Problème avec un message

Résolu
Yusuke21 Messages postés 37 Statut Membre -  
 mathz -
Bonjour. Désolé de vous déranger avec ce problème récurrent. J'ai le même problème que kimkimkolor. Une icône est apparue dans ma barre en bas à droite qui m'envoie vers le site payant de anti-vermins. J'ai déjà lancé à plusieurs reprises Spybot S&D ainsi qu'avast, mais rien n'a été détecté. J'ai téléchargé Hijackthis et SmitFraudFix, mais ne les ai pas encore installés. Pouvez-vous m'aider ? J'ai Windows 2000 PRO SP4.
Merci
Configuration: Windows 2000
Firefox 1.5.0.9

34 réponses

  • 1
  • 2
Résumé de la discussion

Une icône indésirable apparaît dans la barre des tâches et redirige vers un site payant anti-vermins, suggérant une infection sur Windows 2000 et des ralentissements éventuels. Plusieurs intervenants proposent des actions et outils: lancer des scans avec Spybot S&D et Avast, tester HijackThis et SmitFraudFix, puis vérifier les démarrages et les processus. Des indices portent sur le fichier system32, avec un rapport VirusTotal ciblant stisvc.exe et des logs HijackThis montrant sa présence, mais les antivirus déployés ne détectent pas de menace. Dernier élément, le rapport HijackThis liste le chemin C:\Windows\system32\stisvc.exe, et VirusTotal indique l’absence de virus pour ce fichier, apportant une nuance utile sur l’état actuel.

Généré automatiquement par IA
sur la base des meilleures réponses
    1. Yusuke21 Messages postés 37 Statut Membre
       
      J'avoue que je ne comprends pas. J'ai juste intallé les logiciels, fait les mises à jour, redémarré et AVG anti Spyware a trouvé quelque chose, j'ai nettoyé et depuis l'icône n'apparait plus. Je continue tout de même et lance hijackthis ?
      En tout cas merci pour le lien vers la procédure et désolé pour le dérangement.
      0
  1. Utilisateur anonyme
     
    faits le plus possible de ma procédure:
    https://leblogdeclaude.blogspot.com/2006/10/informatique-procdure-de-nettoyage.html
    ------------------------------------------------------------------------
    ensuite je te conseille:
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    tuto
    https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566
    --------------------------------------------------------------
    un log Hjt

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
    0
  2. Yusuke21 Messages postés 37 Statut Membre
     
    Je suis allé au bout de la procédure. J'ai supprimé des fichiers infectés. Lors du dernier scan avec Multi-virus cleaner, il n'y avait pas de problèmes. Pas d'infection non plus par Vundo.
    Voici le log de HJT :

    Logfile of HijackThis v1.99.1
    Scan saved at 02:47:07, on 21/01/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MSTask.exe
    C:\WINDOWS\system32\stisvc.exe
    C:\WINDOWS\System32\WBEM\WinMgmt.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\internat.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*https://fr.yahoo.com/?p=us
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\7.tmp
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://shina1.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - (no file)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Documents and Settings\Dabady\Bureau\Shina\bin\iPodService.exe
    O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - C:\WINDOWS\system32\7.tmp (file missing)
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

    Voilà. Encore merci pour votre aide !
    0
  3. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  4. Yusuke21 Messages postés 37 Statut Membre
     
    oui en effet, j'ai pu faire ce scan. Voilà le rapport :

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Sunday, January 21, 2007 1:46:59 PM
    Système d'exploitation : Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
    Kaspersky On-line Scanner version : 5.0.83.0
    Dernière mise à jour de la base antivirus Kaspersky : 21/01/2007
    Enregistrements dans la base antivirus Kaspersky : 245969
    -------------------------------------------------------------------------------

    Paramètres d'analyse:
    Analyser avec la base antivirus suivante: standard
    Analyser les archives: vrai
    Analyser les bases de messagerie: vrai

    Cible de l'analyse - Poste de travail:
    A:\
    C:\
    D:\
    E:\

    Statistiques de l'analyse:
    Total d'objets analysés: 45419
    Nombre de virus trouvés: 2
    Nombre d'objets infectés: 2 / 0
    Nombre d'objets suspects: 2
    Durée de l'analyse: 02:46:59

    Nom de l'objet infecté / Nom du virus / Dernière action
    C:\WINDOWS\CSC\00000001 L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\config\software.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\config\default.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\config\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\config\SYSTEM.ALT L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\config\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\config\SYSTEM L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\config\SOFTWARE L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\config\DEFAULT L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\config\Antivirus.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\Perflib_Perfdata_1f0.dat L'objet est verrouillé ignoré
    C:\WINDOWS\TEMP\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLog.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\oakley.log L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\ipsecpa.log L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\EventCache\{1E6FD12C-2214-416D-A3CE-E908BDB85A00}.bin L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject6.zip/uninst.exe Suspect : Password-protected-EXE ignoré
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject6.zip ZIP: suspect - 1 ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Dabady\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\Dabady\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Dabady\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Dabady\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Dabady\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\Dabady\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Dabady\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Downloads\lecteur vidéo\dvdcodec1038.exe/data0002 Infecté : Trojan.Win32.DNSChanger.hd ignoré
    C:\Downloads\lecteur vidéo\dvdcodec1038.exe NSIS: infecté - 1 ignoré

    Analyse terminée.

