYPE = KERNEL_DRIVER

    028) "AvgTdi" - AVG Network Redirector
    ---> STAT = (RUNNING) Started automatically
    ---> FILE = \SystemRoot\System32\Drivers\avgtdi.sys
    ---> TYPE = KERNEL_DRIVER

    029) "Beep"
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> TYPE = KERNEL_DRIVER

    030) "catchme"
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = C:\DOCUME~1\ORDI\LOCALS~1\Temp\catchme.sys
    ---> TYPE = KERNEL_DRIVER

    031) "cbidf2k"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    032) "CCDECODE" - Décodeur sous-titre fermé
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = System32\DRIVERS\CCDECODE.sys
    ---> TYPE = KERNEL_DRIVER

    033) "cd20xrnt"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    034) "Cdaudio"
    ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
    ---> TYPE = KERNEL_DRIVER

    035) "Cdfs"
    ---> STAT = (RUNNING) Disabled
    ---> TYPE = FILE_SYSTEM_DRIVER

    036) "Cdrom" - Pilote de CD-ROM
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = System32\DRIVERS\cdrom.sys
    ---> TYPE = KERNEL_DRIVER

    037) "Changer"
    ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
    ---> TYPE = KERNEL_DRIVER

    038) "CmdIde"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    039) "Cpqarray"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    040) "dac2w2k"
    ---> STAT = (RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    041) "dac960nt"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    042) "Disk" - Pilote de disque
    ---> STAT = (RUNNING) Started by operating system loader
    ---> FILE = System32\DRIVERS\disk.sys
    ---> TYPE = KERNEL_DRIVER

    043) "dmboot"
    ---> STAT = (NOT RUNNING) Disabled
    ---> FILE = System32\drivers\dmboot.sys
    ---> TYPE = KERNEL_DRIVER

    044) "dmio" - Pilote de Gestionnaire de disque logique
    ---> STAT = (RUNNING) Started by operating system loader
    ---> FILE = System32\drivers\dmio.sys
    ---> TYPE = KERNEL_DRIVER

    045) "dmload"
    ---> STAT = (RUNNING) Started by operating system loader
    ---> FILE = System32\drivers\dmload.sys
    ---> TYPE = KERNEL_DRIVER

    046) "DMusic" - Synthétiseur DLS du noyau Microsoft
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = system32\drivers\DMusic.sys
    ---> TYPE = KERNEL_DRIVER

    047) "dpti2o"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    048) "drmkaud" - Filtre de décodeur DRM (Noyau Microsoft)
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = system32\drivers\drmkaud.sys
    ---> TYPE = KERNEL_DRIVER

    049) "Fastfat"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = FILE_SYSTEM_DRIVER

    050) "Fdc" - Pilote de contrôleur de lecteur de disquettes
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\fdc.sys
    ---> TYPE = KERNEL_DRIVER

    051) "Fips"
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> TYPE = KERNEL_DRIVER

    052) "Flpydisk"
    ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
    ---> TYPE = KERNEL_DRIVER

    053) "FltMgr" - FltMgr
    ---> STAT = (RUNNING) Started by operating system loader
    ---> FILE = system32\drivers\fltmgr.sys
    ---> TYPE = FILE_SYSTEM_DRIVER

    054) "Ftdisk" - Pilote du Gestionnaire de volume
    ---> STAT = (RUNNING) Started by operating system loader
    ---> FILE = System32\DRIVERS\ftdisk.sys
    ---> TYPE = KERNEL_DRIVER

    055) "Gpc" - Classificateur de paquets générique
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\msgpc.sys
    ---> TYPE = KERNEL_DRIVER

    056) "hidusb" - Pilote de classe HID Microsoft
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\hidusb.sys
    ---> TYPE = KERNEL_DRIVER

    057) "hpn"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    058) "HTTP" - HTTP
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\Drivers\HTTP.sys
    ---> TYPE = KERNEL_DRIVER

    059) "i2omgmt"
    ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
    ---> TYPE = KERNEL_DRIVER

    060) "i2omp"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    061) "i8042prt"
    ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
    ---> TYPE = KERNEL_DRIVER

