Sujet Précédent Sujet Suivant

Cheval de troie Win32 (quoi pas original???)

Claire49 -  
papyber Messages postés 6430 Statut Contributeur sécurité -
Bonjour,

Maladie: Infection cheval de troie win32.
Symptomes: cf copier/coller ci bas.
Diagnostic: ??

Comme une petite tripotée d'internautes j ai bien suivi l étape jusqu'au copier coller du scan hijack mais après j'ai besoin d'un cerveau plus brillant. Qu'est ce que je dois éliminer au juste ? (et surtout comment les reconnaitre?)

D'avance merciii !

Logfile of HijackThis v1.99.1
Scan saved at 13:47:31, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\Toshiba\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\RegistrySmart\RegistrySmart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\documents and settings\patricia romé\local settings\application data\orouwjbc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\patricia romé\Local Settings\Temp\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautossearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.244.15.6:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\FICHIE~1\Real\Toolbar\realbar.dll
O2 - BHO: FlawUpload - {52A3676C-BA4C-270E-C893-DBF9ED9C9C60} - C:\PROGRA~1\SKIPDE~1\bend gram.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\Commandes TOSHIBA\TFncKy.exe /Type 28
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [Support Dog] C:\PROGRA~1\DEFYFI~1\holedumbcoal.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\patricia romé\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\patricia romé\Client\HelpExp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [qwiluhsna] c:\documents and settings\patricia romé\local settings\application data\qwiluhsna.exe qwiluhsna
O4 - HKCU\..\Run: [orouwjbc] c:\documents and settings\patricia romé\local settings\application data\orouwjbc.exe orouwjbc
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - https://www.afternic.com/domains/errorsafe.com
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D85D5DA-9CBA-4924-B24D-D322F719EBBF}: NameServer = 85.255.116.165,85.255.112.195
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EB048A9-9EBD-4E48-93D3-B451DB007A6E}: NameServer = 85.255.116.165,85.255.112.195
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.165 85.255.112.195
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.165 85.255.112.195
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.165 85.255.112.195
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
A voir également:

55 réponses

Précédent
Réponse 41 / 55
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
tu as Registrysmart! c'est un rogue un faux utilitaire qui t'infecte!!
http://assiste.com.free.fr/p/craptheque/registrysmart.html

supprime par ajout suppression de programmes, en mode sans échec si tu n'y arrives pas en mode normal
Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous, 
C:\Documents and Settings\patricia romé\Application Data\RegistrySmart 
C:\WINDOWS\Tasks\RegistrySmart
C:\Program Files\defyfivewait
C:\Program Files\Kind delete 
C:\Program Files\RegistrySmart
C:\Program Files\Skip delete kind 
C:\Program Files\TBONBin


et colle-la dans le cadre de gauche de OTMoveIt2 :
Paste standard List of Files/Folders to be moved.
.
clique sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\\\_OTMoveIt\MovedFiles.

il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.

0
Réponse 42 / 55
gabie44
 
Bon sang je n arrive pas à coller la rapport. Ca arrive
0
Réponse 43 / 55
gabie44
 
SystemScan - www.suspectfile.com - ver. 3.5.0 (code: holifay & bReAkdOWn)

Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\patricia romé\Bureau\sys77654.exe
Running in: User mode
Date: 19/02/2008
Time: 21:35:54

Output limited to:
-PC accounts
-Recent files
-Duplicates in BAK folders
-Registry Run Keys
-Autoplay settings (autorun.inf)
-Scheduled jobs
-Services and Drivers (all)
-Svchost.exe instances
-Loaded Dlls
-Alternate Data Sreams
-Encrypted Files
-Hidden objects
-Master Boot Record
-Network settings
-Include HOSTS file
-Suspicious Files
-Installed Applications
-Include hijackthis.log

===================== Accounts on this PC =====================

Users on this computer:
Is Admin? | Username
------------------
Yes | Administrateur
| HelpAssistant (Disabled)
| Invité
Yes | patricia romé
| SUPPORT_388945a0 (Disabled)

### users folders

16/01/2003 11:14:52 (DIR) 0 byte 1860 days old -- All Users
16/01/2003 11:14:52 (DIR) 0 byte 1860 days old -- Default User
16/01/2003 11:26:24 (DIR) 0 byte 1860 days old -- NetworkService
16/01/2003 11:26:26 (DIR) 0 byte 1860 days old -- LocalService
11/10/2003 06:06:48 (DIR) 0 byte 1592 days old -- patricia romé
28/09/2007 00:17:22 (DIR) 0 byte 144 days old -- Spybot - Search & Destroy

### startup files in users folders

C:\documents and settings\Default User\Menu Démarrer\Programmes\Démarrage\desktop.ini
C:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
C:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
C:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\TL-WN321G Wireless Utility.lnk
C:\documents and settings\patricia romé\Menu Démarrer\Programmes\Démarrage\desktop.ini

===================== Recent files (30 days old) =====================

----- recent files in C:\
21/01/2008 15:52:44 (DIR) 0 byte 29 days old -- FOUND.025
24/01/2008 09:31:00 (DIR) 0 byte 26 days old -- FOUND.026
12/02/2008 11:23:14 (DIR) 0 byte 7 days old -- temp
15/02/2008 17:48:20 1401 byte 4 days old -- resultat.txt
19/02/2008 15:20:48 (DIR) 0 byte 0 days old -- FOUND.000
19/02/2008 20:46:52 1906 byte 0 days old -- cleannavi.txt
19/02/2008 20:54:04 (DIR)805306368 byte 0 days old -- pagefile.sys
19/02/2008 21:35:54 (DIR) 0 byte 0 days old -- suspectfile

----- recent files in C:\WINDOWS\
21/01/2008 22:54:58 536297472 byte 29 days old -- MEMORY.DMP
11/02/2008 15:18:38 0 byte 8 days old -- setuperr.log
14/02/2008 12:27:18 1029712 byte 5 days old -- setupapi.log.0.old
14/02/2008 18:25:22 (DIR) 0 byte 5 days old -- $NtUninstallKB943055$
14/02/2008 18:25:28 12692 byte 5 days old -- KB943055.log
14/02/2008 18:25:30 (DIR) 0 byte 5 days old -- $NtUninstallKB943485$
14/02/2008 18:25:34 12745 byte 5 days old -- KB943485.log
14/02/2008 18:25:38 (DIR) 0 byte 5 days old -- $NtUninstallKB944533$
14/02/2008 18:25:50 119711 byte 5 days old -- updspapi.log
14/02/2008 18:25:52 34406 byte 5 days old -- KB944533.log
14/02/2008 18:25:54 (DIR) 0 byte 5 days old -- $NtUninstallKB946026$
14/02/2008 18:25:58 16166 byte 5 days old -- KB946026.log
14/02/2008 18:26:00 (DIR) 0 byte 5 days old -- $NtUninstallKB941644$
14/02/2008 18:26:02 1374 byte 5 days old -- imsins.BAK
14/02/2008 18:26:02 16161 byte 5 days old -- KB941644.log
14/02/2008 18:27:48 (DIR) 0 byte 5 days old -- $NtUninstallKB946627$
14/02/2008 18:27:52 721674 byte 5 days old -- ocgen.log
14/02/2008 18:27:52 10543 byte 5 days old -- KB946627.log
14/02/2008 18:27:52 72828 byte 5 days old -- msgsocm.log
14/02/2008 18:27:52 58305 byte 5 days old -- ocmsn.log
14/02/2008 18:27:52 258184 byte 5 days old -- ntdtcsetup.log
14/02/2008 18:27:52 1374 byte 5 days old -- imsins.log
14/02/2008 18:27:52 427098 byte 5 days old -- comsetup.log
14/02/2008 18:27:52 230973 byte 5 days old -- iis6.log
14/02/2008 18:27:52 563886 byte 5 days old -- tsoc.log
14/02/2008 18:27:52 1451485 byte 5 days old -- FaxSetup.log
15/02/2008 10:24:52 1409 byte 4 days old -- QTFont.for
15/02/2008 16:42:28 11051 byte 4 days old -- setupapi.log
19/02/2008 11:36:14 217445 byte 0 days old -- setupact.log
19/02/2008 11:38:00 191168 byte 0 days old -- ntbtlog.txt
19/02/2008 20:53:00 50 byte 0 days old -- wiaservc.log
19/02/2008 20:53:02 32592 byte 0 days old -- SchedLgU.Txt
19/02/2008 20:53:02 1430263 byte 0 days old -- WindowsUpdate.log
19/02/2008 20:54:08 2048 byte 0 days old -- bootstat.dat
19/02/2008 20:54:08 0 byte 0 days old -- 0.log
19/02/2008 20:54:22 54156 byte 0 days old -- QTFont.qfn
19/02/2008 20:54:40 259 byte 0 days old -- wiadebug.log

----- recent files in C:\WINDOWS\Downloaded Program Files\

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
23/01/2008 00:33:28 48616 byte 27 days old -- perfc00C.dat
23/01/2008 00:33:28 360448 byte 27 days old -- perfh00C.dat
24/01/2008 09:04:48 355944 byte 26 days old -- PerfStringBackup.INI
24/01/2008 09:36:06 39876 byte 26 days old -- perfc009.dat
24/01/2008 09:36:06 311296 byte 26 days old -- perfh009.dat
04/02/2008 15:09:48 18214008 byte 15 days old -- MRT.exe
12/02/2008 17:20:34 3072 byte 7 days old -- CONFIG.NT
14/02/2008 18:27:44 197 byte 5 days old -- MRT.INI
19/02/2008 11:34:56 0 byte 0 days old -- tmp.txt
19/02/2008 20:54:22 1158 byte 0 days old -- wpa.dbl

----- recent files in C:\WINDOWS\system32\drivers\
12/02/2008 15:53:56 20747 byte 7 days old -- AegisP.sys
12/02/2008 17:53:22 85860 byte 7 days old -- klick.dat
12/02/2008 17:53:22 91700 byte 7 days old -- klin.dat
12/02/2008 17:53:28 194320 byte 7 days old -- klif.sys
19/02/2008 20:53:04 1568 byte 0 days old -- fidbox2.dat
19/02/2008 20:53:04 1268 byte 0 days old -- fidbox.idx
19/02/2008 20:53:04 14368 byte 0 days old -- fidbox.dat
19/02/2008 20:53:04 1220 byte 0 days old -- fidbox2.idx

----- recent files in C:\WINDOWS\temp\
19/02/2008 20:54:18 255 byte 0 days old -- WGAErrLog.txt
19/02/2008 20:54:30 409 byte 0 days old -- WGANotify.settings
19/02/2008 21:29:38 8192 byte 0 days old -- cch~1d1684d1f.htp
19/02/2008 21:29:38 8192 byte 0 days old -- cch~1d1685139.htp
19/02/2008 21:32:20 8192 byte 0 days old -- cch~1f3f4a3da.htp
19/02/2008 21:32:20 8192 byte 0 days old -- cch~1f3f49fbe.htp
19/02/2008 21:32:22 8192 byte 0 days old -- cch~1f4233ee6.htp
19/02/2008 21:32:22 8192 byte 0 days old -- cch~1f4234a70.htp
19/02/2008 21:35:50 8192 byte 0 days old -- cch~2209170d6.htp
19/02/2008 21:35:50 8192 byte 0 days old -- cch~220916cc5.htp

----- recent files in C:\Program Files\
11/02/2008 21:30:26 (DIR) 0 byte 8 days old -- TP-LINK
12/02/2008 17:26:06 (DIR) 0 byte 7 days old -- Kaspersky Lab
13/02/2008 12:45:04 (DIR) 0 byte 6 days old -- RegistrySmart
15/02/2008 16:49:28 (DIR) 0 byte 4 days old -- Navilog1
19/02/2008 11:50:12 (DIR) 0 byte 0 days old -- Trend Micro

----- recent files in C:\Program Files\Fichiers communs\

----- recent files in C:\Documents and Settings\patricia romé\Application Data\
12/02/2008 16:02:56 (DIR) 0 byte 7 days old -- Google
13/02/2008 12:45:34 (DIR) 0 byte 6 days old -- RegistrySmart

----- recent files in C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\
19/02/2008 17:10:48 81920 byte 0 days old -- BFU.exe
19/02/2008 20:47:00 (DIR) 0 byte 0 days old -- Drag'n Drop CD
19/02/2008 20:52:42 114688 byte 0 days old -- ~DF7A1E.tmp
19/02/2008 20:54:34 114688 byte 0 days old -- ~DFE1FC.tmp
19/02/2008 20:54:34 0 byte 0 days old -- JET203A.tmp
19/02/2008 20:54:42 6935 byte 0 days old -- cc3data_init.xml
19/02/2008 21:11:42 78686 byte 0 days old -- bfu.zip
19/02/2008 21:34:40 59 byte 0 days old -- systemscan.ini
19/02/2008 21:34:40 (DIR) 0 byte 0 days old -- nsc106.tmp
19/02/2008 21:34:50 16384 byte 0 days old -- ~DF1435.tmp

===================== Duplicated files in BAK folders =====================

No BAK folders found

===================== REGISTRY SCAN =====================

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"nwiz"="nwiz.exe /installquiet"
"PmProxy"="C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe"
"00THotkey"="C:\WINDOWS\System32\00THotkey.exe"
"000StTHK"="000StTHK.exe"
"Tpwrtray"="TPWRTRAY.EXE"
"TMESBS.EXE"="C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client"
"TFncKy"="C:\Program Files\Toshiba\Commandes TOSHIBA\TFncKy.exe /Type 28"
"TFNF5"="TFNF5.exe"
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe"
"AdslTaskBar"="rundll32.exe stmctrl.dll,TaskBar"
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe"
"Drag'n Drop CD"="C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp"
"Support Dog"="C:\PROGRA~1\DEFYFI~1\holedumbcoal.exe"
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe\" -osboot"
"SSBkgdUpdate"="\"C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe\" -Embedding -boot"
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN"
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe"
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun"
"Adobe Reader Speed Launcher"="\"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\""
"avgnt"="\"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe\" /min"
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"RegistrySmart"="\"C:\Program Files\RegistrySmart\RegistrySmart.exe\" -boot"
"AVP"="\"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe\""

[Run\optionalcomponents]
@=""

[Run\optionalcomponents\IMAIL]
"Installed"="1"
@=""

[Run\optionalcomponents\MAPI]
"Installed"="1"
"NoChange"="1"
@=""

[Run\optionalcomponents\MSFS]
"Installed"="1"
@=""

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
"MoneyAgent"="\"C:\Program Files\Microsoft Money\System\mnyexpr.exe\""
"HXIUL.EXE"="C:\Program Files\Alset\HelpExpress\patricia romé\HXIUL.EXE"
"HELPEXP.EXE"="C:\Program Files\Alset\HelpExpress\patricia romé\Client\HelpExp.exe"
"MsnMsgr"="\"C:\Program Files\MSN Messenger\MsnMsgr.Exe\" /background"
"CTSyncU.exe"="\"C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe\""
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe"
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[run]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"=""

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%SystemRoot%\System32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\System32\stobject.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Mappage de zones Internet Explorer"
"DllName"=expand:"iedkcs32.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"=expand:"iedkcs32.dll"
"@="Personnalisation de Internet Explorer"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installation de logiciel"
"DllName"=expand:"appmgmts.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"

[Winlogon\Notify\klogon]
"DllName"="C:\WINDOWS\system32\klogon.dll"
@=""

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"

[Winlogon\Notify\WgaLogon]
"DllName"=expand:"WgaLogon.dll"

[Winlogon\Notify\WgaLogon\Settings]

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp;Local Settings\Application Data\Microsoft\Outlook"
"BuildNumber"=dword:00000a28

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[RunOnceEx]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}]
#### HKCR\CLSID\{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}\InprocServer32 @="C:\PROGRA~1\FICHIE~1\Real\Toolbar\realbar.dll"

[Browser Helper Objects\{52A3676C-BA4C-270E-C893-DBF9ED9C9C60}]
#### HKCR\CLSID\{52A3676C-BA4C-270E-C893-DBF9ED9C9C60}\InprocServer32 @="C:\PROGRA~1\SKIPDE~1\bend gram.dll"

[Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
@=""

[Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
#### HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InprocServer32 @="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"

[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\program files\google\googletoolbar1.dll"

[Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
#### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll"

[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
#### HKCR\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServer32 @="C:\Program Files\Windows Live Toolbar\msntb.dll"
@=""

[Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\NoExplorer]
@=dword:00000001

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\System32\shdocvw.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----

-----HKCU\Control Panel\Desktop\-----

[Desktop]

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\System32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]

[Lsa\AccessProviders]

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Audit]

[Lsa\Audit\PerUserAuditing]

[Lsa\Audit\PerUserAuditing\System]

[Lsa\Data]

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"

-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Pare-feu Windows / Partage de connexion Internet"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"DependOnGroup"=multi:"\00"
"ObjectName"="LocalSystem"
"Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."

[SharedAccess\Epoch]
"Epoch"=dword:0000114b

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enaxxxxx@xxxxxres.dll,-22004"
"445:TCP"="445:TCP:*:Enaxxxxx@xxxxxres.dll,-22005"
"137:UDP"="137:UDP:*:Enaxxxxx@xxxxxres.dll,-22001"
"138:UDP"="138:UDP:*:Enaxxxxx@xxxxxres.dll,-22002"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\WINDOWS\System32\P2P Networking\P2P Networking.exe"="C:\WINDOWS\System32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\French\setup.exe"="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\French\setup.exe:*:Enabled:Programme d'installation de Kaspersky Anti-Virus 7.0"

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22008"

[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"{635C7062-E890-443A-908E-34B9BB9A0ABC}"=dword:00000001
"{86EE1BFF-B54F-482E-8DFB-EAE7F869D3D1}"=dword:00000001
"{716EBD87-920C-429B-8B19-9D4864355BC0}"=dword:00000001
"{8C6B525F-1CC1-4CBD-B4E3-6394BA18C21C}"=dword:00000001

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\

[Ole\AppCompat]

[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000000

[Security Center\Monitoring]

[Security Center\Monitoring\AhnlabAntiVirus]

[Security Center\Monitoring\ComputerAssociatesAntiVirus]

[Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
@=""

[Security Center\Monitoring\McAfeeAntiVirus]

[Security Center\Monitoring\McAfeeFirewall]

[Security Center\Monitoring\PandaAntiVirus]

[Security Center\Monitoring\PandaFirewall]

[Security Center\Monitoring\SophosAntiVirus]

[Security Center\Monitoring\SymantecAntiVirus]

[Security Center\Monitoring\SymantecFirewall]

[Security Center\Monitoring\TinyFirewall]

[Security Center\Monitoring\TrendAntiVirus]

[Security Center\Monitoring\TrendFirewall]

[Security Center\Monitoring\ZoneLabsFirewall]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{CE51C025-C30A-45F1-ACAC-9FAA03ACAE23}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

[VB and VBA Program Settings]

[VB and VBA Program Settings\Capture Pages Jaunes]

[VB and VBA Program Settings\Capture Pages Jaunes\Options]

[VB and VBA Program Settings\Euro Add-in]

[VB and VBA Program Settings\Euro Add-in\Wizard Options]

[VB and VBA Program Settings\PDA Outlook Sync]

[VB and VBA Program Settings\PDA Outlook Sync\CommSettings]

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Lecteur Windows Media"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE"

[Installed Components\>{34CD4C6A-0C6B-4A5A-A2DD-524B749F5B11}]
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
"@="Personnalisation du navigateur"
"ComponentID"="BRANDING.CAB"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{02f78298-8af6-495c-9ecb-b6ae68678186}]
"@="KB867282"
"ComponentID"="KB867282"

[Installed Components\{04d6265d-6b5d-41c3-9e7c-48be15919643}]
"@="KB890923"
"ComponentID"="KB890923"

[Installed Components\{057997dd-71e4-43cc-b161-3f8180691a9e}]
"@="Q824145"
"ComponentID"="Q824145"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\System32\msjava.dll"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
"@="Internet Explorer Classes for Java"
"ComponentID"="IEJAVA"

[Installed Components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0e}]
"@="Fichier Lisez-moi d'Internet Explorer"
"ComponentID"="IEREADME"

[Installed Components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0f}]
"@="IEEX"
"ComponentID"="IEEX"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendu VML (Vector Graphics Rendering)"
"ComponentID"="MSVML"

[Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}]
#### HKCR\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 @="C:\WINDOWS\System32\macromed\Shockwave 10\Download.dll"
"ComponentID"="Director"
"@="Macromedia Shockwave Director 8.5.1"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Lecteur Windows Media Microsoft 6.4"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
#### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\system32\danim.dll"
"@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
"ComponentID"="Director"
"@="Macromedia Shockwave Director 8.5.1"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{2cc9d512-6db6-4f1c-8979-9a41fae88de0}]
"@="Q837009"
"ComponentID"="Q837009"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Liaison de données Dynamic HTML pour Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Logiciel de navigation hors connexion"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Création avancée"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft DirectX"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Aide sur Internet Explorer"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classes Java DirectAnimation"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
"@="Windows Messenger 4.7"
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5c9ff2bf-938d-47fe-85d9-9dbab4f65018}]
"@="KB897715"
"ComponentID"="KB897715"

[Installed Components\{5DB0C8C8-885F-4917-8D3A-A4F13F6C1C2F}]
"@="Sun Java Runtime Environment"
"ComponentID"="CUSTOM1"

[Installed Components\{5f3c70b3-ac2f-432c-8f9c-1624df61f54f}]
"@="Microsoft Data Access Components KB870669"
"ComponentID"="KB870669"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Outils d'installation Internet Explorer"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Améliorations pour la navigation"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\System32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="Accès au site MSN"
"ComponentID"="MSN_Auth"

[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
"@="Dossiers Web"
"ComponentID"="WebFolders"
"StubPath"=""

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Carnet d'adresses 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{795d0712-722c-43ec-906a-fc5e678eada9}]
"@="Q831167"
"ComponentID"="Q831167"

[Installed Components\{839117ee-2132-4bae-a56a-42b50204c9b9}]
"@="KB889293"
"ComponentID"="KB889293"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Mise à jour du Bureau Windows"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer 6"
"ComponentID"="BASEIE40_W2K"
"StubPath"=expand:"%SystemRoot%\system32\ie4uinit.exe"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Liaison de données Dynamic HTML"
"ComponentID"="Tridata"

[Installed Components\{96543d59-497a-4801-a1f3-5936aacaf7b1}]
"@="Q828750"
"ComponentID"="Q828750"

[Installed Components\{ae594d5e-dd07-4e54-8252-daa5aebbd4ec}]
"@="KB905915"
"ComponentID"="KB905915"

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Polices de base Internet Explorer"
"ComponentID"="Fontcore"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Planificateur de tâches"
"ComponentID"="MSTASK"

[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player 9 ActiveX"
"ComponentID"="Flash"

[Installed Components\{DBB3C81D-3C91-4a1e-BDDF-905B61C7CEDF}]
"@="Security Update for the Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\System32\msjava.dll"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="Aide HTML"
"ComponentID"="HTMLHelp"

[Installed Components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
"StubPath"=expand:"rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub"
"ComponentID"="Frontpad_259"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"

[Installed Components\{eddbec60-89cb-44ef-8291-0850fd28ff6a}]
"@="Q832894"
"ComponentID"="Q832894"

[Installed Components\{f5173cf0-1dfb-4978-8e50-a90169ee7ca9}]
"@="Q823353"
"ComponentID"="Q823353"

[Installed Components\{F5776D81-AE53-4935-8E84-B0B283D8BCEF}]
"@="Q330994"
"ComponentID"="Q330994"

-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\HTTP\Parameters\Synchronize
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\klif\Parameters\909\Filters 000000000 REG_BINARY 000000008D0300008A00000003000000000000000000000000000000040000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000D000000082000000300000004000000000080011D000000022000000200000008000000E7030000000000000B00000008200000000000009400000043003A005C0044004F00430055004D0045004E0054005300200041004E0044002000530045005400540049004E00470053005C0041004C004C002000550053004500520053005C004100500050004C00490043004100540049004F004E00200044004100540041005C004B004100530050004500520053004B00590020004C00410042005C0041005600500037005C002A000000
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\klif\Parameters\909\Filters 000000000 REG_BINARY 6862696E8D0300004700000003000000000000000000000000000000040000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000D000000082000000300000004000000000080011D000000022000000200000008000000E7030000000000000B00000008200000000000009400000043003A005C0044004F00430055004D0045004E0054005300200041004E0044002000530045005400540049004E00470053005C0041004C004C002000550053004500520053005C004100500050004C00490043004100540049004F004E00200044004100540041005C004B004100530050004500520053004B00590020004C00410042005C0041005600500037005C002A000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\klif\Parameters\909\Filters 000000001 REG_BINARY 000000008D0300008B00000003000000000000000000000000000000040000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000D000000082000000300000004000000000080011D000000022000000200000008000000E7030000000000000B00000008200000000000005C00000043003A005C0044004F00430055004D0045007E0031005C0041004C004C005500530045007E0031005C004100500050004C00490043007E0031005C004B00410053005000450052007E0032005C0041005600500037005C002A000000
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\klif\Parameters\909\Filters 000000001 REG_BINARY 6862696E8D0300004800000003000000000000000000000000000000040000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000D000000082000000300000004000000000080011D000000022000000200000008000000E7030000000000000B00000008200000000000005C00000043003A005C0044004F00430055004D0045007E0031005C0041004C004C005500530045007E0031005C004100500050004C00490043007E0031005C004B00410053005000450052007E0032005C0041005600500037005C002A000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\klif\Parameters\909\Filters 000000002 REG_BINARY 000000008D0300009000000003000000000000000000000000000000040000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000D000000082000000300000004000000000080011D000000022000000200000008000000E7030000000000000B00000008200000000000007400000043003A005C00500052004F004700520041004D002000460049004C00450053005C004B004100530050004500520053004B00590020004C00410042005C004B004100530050004500520053004B005900200041004E00540049002D0056004900520055005300200037002E0030005C002A000000
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\klif\Parameters\909\Filters 000000002 REG_BINARY 6862696E8D0300004D00000003000000000000000000000000000000040000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000D000000082000000300000004000000000080011D000000022000000200000008000000E7030000000000000B00000008200000000000007400000043003A005C00500052004F004700520041004D002000460049004C00450053005C004B004100530050004500520053004B00590020004C00410042005C004B004100530050004500520053004B005900200041004E00540049002D0056004900520055005300200037002E0030005C002A000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\klif\Parameters\909\Filters 000000003 REG_BINARY 000000008D0300009100000003000000000000000000000000000000040000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000D000000082000000300000004000000000080011D000000022000000200000008000000E7030000000000000B00000008200000000000004400000043003A005C00500052004F004700520041007E0031005C004B00410053005000450052007E0031005C004B00410053005000450052007E0031002E0030005C002A000000
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\klif\Parameters\909\Filters 000000003 REG_BINARY 6862696E8D0300004E00000003000000000000000000000000000000040000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000D000000082000000300000004000000000080011D000000022000000200000008000000E7030000000000000B00000008200000000000004400000043003A005C00500052004F004700520041007E0031005C004B00410053005000450052007E0031005C004B00410053005000450052007E0031002E0030005C002A000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\klif\Parameters\909\Filters 000000004 REG_BINARY 000000008D0300009200000003000000000000000000000000000000040000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000D000000082000000300000004000000000080011D000000022000000200000008000000E7030000000000000B00000008200000000000004A00000043003A005C00570049004E0044004F00570053005C00530059005300540045004D00330032005C0044005200490056004500520053005C004B004C00490046002E005300590053000000
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\klif\Parameters\909\Filters 000000004 REG_BINARY 6862696E8D0300004F00000003000000000000000000000000000000040000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000D000000082000000300000004000000000080011D000000022000000200000008000000E7030000000000000B00000008200000000000004A00000043003A005C00570049004E0044004F00570053005C00530059005300540045004D00330032005C0044005200490056004500520053005C004B004C00490046002E005300590053000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\klif\Parameters\909\Filters 000000005 REG_BINARY 000000008D0300009300000003000000000000000000000000000000040000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000D000000082000000300000004000000000080011D000000022000000200000008000000E7030000000000000B00000008200000000000004800000043003A005C00570049004E0044004F00570053005C00530059005300540045004D00330032005C0044005200490056004500520053005C004B004C0031002E005300590053000000
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\klif\Parameters\909\Filters 000000005 REG_BINARY 6862696E8D0300005000000003000000000000000000000000000000040000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000D000000082000000300000004000000000080011D000000022000000200000008000000E7030000000000000B00000008200000000000004800000043003A005C00570049004E0044004F00570053005C00530059005300540045004D00330032005C0044005200490056004500520053005C004B004C0031002E005300590053000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\klif\Parameters\909\Filters 000000006 REG_BINARY 000000008D0300009400000003000000000000000000000000000000040000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000D000000082000000300000004000000000080011D000000022000000200000008000000E7030000000000000B00000008200000000000004A00000043003A005C00570049004E0044004F00570053005C00530059005300540045004D00330032005C0044005200490056004500520053005C004B004C004F0050002E004400410054000000
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\klif\Parameters\909\Filters 000000006 REG_BINARY 6862696E8D0300005100000003000000000000000000000000000000040000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000D000000082000000300000004000000000080011D000000022000000200000008000000E7030000000000000B00000008200000000000004A00000043003A005C00570049004E0044004F00570053005C00530059005300540045004D00330032005C0044005200490056004500520053005C004B004C004F0050002E004400410054000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\klif\Parameters\909\Filters 000000007 REG_BINARY 000000008D0300009500000003000000000000000000000000000000040000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000D000000082000000300000004000000000080011D000000022000000200000008000000E7030000000000000B00000008200000000000004C00000043003A005C00570049004E0044004F00570053005C00530059005300540045004D00330032005C0044005200490056004500520053005C004B004C0049004D0035002E005300590053000000
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\klif\Parameters\909\Filters 000000007 REG_BINARY 6862696E8D0300005200000003000000000000000000000000000000040000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000D000000082000000300000004000000000080011D000000022000000200000008000000E7030000000000000B00000008200000000000004C00000043003A005C00570049004E0044004F00570053005C00530059005300540045004D00330032005C0044005200490056004500520053005C004B004C0049004D0035002E005300590053000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\klif\Parameters\909\Filters 000000008 REG_BINARY 000000008D0300008C00000003000000060000000A00000000000000040000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000B00000008000000000000007000000043003A005C00500052004F004700520041004D002000460049004C00450053005C004B004100530050004500520053004B00590020004C00410042005C004B004100530050004500520053004B005900200041004E00540049002D0056004900520055005300200037002E0030000000
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\klif\Parameters\909\Filters 000000008 REG_BINARY 6862696E8D0300004900000003000000060000000A00000000000000040000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000B00000008000000000000007000000043003A005C00500052004F004700520041004D002000460049004C00450053005C004B004100530050004500520053004B00590020004C00410042005C004B004100530050004500520053004B005900200041004E00540049002D0056004900520055005300200037002E0030000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\klif\Parameters\909\Filters 000000009 REG_BINARY 000000008D0300008D00000003000000060000000A00000000000000040000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000B00000008000000000000004000000043003A005C00500052004F004700520041007E0031005C004B00410053005000450052007E0031005C004B00410053005000450052007E0031002E0030000000
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\klif\Parameters\909\Filters 000000009 REG_BINARY 6862696E8D0300004A00000003000000060000000A00000000000000040000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000B00000008000000000000004000000043003A005C00500052004F004700520041007E0031005C004B00410053005000450052007E0031005C004B00410053005000450052007E0031002E0030000000
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\klif\Parameters\909\Filters 000000010 REG_BINARY 000000008D0300008E00000003000000060000000A00000000000000040000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000B00000008000000000000003E00000043003A005C00500052004F004700520041004D002000460049004C00450053005C004
0
Réponse 44 / 55
gabie44
 
Most recent (50) lines in jobs scheduled log:

===================== List of all services & drivers =====================

-----HKLM\system\currentcontrolset\services-----

001) "61883" - Pilote d'unité 61883
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\61883.sys
---> TYPE = Kernel device driver

002) "Abiosdsk"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

003) "abp480n5"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

004) "ACPI" - Pilote ACPI Microsoft
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\ACPI.sys
---> TYPE = Kernel device driver

005) "ACPIEC"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

006) "adpu160m"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

007) "aeaudio"
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\aeaudio.sys
---> TYPE = Kernel device driver

008) "aec" - Suppresseur d'écho acoustique (Noyau Microsoft)
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\aec.sys
---> TYPE = Kernel device driver

009) "AegisP" - AEGIS Protocol (IEEE 802.1x) v3.4.3.0
---> STAT = (RUNNING) Started automatically
---> FILE = system32\DRIVERS\AegisP.sys
---> TYPE = Kernel device driver

010) "AFD" - Environnement de prise en charge de réseau AFD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\afd.sys
---> TYPE = Kernel device driver

011) "AFS2K" - AFS2k
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = Kernel device driver

012) "agp440" - Filtre de bus AGP Intel
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\agp440.sys
---> TYPE = Kernel device driver

013) "Aha154x"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

014) "aic78u2"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

015) "aic78xx"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

016) "Alerter" - Avertissement
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService
---> TYPE = Win32 service

017) "ALG" - Service de la passerelle de la couche Application
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\alg.exe
---> TYPE = Win32 program

018) "AliIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

019) "amsint"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

020) "Aplix2k"
---> STAT = (RUNNING) Started automatically
---> TYPE = Kernel device driver

021) "AppMgmt" - Gestion d'applications
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = Win32 service

022) "AR5211" - Atheros AR5001 Wireless Network Adapter Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\ar5211.sys
---> TYPE = Kernel device driver

023) "Arp1394" - Protocole client ARP 1394
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\arp1394.sys
---> TYPE = Kernel device driver

024) "asc"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

025) "asc3350p"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

026) "asc3550"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

027) "AsyncMac" - Pilote de média asynchrone RAS
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\asyncmac.sys
---> TYPE = Kernel device driver

028) "atapi" - Contrôleur de disque dur IDE/ESDI standard
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\atapi.sys
---> TYPE = Kernel device driver

029) "Atdisk"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

030) "Atmarpc" - Protocole client ATM ARP
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\atmarpc.sys
---> TYPE = Kernel device driver

031) "AudioSrv" - Audio Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

032) "audstub" - Pilote audio Stub
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\audstub.sys
---> TYPE = Kernel device driver

033) "Avc" - Périphérique AVC
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\avc.sys
---> TYPE = Kernel device driver

034) "AVP" - Kaspersky Anti-Virus 7.0
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe\ -r
---> TYPE = Win32 program

035) "Beep"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = Kernel device driver

036) "BITS" - Service de transfert intelligent en arrière-plan
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

037) "Bridge" - Pont MAC
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\bridge.sys
---> TYPE = Kernel device driver

038) "BridgeMP" - Miniport de pont MAC
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\bridge.sys
---> TYPE = Kernel device driver

039) "Browser" - Explorateur d'ordinateur
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

040) "BrScnUsb" - Brother USB Still Image driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\BrScnUsb.sys
---> TYPE = Kernel device driver

041) "catchme"
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\catchme.sys
---> TYPE = Kernel device driver

042) "cbidf2k"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

043) "CCDECODE" - Décodeur sous-titre fermé
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\CCDECODE.sys
---> TYPE = Kernel device driver

044) "cd20xrnt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

045) "Cdaudio"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = Kernel device driver

046) "Cdfs"
---> STAT = (RUNNING) Disabled
---> TYPE = File system driver

047) "Cdrom" - Pilote de CD-ROM
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\cdrom.sys
---> TYPE = Kernel device driver

048) "Changer"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = Kernel device driver

049) "CiSvc" - Service d'indexation
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\cisvc.exe
---> TYPE = Win32 service

050) "ClipSrv" - Gestionnaire de l'Album
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\clipsrv.exe
---> TYPE = Win32 program

051) "CmBatt" - Pilote pour Batterie à méthode de contrôle ACPI Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\CmBatt.sys
---> TYPE = Kernel device driver

052) "CmdIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

053) "Compbatt" - Pilote de batterie composite Microsoft
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\compbatt.sys
---> TYPE = Kernel device driver

054) "COMSysApp" - Application système COM+
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
---> TYPE = Win32 program

055) "Cpqarray"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

056) "Creative Service for CDROM Access" - Creative Service for CDROM Access
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\CTSvcCDA.EXE
---> TYPE = Win32 program

057) "CryptSvc" - Services de cryptographie
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = Win32 service

058) "dac2w2k"
---> STAT = (RUNNING) Disabled
---> TYPE = Kernel device driver

059) "dac960nt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

060) "DcomLaunch" - Lanceur de processus serveur DCOM
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch
---> TYPE = Win32 service

061) "Dhcp" - Client DHCP
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

062) "Disk" - Pilote de disque
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\disk.sys
---> TYPE = Kernel device driver

063) "dmadmin" - Service d'administration du Gestionnaire de disque logique
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dmadmin.exe /com
---> TYPE = Win32 service

064) "dmboot"
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmboot.sys
---> TYPE = Kernel device driver

065) "dmio"
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmio.sys
---> TYPE = Kernel device driver

066) "dmload"
---> STAT = (NOT RUNNING) Disabled
---> FILE = System32\drivers\dmload.sys
---> TYPE = Kernel device driver

067) "dmserver" - Gestionnaire de disque logique
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

068) "DMusic" - Synthétiseur DLS du noyau Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\DMusic.sys
---> TYPE = Kernel device driver

069) "Dnscache" - Client DNS
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k NetworkService
---> TYPE = Win32 service

070) "dpti2o"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

071) "drmkaud" - Filtre de décodeur DRM (Noyau Microsoft)
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\drmkaud.sys
---> TYPE = Kernel device driver

072) "ERSvc" - Service de rapport d'erreurs
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

073) "Eventlog" - Journal des événements
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
---> TYPE = Win32 service

074) "EventSystem" - Système d'événements de COM+
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

075) "Fastfat"
---> STAT = (RUNNING) Disabled
---> TYPE = File system driver

076) "FastUserSwitchingCompatibility" - Compatibilité avec le Changement rapide d'utilisateur
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

077) "Fdc"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = Kernel device driver

078) "Fips"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = Kernel device driver

079) "Flpydisk"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = Kernel device driver

080) "FltMgr" - FltMgr
---> STAT = (RUNNING) Started by operating system loader
---> FILE = system32\drivers\fltmgr.sys
---> TYPE = File system driver

081) "Fs_Rec"
---> STAT = (RUNNING) Started by "IoInitSystem" function

082) "Ftdisk" - Pilote du Gestionnaire de volume
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\ftdisk.sys
---> TYPE = Kernel device driver

083) "Gpc" - Classificateur de paquets générique
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\msgpc.sys
---> TYPE = Kernel device driver

084) "helpsvc" - Aide et support
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

085) "HidServ" - Accès du périphérique d'interface utilisateur
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

086) "HidUsb" - Pilote de classe HID Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\hidusb.sys
---> TYPE = Kernel device driver

087) "hpn"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

088) "HTTP" - HTTP
---> STAT = (RUNNING) Started manually
---> FILE = System32\Drivers\HTTP.sys
---> TYPE = Kernel device driver

089) "HTTPFilter" - HTTP SSL
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k HTTPFilter
---> TYPE = Win32 service

090) "i2omgmt"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = Kernel device driver

091) "i2omp"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

092) "i8042prt" - Pilote pour clavier i8042 et souris sur port PS/2
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\i8042prt.sys
---> TYPE = Kernel device driver

093) "Imapi" - Pilote de filtre de gravure CD
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\imapi.sys
---> TYPE = Kernel device driver

094) "ImapiService" - Service COM de gravage de CD IMAPI
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\imapi.exe
---> TYPE = Win32 program

095) "ini910u"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

096) "IntelIde"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\intelide.sys
---> TYPE = Kernel device driver

097) "intelppm" - Pilote de processeur Intel
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\intelppm.sys
---> TYPE = Kernel device driver

098) "ip6fw" - Pilote du pare-feu Windows IPv6
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\ip6fw.sys
---> TYPE = Kernel device driver

099) "IpFilterDriver" - Pilote de filtre de trafic IP
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\ipfltdrv.sys
---> TYPE = Kernel device driver

100) "IpInIp" - Pilote de tunnelage IP dans IP
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\ipinip.sys
---> TYPE = Kernel device driver

101) "IpNat" - Traducteur d'adresses réseau IP
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ipnat.sys
---> TYPE = Kernel device driver

102) "IPSec" - Pilote IPSEC
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\ipsec.sys
---> TYPE = Kernel device driver

103) "irda" - Protocole IrDA
---> STAT = (RUNNING) Started automatically
---> FILE = System32\DRIVERS\irda.sys
---> TYPE = Kernel device driver

104) "IRENUM" - Service énumérateur IR
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\irenum.sys
---> TYPE = Kernel device driver

105) "Irmon" - Moniteur infrarouge
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

106) "isapnp" - Pilote de bus Plug-and-Play ISA/EISA
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\isapnp.sys
---> TYPE = Kernel device driver

107) "Kbdclass" - Pilote de la classe Clavier
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\kbdclass.sys
---> TYPE = Kernel device driver

108) "kl1" - Kl1
---> STAT = Started by "IoInitSystem" function
---> FILE = system32\drivers\kl1.sys
---> TYPE = Kernel device driver

109) "klif" - Klif
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = C:\WINDOWS\system32\drivers\klif.sys
---> TYPE = Kernel device driver

110) "klim5" - Kaspersky Anti-Virus NDIS Filter
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\klim5.sys
---> TYPE = Kernel device driver

111) "kmixer" - Mélangeur audio Wave de noyau Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\kmixer.sys
---> TYPE = Kernel device driver

112) "KSecDD"
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = Kernel device driver

113) "lanmanserver" - Serveur
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

114) "lanmanworkstation" - Station de travail
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

115) "lbrtfdc"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = Kernel device driver

116) "LmHosts" - Assistance TCP/IP NetBIOS
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService
---> TYPE = Win32 service

117) "MASPINT"
---> STAT = (RUNNING) Started automatically
---> TYPE = Kernel device driver

118) "MDM" - Machine Debug Manager
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe\
---> TYPE = Win32 program

119) "Messenger" - Affichage des messages
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

120) "mnmdd"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = Kernel device driver

121) "mnmsrvc" - Partage de Bureau à distance NetMeeting
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\mnmsrvc.exe
---> TYPE = Win32 program

122) "Modem"
---> STAT = (RUNNING) Started manually
---> TYPE = Kernel device driver

123) "Mouclass" - Pilote de la classe Souris
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\mouclass.sys
---> TYPE = Kernel device driver

124) "mouhid" - Pilote HID de souris
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\mouhid.sys
---> TYPE = Kernel device driver

125) "MountMgr" - Gestionnaire de point de montage
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = Kernel device driver

126) "mraid35x"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

127) "MRxDAV" - Redirecteur client WebDav
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\mrxdav.sys
---> TYPE = File system driver

128) "MRxSmb" - MRXSMB
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\mrxsmb.sys
---> TYPE = File system driver

129) "MSDTC" - Distributed Transaction Coordinator
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\msdtc.exe
---> TYPE = Win32 program

130) "MSDV" - Microsoft DV Camera and VCR
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\msdv.sys
---> TYPE = Kernel device driver

131) "Msfs"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = File system driver

132) "MSIServer" - Windows Installer
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\msiexec.exe /V
---> TYPE = Win32 service

133) "MSKSSRV" - Proxy de service de répartition Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSKSSRV.sys
---> TYPE = Kernel device driver

134) "MSPCLOCK" - Proxy d'horloge de répartition Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPCLOCK.sys
---> TYPE = Kernel device driver

135) "MSPQM" - Proxy de gestion de qualité de répartition Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSPQM.sys
---> TYPE = Kernel device driver

136) "mssmbios" - Pilote BIOS de gestion de systèmes Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\mssmbios.sys
---> TYPE = Kernel device driver

137) "MSTEE" - Convertisseur en T/site-à-site de répartition Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\MSTEE.sys
---> TYPE = Kernel device driver

138) "Mup" - Mup
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = File system driver

139) "NABTSFEC" - Codec NABTS/FEC VBI
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\NABTSFEC.sys
---> TYPE = Kernel device driver

140) "NDIS" - Pilote système NDIS
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = Kernel device driver

141) "NdisIP" - Connection TV/vidéo Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\NdisIP.sys
---> TYPE = Kernel device driver

142) "NdisTapi" - Pilote TAPI NDIS d'accès distant
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndistapi.sys
---> TYPE = Kernel device driver

143) "Ndisuio" - NDIS mode utilisateur E/S Protocole
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndisuio.sys
---> TYPE = Kernel device driver

144) "NdisWan" - Pilote réseau étendu NDIS d'accès distant
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ndiswan.sys
---> TYPE = Kernel device driver

145) "NDProxy" - multi:Proxy NDIS\00\00
---> STAT = (RUNNING) Started manually
---> TYPE = Kernel device driver

146) "NetBIOS" - Interface NetBIOS
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\netbios.sys
---> TYPE = File system driver

147) "NetBT" - NetBIOS sur TCP/IP
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\netbt.sys
---> TYPE = Kernel device driver

148) "NetDDE" - DDE réseau
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe
---> TYPE = Win32 service

149) "NetDDEdsdm" - DSDM DDE réseau
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\system32\netdde.exe
---> TYPE = Win32 service

150) "Netlogon" - Ouverture de session réseau
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\lsass.exe
---> TYPE = Win32 service

151) "Netman" - Connexions réseau
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

152) "netr73" - TL-WN321G Wireless USB Adapter Driver for Vista
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\netr73.sys
---> TYPE = Kernel device driver

153) "NIC1394" - Pilote réseau 1394
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\nic1394.sys
---> TYPE = Kernel device driver

154) "Nla" - NLA (Network Location Awareness)
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

155) "Npfs"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = File system driver

156) "Ntfs"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = File system driver

157) "NtLmSsp" - Fournisseur de la prise en charge de sécurité LM NT
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\lsass.exe
---> TYPE = Win32 service

158) "NtmsSvc" - Stockage amovible
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = Win32 service

159) "Null"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> TYPE = Kernel device driver

160) "nv"
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\nv4_mini.sys
---> TYPE = Kernel device driver

161) "NVSvc" - NVIDIA Driver Helper Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\nvsvc32.exe
---> TYPE = Win32 program

162) "NwlnkFlt" - Pilote de filtre de trafic IPX
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\nwlnkflt.sys
---> TYPE = Kernel device driver

163) "NwlnkFwd" - Pilote de transfert de trafic IPX
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\nwlnkfwd.sys
---> TYPE = Kernel device driver

164) "ohci1394" - Contrôleur hôte Texas Instruments IEEE 1394 compatible OHCI (Open Host Controller Interface)
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\ohci1394.sys
---> TYPE = Kernel device driver

165) "Parport" - Pilote de port parallèle
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\parport.sys
---> TYPE = Kernel device driver

166) "PartMgr" - Gestionnaire de partition
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = Kernel device driver

167) "ParVdm"
---> STAT = (RUNNING) Started automatically
---> TYPE = Kernel device driver

168) "PCASp50" - PCASp50 NDIS Protocol Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\Drivers\PCASp50.sys
---> TYPE = Kernel device driver

169) "PCI" - Pilote de bus PCI
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\pci.sys
---> TYPE = Kernel device driver

170) "PCIDump"
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> TYPE = Kernel device driver

171) "PCIIde"
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = Kernel device driver

172) "pciSd"
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\tossdpci.sys
---> TYPE = Kernel device driver

173) "Pcmcia"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\pcmcia.sys
---> TYPE = Kernel device driver

174) "PDCOMP"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = Kernel device driver

175) "PDFRAME"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = Kernel device driver

176) "PDRELI"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = Kernel device driver

177) "PDRFRAME"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = Kernel device driver

178) "perc2"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

179) "perc2hib"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

180) "pfc" - Padus ASPI Shell
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\pfc.sys
---> TYPE = Kernel device driver

181) "PfModNT"
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\drivers\PfModNT.sys
---> TYPE = Kernel device driver

182) "PlugPlay" - Plug-and-Play
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\services.exe
---> TYPE = Win32 service

183) "PolicyAgent" - Services IPSEC
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\lsass.exe
---> TYPE = Win32 service

184) "PptpMiniport" - Miniport réseau étendu (PPTP)
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\raspptp.sys
---> TYPE = Kernel device driver

185) "Processor" - Pilote processeur
---> STAT = (NOT RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\processr.sys
---> TYPE = Kernel device driver

186) "ProtectedStorage" - Emplacement protégé
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = Win32 service

187) "PSched" - Planificateur de paquets QoS
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\psched.sys
---> TYPE = Kernel device driver

188) "Ptilink" - Pilote de liaison parallèle directe
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\ptilink.sys
---> TYPE = Kernel device driver

189) "PxHelp20"
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\PxHelp20.sys
---> TYPE = Kernel device driver

190) "ql1080"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

191) "Ql10wnt"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

192) "ql12160"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

193) "ql1240"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

194) "ql1280"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

195) "RasAcd" - Pilote de connexion automatique d'accès distant
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\rasacd.sys
---> TYPE = Kernel device driver

196) "RasAuto" - Gestionnaire de connexion automatique d'accès distant
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

197) "Rasirda" - Miniport réseau étendu (IrDA)
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\rasirda.sys
---> TYPE = Kernel device driver

198) "Rasl2tp" - Miniport réseau étendu (L2TP)
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\rasl2tp.sys
---> TYPE = Kernel device driver

199) "RasMan" - Gestionnaire de connexions d'accès distant
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

200) "RasPppoe" - Pilote PPPOE d'accès à distance
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\raspppoe.sys
---> TYPE = Kernel device driver

201) "Raspti" - Parallèle direct
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\raspti.sys
---> TYPE = Kernel device driver

202) "Rdbss" - Rdbss
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\rdbss.sys
---> TYPE = File system driver

203) "RDPCDD"
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\RDPCDD.sys
---> TYPE = Kernel device driver

204) "RDPWD"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = Kernel device driver

205) "RDSessMgr" - Gestionnaire de session d'aide sur le Bureau à distance
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\sessmgr.exe
---> TYPE = Win32 program

206) "redbook" - Pilote de filtre de lecture digitale de CD audio
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\redbook.sys
---> TYPE = Kernel device driver

207) "RemoteAccess" - Routage et accès distant
---> STAT = (NOT RUNNING) Disabled
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

208) "RpcLocator" - Localisateur d'appels de procédure distante (RPC)
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\locator.exe
---> TYPE = Win32 program

209) "RpcSs" - Appel de procédure distante (RPC)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost -k rpcss
---> TYPE = Win32 service

210) "RSVP" - QoS RSVP
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\rsvp.exe
---> TYPE = Win32 program

211) "RT73" - TL-WN321G USB Wireless Adapter
---> STAT = (RUNNING) Started manually
---> FILE = system32\DRIVERS\rt73.sys
---> TYPE = Kernel device driver

212) "rtl8139" - Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\R8139n51.SYS
---> TYPE = Kernel device driver

213) "SamSs" - Gestionnaire de comptes de sécurité
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\lsass.exe
---> TYPE = Win32 service

214) "SCANDEV"
---> STAT = (RUNNING) Started automatically
---> TYPE = Kernel device driver

215) "SCardSvr" - Carte à puce
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\SCardSvr.exe
---> TYPE = Win32 service

216) "Schedule" - Planificateur de tâches
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

217) "ScsiPort"
---> FILE = C:\WINDOWS\system32\drivers\scsiport.sys

218) "sdbus"
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\sdbus.sys
---> TYPE = Kernel device driver

219) "Secdrv" - Secdrv
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\secdrv.sys
---> TYPE = Kernel device driver

220) "seclogon" - Connexion secondaire
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

221) "SENS" - Notification d'événement système
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = Win32 service

222) "Serial"
---> STAT = (NOT RUNNING) Started automatically
---> TYPE = Kernel device driver

223) "Sfloppy" - Lecteur de disquettes haute densité
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\sfloppy.sys
---> TYPE = Kernel device driver

224) "SharedAccess" - Pare-feu Windows / Partage de connexion Internet
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

225) "ShellHWDetection" - Détection matériel noyau
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

226) "Simbad"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

227) "SLIP" - Détrameur décalage BDA
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\SLIP.sys
---> TYPE = Kernel device driver

228) "SMCIRDA" - SMC IrCC Miniport Device Driver
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\smcirda.sys
---> TYPE = Kernel device driver

229) "smwdm"
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\smwdm.sys
---> TYPE = Kernel device driver

230) "sonypvs1" - Sony Digital Imaging Video2
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\sonypvs1.sys
---> TYPE = Kernel device driver

231) "SONYPVU1" - Pilote de filtrage Sony USB (SONYPVU1)
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\SONYPVU1.SYS
---> TYPE = Kernel device driver

232) "SoundMAX Agent Service (default)" - SoundMAX Agent Service
---> STAT = (RUNNING) Started automatically
---> FILE = C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
---> TYPE = Win32 program

233) "Sparrow"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

234) "splitter" - Splitter audio du noyau Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\splitter.sys
---> TYPE = Kernel device driver

235) "Spooler" - Spouleur d'impression
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\spoolsv.exe
---> TYPE = Win32 program

236) "sr" - Pilote de filtre de restauration système
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\sr.sys
---> TYPE = File system driver

237) "srservice" - Service de restauration système
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

238) "Srv" - Srv
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\srv.sys
---> TYPE = File system driver

239) "SSDPSRV" - Service de découvertes SSDP
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService
---> TYPE = Win32 service

240) "stisvc" - Acquisition d'image Windows (WIA)
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k imgsvc
---> TYPE = Win32 service

241) "Stmatm" - ATM/ADSL miniport
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\stmatm.sys
---> TYPE = Kernel device driver

242) "streamip" - BDA IPSink
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\StreamIP.sys
---> TYPE = Kernel device driver

243) "swenum" - Pilote de bus logiciel
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\swenum.sys
---> TYPE = Kernel device driver

244) "swmidi" - Synthétiseur de table de sons GC noyau Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\swmidi.sys
---> TYPE = Kernel device driver

245) "SwPrv" - MS Software Shadow Copy Provider
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\dllhost.exe /Processid:{E6148EEA-B39E-40C9-B7B7-A50B055203B1}
---> TYPE = Win32 program

246) "symc810"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

247) "symc8xx"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

248) "sym_hi"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

249) "sym_u3"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

250) "sysaudio" - Périphérique audio système du noyau Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\sysaudio.sys
---> TYPE = Kernel device driver

251) "SysmonLog" - Journaux et alertes de performance
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\system32\smlogsvc.exe
---> TYPE = Win32 program

252) "TapiSrv" - Téléphonie
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

253) "TaurusUsb" - ADSL Modem USB Service
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\torususb.sys
---> TYPE = Kernel device driver

254) "Tcpip" - Pilote du protocole TCP/IP
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\tcpip.sys
---> TYPE = Kernel device driver

255) "TDPIPE"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = Kernel device driver

256) "TDTCP"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = Kernel device driver

257) "TermDD" - Pilote de périphérique terminal
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = System32\DRIVERS\termdd.sys
---> TYPE = Kernel device driver

258) "TermService" - Services Terminal Server
---> STAT = (RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch
---> TYPE = Win32 service

259) "Themes" - Thèmes
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

260) "Tmesbs" - Tmesbs32
---> STAT = (RUNNING) Started automatically
---> FILE = \C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe\ /Service
---> TYPE = Win32 program

261) "TOSHIBASoftModem" - TOSHIBA Software Modem
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\LTSM.sys
---> TYPE = Kernel device driver

262) "TosIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

263) "TrkWks" - Client de suivi de lien distribué
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = Win32 service

264) "tsdhd" - TOSHIBA SD Card Host Controller Driver
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\tsdhd.sys
---> TYPE = Kernel device driver

265) "TVALD" - Toshiba ACPI-Based Value Added Logical Device Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\TVALD.SYS
---> TYPE = Kernel device driver

266) "TVALG" - Toshiba Value Added Logical and General Purpose Device Driver
---> STAT = (RUNNING) Started by operating system loader
---> FILE = System32\DRIVERS\TVALG.SYS
---> TYPE = Kernel device driver

267) "Udfs"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = File system driver

268) "ultra"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

269) "UMWdf" - Windows User Mode Driver Framework
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\wdfmgr.exe
---> TYPE = Win32 program

270) "Update" - Pilote de mise à jour microcode
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\update.sys
---> TYPE = Kernel device driver

271) "upnphost" - Hôte de périphérique universel Plug-and-Play
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService
---> TYPE = Win32 service

272) "UPS" - Onduleur
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\ups.exe
---> TYPE = Win32 program

273) "usbaudio" - Pilote USB audio (WDM)
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\drivers\usbaudio.sys
---> TYPE = Kernel device driver

274) "usbccgp" - Pilote parent générique USB Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\usbccgp.sys
---> TYPE = Kernel device driver

275) "usbehci" - Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\usbehci.sys
---> TYPE = Kernel device driver

276) "usbhub" - Pilote de concentrateur standard USB Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\usbhub.sys
---> TYPE = Kernel device driver

277) "usbprint" - Classe d'imprimantes USB Microsoft
---> STAT = (NOT RUNNING) Started manually
---> FILE = system32\DRIVERS\usbprint.sys
---> TYPE = Kernel device driver

278) "usbscan" - Pilote de scanneur USB
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\usbscan.sys
---> TYPE = Kernel device driver

279) "USBSTOR" - Pilote de stockage de masse USB
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\USBSTOR.SYS
---> TYPE = Kernel device driver

280) "usbuhci" - Pilote miniport de contrôleur hôte universel USB Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\usbuhci.sys
---> TYPE = Kernel device driver

281) "usnjsvc" - Service Messenger Sharing Folders USN Journal Reader
---> STAT = (NOT RUNNING) Started manually
---> FILE = \C:\Program Files\MSN Messenger\usnsvc.exe\
---> TYPE = Win32 program

282) "VgaSave" - Carte vidéo VGA.
---> STAT = (RUNNING) Started by "IoInitSystem" function
---> FILE = \SystemRoot\System32\drivers\vga.sys
---> TYPE = Kernel device driver

283) "ViaIde"
---> STAT = (NOT RUNNING) Disabled
---> TYPE = Kernel device driver

284) "VolSnap"
---> STAT = (RUNNING) Started by operating system loader
---> TYPE = Kernel device driver

285) "VSS" - Cliché instantané de volume
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\vssvc.exe
---> TYPE = Win32 program

286) "W32Time" - Horloge Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

287) "Wanarp" - Pilote ARP IP d'accès distant
---> STAT = (RUNNING) Started manually
---> FILE = System32\DRIVERS\wanarp.sys
---> TYPE = Kernel device driver

288) "WDICA"
---> STAT = (NOT RUNNING) Started manually
---> TYPE = Kernel device driver

289) "wdmaud" - Pilote WINMM de compatibilité audio WDM Microsoft
---> STAT = (RUNNING) Started manually
---> FILE = system32\drivers\wdmaud.sys
---> TYPE = Kernel device driver

290) "WebClient" - WebClient
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService
---> TYPE = Win32 service

291) "winmgmt" - Infrastructure de gestion Windows
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = Win32 service

292) "Winsock"
---> STAT = (RUNNING) Started manually
---> TYPE = Set of arguments for an adapter

293) "WmdmPmSN" - Service de numéro de série du lecteur multimédia portable
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

294) "WmiApSrv" - Carte de performance WMI
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\wbem\wmiapsrv.exe
---> TYPE = Win32 program

295) "WpdUsb" - WpdUsb
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\Drivers\wpdusb.sys
---> TYPE = Kernel device driver

296) "wscsvc" - Centre de sécurité
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

297) "WSTCODEC" - Codec Teletext standard
---> STAT = (NOT RUNNING) Started manually
---> FILE = System32\DRIVERS\WSTCODEC.SYS
---> TYPE = Kernel device driver

298) "wuauserv" - Mises à jour automatiques
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs
---> TYPE = Win32 service

299) "WZCSVC" - Configuration automatique sans fil
---> STAT = (RUNNING) Started automatically
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service

300) "xmlprov" - Service d'approvisionnement réseau
---> STAT = (NOT RUNNING) Started manually
---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs
---> TYPE = Win32 service
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 55
gabie44
 
===================== Svchost Instances =====================

LocalService
+---- Alerter
+---- %SystemRoot%\system32\alrsvc.dll
+---- WebClient
+---- %SystemRoot%\System32\webclnt.dll
+---- LmHosts
+---- %SystemRoot%\System32\lmhsvc.dll
+---- RemoteRegistry
+---- upnphost
+---- %SystemRoot%\System32\upnphost.dll
+---- SSDPSRV
+---- %SystemRoot%\System32\ssdpsrv.dll

NetworkService
+---- DnsCache
+---- %SystemRoot%\System32\dnsrslvr.dll

netsvcs
+---- 6to4
+---- AppMgmt
+---- %SystemRoot%\System32\appmgmts.dll
+---- AudioSrv
+---- %SystemRoot%\System32\audiosrv.dll
+---- Browser
+---- %SystemRoot%\System32\browser.dll
+---- CryptSvc
+---- %SystemRoot%\System32\cryptsvc.dll
+---- DMServer
+---- %SystemRoot%\System32\dmserver.dll
+---- DHCP
+---- %SystemRoot%\System32\dhcpcsvc.dll
+---- ERSvc
+---- %SystemRoot%\System32\ersvc.dll
+---- EventSystem
+---- C:\WINDOWS\System32\es.dll
+---- FastUserSwitchingCompatibility
+---- %SystemRoot%\System32\shsvcs.dll
+---- HidServ
+---- %SystemRoot%\System32\hidserv.dll
+---- Ias
+---- Iprip
+---- Irmon
+---- %SystemRoot%\System32\irmon.dll
+---- LanmanServer
+---- %SystemRoot%\System32\srvsvc.dll
+---- LanmanWorkstation
+---- %SystemRoot%\System32\wkssvc.dll
+---- Messenger
+---- %SystemRoot%\System32\msgsvc.dll
+---- Netman
+---- %SystemRoot%\System32\netman.dll
+---- Nla
+---- %SystemRoot%\System32\mswsock.dll
+---- Ntmssvc
+---- %SystemRoot%\system32\ntmssvc.dll
+---- NWCWorkstation
+---- Nwsapagent
+---- Rasauto
+---- %SystemRoot%\System32\rasauto.dll
+---- Rasman
+---- %SystemRoot%\System32\rasmans.dll
+---- Remoteaccess
+---- %SystemRoot%\System32\mprdim.dll
+---- Schedule
+---- %SystemRoot%\system32\schedsvc.dll
+---- Seclogon
+---- %SystemRoot%\System32\seclogon.dll
+---- SENS
+---- %SystemRoot%\system32\sens.dll
+---- Sharedaccess
+---- %SystemRoot%\System32\ipnathlp.dll
+---- SRService
+---- C:\WINDOWS\System32\srsvc.dll
+---- Tapisrv
+---- %SystemRoot%\System32\tapisrv.dll
+---- Themes
+---- %SystemRoot%\System32\shsvcs.dll
+---- TrkWks
+---- %SystemRoot%\system32\trkwks.dll
+---- W32Time
+---- C:\WINDOWS\System32\w32time.dll
+---- WZCSVC
+---- %SystemRoot%\System32\wzcsvc.dll
+---- Wmi
+---- WmdmPmSp
+---- winmgmt
+---- %SystemRoot%\system32\wbem\WMIsvc.dll
+---- TermService
+---- %SystemRoot%\System32\termsrv.dll
+---- wuauserv
+---- C:\WINDOWS\system32\wuauserv.dll
+---- BITS
+---- C:\WINDOWS\System32\qmgr.dll
+---- ShellHWDetection
+---- %SystemRoot%\System32\shsvcs.dll
+---- uploadmgr
+---- helpsvc
+---- %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll
+---- xmlprov
+---- %SystemRoot%\System32\xmlprov.dll
+---- wscsvc
+---- %SYSTEMROOT%\system32\wscsvc.dll

rpcss
+---- RpcSs
+---- %SystemRoot%\system32\rpcss.dll

imgsvc
+---- StiSvc
+---- %SystemRoot%\system32\wiaservc.dll

termsvcs
+---- TermService
+---- %SystemRoot%\System32\termsrv.dll

HTTPFilter
+---- HTTPFilter
+---- %SystemRoot%\System32\w3ssl.dll

DcomLaunch
+---- DcomLaunch
+---- %SystemRoot%\system32\rpcss.dll
+---- TermService
+---- %SystemRoot%\System32\termsrv.dll

===================== loaded Dlls =====================

*** NOTE *** Process uuoywfrygn.exe belongs to SystemScan
Already known legit dlls are not shown

------------------------------------------------------------------------------
System pid: 4
Command line: <no command line>
------------------------------------------------------------------------------
SMSS.EXE pid: 728
Command line: \SystemRoot\System32\smss.exe

Base Size Version Path
0x48580000 0xf000 \SystemRoot\System32\smss.exe
------------------------------------------------------------------------------
CSRSS.EXE pid: 832
Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

Base Size Version Path
0x4a680000 0x5000 \??\C:\WINDOWS\system32\csrss.exe
0x75ad0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\CSRSRV.dll
0x75ae0000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\basesrv.dll
0x75af0000 0x4b000 5.01.2600.3103 C:\WINDOWS\system32\winsrv.dll
------------------------------------------------------------------------------
WINLOGON.EXE pid: 1140
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x77680000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x33000 7.00.0000.0125 C:\WINDOWS\system32\klogon.dll
0x01220000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
------------------------------------------------------------------------------
SERVICES.EXE pid: 1184
Command line: C:\WINDOWS\system32\services.exe

Base Size Version Path
0x01000000 0x1c000 5.01.2600.2180 C:\WINDOWS\system32\services.exe
0x76a20000 0x53000 5.01.2600.2180 C:\WINDOWS\system32\SCESRV.dll
0x77680000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x7dbc0000 0x21000 5.01.2600.2744 C:\WINDOWS\system32\umpnpmgr.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x77b80000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\eventlog.dll
------------------------------------------------------------------------------
LSASS.EXE pid: 1196
Command line: C:\WINDOWS\system32\lsass.exe

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\lsass.exe
0x756b0000 0xb5000 5.01.2600.3249 C:\WINDOWS\system32\LSASRV.dll
0x76740000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x743b0000 0x6e000 5.01.2600.2180 C:\WINDOWS\system32\SAMSRV.dll
0x76730000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\cryptdll.dll
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x20000000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\msprivs.dll
0x71c50000 0x4b000 5.01.2600.2698 C:\WINDOWS\system32\kerberos.dll
0x74420000 0x65000 5.01.2600.2180 C:\WINDOWS\system32\netlogon.dll
0x76760000 0x2d000 5.01.2600.2180 C:\WINDOWS\system32\w32time.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x76790000 0x27000 5.01.2600.3126 C:\WINDOWS\system32\schannel.dll
0x742e0000 0xf000 5.01.2600.2874 C:\WINDOWS\system32\wdigest.dll
0x74370000 0x30000 5.01.2600.2180 C:\WINDOWS\system32\scecli.dll
0x74340000 0x30000 5.01.2600.2180 C:\WINDOWS\system32\ipsecsvc.dll
0x77680000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x75dd0000 0xce000 5.01.2600.2180 C:\WINDOWS\system32\oakley.DLL
0x742d0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\WINIPSEC.DLL
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x74300000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\pstorsvc.dll
0x74320000 0x1b000 5.01.2600.2180 C:\WINDOWS\system32\psbase.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\system32\dssenh.dll
------------------------------------------------------------------------------
SVCHOST.EXE pid: 1336
Command line: C:\WINDOWS\system32\svchost -k DcomLaunch

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x77680000 0x11000 5.01.2600.2622 c:\windows\system32\AUTHZ.dll
0x76ac0000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL
------------------------------------------------------------------------------
SVCHOST.EXE pid: 1388
Command line: C:\WINDOWS\system32\svchost -k rpcss

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
------------------------------------------------------------------------------
SVCHOST.EXE pid: 1428
Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76ed0000 0x27000 5.01.2600.2938 c:\windows\system32\DNSAPI.dll
0x76ac0000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL
0x66360000 0xc000 5.01.2600.2180 c:\windows\system32\irmon.dll
0x76790000 0x27000 5.01.2600.3126 C:\WINDOWS\System32\SCHANNEL.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x58fe0000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\wshirda.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\System32\MSVCP60.dll
0x76740000 0x13000 5.01.2600.2180 c:\windows\system32\NTDSAPI.dll
0x776d0000 0x41000 2001.12.4414.0308 c:\windows\system32\es.dll
0x74eb0000 0xc000 5.01.2600.2180 c:\windows\pchealth\helpctr\binaries\pchsvc.dll
0x76bb0000 0x2f000 5.01.2600.2180 c:\windows\system32\credui.dll
0x76760000 0x2d000 5.01.2600.2180 c:\windows\system32\w32time.dll
0x4f0b0000 0x28000 5.01.2600.2180 c:\windows\system32\wbem\wmisvc.dll
0x50000000 0x5000 5.04.3790.2180 c:\windows\system32\wuauserv.dll
0x50040000 0x1a2000 7.00.6000.0381 C:\WINDOWS\system32\wuaueng.dll
0x750c0000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\Cabinet.dll
0x60440000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\mspatcha.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x77680000 0x11000 5.01.2600.2622 c:\windows\system32\AUTHZ.dll
0x74e40000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemsvc.dll
0x742d0000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\WINIPSEC.DLL
0x57f70000 0x36000 5.01.2600.2180 C:\WINDOWS\System32\unimdm.tsp
0x5b390000 0x16000 5.01.2600.2180 C:\WINDOWS\System32\unimdmat.dll
0x61a20000 0x29000 5.01.2600.2180 C:\WINDOWS\system32\modemui.dll
0x57ff0000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\kmddsp.tsp
0x57fd0000 0x10000 5.01.2600.2180 C:\WINDOWS\System32\ndptsp.tsp
0x58000000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\ipconf.tsp
0x58020000 0x46000 5.01.2600.2180 C:\WINDOWS\System32\h323.tsp
0x58010000 0xa000 5.01.2600.2180 C:\WINDOWS\System32\hidphone.tsp
0x71c50000 0x4b000 5.01.2600.2698 C:\WINDOWS\system32\kerberos.dll
0x76730000 0xc000 5.01.2600.2180 C:\WINDOWS\System32\cryptdll.dll
0x50e60000 0xc000 7.00.6000.0381 C:\WINDOWS\system32\wups2.dll
0x751d0000 0x29000 6.00.2900.2180 C:\WINDOWS\system32\advpack.dll
0x75d30000 0x91000 6.00.2900.2180 C:\WINDOWS\System32\mlang.dll
0x4cc80000 0x10000 5.01.2600.2180 C:\WINDOWS\System32\xmlprovi.dll
------------------------------------------------------------------------------
SVCHOST.EXE pid: 1480
Command line: C:\WINDOWS\System32\svchost.exe -k NetworkService

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76ed0000 0x27000 5.01.2600.2938 c:\windows\system32\DNSAPI.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
SVCHOST.EXE pid: 1632
Command line: C:\WINDOWS\System32\svchost.exe -k LocalService

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x68f30000 0x31000 5.01.2600.3077 c:\windows\system32\upnphost.dll
0x679d0000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\httpapi.dll
------------------------------------------------------------------------------
SPOOLSV.EXE pid: 232
Command line: C:\WINDOWS\system32\spoolsv.exe

Base Size Version Path
0x01000000 0x10000 5.01.2600.2696 C:\WINDOWS\system32\spoolsv.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x10000000 0x15000 C:\WINDOWS\system32\cpwmon2k.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x6a900000 0x10000 0.02.0000.0000 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\ppbipr.dll
0x76740000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
------------------------------------------------------------------------------
AVP.EXE pid: 332
Command line: "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r

------------------------------------------------------------------------------
CTSVCCDA.EXE pid: 344
Command line: C:\WINDOWS\System32\CTSvcCDA.EXE

Base Size Version Path
0x00400000 0xf000 1.00.0001.0000 C:\WINDOWS\System32\CTSvcCDA.EXE
------------------------------------------------------------------------------
MDM.EXE pid: 412
Command line: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"

Base Size Version Path
0x00400000 0x44000 7.00.9064.9150 C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------
NVSVC32.EXE pid: 468
Command line: C:\WINDOWS\System32\nvsvc32.exe

Base Size Version Path
0x00400000 0x10000 6.13.0010.3648 C:\WINDOWS\System32\nvsvc32.exe
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
------------------------------------------------------------------------------
SMAgent.exe pid: 580
Command line: "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe"

Base Size Version Path
0x00400000 0xb000 3.02.0005.0000 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------
SVCHOST.EXE pid: 676
Command line: C:\WINDOWS\System32\svchost.exe -k imgsvc

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75a00000 0x55000 5.01.2600.3051 c:\windows\system32\wiaservc.dll
0x74a50000 0x7000 5.01.2600.2180 c:\windows\system32\CFGMGR32.dll
0x73a80000 0x15000 5.01.2600.2709 c:\windows\system32\mscms.dll
0x71ca0000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
0x73af0000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\sti.dll
------------------------------------------------------------------------------
TMESBS32.EXE pid: 708
Command line: "C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service

Base Size Version Path
0x00400000 0xf000 2.01.0001.0012 C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
0x10000000 0x7000 1.00.0000.0001 C:\WINDOWS\system32\THCI.dll
0x74a50000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\CFGMGR32.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
------------------------------------------------------------------------------
WDFMGR.EXE pid: 808
Command line: C:\WINDOWS\system32\wdfmgr.exe

Base Size Version Path
0x01000000 0xc000 5.02.3790.1230 C:\WINDOWS\system32\wdfmgr.exe
------------------------------------------------------------------------------
ALG.EXE pid: 872
Command line: C:\WINDOWS\System32\alg.exe

Base Size Version Path
0x01000000 0xd000 5.01.2600.2180 C:\WINDOWS\System32\alg.exe
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\System32\ATL.DLL
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\MSWSOCK.DLL
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
EXPLORER.EXE pid: 984
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x01000000 0x100000 6.00.2900.3156 C:\WINDOWS\Explorer.EXE
0x75f10000 0xfd000 6.00.2900.3268 C:\WINDOWS\system32\BROWSEUI.dll
0x7e210000 0x171000 6.00.2900.3268 C:\WINDOWS\system32\SHDOCVW.dll
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x5b950000 0x73000 6.00.2900.2180 C:\WINDOWS\System32\themeui.dll
0x76310000 0x5000 5.01.2600.2180 C:\WINDOWS\System32\MSIMG32.dll
0x71ca0000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll
0x5ffb0000 0x33000 5.01.2600.2180 C:\WINDOWS\System32\msutb.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\System32\MSCTF.dll
0x76920000 0x8000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x75d30000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\MLANG.dll
0x76bb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\credui.dll
0x76540000 0x21000 5.01.2600.2180 C:\WINDOWS\System32\stobject.dll
0x74a60000 0xa000 6.00.2900.2180 C:\WINDOWS\System32\BatMeter.dll
0x75ef0000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\drprov.dll
0x71b70000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\ntlanman.dll
0x71c30000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\NETUI0.dll
0x71bf0000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\NETUI1.dll
0x75f00000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\davclnt.dll
0x16200000 0x6000 4.01.0000.0000 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
------------------------------------------------------------------------------
PmProxy.exe pid: 920
Command line: "C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe"

Base Size Version Path
0x00400000 0xa000 1.00.0000.0013 C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
0x10000000 0x33000 1.00.0000.0013 C:\Program Files\Analog Devices\SoundMAX\PMCPL.cpl
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
00THotkey.exe pid: 1008
Command line: "C:\WINDOWS\System32\00THotkey.exe"

Base Size Version Path
0x00400000 0x40000 1.00.0000.0018 C:\WINDOWS\System32\00THotkey.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x10000000 0x7000 1.00.0000.0001 C:\WINDOWS\system32\TSCI.DLL
0x00930000 0x7000 1.00.0000.0001 C:\WINDOWS\system32\THCI.DLL
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
TPWRTRAY.EXE pid: 1344
Command line: "C:\WINDOWS\system32\TPWRTRAY.EXE"

Base Size Version Path
0x00400000 0x38000 4.00.0000.0000 C:\WINDOWS\system32\TPWRTRAY.EXE
0x74a50000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\CFGMGR32.dll
0x10000000 0x18000 6.00.0000.0009 C:\WINDOWS\system32\TPwrReg.dll
0x00320000 0x1d000 6.00.0000.0021 C:\WINDOWS\system32\Tdevdetect.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x003f0000 0x7000 1.00.0000.0001 C:\WINDOWS\system32\TSCI.DLL
0x009a0000 0x7000 1.00.0000.0001 C:\WINDOWS\system32\THCI.DLL
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
TMESBS32.EXE pid: 1400
Command line: "C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE" /Client

Base Size Version Path
0x00400000 0xf000 2.01.0001.0012 C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
0x10000000 0x7000 1.00.0000.0001 C:\WINDOWS\system32\THCI.dll
0x74a50000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\CFGMGR32.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
TFncKy.exe pid: 1456
Command line: "C:\Program Files\Toshiba\Commandes TOSHIBA\TFncKy.exe" /Type 28

Base Size Version Path
0x00400000 0x25000 2.04.0000.0006 C:\Program Files\Toshiba\Commandes TOSHIBA\TFncKy.exe
0x10000000 0x7000 1.00.0000.0001 C:\WINDOWS\system32\THCI.dll
0x00320000 0xb000 2.04.0000.0000 C:\WINDOWS\system32\TCtrlCommon.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
TFNF5.EXE pid: 1468
Command line: "C:\WINDOWS\system32\TFNF5.exe"

Base Size Version Path
0x00400000 0x11000 1.00.0001.0000 C:\WINDOWS\system32\TFNF5.exe
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
TouchED.exe pid: 1108
Command line: "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"

Base Size Version Path
0x00400000 0x36000 2.00.0001.0006 C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
WkUFind.exe pid: 2032
Command line: "C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe"

Base Size Version Path
0x00400000 0x7000 7.00.0709.0000 C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
0x7c000000 0x54000 7.00.9466.0000 C:\WINDOWS\system32\MSVCR70.dll
------------------------------------------------------------------------------
RUNDLL32.EXE pid: 1752
Command line: "C:\WINDOWS\system32\rundll32.exe" stmctrl.dll,TaskBar

Base Size Version Path
0x01000000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\rundll32.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x10000000 0x28000 1.09.0000.0003 C:\WINDOWS\system32\stmctrl.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
HPGS2WND.EXE pid: 1552
Command line: "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"

Base Size Version Path
0x00400000 0x12000 2.03.0000.0162 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x10000000 0x5000 2.06.0000.0162 C:\Program Files\Hewlett-Packard\HP Share-to-Web\S2WNSRES.DLL
0x00900000 0x6000 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
ezSP_Px.exe pid: 1584
Command line: "C:\WINDOWS\System32\ezSP_Px.exe"

Base Size Version Path
0x00400000 0xa000 1.00.0000.0000 C:\WINDOWS\System32\ezSP_Px.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
DragDrop.exe pid: 1576
Command line: "C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe" /StartUp

Base Size Version Path
0x00400000 0xc5000 2.01.0000.0000 C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
0x10000000 0x2d000 1.00.0001.0000 C:\Program Files\Drag'n Drop CD\BinFiles\DGSSTRM.DLL
0x00330000 0x1c000 1.01.0000.0358 C:\Program Files\Drag'n Drop CD\BinFiles\PRIMOSDK.dll
0x00350000 0x72000 1.06.0014.0507 C:\WINDOWS\system32\PX.dll
0x004d0000 0x3f000 2.01.0000.0000 C:\Program Files\Drag'n Drop CD\BinFiles\ezCDmker.dll
0x003d0000 0x12000 1.00.0000.0001 C:\Program Files\Drag'n Drop CD\BinFiles\ezID3.dll
0x5f400000 0xf2000 6.00.8665.0000 C:\Program Files\Drag'n Drop CD\BinFiles\MFC42.DLL
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x780a0000 0x12000 6.00.8168.0000 C:\Program Files\Drag'n Drop CD\BinFiles\MSVCIRT.dll
0x003f0000 0x7000 1.00.0000.0000 C:\Program Files\Drag'n Drop CD\BinFiles\TRANSWIN.dll
0x00510000 0x2d000 2.06.0003.0000 C:\Program Files\Drag'n Drop CD\BinFiles\ezLICEN.dll
0x00540000 0x14000 1.00.0000.0001 C:\Program Files\Drag'n Drop CD\BinFiles\ezLICEN1.dll
0x780c0000 0x61000 6.00.8168.0000 C:\Program Files\Drag'n Drop CD\BinFiles\MSVCP60.dll
0x00560000 0x7000 1.00.0000.0100 C:\Program Files\Drag'n Drop CD\BinFiles\Wmp7Chk.dll
0x00570000 0x8000 1.00.0000.0000 C:\Program Files\Drag'n Drop CD\BinFiles\RegRcvry.dll
0x00c80000 0x68000 2.01.0000.0000 C:\Program Files\Drag'n Drop CD\BinFiles\DDCDRES.DLL
0x76920000 0x8000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x00fc0000 0x4f000 1.00.0047.0000 C:\WINDOWS\system32\PXDRV.DLL
0x01010000 0x24000 1.06.0014.0507 C:\WINDOWS\system32\PXMAS.DLL
0x01040000 0x7b000 1.06.0014.0507 C:\WINDOWS\system32\PXWAVE.DLL
0x010c0000 0x7000 1.00.0000.0000 C:\Program Files\Drag'n Drop CD\BinFiles\TRANS.DLL
0x010d0000 0x2a000 1.00.0000.0002 C:\Program Files\Drag'n Drop CD\BinFiles\DGMP3RD.DLL
0x01110000 0x13000 1.00.0000.0001 C:\Program Files\Drag'n Drop CD\BinFiles\DGWAVOT.DLL
0x01240000 0x13000 1.00.0000.0001 C:\Program Files\Drag'n Drop CD\BinFiles\DGWAVRD.DLL
0x01370000 0x16000 1.00.0000.0001 C:\Program Files\Drag'n Drop CD\BinFiles\DGWAVWT.DLL
0x01580000 0x6f000 1.00.0000.0002 C:\Program Files\Drag'n Drop CD\BinFiles\DGMP3WT.DLL
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x013d0000 0x7000 1.00.0051.0000 C:\WINDOWS\system32\VxBlock.dll
0x75d30000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\MLANG.dll
------------------------------------------------------------------------------
QTTASK.EXE pid: 1660
Command line: "C:\Program Files\QuickTime\qttask.exe" -atboottime

Base Size Version Path
0x00400000 0x14000 6.04.0000.0029 C:\Program Files\QuickTime\qttask.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x66800000 0x631000 6.05.0002.0010 C:\WINDOWS\system32\QuickTime.qts
0x5f140000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\OLEPRO32.DLL
0x736b0000 0x49000 5.03.2600.2180 C:\WINDOWS\system32\ddraw.dll
0x73b10000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\DCIMAN32.dll
0x67760000 0x93000 6.05.0001.0017 C:\WINDOWS\system32\QuickTime\QuickTime3GPP.qtx
0x67100000 0x191000 6.05.0002.0010 C:\WINDOWS\system32\QuickTime\QuickTimeAuthoring.qtx
0x672a0000 0x49000 6.05.0001.0017 C:\WINDOWS\system32\QuickTime\QuickTimeCapture.qtx
0x672f0000 0x7e000 6.05.0001.0017 C:\WINDOWS\system32\QuickTime\QuickTimeEffects.qtx
0x67550000 0x7d000 6.05.0001.0017 C:\WINDOWS\system32\QuickTime\QuickTimeEssentials.qtx
0x67380000 0x84000 6.05.0001.0017 C:\WINDOWS\system32\QuickTime\QuickTimeImage.qtx
0x67020000 0xd7000 6.05.0002.0010 C:\WINDOWS\system32\QuickTime\QuickTimeInternetExtras.qtx
0x674e0000 0x6a000 6.05.0001.0017 C:\WINDOWS\system32\QuickTime\QuickTimeMPEG.qtx
0x675d0000 0x78000 6.05.0002.0010 C:\WINDOWS\system32\QuickTime\QuickTimeMPEG4.qtx
0x67650000 0xb4000 6.05.0002.0010 C:\WINDOWS\system32\QuickTime\QuickTimeMPEG4Authoring.qtx
0x67410000 0x83000 6.05.0001.0017 C:\WINDOWS\system32\QuickTime\QuickTimeMusic.qtx
0x66e40000 0xb9000 6.05.0001.0017 C:\WINDOWS\system32\QuickTime\QuickTimeStreaming.qtx
0x67890000 0x4c000 6.05.0002.0010 C:\WINDOWS\system32\QuickTime\QuickTimeStreamingAuthoring.qtx
0x678e0000 0x1f000 6.05.0001.0017 C:\WINDOWS\system32\QuickTime\QuickTimeStreamingExtras.qtx
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
realsched.exe pid: 1236
Command line: "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

Base Size Version Path
0x00400000 0x2f000 0.01.0000.3510 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
------------------------------------------------------------------------------
PPTD40NT.EXE pid: 1976
Command line: "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

Base Size Version Path
0x00400000 0xe000 9.02.0000.0823 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
0x006c0000 0x1b000 9.02.0000.0823 C:\Program Files\ScanSoft\PaperPort\MAXUTIL.dll
0x00700000 0x18000 9.02.0000.0823 C:\Program Files\ScanSoft\PaperPort\PPERR.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x68600000 0x6000 1.00.0000.0001 C:\Program Files\ScanSoft\PaperPort\blicectr.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
BrMfcWnd.exe pid: 2184
Command line: "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN

Base Size Version Path
0x00400000 0x98000 2.00.0000.0010 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x10000000 0x7f000 2.00.0000.0000 C:\Program Files\Brother\Brmfcmon\BRMFCWNDFre.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
------------------------------------------------------------------------------
BrccMCtl.exe pid: 2268
Command line: "C:\Program Files\Brother\ControlCenter3\brccMCtl.exe" /autorun

Base Size Version Path
0x00400000 0x54000 3.00.0083.0083 C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
0x10000000 0x9f000 3.00.0055.0055 C:\Program Files\Brother\ControlCenter3\brccDCtl.dll
0x00330000 0x26000 3.00.0012.0041 C:\Program Files\Brother\ControlCenter3\brccFCtl.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x1ff70000 0x44000 12.01.0000.0068 C:\Program Files\Brother\ControlCenter3\LTDIS12n.dll
0x1fff0000 0x69000 12.01.0000.0068 C:\Program Files\Brother\ControlCenter3\LTKRN12n.dll
0x1ffc0000 0x27000 12.01.0000.0073 C:\Program Files\Brother\ControlCenter3\LTFIL12n.DLL
0x00360000 0xc000 1.00.0000.0001 C:\Program Files\Brother\ControlCenter3\BrImgPDF.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x016e0000 0x1a000 3.00.0004.0004 C:\Program Files\Brother\ControlCenter3\brccfre.dll
0x01700000 0x4a3000 3.00.0000.0000 C:\Program Files\Brother\ControlCenter3\brccimg.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x76920000 0x8000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x75d30000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\MLANG.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x30000000 0x2ef000 9.00.0047.0000 C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
0x5f140000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\OLEPRO32.DLL
0x69000000 0xe000 8.05.0001.0102 C:\WINDOWS\system32\Macromed\Common\SwSupport.dll
0x76790000 0x27000 5.01.2600.3126 C:\WINDOWS\system32\schannel.dll
------------------------------------------------------------------------------
WINAMPA.EXE pid: 2280
Command line: "C:\Program Files\Winamp\winampa.exe"

Base Size Version Path
0x00400000 0xe000 C:\Program Files\Winamp\winampa.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
RegistrySmart.exe pid: 2288
Command line: "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot

Base Size Version Path
0x00400000 0x428000 2.09.2951.0953 C:\Program Files\RegistrySmart\RegistrySmart.exe
0x10000000 0x29000 C:\Program Files\RegistrySmart\TCL.dll
0x76310000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x00340000 0x27000 1.02.0003.0000 C:\Program Files\RegistrySmart\zlib.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x00f70000 0x77000 1.00.2951.0951 C:\Program Files\RegistrySmart\RegCleaner.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x73520000 0x47000 5.01.2600.2180 C:\WINDOWS\System32\mstask.dll
0x76740000 0x13000 5.01.2600.2180 C:\WINDOWS\System32\NTDSAPI.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\System32\DNSAPI.dll
0x70de0000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\asycfilt.dll
0x72220000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
AVP.EXE pid: 2300
Command line: "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

------------------------------------------------------------------------------
CTFMON.EXE pid: 2308
Command line: "C:\WINDOWS\system32\ctfmon.exe"

Base Size Version Path
0x00400000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\ctfmon.exe
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x5ffb0000 0x33000 5.01.2600.2180 C:\WINDOWS\system32\MSUTB.dll
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
------------------------------------------------------------------------------
MSNMSGR.EXE pid: 2320
Command line: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

Base Size Version Path
0x00400000 0x56a000 8.01.0178.0000 C:\Program Files\MSN Messenger\MsnMsgr.Exe
0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll
0x76310000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
0x4eb80000 0x1a3000 5.01.3102.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x59100000 0xf7000 8.01.0178.0000 C:\Program Files\MSN Messenger\MSNCore.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x27500000 0xc8000 4.100.0313.0001 C:\Program Files\MSN Messenger\msidcrl40.dll
0x72220000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\SensApi.dll
0x5a700000 0x55000 8.01.0178.0000 C:\Program Files\MSN Messenger\ContactsUX.dll
0x75ed0000 0x13000 5.131.2600.2180 C:\WINDOWS\system32\CRYPTNET.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x75c80000 0xab000 6.00.2900.3198 C:\WINDOWS\system32\inetcomm.dll
0x76a80000 0x22000 6.00.2900.2180 C:\WINDOWS\system32\MSOERT2.dll
0x01280000 0xe000 6.00.2900.2180 C:\WINDOWS\system32\inetres.dll
0x59300000 0x1a9000 8.01.0178.0000 C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll
0x5b200000 0x23e000 8.01.0178.0000 C:\Program Files\MSN Messenger\msgsres.dll
0x012b0000 0xb000 9.00.3790.2428 C:\Program Files\MSN Messenger\custsat.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x79000000 0x1a4000 1.07.0256.0000 C:\Program Files\MSN Messenger\lcapi.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x73e60000 0x5c000 5.03.2600.2180 C:\WINDOWS\system32\DSOUND.dll
0x73600000 0x7000 6.05.2600.2180 C:\WINDOWS\system32\msdmo.dll
0x7a100000 0x60000 1.07.0109.0000 C:\Program Files\MSN Messenger\lcres.dll
0x016d0000 0x3db000 3.00.5774.0000 C:\Program Files\MSN Messenger\RTMPLTFM.dll
0x76570000 0x11000 6.05.2600.2180 C:\WINDOWS\System32\devenum.dll
0x74780000 0x16e000 6.05.2600.3243 C:\WINDOWS\System32\quartz.dll
0x736b0000 0x49000 5.03.2600.2180 C:\WINDOWS\system32\DDRAW.dll
0x73b10000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\DCIMAN32.dll
0x73890000 0xd0000 5.03.2600.2180 C:\WINDOWS\system32\D3DIM700.DLL
0x6cb80000 0x12000 5.03.2600.2180 C:\WINDOWS\system32\dpnhupnp.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76790000 0x27000 5.01.2600.3126 C:\WINDOWS\system32\schannel.dll
0x5b500000 0xa4000 8.01.0178.0000 C:\Program Files\MSN Messenger\MSGSWCAM.dll
0x5a600000 0x13000 8.01.0178.0000 C:\WINDOWS\system32\sirenacm.dll
0x776d0000 0x41000 2001.12.4414.0308 C:\WINDOWS\System32\es.dll
0x74da0000 0x6c000 5.30.0023.1228 C:\WINDOWS\system32\RichEd20.dll
0x74660000 0x2a000 5.01.2600.2180 C:\WINDOWS\System32\msimtf.dll
------------------------------------------------------------------------------
CTSyncU.exe pid: 2332
Command line: "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

Base Size Version Path
0x00400000 0xab000 6.01.0007.0000 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
0x10000000 0x11000 3.00.0000.0000 C:\Program Files\Creative\Sync Manager Unicode\CTIntrfu.dll
0x086d0000 0x247000 10.00.0000.4054 C:\WINDOWS\system32\WMVCore.DLL
0x070d0000 0x3b000 10.00.0000.4060 C:\WINDOWS\system32\WMASF.DLL
0x5f800000 0xf2000 6.02.8071.0000 C:\WINDOWS\system32\MFC42u.DLL
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x009b0000 0x2f000 6.01.0001.0000 C:\Program Files\Creative\Sync Manager Unicode\CTSyncRs.crl
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x00a30000 0x36000 6.01.0000.0000 C:\Program Files\Creative\Sync Manager Unicode\CTTEMgru.cte
0x74a50000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\CFGMGR32.dll
0x00a70000 0x22000 6.00.0003.0000 C:\Program Files\Creative\Sync Manager Unicode\CTPCMLu.cte
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x00bf0000 0x6000 1.04.0001.0000 C:\Program Files\Creative\Sync Manager Unicode\mfinfou.dll
0x00c00000 0x8d000 1.02.0024.0000 C:\Program Files\Creative\Sync Manager Unicode\CTDBEngU.dll
0x6da40000 0x19000 2.81.1128.0000 C:\Program Files\Fichiers communs\System\ado\msjro.dll
0x768e0000 0x25000 2.81.1117.0000 C:\WINDOWS\system32\MSDART.DLL
0x4dd40000 0x83000 2.81.1128.0000 C:\Program Files\Fichiers communs\System\ado\msado15.dll
0x73ec0000 0x77000 2.81.1117.0000 C:\Program Files\Fichiers communs\System\Ole DB\oledb32.dll
0x74fb0000 0x14000 2.81.1117.0000 C:\Program Files\Fichiers communs\System\Ole DB\OLEDB32R.DLL
0x1b570000 0x55000 4.00.8227.0000 C:\WINDOWS\System32\msjetoledb40.dll
0x1b000000 0x170000 4.00.8618.0000 C:\WINDOWS\System32\msjet40.dll
0x1b5d0000 0x95000 4.00.8905.0000 C:\WINDOWS\System32\mswstr10.dll
0x1b2c0000 0xd000 4.00.6508.0000 C:\WINDOWS\System32\msjter40.dll
0x1b2d0000 0x2e000 4.00.8905.0000 C:\WINDOWS\System32\MSJINT40.DLL
0x4d740000 0x31000 2.81.1128.0000 C:\Program Files\Fichiers communs\System\ado\msadox.dll
0x4cb20000 0xe000 2.81.1117.0000 C:\Program Files\Fichiers communs\System\ado\msadrh15.dll
0x1b810000 0x3a000 4.00.8618.0000 C:\WINDOWS\system32\MSJTES40.DLL
0x0f9a0000 0xb000 6.00.0001.9431 C:\WINDOWS\system32\VBAJET32.DLL
0x0f9c0000 0x62000 6.00.0072.9589 C:\WINDOWS\system32\expsrv.dll
0x01100000 0x7c000 6.01.0000.0000 C:\Program Files\Creative\Sync Manager Unicode\CTMyComu.cte
0x4eb80000 0x1a3000 5.01.3102.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
0x06f50000 0x5f000 1.03.0007.0000 C:\Program Files\Creative\Shared Files\MtpManU.dll
0x08df0000 0x51000 10.00.3790.3911 C:\WINDOWS\system32\MSWMDM.dll
0x070b0000 0xa000 10.00.3790.3802 C:\WINDOWS\system32\WMDMLOG.dll
0x08e60000 0xb000 10.00.3790.3802 C:\WINDOWS\system32\WMDMPS.dll
0x08d60000 0x38000 10.00.3790.3802 C:\WINDOWS\system32\MsPMSP.dll
------------------------------------------------------------------------------
GoogleToolbarNotifier.exe pid: 2348
Command line: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

Base Size Version Path
0x00400000 0x13000 2.00.0301.1654 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
0x10000000 0x2e000 2.00.0301.7164 C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x003f0000 0xf000 2.00.0301.7164 C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_fr.dll
0x00a10000 0x54000 2.00.0301.7164 C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
------------------------------------------------------------------------------
SVCHOST.EXE pid: 2424
Command line: C:\WINDOWS\System32\svchost.exe -k HTTPFilter

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x5ada0000 0x7000 6.00.2600.2180 c:\windows\system32\w3ssl.dll
0x5a1f0000 0x16000 6.00.2600.2180 C:\WINDOWS\System32\strmfilt.dll
0x679d0000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\HTTPAPI.dll
------------------------------------------------------------------------------
TWCU.EXE pid: 2468
Command line: "C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe" -s

Base Size Version Path
0x00400000 0x9d000 1.01.0006.0000 C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
0x10000000 0x179000 3.03.0010.0000 C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\AegisE5.dll
0x5f140000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\OLEPRO32.DLL
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
------------------------------------------------------------------------------
HPGS2WNF.EXE pid: 2636
Command line: "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe" -Embedding

Base Size Version Path
0x00400000 0x13000 2.06.0000.0162 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x10000000 0x5000 2.06.0000.0162 C:\Program Files\Hewlett-Packard\HP Share-to-Web\S2WNSRES.DLL
0x00900000 0x6000 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
------------------------------------------------------------------------------
FIREFOX.EXE pid: 604
Command line: "C:\Program Files\Mozilla Firefox\firefox.exe"

Base Size Version Path
0x00400000 0x762000 1.08.20080.20121 C:\Program Files\Mozilla Firefox\firefox.exe
0x600d0000 0x71000 4.00.0000.0000 C:\Program Files\Mozilla Firefox\js3250.dll
0x601a0000 0x27000 4.06.0008.0000 C:\Program Files\Mozilla Firefox\nspr4.dll
0x60360000 0x6a000 1.08.20080.20121 C:\Program Files\Mozilla Firefox\xpcom_core.dll
0x60280000 0x7000 4.06.0008.0000 C:\Program Files\Mozilla Firefox\plc4.dll
0x60290000 0x6000 4.06.0008.0000 C:\Program Files\Mozilla Firefox\plds4.dll
0x602b0000 0x1a000 3.11.0005.0000 C:\Program Files\Mozilla Firefox\smime3.dll
0x601d0000 0x5b000 3.11.0005.0000 C:\Program Files\Mozilla Firefox\nss3.dll
0x602d0000 0x3f000 3.11.0004.0000 C:\Program Files\Mozilla Firefox\softokn3.dll
0x60310000 0x20000 3.11.0005.0000 C:\Program Files\Mozilla Firefox\ssl3.dll
0x60340000 0x14000 1.08.20080.20121 C:\Program Files\Mozilla Firefox\xpcom_compat.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x60040000 0xa000 1.08.20080.20121 C:\Program Files\Mozilla Firefox\components\myspell.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x60010000 0x12000 1.08.20080.20121 C:\Program Files\Mozilla Firefox\components\jar50.dll
0x10000000 0x6000 1.08.20080.20121 C:\Program Files\Mozilla Firefox\extensions\talxxxxx@xxxxxla.org\components\qfaservices.dll
0x018b0000 0x25000 2.02.0000.0000 C:\Program Files\Mozilla Firefox\extensions\talxxxxx@xxxxxla.org\components\FULLSOFT.DLL
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x01a20000 0x26000 C:\Documents and Settings\patricia romé\Application Data\Mozilla\Firefox\Profiles\ljgkug08.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
0x60330000 0x6000 1.08.20080.20121 C:\Program Files\Mozilla Firefox\xpcom.dll
0x74660000 0x2a000 5.01.2600.2180 C:\WINDOWS\System32\msimtf.dll
0x02160000 0x59000 C:\Documents and Settings\patricia romé\Application Data\Mozilla\Firefox\Profiles\ljgkug08.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
0x60090000 0x31000 3.11.0004.0000 C:\Program Files\Mozilla Firefox\freebl3.dll
0x60230000 0x41000 1.64.0000.0000 C:\Program Files\Mozilla Firefox\nssckbi.dll
0x76310000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\msimg32.dll
0x60050000 0xe000 1.08.20080.20121 C:\Program Files\Mozilla Firefox\components\spellchk.dll
0x75d30000 0x91000 6.00.2900.2180 C:\WINDOWS\System32\mlang.dll
0x76790000 0x27000 5.01.2600.3126 C:\WINDOWS\system32\schannel.dll
0x30000000 0x395000 9.00.0115.0000 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
0x69000000 0xe000 8.05.0001.0102 C:\WINDOWS\system32\Macromed\Common\SwSupport.dll
------------------------------------------------------------------------------
wuauclt.exe pid: 2660
Command line: "C:\WINDOWS\system32\wuauclt.exe"

Base Size Version Path
0x00400000 0xd000 7.00.6000.0381 C:\WINDOWS\system32\wuauclt.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x507e0000 0x51000 7.00.6000.0381 C:\WINDOWS\system32\wucltui.dll
0x76310000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
0x750c0000 0x14000 5.01.2600.2180 C:\WINDOWS\system32\Cabinet.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x50e60000 0xc000 7.00.6000.0381 C:\WINDOWS\system32\wups2.dll
0x508e0000 0x36000 7.00.6000.0381 C:\WINDOWS\system32\wuaucpl.cpl
0x509e0000 0x42000 7.00.6000.0381 C:\WINDOWS\system32\mucltui.dll
------------------------------------------------------------------------------
SYS77654.EXE pid: 1096
Command line: "C:\Documents and Settings\patricia romé\Bureau\sys77654.exe"

Base Size Version Path
0x00400000 0x39000 C:\Documents and Settings\patricia romé\Bureau\sys77654.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
runme.exe pid: 2864
Command line: runme.exe

Base Size Version Path
0x00400000 0x62000 3.05.0000.0000 C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\nsc106.tmp\runme.exe
0x73370000 0x154000 6.00.0096.0090 C:\WINDOWS\system32\MSVBVM60.DLL
0x66630000 0x20000 6.00.0089.0088 C:\WINDOWS\system32\VB6FR.DLL
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x75140000 0x2e000 5.01.2600.2180 C:\WINDOWS\system32\msctfime.ime
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x72220000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
CMD.EXE pid: 3324
Command line: cmd /c uuoywfrygn.exe >> C:\suspectfile\tempd.txt

Base Size Version Path
0x4ad00000 0x64000 5.01.2600.2180 C:\WINDOWS\system32\cmd.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------
uuoywfrygn.exe pid: 3680
Command line: uuoywfrygn.exe

Base Size Version Path
0x00400000 0x14000 2.25.0000.0000 C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\nsc106.tmp\uuoywfrygn.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

===================== NTFS ADS =====================

====================
0
Réponse 46 / 55
gabie44
 
~~~~~~~~~~~~~~~~~~~~~ TRUSTED DOMAINS ~~~~~~~~~~~~~~~~~~~~~

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

~~~~~~~~~~~~~~~~~~~~~ TRUSTED IPs ~~~~~~~~~~~~~~~~~~~~~

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\

~~~~~~~~~~~~~~~~~~~~~ RAS active connections ~~~~~~~~~~~~~~~~~~~~~

Aucune connexion
La commande a ‚t‚ ex‚cut‚e.

~~~~~~~~~~~~~~~~~~~~~ Rasphone.pbk content ~~~~~~~~~~~~~~~~~~~~~

-----C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk

[Test]
Encoding=1
Type=1
AutoLogon=0
UseRasCredentials=0
DialParamsUID=3150780
Guid=98C06E267A7D344CB7A8B15703FA5457
BaseProtocol=1
VpnStrategy=0
ExcludedProtocols=3
LcpExtensions=1
DataEncryption=8
SwCompression=1
NegotiateMultilinkAlways=0
SkipNwcWarning=0
SkipDownLevelDialog=0
SkipDoubleDialDialog=0
DialMode=1
DialPercent=75
DialSeconds=120
HangUpPercent=10
HangUpSeconds=120
OverridePref=15
RedialAttempts=3
RedialSeconds=60
IdleDisconnectSeconds=1200
RedialOnLinkFailure=1
CallbackMode=0
CustomDialDll=
CustomDialFunc=
CustomRasDialDll=
AuthenticateServer=0
ShareMsFilePrint=0
BindMsNetClient=0
SharedPhoneNumbers=1
GlobalDeviceSettings=0
PrerequisiteEntry=
PrerequisitePbk=
PreferredPort=
PreferredDevice=
PreferredBps=0
PreferredHwFlow=0
PreferredProtocol=0
PreferredCompression=0
PreferredSpeaker=0
PreferredMdmProtocol=0
PreviewUserPw=1
PreviewDomain=0
PreviewPhoneNumber=1
ShowDialingProgress=1
ShowMonitorIconInTaskBar=1
CustomAuthKey=-1
AuthRestrictions=632
TypicalAuth=1
IpPrioritizeRemote=1
IpHeaderCompression=1
IpAddress=0.0.0.0
IpDnsAddress=0.0.0.0
IpDns2Address=0.0.0.0
IpWinsAddress=0.0.0.0
IpWins2Address=0.0.0.0
IpAssign=1
IpNameAssign=1
IpFrameSize=1006
IpDnsFlags=0
IpNBTFlags=0
TcpWindowSize=0
UseFlags=1
IpSecFlags=0
IpDnsSuffix=

NETCOMPONENTS=
ms_server=0
ms_msclient=0

MEDIA=rastapi
Port=ATM13-0
Device=WAN/ATM/ADSL miniport

DEVICE=ATM
PhoneNumber=
AreaCode=
CountryCode=33
CountryID=33
UseDialingRules=0
Comment=
LastSelectedPhone=0
PromoteAlternates=0
TryNextAlternateOnFail=1

MEDIA=serial
Port=COM4
Device=TOSHIBA Software Modem AMR
ConnectBPS=115200

DEVICE=modem
PhoneNumber=
AreaCode=
CountryCode=33
CountryID=33
UseDialingRules=0
Comment=
LastSelectedPhone=0
PromoteAlternates=0
TryNextAlternateOnFail=1
HwFlowControl=1
Protocol=1
Compression=1
Speaker=1
MdmProtocol=0

===================== HOSTS FILE =====================

127.0.0.1 localhost

===================== Checking Suspicious files =====================
EXE and DLL files packed with runtime packers, found in: C:\; C:\WINDOWS\; C:\WINDOWS\system32\

C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\BFU.exe --> is compressed with UPX

===================== Applications installed on PC =====================

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall-----

[Uninstall]

[Uninstall\AddressBook]

[Uninstall\Adobe Flash Player Plugin]
"DisplayName"="Adobe Flash Player Plugin"
"DisplayIcon"="C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe"
"UninstallString"="C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe"

[Uninstall\Adobe Photoshop 5.0]
"UninstallString"="C:\WINDOWS\UNIN040C.EXE -f\"C:\Program Files\Adobe\Photoshop 5.0\DeIsL1.isu\" -c\"C:\Program Files\Adobe\Photoshop 5.0\Uninst.dll\""
"DisplayName"="Adobe Photoshop 5.0"
"InstallSource"="E:\PHOTOSHP\"

[Uninstall\AudibleManager]
"DisplayName"="AudibleManager"
"UninstallString"="C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall"

[Uninstall\bdwchcdrdi]
"DisplayName"="Browser.En hancer"
"UninstallString"="C:\DOCUME~1\PATRIC~1\APPLIC~1\gcieodss.exe -UnIst"

[Uninstall\Branding]

[Uninstall\CADI]
"UninstallString"="RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup \"C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe\" -l0x40c /remove"
"DisplayIcon"="C:\Program Files\Creative\ShareDLL\CADI\Ctcadi.dll,0"

[Uninstall\Connection Manager]

[Uninstall\couponsandoffers3.xml]
"DisplayName"="Coupons and Offers"
"UninstallString"="wjview /cp:p \"C:\Program Files\couponsandoffers\System\Code\" Main lp: \"C:\Program Files\couponsandoffers\" ls: deletefeature ld: feature=couponsandoffers3.xml"

[Uninstall\Creative Audio CD Ripper]
"UninstallString"="RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup \"C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe\" -l0x40c /remove"
"DisplayIcon"="C:\Program Files\Creative\CD Ripping Wizard Unicode 2\CTRipU2.exe,0"

[Uninstall\Creative MediaSource]
"UninstallString"="RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe\" -l0x40c /remove"

[Uninstall\Creative MediaSource 5]

[Uninstall\Creative MediaSource CD-ROM Burner Plugin Unicode]
"UninstallString"="\"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe\" /remove /l0x040c"

[Uninstall\Creative MediaSource Detector]
"UninstallString"="RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe\" -l0x40c /remove"

[Uninstall\Creative MediaSource Net Content Plugin Unicode]
"UninstallString"="\"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe\" /remove /l0x040c"

[Uninstall\Creative MediaSource Online Store Plugin]
"UninstallString"="\"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe\" /remove /l0x040c"

[Uninstall\Creative MediaSource Player Skin Pack]
"UninstallString"="RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe\" -l0x40c /remove"

[Uninstall\Creative MediaSource Player Skin Pack Unicode]
"UninstallString"="\"C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe\" /remove /l0x040c"

[Uninstall\Creative MediaSource Plugin for PlaysForSure Unicode]
"UninstallString"="\"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe\" /remove /l0x040c"

[Uninstall\Creative MediaSource Unicode]
"UninstallString"="\"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe\" /remove /l0x040c"

[Uninstall\Creative Removable Disk Manager]
"UninstallString"="RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup \"C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe\" -l0x40c /remove"
"DisplayIcon"="C:\Program Files\Creative\DiskManager\CTPDEMgr.exe,0"
"DisplayName"="Gestionnaire de disques amovible Creative"

[Uninstall\Creative SmartFill]
"UninstallString"="RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup \"C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe\" -l0x40c /remove"
"DisplayIcon"="C:\Program Files\Creative\SmartFill Wizard\CTFillU.exe,0"

[Uninstall\Creative Sync Manager (Unicode)]
"UninstallString"="RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup \"C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe\" -l0x40c /remove"
"DisplayIcon"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe,0"

[Uninstall\Creative Video Converter]
"UninstallString"="RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup \"C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe\" -l0x40c /remove"
"DisplayIcon"="C:\Program Files\Creative\Video Converter\CtConvU.exe,0"

[Uninstall\Creative ZEN V Series (R2)]

[Uninstall\CutePDF Writer Installation]
"DisplayName"="CutePDF Writer 2.7"
"UninstallString"="C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall"

[Uninstall\dBpowerAMP Music Converter]
"DisplayName"="dBpowerAMP Music Converter"
"UninstallString"="\"C:\WINDOWS\System32\SpoonUninstall.exe\" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat"

[Uninstall\dBpowerAMP Real Audio Codec]
"DisplayName"="dBpowerAMP Real Audio Codec"
"UninstallString"="\"C:\WINDOWS\System32\SpoonUninstall.exe\" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Real Audio Codec.dat"

[Uninstall\dBPowerAMP Real Audio Encoder R3]
"DisplayName"="dBPowerAMP Real Audio Encoder R3"
"UninstallString"="\"C:\WINDOWS\System32\SpoonUninstall.exe\" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBPowerAMP Real Audio Encoder R3.dat"

[Uninstall\DirectAnimation]

[Uninstall\DirectDrawEx]

[Uninstall\DXM_Runtime]

[Uninstall\EMT3]
"UninstallString"="C:\WINDOWS\IsUn040c.exe -f\"C:\Program Files\TOSHIBA\TME3\Uninst.isu\""
"DisplayName"="TOSHIBA Mobile Extension3 pour Windows XP V3.33.00.XP"

[Uninstall\expinst]

[Uninstall\FlashComponents]
"DisplayName"="Module d’enregistrement 1.5.1.2"
"UninstallString"="C:\Program Files\Fichiers communs\YDP\FlashComponents\uninst.exe"
"DisplayIcon"="C:\Program Files\Fichiers communs\YDP\FlashComponents\uninst.exe"

[Uninstall\Fontcore]

[Uninstall\FrontPageExpress]
"DisplayName"="Microsoft FrontPage Express"
"UninstallString"="RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\fpxpress.inf, Uninstall"

[Uninstall\funk phone default]
"DisplayName"="Window Searching"
"UninstallString"="C:\PROGRA~1\DEFYFI~1\holedumbcoal.exe -uninstall"

[Uninstall\getPlus(R)_ocx]
"DisplayIcon"="C:\WINDOWS\Downloaded Program Files\gp.ocx"
"DisplayName"="getPlus(R)_ocx"
"UninstallString"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall"

[Uninstall\HijackThis]
"DisplayName"="HijackThis 2.0.2"
"UninstallString"="\"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe\" /uninstall"
"DisplayIcon"="C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"

[Uninstall\HPW8 Toolbox]
"UninstallString"="C:\WINDOWS\ISUN040C.EXE -a -f\"C:\Program Files\Hewlett-Packard\HP DeskJet 1220C Toolbox\Uninst.isu\" -c\"C:\Program Files\Hewlett-Packard\HP DeskJet 1220C Toolbox\hpwioi.dll\" -i\"tbxinst.ini\" -h\"HPZIOU00.DLL\""

[Uninstall\ICW]

[Uninstall\IDNMitigationAPIs]
"DisplayName"="Microsoft Internationalized Domain Names Mitigation APIs"
"UninstallString"="\"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe\""

[Uninstall\IE40]

[Uninstall\IE4Data]

[Uninstall\IE5BAKEX]

[Uninstall\IEData]

[Uninstall\IEREADME]

[Uninstall\Imprimante HP DeskJet 1220C]
"UninstallString"="C:\WINDOWS\ISUN040C.EXE -a -f\"C:\Program Files\Hewlett-Packard\HP DeskJet 1220C Printer\Uninst.isu\" -c\"C:\Program Files\Hewlett-Packard\HP DeskJet 1220C Printer\HPWTVW.DLL\" -u\"comp.ini\""
"DisplayName"="Imprimante HP DeskJet 1220C"

[Uninstall\InstallShield Uninstall Information]

[Uninstall\InstallShield Uninstall Information\{DA3E6578-3CA9-4869-957B-1C4B8CCB6384}]

[Uninstall\InstallShield_{DA3E6578-3CA9-4869-957B-1C4B8CCB6384}]
"UninstallString"="C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{DA3E6578-3CA9-4869-957B-1C4B8CCB6384}"
"DisplayName"="MotionDV STUDIO"
"InstallSource"="E:\Motion DV Studio\Setup\"
"DisplayIcon"="C:\WINDOWS\Installer\{DA3E6578-3CA9-4869-957B-1C4B8CCB6384}\ARPPRODUCTICON.exe"

[Uninstall\InstallWIX_{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}]
"DisplayIcon"="C:\WINDOWS\Installer\{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}\setup2.ico"
"DisplayName"="Kaspersky Anti-Virus 7.0"
"UninstallString"="MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}"

[Uninstall\InterActual Player]
"DisplayName"="InterActual Player"
"UninstallString"="C:\Program Files\InterActual\InterActual Player\inuninst.exe"

[Uninstall\Java Web Start]
"DisplayName"="Java Web Start"
"UninstallString"="\"C:\Program Files\Java Web Start\uninst-javaws.exe\""

[Uninstall\KB810217]
"DisplayName"="Correctif Windows XP - KB810217"
"UninstallString"="C:\WINDOWS\$NtUninstallKB810217$\spuninst\spuninst.exe"

[Uninstall\KB821557]
"DisplayName"="Correctif Windows XP - KB821557"
"UninstallString"="C:\WINDOWS\$NtUninstallKB821557$\spuninst\spuninst.exe"

[Uninstall\KB823182]
"DisplayName"="Correctif Windows XP - KB823182"
"UninstallString"="C:\WINDOWS\$NtUninstallKB823182$\spuninst\spuninst.exe"

[Uninstall\KB823559]
"DisplayName"="Correctif Windows XP - KB823559"
"UninstallString"="C:\WINDOWS\$NtUninstallKB823559$\spuninst\spuninst.exe"

[Uninstall\KB823980]
"DisplayName"="Correctif Windows XP - KB823980"
"UninstallString"="C:\WINDOWS\$NtUninstallKB823980$\spuninst\spuninst.exe"

[Uninstall\KB824105]
"DisplayName"="Correctif Windows XP - KB824105"
"UninstallString"="C:\WINDOWS\$NtUninstallKB824105$\spuninst\spuninst.exe"

[Uninstall\KB824141]
"DisplayName"="Correctif Windows XP - KB824141"
"UninstallString"="C:\WINDOWS\$NtUninstallKB824141$\spuninst\spuninst.exe"

[Uninstall\KB824146]
"DisplayName"="Correctif Windows XP - KB824146"
"UninstallString"="C:\WINDOWS\$NtUninstallKB824146$\spuninst\spuninst.exe"

[Uninstall\KB825119]
"DisplayName"="Correctif Windows XP - KB825119"
"UninstallString"="C:\WINDOWS\$NtUninstallKB825119$\spuninst\spuninst.exe"

[Uninstall\KB828028]
"DisplayName"="Correctif Windows XP - KB828028"
"UninstallString"="C:\WINDOWS\$NtUninstallKB828028$\spuninst\spuninst.exe"

[Uninstall\KB828035]
"DisplayName"="Correctif Windows XP - KB828035"
"UninstallString"="C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe"

[Uninstall\KB828741]
"DisplayName"="Correctif Windows XP - KB828741"
"UninstallString"="C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe"

[Uninstall\KB833987]
"DisplayName"="Correctif Windows XP - KB833987"
"UninstallString"="C:\WINDOWS\$NtUninstallKB833987$\spuninst\spuninst.exe"

[Uninstall\KB835409]
"DisplayName"="Mise à jour pour Windows XP (KB835409)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB835409$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\System32\msiexec.exe"

[Uninstall\KB835732]
"DisplayName"="Correctif Windows XP - KB835732"
"UninstallString"="C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe"

[Uninstall\KB837001]
"DisplayName"="Correctif Windows XP - KB837001"
"UninstallString"="C:\WINDOWS\$NtUninstallKB837001$\spuninst\spuninst.exe"

[Uninstall\KB839643]
"DisplayName"="Correctif Windows XP - KB839643"
"UninstallString"="C:\WINDOWS\$NtUninstallKB839643$\spuninst\spuninst.exe"

[Uninstall\KB839645]
"DisplayName"="Correctif Windows XP - KB839645"
"UninstallString"="C:\WINDOWS\$NtUninstallKB839645$\spuninst\spuninst.exe"

[Uninstall\KB840315]
"DisplayName"="Correctif Windows XP - KB840315"
"UninstallString"="C:\WINDOWS\$NtUninstallKB840315$\spuninst\spuninst.exe"

[Uninstall\KB840374]
"DisplayName"="Correctif Windows XP - KB840374"
"UninstallString"="C:\WINDOWS\$NtUninstallKB840374$\spuninst\spuninst.exe"

[Uninstall\KB840987]
"DisplayName"="Correctif Windows XP - KB840987"
"UninstallString"="C:\WINDOWS\$NtUninstallKB840987$\spuninst\spuninst.exe"

[Uninstall\KB841356]
"DisplayName"="Correctif Windows XP - KB841356"
"UninstallString"="C:\WINDOWS\$NtUninstallKB841356$\spuninst\spuninst.exe"

[Uninstall\KB841533]
"DisplayName"="Correctif Windows XP - KB841533"
"UninstallString"="C:\WINDOWS\$NtUninstallKB841533$\spuninst\spuninst.exe"

[Uninstall\KB841873]
"DisplayName"="Correctif Windows XP - KB841873"
"UninstallString"="C:\WINDOWS\$NtUninstallKB841873$\spuninst\spuninst.exe"

[Uninstall\KB842773]
"DisplayName"="Correctif Windows XP - KB842773"
"UninstallString"="C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe"

[Uninstall\KB867282-IE6SP1-20050127.163319]
"DisplayName"="Correctif Windows XP - KB867282"
"UninstallString"="C:\WINDOWS\$NtUninstallKB867282-IE6SP1-20050127.163319$\spuninst\spuninst.exe"

[Uninstall\KB870669]
"DisplayName"="Microsoft Data Access Components KB870669"
"UninstallString"="C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf"

[Uninstall\KB871250]
"DisplayName"="Correctif Windows XP - KB871250"
"UninstallString"="C:\WINDOWS\$NtUninstallKB871250$\spuninst\spuninst.exe"

[Uninstall\KB873333]
"DisplayName"="Correctif Windows XP - KB873333"
"UninstallString"="C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe"

[Uninstall\KB873339]
"DisplayName"="Correctif Windows XP - KB873339"
"UninstallString"="C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe"

[Uninstall\KB873376]
"DisplayName"="Correctif Windows XP - KB873376"
"UninstallString"="C:\WINDOWS\$NtUninstallKB873376$\spuninst\spuninst.exe"

[Uninstall\KB884016]

[Uninstall\KB885250]
"DisplayName"="Correctif Windows XP - KB885250"
"UninstallString"="C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe"

[Uninstall\KB885835]
"DisplayName"="Correctif Windows XP - KB885835"
"UninstallString"="C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe"

[Uninstall\KB885836]
"DisplayName"="Correctif Windows XP - KB885836"
"UninstallString"="C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe"

[Uninstall\KB885884]
"DisplayName"="Correctif Windows XP - KB885884"
"UninstallString"="C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe"

[Uninstall\KB886185]
"DisplayName"="Correctif Windows XP - KB886185"
"UninstallString"="C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe"

[Uninstall\KB887472]
"DisplayName"="Correctif Windows XP - KB887472"
"UninstallString"="C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe"

[Uninstall\KB887742]
"DisplayName"="Correctif Windows XP - KB887742"
"UninstallString"="C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe"

[Uninstall\KB888113]
"DisplayName"="Correctif Windows XP - KB888113"
"UninstallString"="C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe"

[Uninstall\KB888162]
"DisplayName"="Correctif Windows XP - KB888162"
"UninstallString"="C:\WINDOWS\$NtUninstallKB888162$\spuninst\spuninst.exe"

[Uninstall\KB888302]
"DisplayName"="Correctif Windows XP - KB888302"
"UninstallString"="C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe"

[Uninstall\KB889293-IE6SP1-20041111.235619]
"DisplayName"="Correctif Windows XP - KB889293"
"UninstallString"="C:\WINDOWS\$NtUninstallKB889293-IE6SP1-20041111.235619$\spuninst\spuninst.exe"

[Uninstall\KB890046]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB890046)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\System32\msiexec.exe"

[Uninstall\KB890047]
"DisplayName"="Correctif Windows XP - KB890047"
"UninstallString"="C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe"

[Uninstall\KB890175]
"DisplayName"="Correctif Windows XP - KB890175"
"UninstallString"="C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe"

[Uninstall\KB890859]
"DisplayName"="Correctif Windows XP - KB890859"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\System32\msiexec.exe"

[Uninstall\KB890923-IE6SP1-20050225.103456]
"DisplayName"="Correctif Windows XP - KB890923"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB890923-IE6SP1-20050225.103456$\spuninst\spuninst.exe\""

[Uninstall\KB891711]
"DisplayName"="Correctif Windows XP - KB891711"
"UninstallString"="C:\WINDOWS\$NtUninstallKB891711$\spuninst\spuninst.exe"

[Uninstall\KB891781]
"DisplayName"="Correctif Windows XP - KB891781"
"UninstallString"="C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe"

[Uninstall\KB893066]
"DisplayName"="Correctif Windows XP - KB893066"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\System32\msiexec.exe"

[Uninstall\KB893086]
"DisplayName"="Correctif Windows XP - KB893086"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\System32\msiexec.exe"

[Uninstall\KB893756]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB893756)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\System32\msiexec.exe"

[Uninstall\KB893803]

[Uninstall\KB893803v2]
"DisplayName"="Windows Installer 3.1 (KB893803)"
"UninstallString"="\"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\system32\msiexec.exe"

[Uninstall\KB895316]
"DisplayName"="Correctif Lecteur Windows Media 10 - KB895316"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\""

[Uninstall\KB896358]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB896358)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\System32\msiexec.exe"

[Uninstall\KB896422]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB896422)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\System32\msiexec.exe"

[Uninstall\KB896423]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB896423)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\System32\msiexec.exe"

[Uninstall\KB896424]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB896424)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\System32\msiexec.exe"

[Uninstall\KB896428]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB896428)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\System32\msiexec.exe"

[Uninstall\KB897715-OE6SP1-20050503.210336]
"DisplayName"="Correctif Windows XP - KB897715"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB897715-OE6SP1-20050503.210336$\spuninst\spuninst.exe\""

[Uninstall\KB898458]
"DisplayName"="Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe\""

[Uninstall\KB898461]
"DisplayName"="Mise à jour pour Windows XP (KB898461)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe\""

[Uninstall\KB899587]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB899587)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\System32\msiexec.exe"

[Uninstall\KB899591]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB899591)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\System32\msiexec.exe"

[Uninstall\KB900485]
"DisplayName"="Mise à jour pour Windows XP (KB900485)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe\""

[Uninstall\KB900725]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB900725)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\System32\msiexec.exe"

[Uninstall\KB901017]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB901017)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\System32\msiexec.exe"

[Uninstall\KB901214]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB901214)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\System32\msiexec.exe"

[Uninstall\KB902400]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB902400)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\System32\msiexec.exe"

[Uninstall\KB904706]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB904706)"
"UninstallString"=""
"DisplayIcon"=expand:"%windir%\system32\msiexec.exe"

[Uninstall\KB904942]
"DisplayName"="Mise à jour pour Windows XP (KB904942)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe\""

[Uninstall\KB905414]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB905414)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\System32\msiexec.exe"

[Uninstall\KB905495]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB905495)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB905495$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\System32\msiexec.exe"

[Uninstall\KB905749]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB905749)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\System32\msiexec.exe"

[Uninstall\KB905915-IE6SP1-20051122.175908]
"DisplayName"="Correctif Windows XP - KB905915"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB905915-IE6SP1-20051122.175908$\spuninst\spuninst.exe\""
"DisplayIcon"="C:\WINDOWS\System32\msiexec.exe"

[Uninstall\KB908519]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB908519)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\System32\msiexec.exe"

[Uninstall\KB908531]
"DisplayName"="Mise à jour pour Windows XP (KB908531)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe\""

[Uninstall\KB910437]
"DisplayName"="Mise à jour pour Windows XP (KB910437)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\System32\msiexec.exe"

[Uninstall\KB911280]
"DisplayName"="Mise à jour pour Windows XP (KB911280)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe\""

[Uninstall\KB911562]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB911562)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe\""

[Uninstall\KB911564]
"DisplayName"="Mise à jour de sécurité pour Lecteur Windows Media (KB911564)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\""

[Uninstall\KB911565]
"DisplayName"="Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\""

[Uninstall\KB911567]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB911567)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe\""

[Uninstall\KB911927]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB911927)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe\""

[Uninstall\KB912812]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB912812)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe\""

[Uninstall\KB912919]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB912919)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"%windir%\System32\msiexec.exe"

[Uninstall\KB913446]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB913446)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe\""

[Uninstall\KB913580]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB913580)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe\""

[Uninstall\KB914388]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB914388)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe\""

[Uninstall\KB914389]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB914389)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe\""

[Uninstall\KB914440]
"DisplayName"="Correctif pour Windows XP (KB914440)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe\""

[Uninstall\KB915865]
"DisplayName"="Hotfix for Windows XP (KB915865)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe\""

[Uninstall\KB916281]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB916281)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe\""

[Uninstall\KB916595]
"DisplayName"="Mise à jour pour Windows XP (KB916595)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe\""

[Uninstall\KB917159]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB917159)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe\""

[Uninstall\KB917344]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB917344)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe\""

[Uninstall\KB917422]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB917422)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe\""

[Uninstall\KB917734_WMP9]
"DisplayName"="Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\""

[Uninstall\KB917953]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB917953)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe\""

[Uninstall\KB918118]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB918118)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe\""

[Uninstall\KB918439]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB918439)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe\""

[Uninstall\KB918899]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB918899)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe\""

[Uninstall\KB919007]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB919007)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe\""

[Uninstall\KB920213]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB920213)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe\""

[Uninstall\KB920214]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB920214)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe\""

[Uninstall\KB920670]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB920670)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe\""

[Uninstall\KB920683]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB920683)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe\""

[Uninstall\KB920685]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB920685)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe\""

[Uninstall\KB920872]
"DisplayName"="Mise à jour pour Windows XP (KB920872)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe\""

[Uninstall\KB921398]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB921398)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe\""

[Uninstall\KB921503]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB921503)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe\""

[Uninstall\KB921883]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB921883)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe\""

[Uninstall\KB922582]
"DisplayName"="Mise à jour pour Windows XP (KB922582)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe\""

[Uninstall\KB922616]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB922616)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe\""

[Uninstall\KB922760]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB922760)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe\""

[Uninstall\KB922819]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB922819)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe\""

[Uninstall\KB923191]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB923191)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe\""

[Uninstall\KB923414]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB923414)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe\""

[Uninstall\KB923689]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB923689)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe\""

[Uninstall\KB923694]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB923694)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe\""

[Uninstall\KB923723]
"DisplayName"="Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe\""

[Uninstall\KB923980]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB923980)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe\""

[Uninstall\KB924191]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB924191)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe\""

[Uninstall\KB924270]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB924270)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe\""

[Uninstall\KB924496]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB924496)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe\""

[Uninstall\KB924667]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB924667)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe\""

[Uninstall\KB925398_WMP64]
"DisplayName"="Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\mplayer2.exe\""

[Uninstall\KB925454]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB925454)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe\""

[Uninstall\KB925486]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB925486)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe\""

[Uninstall\KB925902]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB925902)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe\""

[Uninstall\KB926255]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB926255)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe\""

[Uninstall\KB926436]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB926436)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe\""

[Uninstall\KB927779]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB927779)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe\""

[Uninstall\KB927802]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB927802)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe\""

[Uninstall\KB927891]
"DisplayName"="Mise à jour pour Windows XP (KB927891)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe\""

[Uninstall\KB928090]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB928090)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe\""

[Uninstall\KB928255]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB928255)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe\""

[Uninstall\KB928843]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB928843)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe\""

[Uninstall\KB929123]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB929123)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe\""

[Uninstall\KB929338]
"DisplayName"="Mise à jour pour Windows XP (KB929338)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe\""

[Uninstall\KB929969]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB929969)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe\""

[Uninstall\KB930178]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB930178)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe\""

[Uninstall\KB930916]
"DisplayName"="Mise à jour pour Windows XP (KB930916)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe\""

[Uninstall\KB931261]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB931261)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe\""

[Uninstall\KB931784]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB931784)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe\""

[Uninstall\KB931836]
"DisplayName"="Mise à jour pour Windows XP (KB931836)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe\""

[Uninstall\KB932168]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB932168)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe\""

[Uninstall\KB933360]
"DisplayName"="Mise à jour pour Windows XP (KB933360)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe\""

[Uninstall\KB933729]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB933729)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe\""

[Uninstall\KB935839]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB935839)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe\""

[Uninstall\KB935840]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB935840)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe\""

[Uninstall\KB936021]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB936021)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe\""

[Uninstall\KB936357]
"DisplayName"="Mise à jour pour Windows XP (KB936357)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe\""

[Uninstall\KB936782_WMP10]
"DisplayName"="Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\""

[Uninstall\KB936782_WMP9]
"DisplayName"="Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe\""
"DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\""

[Uninstall\KB937143]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB937143)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe\""

[Uninstall\KB938127]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB938127)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe\""

[Uninstall\KB938828]
"DisplayName"="Mise à jour pour Windows XP (KB938828)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe\""

[Uninstall\KB938829]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB938829)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe\""

[Uninstall\KB939653]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB939653)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe\""

[Uninstall\KB941202]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB941202)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe\""

[Uninstall\KB941568]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB941568)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe\""

[Uninstall\KB941569]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB941569)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe\""

[Uninstall\KB941644]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB941644)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe\""

[Uninstall\KB942615]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB942615)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe\""

[Uninstall\KB942763]
"DisplayName"="Mise à jour pour Windows XP (KB942763)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe\""

[Uninstall\KB942840]
"DisplayName"="Mise à jour pour Windows XP (KB942840)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe\""

[Uninstall\KB943055]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB943055)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe\""

[Uninstall\KB943460]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB943460)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe\""

[Uninstall\KB943485]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB943485)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe\""

[Uninstall\KB944533]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB944533)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe\""

[Uninstall\KB944653]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB944653)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe\""

[Uninstall\KB946026]
"DisplayName"="Mise à jour de sécurité pour Windows XP (KB946026)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe\""

[Uninstall\KB946627]
"DisplayName"="Mise à jour pour Windows XP (KB946627)"
"UninstallString"="\"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe\""

[Uninstall\Loop12 V2]
"DisplayName"="Loop12 V2"
"UninstallString"="C:\Uninstal.exe"

[Uninstall\Microsoft Interactive Training]
"UninstallString"="C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu"

[Uninstall\Microsoft NetShow Player 2.0]

[Uninstall\MobileOptionPack]

[Uninstall\Mozilla Firefox (2.0.0.12)]
"DisplayIcon"="C:\Program Files\Mozilla Firefox\firefox.exe,0"
"DisplayName"="Mozilla Firefox (2.0.0.12)"
"UninstallString"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe"

[Uninstall\MPlayer2]

[Uninstall\MSI30-Beta1]

[Uninstall\MSI30-Beta2]

[Uninstall\MSI30-KB884016]

[Uninstall\MSI30-RC1]

[Uninstall\MSI30-RC2]

[Uninstall\MSI30a-KB884016]

[Uninstall\MSI31-Beta]

[Uninstall\MSI31-RC1]

[Uninstall\MsJavaVM]

[Uninstall\MWASPI]
"DisplayName"="MicroStaff WINASPI"
"UninstallString"="C:\MWASPI\uninst.exe"

[Uninstall\Navilog1_is1]
"DisplayName"="Navilog1 3.4.5"
"UninstallString"="\"C:\Program Files\Navilog1\unins000.exe\""

[Uninstall\NetMeeting]

[Uninstall\NLSDownlevelMapping]
"DisplayName"="Microsoft National Language Support Downlevel APIs"
"UninstallString"="\"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe\""

[Uninstall\Nomad MuVo TX]
"DisplayName"="NOMAD MuVo TX"
"UninstallString"="RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Program Files\InstallShield Installation Information\{BB82A76F-C3A1-4EBE-9788-148240FFDEE6}\SETUP.EXE\" -l0x40c /remove"

[Uninstall\NVIDIA]
"DisplayName"="NVIDIA Windows 2000/XP Display Drivers"
"UninstallString"="rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvts.inf"

[Uninstall\OutlookExpress]

[Uninstall\PCHealth]
"UninstallString"="rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf"

[Uninstall\PhotoBox]
"DisplayName"="PhotoBox 3.2.5"
"UninstallString"="\"C:\Program Files\PhotoBox\uninstall.exe\""

[Uninstall\Piano Passion]
"UninstallString"="C:\WINDOWS\IsUn040c.exe -f\"C:\Program Files\IPE\Piano Passion 2\Uninst.isu\""
"DisplayName"="Piano Passion"

[Uninstall\Plugin de Creative MediaSource AudioSync]
"UninstallString"="RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe\" -l0x40c /remove"

[Uninstall\Plugin de Creative MediaSource NOMAD II/MG]
"UninstallString"="RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe\" -l0x40c /remove"

[Uninstall\Plugin de Creative MediaSource NOMAD Jukebox]
"UninstallString"="RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Progr
0
Réponse 47 / 55
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
OK FAIS CECI
tu as Registrysmart! c'est un rogue un faux utilitaire qui t'infecte!!
http://assiste.com.free.fr/p/craptheque/registrysmart.html

supprime le par ajout suppression de programmes, en mode sans échec si tu n'y arrives pas en mode normal

Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous, 

C:\Documents and Settings\patricia romé\Application Data\RegistrySmart 
C:\WINDOWS\Tasks\RegistrySmart
C:\Program Files\defyfivewait
C:\Program Files\Kind delete 
C:\Program Files\RegistrySmart
C:\Program Files\Skip delete kind 
C:\Program Files\TBONBin
C:\Documents and Settings\patricia romé\Bureau\sys77654.exe
C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\nsc106.tmp
C:\Program Files\Alset


et colle-la dans le cadre de gauche de OTMoveIt2 :
Paste standard List of Files/Folders to be moved.
.
clique sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\\\_OTMoveIt\MovedFiles.

il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.

lance hijack this pour un scan et coche ces lignes si encore présentes
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.244.15.6:3128
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\FICHIE~1\Real\Toolbar\realbar.dll
O2 - BHO: FlawUpload - {52A3676C-BA4C-270E-C893-DBF9ED9C9C60} - C:\PROGRA~1\SKIPDE~1\bend gram.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [Support Dog] C:\PROGRA~1\DEFYFI~1\holedumbcoal.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\patricia romé\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\patricia romé\Client\HelpExp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - https://www.afternic.com/domains/errorsafe.com
ferme toutes tes fenêtres y compris internet et clique sur fix checked

faire un scan antivirus en ligne avec Internet explorer et accepter l'ActiveX
poster le rapport ici ensuite
https://www.bitdefender.fr/

En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
Dans la nouvelle fenêtre, clique sur j’accepte
La fenêtre change encore, clique sur scanner
Les signatures se chargent, etc.

tuto en image
http://pageperso.aol.fr/rginformatique/mapage/defender.htm

à demain pour le résultat
0
Réponse 48 / 55
gabie44
 
J ai fait la manip de otmove mais je n ai eu aucun rapport et il n est pas dans C: non plus.
Le virus semble toujours actif (cf cris de cochon)
0
Réponse 49 / 55
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
recommence avec la dermière version, j'ai ajouté des noms qui apparaissent dans ton rapport suspect files
0
Réponse 50 / 55
gabie44
 
découvert : cheval de Troie Trojan-Downloader.Win32.Zlob.hot Le fichier: C:\System Volume Information\_restore{CE51C025-C30A-45F1-ACAC-9FAA03ACAE23}\RP795\A0252115.exe
0
Réponse 51 / 55
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
on nettoyera la restauration système lorsque tout sera terminé...je préfère que tu aies une restauration système, même infectée que pas de restauration système du tout...les virus ne peuvent en sortir que si tu l'utilises, sinon, ils sont comme "bloqués"
bon courage avec le scan en ligne
0
Réponse 52 / 55
gabie44
 
mais ce que je coche va etre éliminé ? (parce qu il y a ma connexion wifi de cochée là)
0
Réponse 53 / 55
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
cela ne sera pas éliminé maiq ne se lancera plus au démarrage, tu devras le lancer par démarrer/tous les programmes, ta connexion wifi, tu n'y touches pas, tu la laisses
0
Réponse 54 / 55
gabie44
 
Ca repousse à lundi prochain alors.
0
Réponse 55 / 55
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
si tu as fixé les lignes sauf ta connection wifi et que tout va bien...
Télécharge ToolsCleaner (de A.Rothstein) sur ton Bureau.
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
Clique sur Recherche et laisse le scan se terminer.
Clique sur Suppression pour finaliser.
tu peux, si tu le souhaites, te servir des Options facultatives.
Clique sur Quitter, pour que le rapport puisse se créer.
Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

si tout va bien supprime tout ce qu'on a utilisé et qui ne l'a pas été par Tools Cleaner2, car ce ne sera plus utile désormais
conserve néanmoins ccleaner ou
Télécharge : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
Un tuto
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
et effectue le nettoyage tous les jours avant de couper le PC

installe ce logiciel très utile et scanne ton PC avec une fois par semaine au moins...
AVG Antispyware
https://www.avg.com/en-ww/free-antivirus-download

mode d'utilisation :
Lance AVG Anti-Spyware, mets le à jour,
Clique sur le bouton « Analyse »
Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine.
Retour à l'onglet Analyse.
Clique sur Analyse complète du système.
A la fin du scan, choisis " Appliquer toutes les actions "
Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

tu peux le coupler avec celui-ci
spybot search and destroy
https://www.safer-networking.org/?page=download

défragmente

pense à bien te protéger, j'ai découvert ce lien qui est plutôt pas mal à ce sujet
sécuriser son PC version Hot et Light

désactive ta restauration
clique droit sur poste de travail/propriétés/coche la case désactiver la restauration, appliquer
redémarre ton PC
clique droit sur poste de travail/propriétés/décoche la case désactiver la restauration, appliquer

la sécurité c'est très important mais ne remplace pas l'internaute, un surf prudent en évitant le crack, les sites "chauds", permet déjà d'éviter bien des soucis, le P2P lui aussi est source d'infections...

et bon surf
0

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
PUADlManager:Win32/OfferCore
tenmalade -
tenmalade -

2 réponses
Retrouver l'image originale après avoir fait des modifications ?
Raven -
Asta972155 -

10 réponses