    Quand on croit que tout est rentré dans l'ordre...
    Merci pour la remarque.
    0
  5. Utilisateur anonyme
     
    Bon....essayes celui-ci:
    http://www.bitdefender.fr/bd/site/search.php#
    0
  6. Yusuke21 Messages postés 37 Statut Membre
     
    Voici le rapport du dernier scan avec le logiciel que vous m'avez conseillé :

    //-----------------------------------------------------------------
    //
    // Product: BitDefender 9 Standard
    // Version: 9.5
    //
    // Créé le: 21/01/2007 15:48:42
    //
    //-----------------------------------------------------------------

    Statistiques

    Chemin cible: C:\WINDOWS\system32\
    Dossiers : 82
    Fichiers : 12897
    Archives : 106
    Fichiers empaquetés : 81
    Virus trouvés : 2
    Fichiers infectés : 0
    Alertes : 0
    Fichiers suspects : 0
    Fichiers désinfectés : 0
    Fichiers effacés : 2
    Fichiers copiés : 0
    Fichiers déplacés : 0
    Fichiers renommés : 0
    Erreurs I/O : 13
    Temps d'analyse := 00:16:48
    Fichiers/seconde :12

    Statistiques Spywares

    Processus Mémoire analysés : 14
    Processus Mémoire infectés : 0
    Clés de registres analysées : 1348
    Clés de registres infectés : 2
    Cookies analysés : 11
    Cookies infectés : 0
    Fichiers spyware infectés : 0
    Menaces Spyware détectées : 2

    Définitions virus : 421099
    Plugins d'analyse : 16
    Plugins archives : 41
    Plug-ins décompression : 6
    Plug-ins messagerie : 6
    Plug-ins système : 5

    Options d'analyse

    Détection
    [X] Analyser le secteur de boot
    [X] Analyser les archives
    [X] Analyser les fichiers en paquets
    [X] Analyser la messagerie

    Masque fichiers
    [ ] Programmes
    [X] Tous les fichiers
    [ ] Extensions définies par l'utilisateur:
    [ ] Exclure les extensions: ;

    Action

    Objets infectés
    [ ] Ignorer
    [X] Désinfecter
    [ ] Effacer
    [ ] Copier
    [ ] Déplacer dans le dossier infectés
    [ ] Renommer
    [ ] Demander l'action

    Seconde action
    [ ] Ignorer
    [ ] Effacer
    [ ] Copier
    [X] Déplacer dans le dossier infectés
    [ ] Renommer
    [ ] Demander l'action

    Options d'analyse
    [X] Activer les alertes
    [X] Activer l'heuristique
    [X] Afficher tous les fichiers dans le journal
    [X] Fichier journal : C:\Program Files\Softwin\BitDefender9\Logs\vscan_1169390922.log

    Options d'analyse Spyware

    [X] Processus mémoire
    [X] Clés de registres
    [X] Cookies

    Euh, finalement le rapport est super long. je l'ai raccourci. Si vous en avez besoin je peux vous l'envoyer par mail. Désolé !
    0
  7. Utilisateur anonyme
     
    pas de soucis colles-le ici
    0
    1. Yusuke21 Messages postés 37 Statut Membre
       
      //-----------------------------------------------------------------
      //
      // Product: BitDefender 9 Standard
      // Version: 9.5
      //
      // Créé le: 21/01/2007 15:48:42
      //
      //-----------------------------------------------------------------


      Statistiques

      Chemin cible: C:\WINDOWS\system32\
      Dossiers : 82
      Fichiers : 12897
      Archives : 106
      Fichiers empaquetés : 81
      Virus trouvés : 2
      Fichiers infectés : 0
      Alertes : 0
      Fichiers suspects : 0
      Fichiers désinfectés : 0
      Fichiers effacés : 2
      Fichiers copiés : 0
      Fichiers déplacés : 0
      Fichiers renommés : 0
      Erreurs I/O : 13
      Temps d'analyse := 00:16:48
      Fichiers/seconde :12

      Statistiques Spywares

      Processus Mémoire analysés : 14
      Processus Mémoire infectés : 0
      Clés de registres analysées : 1348
      Clés de registres infectés : 2
      Cookies analysés : 11
      Cookies infectés : 0
      Fichiers spyware infectés : 0
      Menaces Spyware détectées : 2


      Définitions virus : 421099
      Plugins d'analyse : 16
      Plugins archives : 41
      Plug-ins décompression : 6
      Plug-ins messagerie : 6
      Plug-ins système : 5

      Options d'analyse

      Détection
      [X] Analyser le secteur de boot
      [X] Analyser les archives
      [X] Analyser les fichiers en paquets
      [X] Analyser la messagerie

      Masque fichiers
      [ ] Programmes
      [X] Tous les fichiers
      [ ] Extensions définies par l'utilisateur:
      [ ] Exclure les extensions: ;

      Action

      Objets infectés
      [ ] Ignorer
      [X] Désinfecter
      [ ] Effacer
      [ ] Copier
      [ ] Déplacer dans le dossier infectés
      [ ] Renommer
      [ ] Demander l'action

      Seconde action
      [ ] Ignorer
      [ ] Effacer
      [ ] Copier
      [X] Déplacer dans le dossier infectés
      [ ] Renommer
      [ ] Demander l'action

      Options d'analyse
      [X] Activer les alertes
      [X] Activer l'heuristique
      [X] Afficher tous les fichiers dans le journal
      [X] Fichier journal : C:\Program Files\Softwin\BitDefender9\Logs\vscan_1169390922.log

      Options d'analyse Spyware

      [X] Processus mémoire
      [X] Clés de registres
      [X] Cookies


      Sommaire :

      <System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MAGNET Détecté: magne3t
      <System>=>HKEY_LOCAL_MACHINE\SOFTWARE\MAGNET Effacé
      <System> Mise à jour
      <System>=>HKEY_CLASSES_ROOT\MAGNET Détecté: magne2t
      <System>=>HKEY_CLASSES_ROOT\MAGNET Effacé
      <System> Mise à jour

      Fichiers analysés

      <System> OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ACPI\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ALERTER\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICES.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\APPMGMT\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICES.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ASWUPDSV\ImagePath=>C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ASYNCMAC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ATAPI\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ATIRAGE3\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\ATIMPAB.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ATMARPC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AUDSTUB\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AVAST! ANTIVIRUS\ImagePath=>C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AVAST! MAIL SCANNER\ImagePath=>C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AVAST! WEB SCANNER\ImagePath=>C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AVG ANTI-SPYWARE GUARD\ImagePath=>C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AVGASCLN\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\AVGASCLN.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BDSS\ImagePath=>C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\QMGR.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BROWSER\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICES.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CCDECODE\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\CCDECODE.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CCEVTMGR\ImagePath=>C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCEVTMGR.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CCPWDSVC\ImagePath=>C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCPWDSVC.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CCSETMGR\ImagePath=>C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCSETMGR.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CDROM\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CISVC\ImagePath=>C:\WINDOWS\SYSTEM32\CISVC.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CLIPSRV\ImagePath=>C:\WINDOWS\SYSTEM32\CLIPSRV.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CONTENTFILTER\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\QUERY.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CONTENTINDEX\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\QUERY.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DHCP\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICES.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DISK\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMADMIN\ImagePath=>C:\WINDOWS\SYSTEM32\DMADMIN.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMBOOT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMIO\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMLOAD\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMSERVER\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICES.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMUSIC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DNSCACHE\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICES.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EL90BC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ES1371\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\ES1371MP.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\ANTIVIRUS\AVAST!\CategoryMessageFile=>C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWRES.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\ANTIVIRUS\AVAST!\EventMessageFile=>C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWRES.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\ANTIVIRUS\File=>C:\WINDOWS\SYSTEM32\CONFIG\ANTIVIRUS.EVT OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\APGTS\EventMessageFile=>C:\WINDOWS\HELP\TSHOOT.OCX OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\APPLICATION\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\EVENTLOG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\APPLICATION MANAGEMENT\EventMessageFile=>C:\WINDOWS\SYSTEM32\APPMGMTS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\APPLICATION MANAGEMENT\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\AUTOCHK\EventMessageFile=>C:\WINDOWS\SYSTEM32\WINLOGON.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\CCEVTMGR\EventMessageFile=>C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCEVTMGR.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\CCSETMGR\EventMessageFile=>C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCSETMGR.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\CHKDSK\EventMessageFile=>C:\WINDOWS\SYSTEM32\ULIB.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\CI\EventMessageFile=>C:\WINDOWS\SYSTEM32\QUERY.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\CI\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\QUERY.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\COM+\EventMessageFile=>C:\WINDOWS\SYSTEM32\COMSVCS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\COM+\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\COMSVCS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\COM+\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\COMSVCS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\DISKQUOTA\EventMessageFile=>C:\WINDOWS\SYSTEM32\DSKQUOTA.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\DRWATSON\EventMessageFile=>C:\WINDOWS\SYSTEM32\DRWTSN32.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\ESENT\EventMessageFile=>C:\WINDOWS\SYSTEM32\ESENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\ESENT\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\ESENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\EVENTSYSTEM\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\ES.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\EVENTSYSTEM\EventMessageFile=>C:\WINDOWS\SYSTEM32\ES.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\FAX SERVICE\EventMessageFile=>C:\WINDOWS\SYSTEM32\FAXEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\FAX SERVICE\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\FAXEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\FILE DEPLOYMENT\EventMessageFile=>C:\WINDOWS\SYSTEM32\FDEPLOY.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\FILE DEPLOYMENT\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\FOLDER REDIRECTION\EventMessageFile=>C:\WINDOWS\SYSTEM32\FDEPLOY.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\FOLDER REDIRECTION\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\HPMON\EventMessageFile=>C:\WINDOWS\SYSTEM32\HPMON.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IEXPLORE\EventMessageFile=>C:\PROGRAM FILES\INTERNET EXPLORER\DW15.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IPSECPOLICYSTORAGE\EventMessageFile=>C:\WINDOWS\SYSTEM32\POLSTORE.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\JAVA VM\EventMessageFile=>C:\WINDOWS\SYSTEM32\VMHELPER.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\MNMSRVC\EventMessageFile=>C:\WINDOWS\SYSTEM32\NMEVTMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\MSDTC\EventMessageFile=>C:\WINDOWS\SYSTEM32\MSDTCPRX.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\MSDTC\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\MSDTCPRX.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\MSDTC CLIENT\EventMessageFile=>C:\WINDOWS\SYSTEM32\MSDTCPRX.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\MSDTC CLIENT\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\MSDTCPRX.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\MSIINSTALLER\EventMessageFile=>C:\WINDOWS\SYSTEM32\MSI.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\NTBACKUP\EventMessageFile=>C:\WINDOWS\SYSTEM32\NTBACKUP.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\NTBACKUP.INI\EventMessageFile=>C:\WINDOWS\SYSTEM32\NTBACKUP.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\OAKLEY\EventMessageFile=>C:\WINDOWS\SYSTEM32\OAKLEY.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\OFFLINE FILES\EventMessageFile=>C:\WINDOWS\SYSTEM32\CSCUI.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\PERFCTRS\EventMessageFile=>C:\WINDOWS\SYSTEM32\PERFCTRS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\PERFDISK\EventMessageFile=>C:\WINDOWS\SYSTEM32\PERFDISK.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\PERFLIB\EventMessageFile=>C:\WINDOWS\SYSTEM32\PRFLBMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\PERFMON\EventMessageFile=>C:\WINDOWS\SYSTEM32\PERFMON.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\PERFNET\EventMessageFile=>C:\WINDOWS\SYSTEM32\PERFNET.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\PERFOS\EventMessageFile=>C:\WINDOWS\SYSTEM32\PERFOS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\PERFPROC\EventMessageFile=>C:\WINDOWS\SYSTEM32\PERFPROC.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\PLUGPLAYMANAGER\EventMessageFile=>C:\WINDOWS\SYSTEM32\UMPNPMGR.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\RPC\EventMessageFile=>C:\WINDOWS\SYSTEM32\SP3RES.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SCECLI\EventMessageFile=>C:\WINDOWS\SYSTEM32\SCECLI.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SCESRV\EventMessageFile=>C:\WINDOWS\SYSTEM32\SCESRV.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SCLGNTFY\EventMessageFile=>C:\WINDOWS\SYSTEM32\SCLGNTFY.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SOFTWARE INSTALLATION\EventMessageFile=>C:\WINDOWS\SYSTEM32\APPMGR.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SPOOLERCTRS\EventMessageFile=>C:\WINDOWS\SYSTEM32\WINSPOOL.DRV OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SYSMONLOG\EventMessageFile=>C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\TLNTSVR\EventMessageFile=>C:\WINDOWS\SYSTEM32\TLNTSVR.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\USERENV\EventMessageFile=>C:\WINDOWS\SYSTEM32\USERENV.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\USERINIT\EventMessageFile=>C:\WINDOWS\SYSTEM32\USERINIT.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\VBRUNTIME\EventMessageFile=>C:\WINDOWS\SYSTEM32\MSVBVM60.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WINDOWS 3.1 MIGRATION\EventMessageFile=>C:\WINDOWS\SYSTEM32\ADVAPI32.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WINMGMT\EventMessageFile=>C:\WINDOWS\SYSTEM32\WBEM\WINMGMTR.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WMDM PMSP SERVICE\EventMessageFile=>C:\WINDOWS\SYSTEM32\MSPMSPSV.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WMDMPMSN\EventMessageFile=>C:\WINDOWS\SYSTEM32\MSPMSNSV.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WSH\EventMessageFile=>C:\WINDOWS\SYSTEM32\WSHEXT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\DisplayNameFile=>C:\WINDOWS\SYSTEM32\ELS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\File=>C:\WINDOWS\SYSTEM32\CONFIG\APPEVENT.EVT OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\=>C:\WINDOWS\SYSTEM32\MNMSRVC.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\DS\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\MSOBJS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\LSA\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\MSOBJS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\NETDDE OBJECT\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\MSOBJS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\SC MANAGER\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\MSOBJS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\SECURITY\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\MSAUDITE.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\SECURITY\GuidMessageFile=>C:\WINDOWS\SYSTEM32\NTMARTA.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\SECURITY\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\MSOBJS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\SECURITY ACCOUNT MANAGER\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\MSOBJS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\SPOOLER\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\MSOBJS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\DisplayNameFile=>C:\WINDOWS\SYSTEM32\ELS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\File=>C:\WINDOWS\SYSTEM32\CONFIG\SECEVENT.EVT OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ABIOSDSK\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ABP480N5\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ADPU160M\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\AHA154X\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\AIC116X\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\AIC78U2\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\AIC78XX\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ALERTER\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\AMI0NT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\AMSINT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\APPLICATION POPUP\EventMessageFile=>C:\WINDOWS\SYSTEM32\NTDLL.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ASC\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ASC3350P\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ASC3550\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ASYNCMAC\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ATAPI\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ATDISK\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ATMARPC\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ATMELAN\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\AUTOMATIC UPDATES\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\WUAUENG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\AUTOMATIC UPDATES\EventMessageFile=>C:\WINDOWS\SYSTEM32\WUAUENG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\BEEP\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\BITS\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\XPOB2RES.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\BITS\EventMessageFile=>C:\WINDOWS\SYSTEM32\XPOB2RES.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\BROWSER\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\BUSLOGIC\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CD20XRNT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CDAUDIO\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CDFS\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CDROM\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CHANGER\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CPQARRAY\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CPQARRY2\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CPQFCALM\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CPQFWS2E\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DAC960NT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DCOM\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DCOM\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DECKZPSX\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DFSDRIVER\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DFSSVC\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DHCP\EventMessageFile=>C:\WINDOWS\SYSTEM32\DHCPCSVC.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DHCP\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DISK\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DISKPERF\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DISTRIBUTED LINK TRACKING CLIENT\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DNSAPI\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DNSAPI\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DNSCACHE\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\EFS\EventMessageFile=>C:\WINDOWS\SYSTEM32\LSASRV.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\EL90BC\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\EVENTLOG\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\FASTFAT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\FBXUSB\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\FD16_700\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\FIREPORT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\FLASHPNT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\FS_REC\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\INI910U\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\INTERNET EXPLORER 6\EventMessageFile=>C:\WINDOWS\SYSTEM32\SPMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPNATHLP\EventMessageFile=>C:\WINDOWS\SYSTEM32\IPNATHLP.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPROUTERMANAGER\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPSEC\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPSRAIDN\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPXCP\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPXRIP\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPXROUTERMANAGER\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPXSAP\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\LDM\EventMessageFile=>C:\WINDOWS\SYSTEM32\DMADMIN.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\LDMS\EventMessageFile=>C:\WINDOWS\SYSTEM32\DMSERVER.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\LMHOSTS\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\LP6NDS35\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\MRAID35X\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\MRXSMB\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\MSADLIB\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\MSFS\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\MUP\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NCRC710\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NDIS\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NDISIP\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NDISWAN\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NETBIOS\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NETBT\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NETDDE\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETDDE.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NETLOGON\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NPFS\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NTFS\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NTMS\EventMessageFile=>C:\WINDOWS\SYSTEM32\NTMSEVT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NTSERVICEPACK\EventMessageFile=>C:\WINDOWS\SYSTEM32\SPMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NULL\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\OUTLOOK EXPRESS 6\EventMessageFile=>C:\WINDOWS\SYSTEM32\SPMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\POLICYAGENT\EventMessageFile=>C:\WINDOWS\SYSTEM32\POLAGENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\PPTPMINIPORT\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\PXHELP20\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\QL1080\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\QL10WNT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\QL1240\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\QL2100\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\RASAUTO\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\RASMAN\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\RDBSS\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\REMOTEACCESS\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\REMOTEACCESS\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\IASSVCS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\REMOVABLE STORAGE SERVICE\EventMessageFile=>C:\WINDOWS\SYSTEM32\NTMSEVT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\RSVP\EventMessageFile=>C:\WINDOWS\SYSTEM32\RSVPMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SAVE DUMP\EventMessageFile=>C:\WINDOWS\SYSTEM32\SAVEDUMP.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SCARDSVR\EventMessageFile=>C:\WINDOWS\SYSTEM32\SCARDSVR.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SCHANNEL\EventMessageFile=>C:\WINDOWS\SYSTEM32\LSASRV.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SCHANNEL\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\LSASRV.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SCHEDULE\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SCHEDULE\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SCSIPORT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SERVER\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SERVICE CONTROL MANAGER\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SFLOPPY\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SIMBAD\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SNDBLST\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SPARROW\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SRV\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\STILLIMAGE\EventMessageFile=>C:\WINDOWS\SYSTEM32\STISVC.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SYMC810\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SYMC8XX\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SYM_HI\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SYSTEM\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\EVENTLOG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\TCPIP\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\TCPMON\EventMessageFile=>C:\WINDOWS\SYSTEM32\TCPMON.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\TDI\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\UDFS\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ULTRA66\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\UPS\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WIN32K\EventMessageFile=>C:\WINDOWS\SYSTEM32\WIN32K.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WINDOWS FILE PROTECTION\EventMessageFile=>C:\WINDOWS\SYSTEM32\SFC.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WINDOWS INSTALLER 3.1\EventMessageFile=>C:\WINDOWS\SYSTEM32\SPMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WINDOWS SCRIPT HOST\EventMessageFile=>C:\WINDOWS\SYSTEM32\WSHEXT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WINDOWS UPDATE AGENT\EventMessageFile=>C:\WINDOWS\SYSTEM32\WUAUCPL.CPL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WINDOWS UPDATE AGENT\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\WUAUCPL.CPL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WINDOWSMEDIA\EventMessageFile=>C:\WINDOWS\SYSTEM32\SPMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WMI\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WORKSTATION\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETMSG.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WZCSVC\EventMessageFile=>C:\WINDOWS\SYSTEM32\WzCSVC.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DisplayNameFile=>C:\WINDOWS\SYSTEM32\ELS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\File=>C:\WINDOWS\SYSTEM32\CONFIG\SYSEVENT.EVT OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\EventMessageFile=>C:\WINDOWS\SYSTEM32\STISVC.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICES.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTSYSTEM\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\ES.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTSYSTEM\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FAX\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\FAXPERF.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FAX\ImagePath=>C:\WINDOWS\SYSTEM32\FAXSVC.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FBXUSB\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\FBXUSB.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FDC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FLPYDISK\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\FLPYDISK.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FLTMGR\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FTDISK\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\GAMEENUM\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\GAMEENUM.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\GEARASPIWDM\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\GEARASPIWDM.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\GPC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\I8042PRT\PARAMETERS\LayerDriver JPN=>C:\WINDOWS\SYSTEM32\KBD101.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\I8042PRT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IAS\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\IASPERF.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ICHAUD\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\ICHAUD.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\INTELIDE\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\INTELIDE.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IPFILTERDRIVER\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IPINIP\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IPNAT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IPODSERVICE\ImagePath=>C:\DOCUMENTS AND SETTINGS\DABADY\BUREAU\SHINA\BIN\IPODSERVICE.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IPSEC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IRENUM\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ISAPISEARCH\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\QUERY.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ISAPNP\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KBDCLASS\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KMIXER\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANSERVER\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICES.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANWORKSTATION\NETWORKPROVIDER\ProviderPath=>C:\WINDOWS\SYSTEM32\NTLANMAN.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANWORKSTATION\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICES.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LIVESRV\ImagePath=>C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LMHOSTS\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICES.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MESSENGER\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICES.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MNMSRVC\ImagePath=>C:\WINDOWS\SYSTEM32\MNMSRVC.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MOUCLASS\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MPE\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MPE.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MRXSMB\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSDTC\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\MSDTCUI.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSDTC\ImagePath=>C:\WINDOWS\SYSTEM32\MSDTC.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSISERVER\ImagePath=>C:\WINDOWS\SYSTEM32\MSIEXEC.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSKSSRV\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSPCLOCK\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSPQM\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSTEE\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MSTEE.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NABTSFEC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NABTSFEC.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NDISIP\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NDISIP.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NDISTAPI\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NDISUIO\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NDISWAN\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETBIOS\PARAMETERS\WINSOCK\HelperDllName=>C:\WINDOWS\SYSTEM32\WSHNETBS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETBIOS\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETBT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETDDE\ImagePath=>C:\WINDOWS\SYSTEM32\NETDDE.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETDDEDSDM\ImagePath=>C:\WINDOWS\SYSTEM32\NETDDE.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETLOGON\ImagePath=>C:\WINDOWS\SYSTEM32\LSASS.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETMAN\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\NETMAN.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETMAN\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NTLMSSP\ImagePath=>C:\WINDOWS\SYSTEM32\LSASS.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NTMSSVC\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\NTMSSVC.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NTMSSVC\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NWLNKFLT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NWLNKFWD\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PARALLEL\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\PARALLEL.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PARPORT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCI\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PERFDISK\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\PERFDISK.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PERFNET\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\PERFNET.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PERFOS\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\PERFOS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PERFPROC\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\PERFPROC.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PLUGPLAY\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICES.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\POLICYAGENT\ImagePath=>C:\WINDOWS\SYSTEM32\LSASS.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PPTPMINIPORT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PROTECTEDSTORAGE\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICES.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PTILINK\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PXHELP20\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\PXHELP20.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASACD\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASAUTO\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\RASAUTO.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASAUTO\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASL2TP\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\RASMANS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\CONTROLPROTOCOLS\BUILTIN\Path=>C:\WINDOWS\SYSTEM32\RASPPP.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\CONTROLPROTOCOLS\CHAP\Path=>C:\WINDOWS\SYSTEM32\RASCHAP.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\EAP\13\Path=>C:\WINDOWS\SYSTEM32\RASTLS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\EAP\13\ConfigUiPath=>C:\WINDOWS\SYSTEM32\RASTLS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\EAP\13\IdentityPath=>C:\WINDOWS\SYSTEM32\RASTLS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\EAP\13\InteractiveUIPath=>C:\WINDOWS\SYSTEM32\RASTLS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\EAP\25\Path=>C:\WINDOWS\SYSTEM32\RASTLS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\EAP\25\ConfigUiPath=>C:\WINDOWS\SYSTEM32\RASTLS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\EAP\25\IdentityPath=>C:\WINDOWS\SYSTEM32\RASTLS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\EAP\25\InteractiveUIPath=>C:\WINDOWS\SYSTEM32\RASTLS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\EAP\26\Path=>C:\WINDOWS\SYSTEM32\RASCHAP.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\EAP\26\ConfigUiPath=>C:\WINDOWS\SYSTEM32\RASCHAP.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\EAP\26\IdentityPath=>C:\WINDOWS\SYSTEM32\RASCHAP.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\EAP\26\InteractiveUIPath=>C:\WINDOWS\SYSTEM32\RASCHAP.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\EAP\4\Path=>C:\WINDOWS\SYSTEM32\RASCHAP.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\EAP\Path=>C:\WINDOWS\SYSTEM32\RASPPP.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASPTI\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RCA\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\RCA.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RDBSS\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REDBOOK\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\ACCOUNTING\PROVIDERS\{1AA7F840-C7F5-11D0-A376-00C04FC9DA04}\Path=>C:\WINDOWS\SYSTEM32\RASRAD.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\ACCOUNTING\PROVIDERS\{1AA7F846-C7F5-11D0-A376-00C04FC9DA04}\Path=>C:\WINDOWS\SYSTEM32\RASAUTH.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\AUTHENTICATION\PROVIDERS\{1AA7F83F-C7F5-11D0-A376-00C04FC9DA04}\Path=>C:\WINDOWS\SYSTEM32\RASRAD.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\AUTHENTICATION\PROVIDERS\{1AA7F841-C7F5-11D0-A376-00C04FC9DA04}\Path=>C:\WINDOWS\SYSTEM32\RASAUTH.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\DEMANDDIALMANAGER\DllPath=>C:\WINDOWS\SYSTEM32\MPRDDM.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\MPRDIM.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\RASCTRS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\POLICY\PIPELINES\01\STAGES\02\Description=>C:\WINDOWS\SYSTEM32\USER.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\POLICY\PIPELINES\01\STAGES\04\Description=>C:\WINDOWS\SYSTEM32\USER.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\POLICY\PIPELINES\01\STAGES\04\Name=>C:\WINDOWS\SYSTEM32\USER.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\POLICY\PIPELINES\02\STAGES\05\Description=>C:\WINDOWS\SYSTEM32\USER.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\POLICY\PIPELINES\02\STAGES\05\Name=>C:\WINDOWS\SYSTEM32\USER.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\POLICY\PIPELINES\03\STAGES\06\Description=>C:\WINDOWS\SYSTEM32\USER.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\POLICY\PIPELINES\03\STAGES\06\Name=>C:\WINDOWS\SYSTEM32\USER.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\ROUTERMANAGERS\IP\DLLPath=>C:\WINDOWS\SYSTEM32\IPRTRMGR.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEACCESS\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\REMOTEREGISTRY\ImagePath=>C:\WINDOWS\SYSTEM32\REGSVC.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ROOTMODEM\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\ROOTMDM.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RPCLOCATOR\ImagePath=>C:\WINDOWS\SYSTEM32\LOCATOR.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RPCSS\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\RPCSS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RSVP\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\RSVPPERF.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RSVP\ImagePath=>C:\WINDOWS\SYSTEM32\RSVP.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SAMSS\ImagePath=>C:\WINDOWS\SYSTEM32\LSASS.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SBSERVICE\ImagePath=>C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBSERV.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SCARDDRV\ImagePath=>C:\WINDOWS\SYSTEM32\SCARDSVR.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SCARDSVR\ImagePath=>C:\WINDOWS\SYSTEM32\SCARDSVR.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SCHEDULE\ImagePath=>C:\WINDOWS\SYSTEM32\MSTASK.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SECLOGON\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICES.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SENS\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\SENS.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SENS\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SERENUM\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SERIAL\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\IPNATHLP.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SLIP\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\SLIP.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SPOOLER\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\WINSPOOL.DRV OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SPOOLER\ImagePath=>C:\WINDOWS\SYSTEM32\SPOOLSV.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SPUPDSVC\ImagePath=>C:\WINDOWS\SYSTEM32\SPUPDSVC.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SRV\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\STISVC\ImagePath=>C:\WINDOWS\SYSTEM32\STISVC.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\STREAMIP\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\STREAMIP.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SWENUM\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SWMIDI\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSAUDIO\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSMONLOG\ImagePath=>C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TAPISRV\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\TAPISRV.DLL OK
      <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CUR
      0
  8. Utilisateur anonyme
     
    comment se comporte ton pc ?
    refaits un scan HJT
    0
  9. Yusuke21 Messages postés 37 Statut Membre
     
    Voici le dernier rapport de HJT :

    Logfile of HijackThis v1.99.1
    Scan saved at 22:14:26, on 22/01/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MSTask.exe
    C:\WINDOWS\system32\stisvc.exe
    C:\WINDOWS\System32\WBEM\WinMgmt.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\internat.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*https://fr.yahoo.com/?p=us
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\7.tmp
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://shina1.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - (no file)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Documents and Settings\Dabady\Bureau\Shina\bin\iPodService.exe
    O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - C:\WINDOWS\system32\7.tmp (file missing)
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

    Pour le comportement du PC, il est un peu plus lent que d'habitude mais je pense que c'est à cause d'avast + AVG. Sinon je n'ai rien remarqué d'autre pour le moment !
    Merci !
    0
  10. Utilisateur anonyme
     
    coches ceci + fixer
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://shina1.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - (no file)
    0
  11. Yusuke21 Messages postés 37 Statut Membre
     
    J'ai fait ce que vous m'avez dit de faire. Voilà le nouveau rapport HJT :

    Logfile of HijackThis v1.99.1
    Scan saved at 22:34:00, on 23/01/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MSTask.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\stisvc.exe
    C:\WINDOWS\System32\WBEM\WinMgmt.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\internat.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*https://fr.yahoo.com/?p=us
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\7.tmp
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Documents and Settings\Dabady\Bureau\Shina\bin\iPodService.exe
    O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - C:\WINDOWS\system32\7.tmp (file missing)
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

    Dois je refaire une sauvegarde du registre ?
    0
  12. Utilisateur anonyme
     
    stoppe le processus de ceci quand tu fais un log HJT:
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    ça c'est plus que douteux !
    --------------------------------------------------------------------------

    O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - C:\WINDOWS\system32\7.tmp (file missing)

    cible-moi la chose :7.tmp
    si tu la trouve ....
    avec ceci
    (en haut de la page, tu cibles)
    http://www.virustotal.com/en/virustotalx.html
    ------------------------------------------------------------------------
    coches + fixer
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    Inconnu
    O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - C:\WINDOWS\system32\7.tmp (file missing)
    --------------------------------------------------
    tapes services.msc dans Exécuter et ferme ce service
    Windows Network Security Management Service (nsms)

    0
  13. Yusuke21 Messages postés 37 Statut Membre
     
    Bon je pense que ça va commencer à se compliquer. Tout d'abord voilà le nouveau rapport HJT :

    Logfile of HijackThis v1.99.1
    Scan saved at 19:03:57, on 24/01/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MSTask.exe
    C:\WINDOWS\system32\stisvc.exe
    C:\WINDOWS\System32\WBEM\WinMgmt.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\internat.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*https://fr.yahoo.com/?p=us
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\7.tmp
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Documents and Settings\Dabady\Bureau\Shina\bin\iPodService.exe
    O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - C:\WINDOWS\system32\7.tmp (file missing)
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

    Ensuite je ne retrouve pas ce fichier "7.tmp" en revanche il me dit quelque chose. Il y a plusieurs mois, j'ai été vérolé. Un virus s'était introduit par un faille de sécurité. C'est à ce moment là que j'ai appris que mon PC ne faisait plus de mises à jour automatiques Windows. J'ai pu télécharger manuellement la mise à jour pour palier à la faille. Lorsque je lançais Avast et Spybot, les 2 reconnaissaient comme infectés un fichier "4.tmp", mais j'avais beau le supprimer, il revenait toujours. De plus d'autres fichiers apparaissaient dans le même répertoire dont le "7.tmp". Une fois la mise à jour effectuée, j'ai supprimé manuellement ( une erreur de ma part ? ) les fichiers "chiffre.tmp" qui se trouvait dans "system32".

    Concernant " C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe", je n'arrive pas à arréter le processus. il me met que l'accès est refusé. ( je passe par le gestionnaire des tâches )
    De même, le service "Windows Network Security Management Service (nsms) " est marqué comme "arrété" lorsque je fais la commande "services.msc"

    Je me sens un peu perdu du coup... En tout cas merci pour votre aide !
    0
  14. Utilisateur anonyme
     
    ok, si le service est arrêté c'est ok, assures-toi !
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    ----------------------------------------------------------------------
    lorsque je vois ça sur un pc contaminé je le fait illico désinstaller:
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    ------------------------------------------------------------------------------
    ferme ce service:
    O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - C:\WINDOWS\system32\7.tmp (file missing)
    0
    1. Yusuke21 Messages postés 37 Statut Membre
       
      Donc si j'ai bien compris :
      il suffit que j'arrète AVG pour arréter son processus
      je dois cocher et fixer "O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - C:\WINDOWS\system32\7.tmp (file missing)"
      Je dois désinstaller MSN plus ! ( et le réinstaller si je le souhaite une fois l'ordi bien nettoyé !

      Désolé, je ne suis pas très doué ...
      0
  15. Utilisateur anonyme
     
    ok mais de plus , tu arrête le service:
    Windows Network Security Management Service (nsms)
    Pour ça tu tapes sevices.msc dans Démarrer/Exécuter
    et tu recherches Windows Network Security Management Service dans la colonne de droite/une fois trouvé tu arrête ce service/clic droit dessus/propriété/et là tu arrête ce truc !

    0
  16. Yusuke21 Messages postés 37 Statut Membre
     
    Voilà le dernier rapport HJT :

    Logfile of HijackThis v1.99.1
    Scan saved at 19:51:02, on 25/01/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MSTask.exe
    C:\WINDOWS\system32\stisvc.exe
    C:\WINDOWS\System32\WBEM\WinMgmt.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\internat.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*https://fr.yahoo.com/?p=us
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\7.tmp
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\Dabady\LOCALS~1\Temp\MsgPlusUninst.bat"
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://shinasan.wordpress.com/
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Documents and Settings\Dabady\Bureau\Shina\bin\iPodService.exe
    O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - C:\WINDOWS\system32\7.tmp (file missing)
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

    Par contre "Windows Network Security Management Service" est déjà arrété !! En fait, lorsque je fais clic-droit, je n'ai que l'option "démarrer" qui est disponible. Et j'ai beau fixer la ligne elle revient toujours.
    0
  17. Utilisateur anonyme
     
    question ?
    je vois MessengerPlus, quand je vois ça sur un pc, je demande de le désisntaller, ça apporte trop de soucis .
    Du moins le temps de la désincfection, si tu veux te réinsfecter par après avec ce truc, libre à toi. Perso je considère ce truc comme une infection !

    0
  18. Yusuke21 Messages postés 37 Statut Membre
     
    C'est étrange car je l'ai bien désinstallé... en tout cas merci pour la recommandation. Je le réinstalle et le désinstalle. J'ai peut être oublié de cocher ou décocher une option.
    0
  • 1
  • 2