    062) "Imapi" - Pilote de filtre de gravure CD
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = System32\DRIVERS\imapi.sys
    ---> TYPE = KERNEL_DRIVER

    063) "ini910u"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    064) "IntelIde"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    065) "ip6fw" - Pilote du pare-feu Windows IPv6
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = system32\drivers\ip6fw.sys
    ---> TYPE = KERNEL_DRIVER

    066) "IpFilterDriver" - Pilote de filtre de trafic IP
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = System32\DRIVERS\ipfltdrv.sys
    ---> TYPE = KERNEL_DRIVER

    067) "IpInIp" - Pilote de tunnelage IP dans IP
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = System32\DRIVERS\ipinip.sys
    ---> TYPE = KERNEL_DRIVER

    068) "IpNat" - Traducteur d'adresses réseau IP
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\ipnat.sys
    ---> TYPE = KERNEL_DRIVER

    069) "IPSec" - Pilote IPSEC
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = System32\DRIVERS\ipsec.sys
    ---> TYPE = KERNEL_DRIVER

    070) "irda" - Protocole IrDA
    ---> STAT = (RUNNING) Started automatically
    ---> FILE = System32\DRIVERS\irda.sys
    ---> TYPE = KERNEL_DRIVER

    071) "IRENUM" - Service énumérateur IR
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\irenum.sys
    ---> TYPE = KERNEL_DRIVER

    072) "irsir" - Pilote série infrarouge Microsoft
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\irsir.sys
    ---> TYPE = KERNEL_DRIVER

    073) "isapnp" - Pilote de bus Plug-and-Play ISA/EISA
    ---> STAT = (RUNNING) Started by operating system loader
    ---> FILE = System32\DRIVERS\isapnp.sys
    ---> TYPE = KERNEL_DRIVER

    074) "Kbdclass" - Pilote de la classe Clavier
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = System32\DRIVERS\kbdclass.sys
    ---> TYPE = KERNEL_DRIVER

    075) "kbdhid" - Pilote HID de clavier
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = System32\DRIVERS\kbdhid.sys
    ---> TYPE = KERNEL_DRIVER

    076) "kmixer" - Mélangeur audio Wave de noyau Microsoft
    ---> STAT = (RUNNING) Started manually
    ---> FILE = system32\drivers\kmixer.sys
    ---> TYPE = KERNEL_DRIVER

    077) "KSecDD"
    ---> STAT = (RUNNING) Started by operating system loader
    ---> TYPE = KERNEL_DRIVER

    078) "lbrtfdc"
    ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
    ---> TYPE = KERNEL_DRIVER

    079) "MBAMSwissArmy" - MBAMSwissArmy
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    ---> TYPE = KERNEL_DRIVER

    080) "mnmdd"
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> TYPE = KERNEL_DRIVER

    081) "Modem"
    ---> STAT = (NOT RUNNING) Started manually
    ---> TYPE = KERNEL_DRIVER

    082) "Mouclass" - Pilote de la classe Souris
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = System32\DRIVERS\mouclass.sys
    ---> TYPE = KERNEL_DRIVER

    083) "mouhid" - Pilote HID de souris
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\mouhid.sys
    ---> TYPE = KERNEL_DRIVER

    084) "MountMgr" - Gestionnaire de point de montage
    ---> STAT = (RUNNING) Started by operating system loader
    ---> TYPE = KERNEL_DRIVER

    085) "mraid35x"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    086) "MRxDAV" - Redirecteur client WebDav
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\mrxdav.sys
    ---> TYPE = FILE_SYSTEM_DRIVER

    087) "MRxSmb" - MRXSMB
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = System32\DRIVERS\mrxsmb.sys
    ---> TYPE = FILE_SYSTEM_DRIVER

    088) "Msfs"
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> TYPE = FILE_SYSTEM_DRIVER

    089) "MSKSSRV" - Proxy de service de répartition Microsoft
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = system32\drivers\MSKSSRV.sys
    ---> TYPE = KERNEL_DRIVER

    090) "MSPCLOCK" - Proxy d'horloge de répartition Microsoft
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = system32\drivers\MSPCLOCK.sys
    ---> TYPE = KERNEL_DRIVER

    091) "MSPQM" - Proxy de gestion de qualité de répartition Microsoft
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = system32\drivers\MSPQM.sys
    ---> TYPE = KERNEL_DRIVER

    092) "mssmbios" - Pilote BIOS de gestion de systèmes Microsoft
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\mssmbios.sys
    ---> TYPE = KERNEL_DRIVER

    093) "MSTEE" - Convertisseur en T/site-à-site de répartition Microsoft
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = system32\drivers\MSTEE.sys
    ---> TYPE = KERNEL_DRIVER

    094) "Mup" - Mup
    ---> STAT = (RUNNING) Started by operating system loader
    ---> TYPE = FILE_SYSTEM_DRIVER

    095) "NABTSFEC" - Codec NABTS/FEC VBI
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = System32\DRIVERS\NABTSFEC.sys
    ---> TYPE = KERNEL_DRIVER

    096) "NDIS" - Pilote système NDIS
    ---> STAT = (RUNNING) Started by operating system loader
    ---> TYPE = KERNEL_DRIVER

    097) "NdisIP" - Connection TV/vidéo Microsoft
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = System32\DRIVERS\NdisIP.sys
    ---> TYPE = KERNEL_DRIVER

    098) "NdisTapi" - Pilote TAPI NDIS d'accès distant
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\ndistapi.sys
    ---> TYPE = KERNEL_DRIVER

    099) "Ndisuio" - NDIS mode utilisateur E/S Protocole
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\ndisuio.sys
    ---> TYPE = KERNEL_DRIVER

    100) "NdisWan" - Pilote réseau étendu NDIS d'accès distant
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\ndiswan.sys
    ---> TYPE = KERNEL_DRIVER

    101) "NDProxy" - multi:p roxy NDIS\00\00
    ---> STAT = (RUNNING) Started manually
    ---> TYPE = KERNEL_DRIVER

    102) "NetBIOS" - Interface NetBIOS
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = System32\DRIVERS\netbios.sys
    ---> TYPE = FILE_SYSTEM_DRIVER

    103) "NetBT" - NetBIOS sur TCP/IP
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> FILE = System32\DRIVERS\netbt.sys
    ---> TYPE = KERNEL_DRIVER

    104) "NIC1394" - Pilote réseau 1394
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\nic1394.sys
    ---> TYPE = KERNEL_DRIVER

    105) "Npfs"
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> TYPE = FILE_SYSTEM_DRIVER

    106) "Ntfs"
    ---> STAT = (RUNNING) Disabled
    ---> TYPE = FILE_SYSTEM_DRIVER

    107) "Null"
    ---> STAT = (RUNNING) Started by "IoInitSystem" function
    ---> TYPE = KERNEL_DRIVER

    108) "NwlnkFlt" - Pilote de filtre de trafic IPX
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = System32\DRIVERS\nwlnkflt.sys
    ---> TYPE = KERNEL_DRIVER

    109) "NwlnkFwd" - Pilote de transfert de trafic IPX
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = System32\DRIVERS\nwlnkfwd.sys
    ---> TYPE = KERNEL_DRIVER

    110) "ohci1394" - Contrôleur hôte Texas Instruments IEEE 1394 compatible OHCI (Open Host Controller Interface)
    ---> STAT = (RUNNING) Started by operating system loader
    ---> FILE = System32\DRIVERS\ohci1394.sys
    ---> TYPE = KERNEL_DRIVER

    111) "P1120VID" - Creative WebCam NX Ultra
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = System32\DRIVERS\P1120Vid.sys
    ---> TYPE = KERNEL_DRIVER

    112) "PALLADIA" - Palladia 300/400 Usb Adsl Modem
    ---> STAT = (NOT RUNNING) Started manually
    ---> FILE = System32\DRIVERS\usbiad.sys
    ---> TYPE = KERNEL_DRIVER

    113) "Parport" - Pilote de port parallèle
    ---> STAT = (RUNNING) Started manually
    ---> FILE = System32\DRIVERS\parport.sys
    ---> TYPE = KERNEL_DRIVER

    114) "PartMgr" - Gestionnaire de partition
    ---> STAT = (RUNNING) Started by operating system loader
    ---> TYPE = KERNEL_DRIVER

    115) "ParVdm"
    ---> STAT = (RUNNING) Started automatically
    ---> TYPE = KERNEL_DRIVER

    116) "PCI" - Pilote de bus PCI
    ---> STAT = (RUNNING) Started by operating system loader
    ---> FILE = System32\DRIVERS\pci.sys
    ---> TYPE = KERNEL_DRIVER

    117) "PCIDump"
    ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
    ---> TYPE = KERNEL_DRIVER

    118) "PCIIde"
    ---> STAT = (RUNNING) Started by operating system loader
    ---> FILE = System32\DRIVERS\pciide.sys
    ---> TYPE = KERNEL_DRIVER

    119) "Pcmcia"
    ---> STAT = (NOT RUNNING) Disabled
    ---> TYPE = KERNEL_DRIVER

    120) "PDCOMP"
    ---> STAT = (NOT RUNNING) Started manually
    ---> TYPE = KERNEL_DRIVER

    121) "PDFRAME"
    ---> STAT = (NOT RUNNING) Started manually
    ---> TYPE = KERNEL_DRIVER

    122) "PDRELI"
    ---> STAT = (NOT RUNNING) Started manually
    ---> TYPE = KERNEL_DRIVER

    123) "PDRFRAME"
    ---> STAT = (NOT RUNNING) Started manually
    ---> TYPE = KERNEL_DRIVER

    124) "p
    24 Juillet 2008 18:23:07

    Télécharge OTMoveIt2 ( de OldTimer).

  • Enregistre ce fichier sur le Bureau.
    Redémarrer en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
    Imprime, note ou enregistre les informations suivantes. Dans ce mode, tu n'as pas accès à Internet :

  • Fais un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisissez Exécuter en tant qu'administrateur).
  • Sélectionne l'intégralité du cadre ci-dessous :
    C:\WINDOWS\system32\ymqfjouy.ini2
    C:\WINDOWS\system32\d3d9caps.dat
    C:\WINDOWS\system32\bb949698-.txt
    C:\WINDOWS\system32\juqfet.dll
    C:\WINDOWS\system32\qvevexhd.dll
    C:\WINDOWS\system32\jtwmspix.ini
    C:\WINDOWS\system32\uyxpufff.ini
    C:\WINDOWS\system32\kmWHOqru.ini2
    C:\WINDOWS\system32\kmWHOqru.ini
    C:\WINDOWS\system32\ymqfjouy.tmp
    C:\WINDOWS\system32\ymqfjouy.ini
    C:\WINDOWS\system32\mcrh.tmp

  • Retourne dans la fenêtre de OTMoveIt2, fais un clic droit dans la zone "Paste List of Files/Folders to Move" (sous la barre bleu clair) puis choisis Coller. (en ayant au préalable fait Copier).
  • Clique sur le bouton rouge Moveit!.
  • Copie tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
  • Ferme OTMoveIt2

    Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine t'est demandé, choisis Oui/Yes. Dans ce cas, après le redémarrage, ouvre le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), clique sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuie sur la touche Entrée, navigue jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvre le fichier .log le plus récent; ensuite fais un copier/coller du contenu de ce document en réponse sur le forum.

    Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.

    **********************

    Redémarre normalement.

    Télécharge DiagHelp (de Malekal) sur ton Bureau

  • Dézippe le, ouvre le nouveau dossier DiagHelp, et double-clic sur go.cmd (le .cmd peut ne pas apparaître! )
  • Choisis l’option 1 dans la fenêtre qui s’ouvrira.
    Ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand cela t’est demandé..
    ATTENTION : Pendant l'analyse, après le rapport CatchMe, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !
  • A la fin de l'analyse, ton ordi devra peut-être être redémarré... Une fois l'ordinateur redémarré, le rapport va apparaître sur le Bloc-note.. Poste le ici.

    Ce dernier se trouve ici : C:\resultat.txt

    Si tu obtiens un fichier C:\upload_moi.zip, merci de l’envoyer sur http://upload.malekal.com/
    Comment Uploader ?

    Aide : Comment utiliser DiagHelp.



    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS