Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Messages recommandés

Posté(e)

Bonjour,

 

Voici le rapport de scan avec HijackThis:

 

StartupList report, 10/03/2006, 00:17:32

StartupList version: 1.52.2

Started from : C:\Hijackthis\HijackThis.EXE

Detected: Windows XP SP1 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\windows\System32\smss.exe

C:\windows\SYSTEM32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\windows\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\windows\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Hijackthis\HijackThis.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage]

CD-MENU.LNK = ?

OpenOffice.org 1.1.5.lnk = C:\Program Files\OpenOffice.org1.1.5\program\crashrep.exe

 

Shell folders AltStartup:

*Folder not found*

 

User shell folders Startup:

*Folder not found*

 

User shell folders AltStartup:

*Folder not found*

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]

DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

 

Shell folders Common AltStartup:

*Folder not found*

 

User shell folders Common Startup:

*Folder not found*

 

User shell folders Alternate Common Startup:

*Folder not found*

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

TkBellExe = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

 

(Default) = "%1" /S

 

--------------------------------------------------

 

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

 

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

 

--------------------------------------------------

 

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

 

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *

StubPath = C:\windows\inf\unregmp2.exe /HideWMP

 

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

 

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

 

[{306D6C21-C1B6-4629-986C-E59E1875B8AF}] *

StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",HideIconsUser

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

 

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

 

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

 

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\windows\INF\wmp.inf,PerUserStub

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

 

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\system32\ie4uinit.exe

 

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

 

--------------------------------------------------

 

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

 

*Registry key not found*

 

--------------------------------------------------

 

Load/Run keys from C:\windows\WIN.INI:

 

load=*INI section not found*

run=*INI section not found*

 

Load/Run keys from Registry:

 

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll

 

--------------------------------------------------

 

Shell & screensaver key from C:\windows\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\windows\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\windows\Explorer\Explorer.exe: not present

C:\windows\System\Explorer.exe: not present

C:\windows\System32\Explorer.exe: not present

C:\windows\Command\Explorer.exe: not present

C:\windows\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Verifying REGEDIT.EXE integrity:

 

- Regedit.exe found in C:\windows

- .reg open command is normal (regedit.exe %1)

- Regedit.exe has no CompanyName property! It is either missing or named something else.

- Regedit.exe has no OriginalFilename property! It is either missing or named something else.

- Regedit.exe has no FileDescription property! It is either missing or named something else.

 

Registry check failed!

 

--------------------------------------------------

 

Enumerating Browser Helper Objects:

 

(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

wrSpySweeperTrialSweep.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[DirectAnimation Java Classes]

CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab

OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

 

[Microsoft XML Parser for Java]

CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab

OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

[CKAVWebScan Object]

InProcServer32 = C:\windows\System32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll

CODEBASE = http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

 

[{33564D57-9980-0010-8000-00AA00389B71}]

CODEBASE = http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab

 

[Java Plug-in 1.5.0_04]

InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

 

[ActiveScan Installer Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll

CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

 

[MsnMessengerSetupDownloadControl Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx

CODEBASE = http://messenger.msn.com/download/msnmesse...pdownloader.cab

 

[Java Plug-in 1.5.0_04]

InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

 

[shockwave Flash Object]

InProcServer32 = C:\windows\System32\Macromed\Flash\Flash8.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

NameSpace #1: C:\windows\System32\mswsock.dll

NameSpace #2: C:\windows\System32\winrnr.dll

NameSpace #3: C:\windows\System32\mswsock.dll

Protocol #1: C:\windows\system32\mswsock.dll

Protocol #2: C:\windows\system32\mswsock.dll

Protocol #3: C:\windows\system32\mswsock.dll

Protocol #4: C:\windows\system32\rsvpsp.dll

Protocol #5: C:\windows\system32\rsvpsp.dll

Protocol #6: C:\windows\system32\mswsock.dll

Protocol #7: C:\windows\system32\mswsock.dll

Protocol #8: C:\windows\system32\mswsock.dll

Protocol #9: C:\windows\system32\mswsock.dll

Protocol #10: C:\windows\system32\mswsock.dll

Protocol #11: C:\windows\system32\mswsock.dll

Protocol #12: C:\windows\system32\mswsock.dll

Protocol #13: C:\windows\system32\mswsock.dll

Protocol #14: C:\windows\system32\mswsock.dll

Protocol #15: C:\windows\system32\mswsock.dll

Protocol #16: C:\windows\system32\mswsock.dll

Protocol #17: C:\windows\system32\mswsock.dll

Protocol #18: C:\windows\system32\mswsock.dll

Protocol #19: C:\windows\system32\mswsock.dll

 

--------------------------------------------------

 

Enumerating Windows NT/2000/XP services

 

Service d'installation du pilote audio Intel® 82801 (WDM): system32\drivers\ac97intc.sys (manual start)

Pilote ACPI Microsoft: System32\DRIVERS\ACPI.sys (system)

General Purpose USB Driver (adildr.sys): System32\Drivers\adildr.sys (autostart)

USB ADSL LAN Adapter: System32\DRIVERS\adiusbae.sys (manual start)

Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start)

Environnement de prise en charge de réseau AFD: \SystemRoot\System32\drivers\afd.sys (autostart)

Filtre de bus AGP Intel: System32\DRIVERS\agp440.sys (system)

Avertissement: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start)

Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Protocole client ARP 1394: System32\DRIVERS\arp1394.sys (manual start)

ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)

Pilote de média asynchrone RAS: System32\DRIVERS\asyncmac.sys (manual start)

Contrôleur de disque dur IDE/ESDI standard: System32\DRIVERS\atapi.sys (system)

Protocole client ATM ARP: System32\DRIVERS\atmarpc.sys (manual start)

Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Pilote audio Stub: System32\DRIVERS\audstub.sys (manual start)

AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (autostart)

AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)

AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)

AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)

AVG7 Update Service: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (autostart)

basic2: System32\DRIVERS\HSF_BSC2.sys (manual start)

Service de transfert intelligent en arrière-plan: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Explorateur d'ordinateur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Décodeur sous-titre fermé: System32\DRIVERS\CCDECODE.sys (manual start)

Pilote de CD-ROM: System32\DRIVERS\cdrom.sys (system)

Service d'indexation: %SystemRoot%\system32\cisvc.exe (manual start)

Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (manual start)

Application système COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Client DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Pilote de disque: System32\DRIVERS\disk.sys (system)

Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

Pilote de Gestionnaire de disque logique: System32\drivers\dmio.sys (system)

dmload: System32\drivers\dmload.sys (system)

Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start)

Client DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)

Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start)

Pilote de carte Intel ® PRO: System32\DRIVERS\e100b325.sys (manual start)

Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Journal des événements: %SystemRoot%\system32\services.exe (autostart)

Système d'événements de COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)

ewido security suite control: C:\Program Files\ewido anti-malware\ewidoctrl.exe (autostart)

Fallback: System32\DRIVERS\HSF_FALL.sys (autostart)

Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Pilote de contrôleur de lecteur de disquettes: System32\DRIVERS\fdc.sys (manual start)

Pilote de lecteur de disquettes: System32\DRIVERS\flpydisk.sys (manual start)

Fsks: System32\DRIVERS\HSF_FSKS.sys (autostart)

Pilote du Gestionnaire de volume: System32\DRIVERS\ftdisk.sys (system)

Firewall Driver: \SystemRoot\system32\drivers\fwdrv.sys (system)

GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)

Classificateur de paquets générique: System32\DRIVERS\msgpc.sys (manual start)

Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Pilote de classe HID Microsoft: System32\DRIVERS\hidusb.sys (manual start)

hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start)

Pilote pour clavier i8042 et souris sur port PS/2: System32\DRIVERS\i8042prt.sys (system)

InstallDriver Table Manager: C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (manual start)

Pilote de filtre de gravure CD: System32\DRIVERS\imapi.sys (system)

Service COM de gravage de CD IMAPI: C:\WINDOWS\System32\imapi.exe (manual start)

IntelIde: System32\DRIVERS\intelide.sys (system)

Pilote de filtre de trafic IP: System32\DRIVERS\ipfltdrv.sys (manual start)

Pilote de tunnelage IP dans IP: System32\DRIVERS\ipinip.sys (manual start)

Traducteur d'adresses réseau IP: System32\DRIVERS\ipnat.sys (manual start)

iPodService: C:\Program Files\iPod\bin\iPodService.exe (manual start)

Pilote IPSEC: System32\DRIVERS\ipsec.sys (system)

Service énumérateur IR: System32\DRIVERS\irenum.sys (manual start)

Pilote de bus Plug-and-Play ISA/EISA: System32\DRIVERS\isapnp.sys (system)

K56: System32\DRIVERS\HSF_K56K.sys (autostart)

Pilote de la classe Clavier: System32\DRIVERS\kbdclass.sys (system)

Pilote HID de clavier: System32\DRIVERS\kbdhid.sys (system)

Kerio HIPS Driver: \SystemRoot\system32\drivers\khips.sys (system)

Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start)

Kerio Personal Firewall 4: C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe (autostart)

Serveur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Station de travail: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Assistance TCP/IP NetBIOS: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Affichage des messages: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Partage de Bureau à distance NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start)

Pilote de la classe Souris: System32\DRIVERS\mouclass.sys (system)

Redirecteur client WebDav: System32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: System32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)

Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)

Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start)

Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start)

Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start)

Convertisseur en T/site-à-site de répartition Microsoft: system32\drivers\MSTEE.sys (manual start)

Codec NABTS/FEC VBI: System32\DRIVERS\NABTSFEC.sys (manual start)

Connection TV/vidéo Microsoft: System32\DRIVERS\NdisIP.sys (manual start)

Pilote TAPI NDIS d'accès distant: System32\DRIVERS\ndistapi.sys (manual start)

NDIS mode utilisateur E/S Protocole: System32\DRIVERS\ndisuio.sys (manual start)

Pilote réseau étendu NDIS d'accès distant: System32\DRIVERS\ndiswan.sys (manual start)

Interface NetBIOS: System32\DRIVERS\netbios.sys (system)

NetBIOS sur TCP/IP: System32\DRIVERS\netbt.sys (system)

DDE réseau: %SystemRoot%\system32\netdde.exe (manual start)

DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (manual start)

Ouverture de session réseau: %SystemRoot%\System32\lsass.exe (manual start)

Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Pilote réseau 1394: System32\DRIVERS\nic1394.sys (manual start)

NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\System32\lsass.exe (manual start)

Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

nv: System32\DRIVERS\nv4_mini.sys (manual start)

NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (disabled)

Pilote de filtre de trafic IPX: System32\DRIVERS\nwlnkflt.sys (manual start)

Pilote de transfert de trafic IPX: System32\DRIVERS\nwlnkfwd.sys (manual start)

Contrôleur hôte Texas Instruments IEEE 1394 compatible OHCI (Open Host Controller Interface): System32\DRIVERS\ohci1394.sys (system)

TRUST 320 SPACEC@M: System32\Drivers\ov519vid.sys (manual start)

Pilote de port parallèle: System32\DRIVERS\parport.sys (manual start)

Pilote de bus PCI: System32\DRIVERS\pci.sys (system)

Plug-and-Play: %SystemRoot%\system32\services.exe (autostart)

Services IPSEC: %SystemRoot%\System32\lsass.exe (autostart)

Miniport réseau étendu (PPTP): System32\DRIVERS\raspptp.sys (manual start)

Pilote processeur: System32\DRIVERS\processr.sys (system)

Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart)

Planificateur de paquets QoS: System32\DRIVERS\psched.sys (manual start)

Pilote de liaison parallèle directe: System32\DRIVERS\ptilink.sys (manual start)

PzWDM: System32\Drivers\PzWDM.sys (system)

Pilote de connexion automatique d'accès distant: System32\DRIVERS\rasacd.sys (system)

Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Miniport réseau étendu (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)

Gestionnaire de connexions d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Pilote PPPOE d'accès à distance: System32\DRIVERS\raspppoe.sys (manual start)

Parallèle direct: System32\DRIVERS\raspti.sys (manual start)

Rdbss: System32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Pilote de redirecteur de périphérique Terminal Server: System32\DRIVERS\rdpdr.sys (manual start)

Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start)

Pilote de filtre de lecture digitale de CD audio: System32\DRIVERS\redbook.sys (system)

Routage et accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Accès à distance au Registre: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

Rksample: System32\DRIVERS\HSF_SAMP.sys (manual start)

Localisateur d'appels de procédure distante (RPC): %SystemRoot%\System32\locator.exe (manual start)

Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)

Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart)

Prise en charge des cartes à puces: %SystemRoot%\System32\SCardSvr.exe (manual start)

Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start)

Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: System32\DRIVERS\secdrv.sys (autostart)

Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Pilote de filtre Serenum: System32\DRIVERS\serenum.sys (manual start)

Pilote de port série: System32\DRIVERS\serial.sys (system)

Pilote pour souris sur port série: System32\DRIVERS\sermouse.sys (manual start)

Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Détrameur décalage BDA: System32\DRIVERS\SLIP.sys (manual start)

SoftFax: System32\DRIVERS\HSF_FAXX.sys (autostart)

Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start)

Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart)

Pilote de filtre de restauration système: System32\DRIVERS\sr.sys (system)

Service de restauration système: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Srv: System32\DRIVERS\srv.sys (manual start)

Service de découvertes SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

SSI: system32\Drivers\SSI.SYS (system)

Acquisition d'image Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)

BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)

Webroot Spy Sweeper Engine: C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (autostart)

Pilote de bus logiciel: System32\DRIVERS\swenum.sys (manual start)

Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{7AB5936E-C071-4BB9-B18C-8A248EECD9D1} (manual start)

Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start)

Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start)

Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Pilote du protocole TCP/IP: System32\DRIVERS\tcpip.sys (system)

Pilote de périphérique terminal: System32\DRIVERS\termdd.sys (system)

Services Terminal Server: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)

Tones: System32\DRIVERS\HSF_TONE.sys (autostart)

Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Pilote de mise à jour microcode: System32\DRIVERS\update.sys (manual start)

Gestionnaire de téléchargement: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Hôte de périphérique universel Plug-and-Play: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Onduleur: %SystemRoot%\System32\ups.exe (manual start)

Pilote USB audio (WDM): system32\drivers\usbaudio.sys (manual start)

Pilote parent générique USB Microsoft: System32\DRIVERS\usbccgp.sys (manual start)

Concentrateur USB2: System32\DRIVERS\usbhub.sys (manual start)

Pilote de scanneur USB: System32\DRIVERS\usbscan.sys (manual start)

Pilote de stockage de masse USB: System32\DRIVERS\USBSTOR.SYS (manual start)

Pilote miniport de contrôleur hôte universel USB Microsoft: System32\DRIVERS\usbuhci.sys (manual start)

V124: System32\DRIVERS\HSF_V124.sys (autostart)

VgaSave: \SystemRoot\System32\drivers\vga.sys (system)

vsdatant: \??\C:\windows\System32\vsdatant.sys (manual start)

Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start)

Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Pilote ARP IP d'accès distant: System32\DRIVERS\wanarp.sys (manual start)

Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start)

WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Extensions du pilote WMI: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Carte de performance WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)

Codec Teletext standard: System32\DRIVERS\WSTCODEC.SYS (manual start)

Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (disabled)

Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

 

 

--------------------------------------------------

 

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

 

Windows NT checkdisk command:

BootExecute = autocheck autochk *

 

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\windows\system32\SHELL32.dll

CDBurn: C:\windows\system32\SHELL32.dll

WebCheck: C:\windows\System32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll

 

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*No values found*

 

--------------------------------------------------

 

End of report, 34 246 bytes

Report generated in 0,328 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Posté(e)

salut Liloute :-(

 

Bravo!! plus rien de mauvais sur le rapport hijackthis :P , on va traquer les restes dans la base de registre et apres ca ,terminé :P

 

-Télécharge RegSearch.exe (Registry Search de Bobbi Flekman) -> http://www.bleepingcomputer.com/files/regsearch.php

- dézippe dans un répertoire dédié tel que C:\Program Files

- double clique sur RegSearch.exe

- copie colle les entrées en bleu dans les lignes de la zone de recherche:

wordpad

spool

orans

sysbus32

spoolv

rdriv

windows kernel

windows antivirus

- rien dans la ligne "Enter string to exclude from results"

- clique sur OK

- après recherche, le bloc-notes ouvre une fenêtre "RegSearch.txt" avec toutes les instances trouvées

- le fichier est en outre sauvegardé dans le même répertoire que celui de RegSearch

- copie-colle le contenu de la fenêtre dans un post, ici

- ferme le bloc-notes

- ferme RegSearch par Cancel

-Si la manipulation ne marche pas, entre les éléments un par un.

 

Allez on est presque arrivé au bout :-P

Posté(e)

Bonsoir

 

Voici le rapport demandé:

 

REGEDIT4

 

; Registry Search 2.0 by Bobbi Flekman © 2005

; Version: 2.0.0.1

 

; Results at 13/03/2006 02:29:41 for strings:

; 'wordpad'

; 'spool'

; 'orans'

; 'sysbus32'

; 'spoolv'

; 'rdriv'

; 'windows kernel'

; 'windows antivirus'

; Strings excluded from search:

; (None)

; Search in:

; Registry Keys Registry Values Registry Data

; HKEY_LOCAL_MACHINE HKEY_USERS

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\OpenWithList\WordPad.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.doc]

@="WordPad.Document.1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.doc\OpenWithList\WordPad.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.doc\WordPad.Document.1]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.doc\WordPad.Document.1\ShellNew]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.rtf\OpenWithList\WordPad.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wri\OpenWithList\WordPad.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\wordpad.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\wordpad.exe\shell]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\wordpad.exe\shell\open]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\wordpad.exe\shell\open\command]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\wordpad.exe\shell\open\command]

; Contents of value:

; "%ProgramFiles%\Windows NT\Accessoires\WORDPAD.EXE" "%1"

@=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,6e,64,6f,77,73,\

20,4e,54,5c,41,63,63,65,73,73,6f,69,72,65,73,5c,57,4f,52,44,50,41,44,2e,45,\

58,45,22,20,22,25,31,22,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bidispl.bidirequest.1]

@="Bidi Spooler APIs"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bidispl.bidirequestcontainer]

@="Bidi Spooler APIs"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bidispl.bidirequestcontainer.1]

@="Bidi Spooler APIs"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bidispl.bidispl]

@="Bidi Spooler APIs"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bidispl.bidispl.1]

@="Bidi Spooler APIs"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A614240-A4C5-4C33-BD87-1BC709331639}]

@="Bidi Spooler APIs"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73FDDC80-AEA9-101A-98A7-00AA00374959}]

@="Document WordPad"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73FDDC80-AEA9-101A-98A7-00AA00374959}\AuxUserType\2]

@="Document WordPad"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73FDDC80-AEA9-101A-98A7-00AA00374959}\AuxUserType\3]

@="WordPad"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73FDDC80-AEA9-101A-98A7-00AA00374959}\DefaultIcon]

; Contents of value:

; "%ProgramFiles%\Windows NT\Accessoires\WORDPAD.EXE",1

@=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,6e,64,6f,77,73,\

20,4e,54,5c,41,63,63,65,73,73,6f,69,72,65,73,5c,57,4f,52,44,50,41,44,2e,45,\

58,45,22,2c,31,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73FDDC80-AEA9-101A-98A7-00AA00374959}\LocalServer32]

; Contents of value:

; "%ProgramFiles%\Windows NT\Accessoires\WORDPAD.EXE"

@=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,6e,64,6f,77,73,\

20,4e,54,5c,41,63,63,65,73,73,6f,69,72,65,73,5c,57,4f,52,44,50,41,44,2e,45,\

58,45,22,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73FDDC80-AEA9-101A-98A7-00AA00374959}\ProgId]

@="WordPad.Document.1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9162A23-45F9-47CC-80F5-FE0FE9B9E1A2}]

@="Bidi Spooler APIs"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC5B8A24-DB05-4A01-8388-22EDF6C2BBBA}]

@="Bidi Spooler APIs"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\rtffile]

; Contents of value:

; @"%ProgramFiles%\Windows NT\Accessoires\WORDPAD.EXE",-190

"FriendlyTypeName"=hex(2):40,22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,\

57,69,6e,64,6f,77,73,20,4e,54,5c,41,63,63,65,73,73,6f,69,72,65,73,5c,57,4f,\

52,44,50,41,44,2e,45,58,45,22,2c,2d,31,39,30,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\rtffile\DefaultIcon]

; Contents of value:

; "%ProgramFiles%\Windows NT\Accessoires\WORDPAD.EXE",1

@=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,6e,64,6f,77,73,\

20,4e,54,5c,41,63,63,65,73,73,6f,69,72,65,73,5c,57,4f,52,44,50,41,44,2e,45,\

58,45,22,2c,31,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\rtffile\shell\open\command]

@="\"C:\\Program Files\\Windows NT\\Accessoires\\WORDPAD.EXE\" \"%1\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\rtffile\shell\print\command]

@="\"C:\\Program Files\\Windows NT\\Accessoires\\WORDPAD.EXE\" /p \"%1\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\rtffile\shell\printto\command]

@="\"C:\\Program Files\\Windows NT\\Accessoires\\WORDPAD.EXE\" /pt \"%1\" \"%2\" \"%3\" \"%4\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.doc\DefaultIcon]

; Contents of value:

; "%ProgramFiles%\Windows NT\Accessoires\WORDPAD.EXE",1

@=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,6e,64,6f,77,73,\

20,4e,54,5c,41,63,63,65,73,73,6f,69,72,65,73,5c,57,4f,52,44,50,41,44,2e,45,\

58,45,22,2c,31,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.doc\shell\open\command]

; Contents of value:

; "%ProgramFiles%\Windows NT\Accessoires\WORDPAD.EXE" "%1"

@=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,6e,64,6f,77,73,\

20,4e,54,5c,41,63,63,65,73,73,6f,69,72,65,73,5c,57,4f,52,44,50,41,44,2e,45,\

58,45,22,20,22,25,31,22,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.rtf\DefaultIcon]

; Contents of value:

; "%ProgramFiles%\Windows NT\Accessoires\WORDPAD.EXE",1

@=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,6e,64,6f,77,73,\

20,4e,54,5c,41,63,63,65,73,73,6f,69,72,65,73,5c,57,4f,52,44,50,41,44,2e,45,\

58,45,22,2c,31,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.rtf\shell\open\command]

; Contents of value:

; "%ProgramFiles%\Windows NT\Accessoires\WORDPAD.EXE" "%1"

@=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,6e,64,6f,77,73,\

20,4e,54,5c,41,63,63,65,73,73,6f,69,72,65,73,5c,57,4f,52,44,50,41,44,2e,45,\

58,45,22,20,22,25,31,22,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.wri\DefaultIcon]

; Contents of value:

; "%ProgramFiles%\Windows NT\Accessoires\WORDPAD.EXE",1

@=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,6e,64,6f,77,73,\

20,4e,54,5c,41,63,63,65,73,73,6f,69,72,65,73,5c,57,4f,52,44,50,41,44,2e,45,\

58,45,22,2c,31,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.wri\shell\open\command]

; Contents of value:

; "%ProgramFiles%\Windows NT\Accessoires\WORDPAD.EXE" "%1"

@=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,6e,64,6f,77,73,\

20,4e,54,5c,41,63,63,65,73,73,6f,69,72,65,73,5c,57,4f,52,44,50,41,44,2e,45,\

58,45,22,20,22,25,31,22,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\text\OpenWithList\WordPad.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wordpad.Document.1]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wordpad.Document.1]

@="Document WordPad"

; Contents of value:

; @"%ProgramFiles%\Windows NT\Accessoires\WORDPAD.EXE",-209

"FriendlyTypeName"=hex(2):40,22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,\

57,69,6e,64,6f,77,73,20,4e,54,5c,41,63,63,65,73,73,6f,69,72,65,73,5c,57,4f,\

52,44,50,41,44,2e,45,58,45,22,2c,2d,32,30,39,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wordpad.Document.1\CLSID]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wordpad.Document.1\DefaultIcon]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wordpad.Document.1\DefaultIcon]

; Contents of value:

; "%ProgramFiles%\Windows NT\Accessoires\WORDPAD.EXE",1

@=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,6e,64,6f,77,73,\

20,4e,54,5c,41,63,63,65,73,73,6f,69,72,65,73,5c,57,4f,52,44,50,41,44,2e,45,\

58,45,22,2c,31,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wordpad.Document.1\Insertable]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wordpad.Document.1\Protocol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wordpad.Document.1\Protocol\StdFileEditing]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wordpad.Document.1\Protocol\StdFileEditing\Server]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wordpad.Document.1\Protocol\StdFileEditing\Server]

; Contents of value:

; "%ProgramFiles%\Windows NT\Accessoires\WORDPAD.EXE"

@=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,6e,64,6f,77,73,\

20,4e,54,5c,41,63,63,65,73,73,6f,69,72,65,73,5c,57,4f,52,44,50,41,44,2e,45,\

58,45,22,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wordpad.Document.1\Protocol\StdFileEditing\Verb]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wordpad.Document.1\Protocol\StdFileEditing\Verb\0]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wordpad.Document.1\shell]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wordpad.Document.1\shell\open]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wordpad.Document.1\shell\open\command]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wordpad.Document.1\shell\open\command]

; Contents of value:

; "%ProgramFiles%\Windows NT\Accessoires\WORDPAD.EXE" "%1"

@=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,6e,64,6f,77,73,\

20,4e,54,5c,41,63,63,65,73,73,6f,69,72,65,73,5c,57,4f,52,44,50,41,44,2e,45,\

58,45,22,20,22,25,31,22,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wordpad.Document.1\shell\print]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wordpad.Document.1\shell\print\command]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wordpad.Document.1\shell\print\command]

; Contents of value:

; "%ProgramFiles%\Windows NT\Accessoires\WORDPAD.EXE" /p "%1"

@=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,6e,64,6f,77,73,\

20,4e,54,5c,41,63,63,65,73,73,6f,69,72,65,73,5c,57,4f,52,44,50,41,44,2e,45,\

58,45,22,20,2f,70,20,22,25,31,22,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wordpad.Document.1\shell\printto]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wordpad.Document.1\shell\printto\command]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wordpad.Document.1\shell\printto\command]

; Contents of value:

; "%ProgramFiles%\Windows NT\Accessoires\WORDPAD.EXE" /pt "%1" "%2" "%3" "%4"

@=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,6e,64,6f,77,73,\

20,4e,54,5c,41,63,63,65,73,73,6f,69,72,65,73,5c,57,4f,52,44,50,41,44,2e,45,\

58,45,22,20,2f,70,74,20,22,25,31,22,20,22,25,32,22,20,22,25,33,22,20,22,25,\

34,22,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wrifile]

; Contents of value:

; @"%ProgramFiles%\Windows NT\Accessoires\WORDPAD.EXE",-208

"FriendlyTypeName"=hex(2):40,22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,\

57,69,6e,64,6f,77,73,20,4e,54,5c,41,63,63,65,73,73,6f,69,72,65,73,5c,57,4f,\

52,44,50,41,44,2e,45,58,45,22,2c,2d,32,30,38,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wrifile\DefaultIcon]

; Contents of value:

; "%ProgramFiles%\Windows NT\Accessoires\WORDPAD.EXE",2

@=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,6e,64,6f,77,73,\

20,4e,54,5c,41,63,63,65,73,73,6f,69,72,65,73,5c,57,4f,52,44,50,41,44,2e,45,\

58,45,22,2c,32,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wrifile\shell\open\command]

@="\"C:\\Program Files\\Windows NT\\Accessoires\\WORDPAD.EXE\" \"%1\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wrifile\shell\print\command]

@="\"C:\\Program Files\\Windows NT\\Accessoires\\WORDPAD.EXE\" /p \"%1\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wrifile\shell\printto\command]

@="\"C:\\Program Files\\Windows NT\\Accessoires\\WORDPAD.EXE\" /pt \"%1\" \"%2\" \"%3\" \"%4\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSWinWrite.wpc\Clients]

"C:\\Program Files\\Windows NT\\Accessoires\\wordpad.exe"=""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSWord6.wpc\Clients]

"C:\\Program Files\\Windows NT\\Accessoires\\wordpad.exe"=""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSWord8\Clients]

"C:\\Program Files\\Windows NT\\Accessoires\\wordpad.exe"=""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM]

; Contents of value:

; .NETFramework

; ASP.NET ASP.NET_1.1.43

; ASP.NET_1.1.4322 MSDTC PerfDisk PerfNet

; MSDTC PerfDisk PerfNet PerfOS PerfProc PSched

; PerfDisk PerfNet PerfOS PerfProc PSched RemoteAccess R

; PerfNet PerfOS PerfProc PSched RemoteAccess RSVP Spooler TapiS

; PerfOS PerfProc PSched RemoteAccess RSVP Spooler TapiSrv Tcpip TermSe

; PerfProc PSched RemoteAccess RSVP Spooler TapiSrv Tcpip TermService

; PSched RemoteAccess RSVP Spooler TapiSrv Tcpip TermService

; RemoteAccess RSVP Spooler TapiSrv Tcpip TermService

; RSVP Spooler TapiSrv Tcpip TermService

; Spooler TapiSrv Tcpip TermService

; TapiSrv Tcpip TermService

; Tcpip TermService

; TermService

;

"KnownSvcs"=hex(7):2e,4e,45,54,46,72,61,6d,65,77,6f,72,6b,00,41,53,50,2e,4e,45,\

54,00,41,53,50,2e,4e,45,54,5f,31,2e,31,2e,34,33,32,32,00,4d,53,44,54,43,00,\

50,65,72,66,44,69,73,6b,00,50,65,72,66,4e,65,74,00,50,65,72,66,4f,53,00,50,\

65,72,66,50,72,6f,63,00,50,53,63,68,65,64,00,52,65,6d,6f,74,65,41,63,63,65,\

73,73,00,52,53,56,50,00,53,70,6f,6f,6c,65,72,00,54,61,70,69,53,72,76,00,54,\

63,70,69,70,00,54,65,72,6d,53,65,72,76,69,63,65,00,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\System Programs]

"wordpad"="wordpad.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WORDPAD.EXE]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WORDPAD.EXE]

; Contents of value:

; "%ProgramFiles%\Windows NT\Accessoires\WORDPAD.EXE"

@=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,6e,64,6f,77,73,\

20,4e,54,5c,41,63,63,65,73,73,6f,69,72,65,73,5c,57,4f,52,44,50,41,44,2e,45,\

58,45,22,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WRITE.EXE]

; Contents of value:

; "%ProgramFiles%\Windows NT\Accessoires\WORDPAD.EXE"

@=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,6e,64,6f,77,73,\

20,4e,54,5c,41,63,63,65,73,73,6f,69,72,65,73,5c,57,4f,52,44,50,41,44,2e,45,\

58,45,22,00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Oc Manager\Subcomponents]

"mswordpad"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\sRGB Color Space Profile.icm"=dword:00000003

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\CIERGB.icc"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\JapanStandard.icc"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\NTSC1953.icc"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\PAL_SECAM.icc"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\pcd4050e.icm"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\pcd4050k.icm"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\pcdcnycc.icm"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\pcdekycc.icm"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\pcdkoycc.icm"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\Photoshop4DefaultCMYK.icc"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\Photoshop5DefaultCMYK.icc"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\ProPhoto.icm"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\SMPTE-C.icc"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\stdpyccl.icm"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\WideGamutRGB.icc"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\AdobeRGB1998.icc"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\AppleRGB.icc"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\ColorMatchRGB.icc"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\EuroscaleCoated.icc"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\EuroscaleUncoated.icc"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\JapanColor2001Coated.icc"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\JapanColor2001Uncoated.icc"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\JapanWebCoated.icc"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\USSheetfedCoated.icc"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\USSheetfedUncoated.icc"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\USWebCoatedSWOP.icc"=dword:00000002

"C:\\WINDOWS\\System32\\spool\\DRIVERS\\COLOR\\USWebUncoated.icc"=dword:00000002

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]

"Spooler"="#SYS:Microsoft\\Windows NT\\CurrentVersion\\Windows"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers]

"DefaultSpoolDirectory"="C:\\WINDOWS\\System32\\spool\\PRINTERS"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Print/Providers/LanMan Print Services/Servers/AddPrinterDrivers]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDF API DLL\TestTraceGuid]

"BitNames"=" TEST_TRACE_GENERAL TEST_TRACE_APP TEST_TRACE_TSTDRIVER TEST_TRACE_FLTRDRIVER"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"Spooler"="yes"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\GroupOrderList]

"SpoolerGroup"=hex:02,00,00,00,01,00,00,00,02,00,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Providers\LanMan Print Services\servers]

"addprinterdrivers"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder]

; Contents of value:

; System Reserved

; Boot Bus Extender System Bus Exten

; System Bus Extender SCSI miniport Port Primary Disk SC

; SCSI miniport Port Primary Disk SCSI Class SCSI CDROM Class FSFilter

; Port Primary Disk SCSI Class SCSI CDROM Class FSFilter Infrastructure FSF

; Primary Disk SCSI Class SCSI CDROM Class FSFilter Infrastructure FSFilter System FSFil

; SCSI Class SCSI CDROM Class FSFilter Infrastructure FSFilter System FSFilter Bottom FSFilter Copy

; SCSI CDROM Class FSFilter Infrastructure FSFilter System FSFilter Bottom FSFilter Copy Protection FSFilter Securit

; FSFilter Infrastructure FSFilter System FSFilter Bottom FSFilter Copy Protection FSFilter Security Enhancer FSFilter Open File FSFilter Ph

; FSFilter System FSFilter Bottom FSFilter Copy Protection FSFilter Security Enhancer FSFilter Open File FSFilter Physical Quota Management FSFilter Encrypt

; FSFilter Bottom FSFilter Copy Protection FSFilter Security Enhancer FSFilter Open File FSFilter Physical Quota Management FSFilter Encryption FSFilter Compression FSFilte

; FSFilter Copy Protection FSFilter Security Enhancer FSFilter Open File FSFilter Physical Quota Management FSFilter Encryption FSFilter Compression FSFilter HSM FSFilter Cluster File System FSFilt

; FSFilter Security Enhancer FSFilter Open File FSFilter Physical Quota Management FSFilter Encryption FSFilter Compression FSFilter HSM FSFilter Cluster File System FSFilter System Recovery FSFilter Quota Management FSFilte

; FSFilter Open File FSFilter Physical Quota Management FSFilter Encryption FSFilter Compression FSFilter HSM FSFilter Cluster File System FSFilter System Recovery FSFilter Quota Management FSFilter Content Screener FSFilter Continuous Backup

; FSFilter Physical Quota Management FSFilter Encryption FSFilter Compression FSFilter HSM FSFilter Cluster File System FSFilter System Recovery FSFilter Quota Management FSFilter Content Screener FSFilter Continuous Backup FSFilter Replication FSFilter Anti-Virus FSFilter Unde

; FSFilter Encryption FSFilter Compression FSFilter HSM FSFilter Cluster File System FSFilter System Recovery FSFilter Quota Management FSFilter Content Screener FSFilter Continuous Backup FSFilter Replication FSFilter Anti-Virus FSFilter Undelete FSFilter Activity Monitor FSFilter Top Filter Boot

; FSFilter Compression FSFilter HSM FSFilter Cluster File System FSFilter System Recovery FSFilter Quota Management FSFilter Content Screener FSFilter Continuous Backup FSFilter Replication FSFilter Anti-Virus FSFilter Undelete FSFilter Activity Monitor FSFilter Top Filter Boot File System Base Pointer Port Keyboard P

; FSFilter HSM FSFilter Cluster File System FSFilter System Recovery FSFilter Quota Management FSFilter Content Screener FSFilter Continuous Backup FSFilter Replication FSFilter Anti-Virus FSFilter Undelete FSFilter Activity Monitor FSFilter Top Filter Boot File System Base Pointer Port Keyboard Port Pointer Class Keyboard Class V

; FSFilter Cluster File System FSFilter System Recovery FSFilter Quota Management FSFilter Content Screener FSFilter Continuous Backup FSFilter Replication FSFilter Anti-Virus FSFilter Undelete FSFilter Activity Monitor FSFilter Top Filter Boot File System Base Pointer Port Keyboard Port Pointer Class Keyboard Class Video Init Video Video Save File System Eve

; FSFilter System Recovery FSFilter Quota Management FSFilter Content Screener FSFilter Continuous Backup FSFilter Replication FSFilter Anti-Virus FSFilter Undelete FSFilter Activity Monitor FSFilter Top Filter Boot File System Base Pointer Port Keyboard Port Pointer Class Keyboard Class Video Init Video Video Save File System Event Log Streams Drivers NDIS Wrapper COM Infrastructure

; FSFilter Quota Management FSFilter Content Screener FSFilter Continuous Backup FSFilter Replication FSFilter Anti-Virus FSFilter Undelete FSFilter Activity Monitor FSFilter Top Filter Boot File System Base Pointer Port Keyboard Port Pointer Class Keyboard Class Video Init Video Video Save File System Event Log Streams Drivers NDIS Wrapper COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI

; FSFilter Content Screener FSFilter Continuous Backup FSFilter Replication FSFilter Anti-Virus FSFilter Undelete FSFilter Activity Monitor FSFilter Top Filter Boot File System Base Pointer Port Keyboard Port Pointer Class Keyboard Class Video Init Video Video Save File System Event Log Streams Drivers NDIS Wrapper COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGro

; FSFilter Continuous Backup FSFilter Replication FSFilter Anti-Virus FSFilter Undelete FSFilter Activity Monitor FSFilter Top Filter Boot File System Base Pointer Port Keyboard Port Pointer Class Keyboard Class Video Init Video Video Save File System Event Log Streams Drivers NDIS Wrapper COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDE

; FSFilter Replication FSFilter Anti-Virus FSFilter Undelete FSFilter Activity Monitor FSFilter Top Filter Boot File System Base Pointer Port Keyboard Port Pointer Class Keyboard Class Video Init Video Video Save File System Event Log Streams Drivers NDIS Wrapper COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Conf

; FSFilter Anti-Virus FSFilter Undelete FSFilter Activity Monitor FSFilter Top Filter Boot File System Base Pointer Port Keyboard Port Pointer Class Keyboard Class Video Init Video Video Save File System Event Log Streams Drivers NDIS Wrapper COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; FSFilter Undelete FSFilter Activity Monitor FSFilter Top Filter Boot File System Base Pointer Port Keyboard Port Pointer Class Keyboard Class Video Init Video Video Save File System Event Log Streams Drivers NDIS Wrapper COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; FSFilter Activity Monitor FSFilter Top Filter Boot File System Base Pointer Port Keyboard Port Pointer Class Keyboard Class Video Init Video Video Save File System Event Log Streams Drivers NDIS Wrapper COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; FSFilter Top Filter Boot File System Base Pointer Port Keyboard Port Pointer Class Keyboard Class Video Init Video Video Save File System Event Log Streams Drivers NDIS Wrapper COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; Filter Boot File System Base Pointer Port Keyboard Port Pointer Class Keyboard Class Video Init Video Video Save File System Event Log Streams Drivers NDIS Wrapper COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; Boot File System Base Pointer Port Keyboard Port Pointer Class Keyboard Class Video Init Video Video Save File System Event Log Streams Drivers NDIS Wrapper COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; Base Pointer Port Keyboard Port Pointer Class Keyboard Class Video Init Video Video Save File System Event Log Streams Drivers NDIS Wrapper COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; Pointer Port Keyboard Port Pointer Class Keyboard Class Video Init Video Video Save File System Event Log Streams Drivers NDIS Wrapper COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; Keyboard Port Pointer Class Keyboard Class Video Init Video Video Save File System Event Log Streams Drivers NDIS Wrapper COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; Pointer Class Keyboard Class Video Init Video Video Save File System Event Log Streams Drivers NDIS Wrapper COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; Keyboard Class Video Init Video Video Save File System Event Log Streams Drivers NDIS Wrapper COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; Video Init Video Video Save File System Event Log Streams Drivers NDIS Wrapper COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; Video Video Save File System Event Log Streams Drivers NDIS Wrapper COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; Video Save File System Event Log Streams Drivers NDIS Wrapper COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; File System Event Log Streams Drivers NDIS Wrapper COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; Event Log Streams Drivers NDIS Wrapper COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; Streams Drivers NDIS Wrapper COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; NDIS Wrapper COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; COM Infrastructure UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; UIGroup LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; LocalValidation PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; PlugPlay PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; PNP_TDI NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; NDIS TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; TDI NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; NetBIOSGroup ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; ShellSvcGroup SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; SchedulerGroup SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; SpoolerGroup AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; AudioGroup NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; NetworkProvider RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; RemoteValidation NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; NetDDEGroup Parallel arbitrator Extended Base PCI Configuration MS Transactions

; Parallel arbitrator Extended Base PCI Configuration MS Transactions

; Extended Base PCI Configuration MS Transactions

; PCI Configuration MS Transactions

; MS Transactions

;

"List"=hex(7):53,79,73,74,65,6d,20,52,65,73,65,72,76,65,64,00,42,6f,6f,74,20,\

42,75,73,20,45,78,74,65,6e,64,65,72,00,53,79,73,74,65,6d,20,42,75,73,20,45,\

78,74,65,6e,64,65,72,00,53,43,53,49,20,6d,69,6e,69,70,6f,72,74,00,50,6f,72,\

74,00,50,72,69,6d,61,72,79,20,44,69,73,6b,00,53,43,53,49,20,43,6c,61,73,73,\

00,53,43,53,49,20,43,44,52,4f,4d,20,43,6c,61,73,73,00,46,53,46,69,6c,74,65,\

72,20,49,6e,66,72,61,73,74,72,75,63,74,75,72,65,00,46,53,46,69,6c,74,65,72,\

20,53,79,73,74,65,6d,00,46,53,46,69,6c,74,65,72,20,42,6f,74,74,6f,6d,00,46,\

53,46,69,6c,74,65,72,20,43,6f,70,79,20,50,72,6f,74,65,63,74,69,6f,6e,00,46,\

53,46,69,6c,74,65,72,20,53,65,63,75,72,69,74,79,20,45,6e,68,61,6e,63,65,72,\

00,46,53,46,69,6c,74,65,72,20,4f,70,65,6e,20,46,69,6c,65,00,46,53,46,69,6c,\

74,65,72,20,50,68,79,73,69,63,61,6c,20,51,75,6f,74,61,20,4d,61,6e,61,67,65,\

6d,65,6e,74,00,46,53,46,69,6c,74,65,72,20,45,6e,63,72,79,70,74,69,6f,6e,00,\

46,53,46,69,6c,74,65,72,20,43,6f,6d,70,72,65,73,73,69,6f,6e,00,46,53,46,69,\

6c,74,65,72,20,48,53,4d,00,46,53,46,69,6c,74,65,72,20,43,6c,75,73,74,65,72,\

20,46,69,6c,65,20,53,79,73,74,65,6d,00,46,53,46,69,6c,74,65,72,20,53,79,73,\

74,65,6d,20,52,65,63,6f,76,65,72,79,00,46,53,46,69,6c,74,65,72,20,51,75,6f,\

74,61,20,4d,61,6e,61,67,65,6d,65,6e,74,00,46,53,46,69,6c,74,65,72,20,43,6f,\

6e,74,65,6e,74,20,53,63,72,65,65,6e,65,72,00,46,53,46,69,6c,74,65,72,20,43,\

6f,6e,74,69,6e,75,6f,75,73,20,42,61,63,6b,75,70,00,46,53,46,69,6c,74,65,72,\

20,52,65,70,6c,69,63,61,74,69,6f,6e,00,46,53,46,69,6c,74,65,72,20,41,6e,74,\

69,2d,56,69,72,75,73,00,46,53,46,69,6c,74,65,72,20,55,6e,64,65,6c,65,74,65,\

00,46,53,46,69,6c,74,65,72,20,41,63,74,69,76,69,74,79,20,4d,6f,6e,69,74,6f,\

72,00,46,53,46,69,6c,74,65,72,20,54,6f,70,00,46,69,6c,74,65,72,00,42,6f,6f,\

74,20,46,69,6c,65,20,53,79,73,74,65,6d,00,42,61,73,65,00,50,6f,69,6e,74,65,\

72,20,50,6f,72,74,00,4b,65,79,62,6f,61,72,64,20,50,6f,72,74,00,50,6f,69,6e,\

74,65,72,20,43,6c,61,73,73,00,4b,65,79,62,6f,61,72,64,20,43,6c,61,73,73,00,\

56,69,64,65,6f,20,49,6e,69,74,00,56,69,64,65,6f,00,56,69,64,65,6f,20,53,61,\

76,65,00,46,69,6c,65,20,53,79,73,74,65,6d,00,45,76,65,6e,74,20,4c,6f,67,00,\

53,74,72,65,61,6d,73,20,44,72,69,76,65,72,73,00,4e,44,49,53,20,57,72,61,70,\

70,65,72,00,43,4f,4d,20,49,6e,66,72,61,73,74,72,75,63,74,75,72,65,00,55,49,\

47,72,6f,75,70,00,4c,6f,63,61,6c,56,61,6c,69,64,61,74,69,6f,6e,00,50,6c,75,\

67,50,6c,61,79,00,50,4e,50,5f,54,44,49,00,4e,44,49,53,00,54,44,49,00,4e,65,\

74,42,49,4f,53,47,72,6f,75,70,00,53,68,65,6c,6c,53,76,63,47,72,6f,75,70,00,\

53,63,68,65,64,75,6c,65,72,47,72,6f,75,70,00,53,70,6f,6f,6c,65,72,47,72,6f,\

75,70,00,41,75,64,69,6f,47,72,6f,75,70,00,4e,65,74,77,6f,72,6b,50,72,6f,76,\

69,64,65,72,00,52,65,6d,6f,74,65,56,61,6c,69,64,61,74,69,6f,6e,00,4e,65,74,\

44,44,45,47,72,6f,75,70,00,50,61,72,61,6c,6c,65,6c,20,61,72,62,69,74,72,61,\

74,6f,72,00,45,78,74,65,6e,64,65,64,20,42,61,73,65,00,50,43,49,20,43,6f,6e,\

66,69,67,75,72,61,74,69,6f,6e,00,4d,53,20,54,72,61,6e,73,61,63,74,69,6f,6e,\

73,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\SysProcs]

"spoolss.exe"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000]

"MirrorDriver"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000]

"MirrorDriver"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WOW]

"KnownDLLs"="comm.drv commdlg.dll ctl3dv2.dll ddeml.dll keyboard.drv lanman.drv mmsystem.dll mouse.drv netapi.dll olecli.dll olesvr.dll pmspl.dll shell.dll sound.drv system.drv toolhelp.dll vga.drv wfwnet.drv win87em.dll winoldap.mod winsock.dll winspool.exe wowdeb.exe timer.drv rasapi16.dll compobj.dll storage.dll ole2.dll ole2disp.dll ole2nls.dll typelib.dll msvideo.dll avifile.dll msacm.dll mciavi.drv mciseq.drv mciwave.drv progman.exe avicap.dll mapi.dll"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRINT_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRINT_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRINT_SPOOLER\0000]

"Service"="Print Spooler"

"DeviceDesc"="Print Spool Handler"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOL]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOL\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOL\0000]

"Service"="spool"

"DeviceDesc"="spool"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLER\0000]

"Service"="Spooler"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLV\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLV\0000]

"Service"="spoolv"

"DeviceDesc"="spoolv"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLV\0000\LogConf]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WORDPAD]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WORDPAD\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WORDPAD\0000]

"Service"="wordpad"

"DeviceDesc"="wordpad"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application]

; Contents of value:

; WSH

; WMIAdapter Wmdm

; WmdmPmSN WinMgmt Winlogo

; WinMgmt Winlogon Windows Product

; Winlogon Windows Product Activation Windo

; Windows Product Activation Windows 3.1 Migration WebClient VSS VBRun

; Windows 3.1 Migration WebClient VSS VBRuntime Userinit Userenv UploadM Tlntsvr SysmonLog S

; WebClient VSS VBRuntime Userinit Userenv UploadM Tlntsvr SysmonLog SpoolerCtrs Software Installation

; VSS VBRuntime Userinit Userenv UploadM Tlntsvr SysmonLog SpoolerCtrs Software Installation SclgNtfy SceS

; VBRuntime Userinit Userenv UploadM Tlntsvr SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safr

; Userinit Userenv UploadM Tlntsvr SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfPro

; Userenv UploadM Tlntsvr SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet

; UploadM Tlntsvr SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib

; Tlntsvr SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctr

; SysmonLog SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oa

; SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup MsiInsta

; Software Installation SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup MsiInstaller MSDTC Client MSDTC mnmsrvc Mi

; SclgNtfy SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup MsiInstaller MSDTC Client MSDTC mnmsrvc Microsoft H.323 Telephony Service

; SceSrv SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup MsiInstaller MSDTC Client MSDTC mnmsrvc Microsoft H.323 Telephony Service Provider LoadPe

; SceCli safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup MsiInstaller MSDTC Client MSDTC mnmsrvc Microsoft H.323 Telephony Service Provider LoadPerf Java VM Hel

; safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup MsiInstaller MSDTC Client MSDTC mnmsrvc Microsoft H.323 Telephony Service Provider LoadPerf Java VM HelpSvc Folder Red

; SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup MsiInstaller MSDTC Client MSDTC mnmsrvc Microsoft H.323 Telephony Service Provider LoadPerf Java VM HelpSvc Folder Redirection File De

; PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup MsiInstaller MSDTC Client MSDTC mnmsrvc Microsoft H.323 Telephony Service Provider LoadPerf Java VM HelpSvc Folder Redirection File Deployment EventSys

; PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup MsiInstaller MSDTC Client MSDTC mnmsrvc Microsoft H.323 Telephony Service Provider LoadPerf Java VM HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL

; PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup MsiInstaller MSDTC Client MSDTC mnmsrvc Microsoft H.323 Telephony Service Provider LoadPerf Java VM HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQu

; Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup MsiInstaller MSDTC Client MSDTC mnmsrvc Microsoft H.323 Telephony Service Provider LoadPerf Java VM HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+

; Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup MsiInstaller MSDTC Client MSDTC mnmsrvc Microsoft H.323 Telephony Service Provider LoadPerf Java VM HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk Avg7U

; PerfDisk Perfctrs Offline Files Oakley ntbackup MsiInstaller MSDTC Client MSDTC mnmsrvc Microsoft H.323 Telephony Service Provider LoadPerf Java VM HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AV

; Perfctrs Offline Files Oakley ntbackup MsiInstaller MSDTC Client MSDTC mnmsrvc Microsoft H.323 Telephony Service Provider LoadPerf Java VM HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment

; Offline Files Oakley ntbackup MsiInstaller MSDTC Client MSDTC mnmsrvc Microsoft H.323 Telephony Service Provider LoadPerf Java VM HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.432

; Oakley ntbackup MsiInstaller MSDTC Client MSDTC mnmsrvc Microsoft H.323 Telephony Service Provider LoadPerf Java VM HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Manag

; ntbackup MsiInstaller MSDTC Client MSDTC mnmsrvc Microsoft H.323 Telephony Service Provider LoadPerf Java VM HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Applicatio

; MsiInstaller MSDTC Client MSDTC mnmsrvc Microsoft H.323 Telephony Service Provider LoadPerf Java VM HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Err

; MSDTC Client MSDTC mnmsrvc Microsoft H.323 Telephony Service Provider LoadPerf Java VM HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Applicatio

; MSDTC mnmsrvc Microsoft H.323 Telephony Service Provider LoadPerf Java VM HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Application

; mnmsrvc Microsoft H.323 Telephony Service Provider LoadPerf Java VM HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Application

; Microsoft H.323 Telephony Service Provider LoadPerf Java VM HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Application

; LoadPerf Java VM HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Application

; Java VM HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Application

; HelpSvc Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Application

; Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Application

; File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Application

; EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Application

; ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Application

; EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Application

; DrWatson DiskQuota crypt32 COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Application

; DiskQuota crypt32 COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Application

; crypt32 COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Application

; COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Application

; Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Application

; Chkdsk Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Application

; Avg7UpdSvc Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Application

; Avg7Alrt AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Application

; AVG7 AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Application

; AutoEnrollment Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Application

; Autochk ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Application

; ASP.NET 1.1.4322.0 Application Management Application Hang Application Error .NET Runtime Application

; Application Management Application Hang Application Error .NET Runtime Application

; Application Hang Application Error .NET Runtime Application

; Application Error .NET Runtime Application

; .NET Runtime Application

; Application

;

"Sources"=hex(7):57,53,48,00,57,4d,49,41,64,61,70,74,65,72,00,57,6d,64,6d,50,\

6d,53,4e,00,57,69,6e,4d,67,6d,74,00,57,69,6e,6c,6f,67,6f,6e,00,57,69,6e,64,\

6f,77,73,20,50,72,6f,64,75,63,74,20,41,63,74,69,76,61,74,69,6f,6e,00,57,69,\

6e,64,6f,77,73,20,33,2e,31,20,4d,69,67,72,61,74,69,6f,6e,00,57,65,62,43,6c,\

69,65,6e,74,00,56,53,53,00,56,42,52,75,6e,74,69,6d,65,00,55,73,65,72,69,6e,\

69,74,00,55,73,65,72,65,6e,76,00,55,70,6c,6f,61,64,4d,00,54,6c,6e,74,73,76,\

72,00,53,79,73,6d,6f,6e,4c,6f,67,00,53,70,6f,6f,6c,65,72,43,74,72,73,00,53,\

6f,66,74,77,61,72,65,20,49,6e,73,74,61,6c,6c,61,74,69,6f,6e,00,53,63,6c,67,\

4e,74,66,79,00,53,63,65,53,72,76,00,53,63,65,43,6c,69,00,73,61,66,72,73,6c,\

76,00,53,41,46,72,64,6d,73,00,50,65,72,66,50,72,6f,63,00,50,65,72,66,4f,53,\

00,50,65,72,66,4e,65,74,00,50,65,72,66,6d,6f,6e,00,50,65,72,66,6c,69,62,00,\

50,65,72,66,44,69,73,6b,00,50,65,72,66,63,74,72,73,00,4f,66,66,6c,69,6e,65,\

20,46,69,6c,65,73,00,4f,61,6b,6c,65,79,00,6e,74,62,61,63,6b,75,70,00,4d,73,\

69,49,6e,73,74,61,6c,6c,65,72,00,4d,53,44,54,43,20,43,6c,69,65,6e,74,00,4d,\

53,44,54,43,00,6d,6e,6d,73,72,76,63,00,4d,69,63,72,6f,73,6f,66,74,20,48,2e,\

33,32,33,20,54,65,6c,65,70,68,6f,6e,79,20,53,65,72,76,69,63,65,20,50,72,6f,\

76,69,64,65,72,00,4c,6f,61,64,50,65,72,66,00,4a,61,76,61,20,56,4d,00,48,65,\

6c,70,53,76,63,00,46,6f,6c,64,65,72,20,52,65,64,69,72,65,63,74,69,6f,6e,00,\

46,69,6c,65,20,44,65,70,6c,6f,79,6d,65,6e,74,00,45,76,65,6e,74,53,79,73,74,\

65,6d,00,45,53,45,4e,54,00,45,41,50,4f,4c,00,44,72,57,61,74,73,6f,6e,00,44,\

69,73,6b,51,75,6f,74,61,00,63,72,79,70,74,33,32,00,43,4f,4d,2b,00,43,69,00,\

43,68,6b,64,73,6b,00,41,76,67,37,55,70,64,53,76,63,00,41,76,67,37,41,6c,72,\

74,00,41,56,47,37,00,41,75,74,6f,45,6e,72,6f,6c,6c,6d,65,6e,74,00,41,75,74,\

6f,63,68,6b,00,41,53,50,2e,4e,45,54,20,31,2e,31,2e,34,33,32,32,2e,30,00,41,\

70,70,6c,69,63,61,74,69,6f,6e,20,4d,61,6e,61,67,65,6d,65,6e,74,00,41,70,70,\

6c,69,63,61,74,69,6f,6e,20,48,61,6e,67,00,41,70,70,6c,69,63,61,74,69,6f,6e,\

20,45,72,72,6f,72,00,2e,4e,45,54,20,52,75,6e,74,69,6d,65,00,41,70,70,6c,69,\

63,61,74,69,6f,6e,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SpoolerCtrs]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SpoolerCtrs]

; Contents of value:

; %SystemRoot%\System32\winspool.drv

"EventMessageFile"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,\

65,6d,33,32,5c,77,69,6e,73,70,6f,6f,6c,2e,64,72,76,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security]

; Contents of value:

; Spooler

; Security Account Manager SC Manag

; SC Manager NetDDE Object LSA DS Security

; NetDDE Object LSA DS Security

; LSA DS Security

; DS Security

; Security

;

"Sources"=hex(7):53,70,6f,6f,6c,65,72,00,53,65,63,75,72,69,74,79,20,41,63,63,\

6f,75,6e,74,20,4d,61,6e,61,67,65,72,00,53,43,20,4d,61,6e,61,67,65,72,00,4e,\

65,74,44,44,45,20,4f,62,6a,65,63,74,00,4c,53,41,00,44,53,00,53,65,63,75,72,\

69,74,79,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security\Spooler\ObjectNames]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt\Parameters]

"LayerDriver JPN"="kbd101.dll"

"LayerDriver KOR"="kbd101a.dll"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver\Security]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\parameters]

; Contents of value:

; COMNAP

; COMNODE SQL\QUE

; SQL\QUERY SPOOLSS LLSRPC

; SPOOLSS LLSRPC EPMAPPER LOCATOR T

; LLSRPC EPMAPPER LOCATOR TrkWks TrkSvr

; EPMAPPER LOCATOR TrkWks TrkSvr

; LOCATOR TrkWks TrkSvr

; TrkWks TrkSvr

; TrkSvr

;

"NullSessionPipes"=hex(7):43,4f,4d,4e,41,50,00,43,4f,4d,4e,4f,44,45,00,53,51,\

4c,5c,51,55,45,52,59,00,53,50,4f,4f,4c,53,53,00,4c,4c,53,52,50,43,00,45,50,\

4d,41,50,50,45,52,00,4c,4f,43,41,54,4f,52,00,54,72,6b,57,6b,73,00,54,72,6b,\

53,76,72,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmdd\Device0]

"MirrorDriver"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\orans]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\orans]

; Contents of value:

; \??\C:\WINDOWS\system32\orans.sys

"ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\

6d,33,32,5c,6f,72,61,6e,73,2e,73,79,73,00

"DisplayName"="orans"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\orans\Security]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD\Device0]

"MirrorDriver"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv]

Posté(e)

salut liloute :-P

 

Plus grand chose à se mettre sous la dent :P

 

Un dernier fichier reg à éxécuter :

 

Étape 1:

 

- Pour commencer une petite sauvegarde par sécurité: crée un point de restauration avant de supprimer les clés ci dessous, pour pouvoir en cas de problème revenir en arrière:

 

Pour le faire suis le tutorial suivant (tres simple!) http://www.tplpc.com/modules/tutorials/cours-123.html

 

Étape 2:

 

Créé un fichier Bloc Notes avec le texte qui se trouve dans l'espace "code" ci-dessous (copie/colle, sans le mot "Code"=>Attention pas de ligne vierge avant REGEDIT4 ) :

 

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRINT_SPOOLER]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOL]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLV]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WORDPAD]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\orans]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv]

 

-Enregistrer ce fichier dans : Bureau

-Nom du fichier : fix.reg

-Type : tous les fichiers

-cliquer sur Enregistrer

-quitter le Bloc Notes: ne clique pas sur le fichier maintenant!

 

Étape 3:

 

-Télécharge jv16 et met le dans un dossier:

http://telechargement.zebulon.fr/201-jv16-powertools.html

 

-son tutorial pour l'utiliser correctement ,ici:

http://www.zebulon.fr/articles/base-de-registre-3.php

 

Redémarre en mode Sans Échec

(n'ayant pas accès à Internet, tu as préalablement copié ces instructions dans un fichier texte)

 

Étape 4:

 

-Clique sur le fichier fix.reg pour qu'il s'exécute.Un message te demandera la fusion,accepte.Elimine le fichier reg.

 

Étape 5:

 

-Lance JV16

 

- Mets le logiciel en français Preferences > Language > Français > OK.

 

- Ensuite, Outils registre > menu Outils > nettoyeur de registre.

 

- Coche "je veux vérifier manuellement les entrées" Décoche "Montrer les entrées ignorées".

 

- Clique sur "Continuer" puis sur "Démarrer".

 

- Quand jv16 a terminé la recherche,vas dans le menu "sélectionner" choisis "sélectionner tout" puis en bas à droite choisis l'option "supprimer".Tu peux virer toutes les entrées en vert.

 

-Si ca ne fonctionne pas du premier coup,recommence!

 

Étape 6:

 

-Redémarre le pc pour que les modifications soient prises en compte,et refais une recherche avec Regsearch sur les termes suivant:

LEGACY_RDRIV

LEGACY_PRINT_SPOOLER

LEGACY_SPOOL

LEGACY_SPOOLV

LEGACY_WORDPAD

orans

rdriv

et poste le rapport stp :P

Posté(e)

Bonsoir,

 

 

Voici le rapport:

 

REGEDIT4

 

; Registry Search 2.0 by Bobbi Flekman © 2005

; Version: 2.0.0.1

 

; Results at 14/03/2006 18:55:19 for strings:

; 'legacy_rdriv'

; 'legacy_print_spooler'

; 'legacy_spool'

; 'legacy_spoolv'

; 'legacy_wordpad'

; 'orans'

; 'rdriv'

; Strings excluded from search:

; (None)

; Search in:

; Registry Keys Registry Values Registry Data

; HKEY_LOCAL_MACHINE HKEY_USERS

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg

Values\MACHINE/System/CurrentControlSet/Control/Print/Providers/LanMan Print

Services/Servers/AddPrinterDrivers]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDF

API DLL\TestTraceGuid]

"BitNames"=" TEST_TRACE_GENERAL TEST_TRACE_APP TEST_TRACE_TSTDRIVER

TEST_TRACE_FLTRDRIVER"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Providers\LanMan

Print Services\servers]

"addprinterdrivers"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000]

"MirrorDriver"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000]

"MirrorDriver"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRINT_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRINT_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOL]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOL\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLV\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLV\0000\LogConf]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WORDPAD]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WORDPAD\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt\Parameters]

"LayerDriver JPN"="kbd101.dll"

"LayerDriver KOR"="kbd101a.dll"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver\Security]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmdd\Device0]

"MirrorDriver"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD\Device0]

"MirrorDriver"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Providers\LanMan

Print Services\servers]

"addprinterdrivers"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000]

"MirrorDriver"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000]

"MirrorDriver"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PRINT_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PRINT_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPOOLER\0000\Control]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPOOLV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\i8042prt\Parameters]

"LayerDriver JPN"="kbd101.dll"

"LayerDriver KOR"="kbd101a.dll"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IpFilterDriver]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IpFilterDriver\Security]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mnmdd\Device0]

"MirrorDriver"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RDPCDD\Device0]

"MirrorDriver"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Spooler\Enum]

"0"="Root\\LEGACY_SPOOLER\\0000"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Print\Providers\LanMan

Print Services\servers]

"addprinterdrivers"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000]

"MirrorDriver"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000]

"MirrorDriver"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PRINT_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PRINT_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_RDRIV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SPOOLV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\i8042prt\Parameters]

"LayerDriver JPN"="kbd101.dll"

"LayerDriver KOR"="kbd101a.dll"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\IpFilterDriver]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\IpFilterDriver\Security]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mnmdd\Device0]

"MirrorDriver"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\RDPCDD\Device0]

"MirrorDriver"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\LanMan

Print Services\servers]

"addprinterdrivers"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000]

"MirrorDriver"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000]

"MirrorDriver"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PRINT_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PRINT_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPOOLER\0000\Control]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPOOLV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters]

"LayerDriver JPN"="kbd101.dll"

"LayerDriver KOR"="kbd101a.dll"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver\Security]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmdd\Device0]

"MirrorDriver"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPCDD\Device0]

"MirrorDriver"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler\Enum]

"0"="Root\\LEGACY_SPOOLER\\0000"

 

; End Of The Log...

Posté(e)

salut Liloute :-(

 

Bon tout n'as pas fonctionné (de nouvelles clés ont été mises en évidence) :P Il faut éliminer toutes les clés en même temps!Supprime tous les fichiers reg qu'on a fait précédemment.On va tenter d'entrer toutes ces nouvelles occurences,si ca ne fonctionne pas ,c'est le nettoyage manuel qui t'attends :P

 

Créé un fichier Bloc Notes avec le texte qui se trouve dans l'espace "code" ci-dessous (copie/colle, sans le mot "Code"=>Attention pas de ligne vierge avant REGEDIT4 ) :

 

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRINT_SPOOLER]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOL]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLV]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WORDPAD]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PRINT_SPOOLER]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPOOLV]

 

-Enregistrer ce fichier dans : Bureau

-Nom du fichier : remove.reg

-Type : tous les fichiers

-cliquer sur Enregistrer

-quitter le Bloc Notes: ne clique pas sur le fichier maintenant!

 

-Redémarre en mode sans échec.

 

-Clique sur le fichier remove.reg pour qu'il s'exécute.Un message te demandera la fusion,accepte.Elimine le fichier reg.

 

-Lance Jv16 et élimine toute les entrées en vert.

 

-redémarre et relance la recherche suivante avec Regsearch (ca maigrit :P )=>

LEGACY_RDRIV

LEGACY_PRINT_SPOOLER

LEGACY_SPOOL

LEGACY_SPOOLV

LEGACY_WORDPAD

 

@+tard :-P

Posté(e)

Bonsoir,

 

Voici le rapport:

 

REGEDIT4

 

; Registry Search 2.0 by Bobbi Flekman © 2005

; Version: 2.0.0.1

 

; Results at 16/03/2006 17:58:54 for strings:

; 'legacy_rdriv'

; 'legacy_print_spooler'

; 'legacy_spool'

; 'legacy_spoolv '

; 'legacy_wordpad '

; Strings excluded from search:

; (None)

; Search in:

; Registry Keys Registry Values Registry Data

; HKEY_LOCAL_MACHINE HKEY_USERS

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRINT_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRINT_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOL]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOL\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLV\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLV\0000\LogConf]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PRINT_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PRINT_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPOOLER\0000\Control]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPOOLV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Spooler\Enum]

"0"="Root\\LEGACY_SPOOLER\\0000"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PRINT_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PRINT_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_RDRIV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SPOOLV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PRINT_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PRINT_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPOOLER\0000\Control]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPOOLV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler\Enum]

"0"="Root\\LEGACY_SPOOLER\\0000"

 

; End Of The Log...

Posté(e) (modifié)

salut liloute :-P

 

Bon, dans mon précédent fichier reg, je n'ai pas pris en compte les clés présentes sous "ControlSet003" :P Bon voilà le bon fichier(élimine le précédent)!=>

 

Étape 1:

 

Créé un fichier Bloc Notes avec le texte qui se trouve dans l'espace "code" ci-dessous (copie/colle, sans le mot "Code"=>Attention pas de ligne vierge avant REGEDIT4 ) :

 

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRINT_SPOOLER]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOL]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLV]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PRINT_SPOOLER]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPOOLV]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PRINT_SPOOLER]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_RDRIV]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SPOOLV]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PRINT_SPOOLER]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPOOLV]

-Enregistrer ce fichier dans : Bureau

-Nom du fichier : fixit.reg

-Type : tous les fichiers

-cliquer sur Enregistrer

-quitter le Bloc Notes: ne clique pas sur le fichier maintenant!

 

 

Redémarre en mode Sans Échec

(n'ayant pas accès à Internet, tu as préalablement copié ces instructions dans un fichier texte)

 

Étape 2:

 

Clique sur le fichier fixit.reg pour qu'il s'exécute.Un message te demandera la fusion,accepte.Elimine le fichier reg.

 

Étape 3:

 

Redémarre normalement et regarde si elles sont encore présentes dans le registre en relançant la même

recherche avec Regsearch:

LEGACY_RDRIV

LEGACY_PRINT_SPOOLER

LEGACY_SPOOL

LEGACY_SPOOLV

poste le nouveau rapport :P

Edit: la clé Wordpad a disparu , un bon point! allez courage!

Modifié par charles ingals
Posté(e)

Bonsoir, désolée pour le délais, mais je n'ai pas pu "voir" mon amie avant, voici donc le rapport

 

 

REGEDIT4

 

; Registry Search 2.0 by Bobbi Flekman © 2005

; Version: 2.0.0.1

 

; Results at 21/03/2006 21:12:10 for strings:

; 'legacy_rdriv'

; 'legacy_print_spooler'

; 'legacy_spool'

; 'legacy_spoolv'

; Strings excluded from search:

; (None)

; Search in:

; Registry Keys Registry Values Registry Data

; HKEY_LOCAL_MACHINE HKEY_USERS

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRINT_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRINT_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOL]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOL\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLV\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLV\0000\LogConf]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PRINT_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PRINT_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPOOLER\0000\Control]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPOOLV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Spooler\Enum]

"0"="Root\\LEGACY_SPOOLER\\0000"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PRINT_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PRINT_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_RDRIV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SPOOLV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PRINT_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PRINT_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPOOLER]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPOOLER\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPOOLER\0000\Control]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPOOLV]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler\Enum]

"0"="Root\\LEGACY_SPOOLER\\0000"

 

; End Of The Log...

Posté(e)

salut liloute :-(

 

De retour? :P Bon il y avait un risque que le fix échoue car les clés que l'on veut éliminer sont protégées!!

 

Voilà une méthode qui donne un résultat , la suppression manuelle :P

 

Étape 1:

 

- Pour commencer une petite sauvegarde par sécurité: crée un point de restauration avant de supprimer les clés ci dessous, pour pouvoir en cas de problème revenir en arrière:

 

Pour le faire suis le tutorial suivant (tres simple!) http://www.tplpc.com/modules/tutorials/cours-123.html

 

Redémarre en mode Sans Échec

(n'ayant pas accès à Internet, tu as préalablement copié ces instructions dans un fichier texte)

 

Étape 2:Suppression manuelle:

 

 

*Passe par démarrer > exécuter > tape regedit

 

naviguer jusqu'a cette clé ( en cliquant sur le signe + à gauche):

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PRINT_SPOOLER

 

- Fais un clic avec le bouton droit de la souris sur cette clé LEGACY_PRINT_SPOOLER et sélectionne Autorisations dans le menu.(ne touche pas à la clé plus haut nommée"Root")

 

- dans la fenêtre qui vient de s'ouvrir, sélectionne ton profil (dans nom d'utilisateur ou de groupe) ou "Tout le Monde" => assure toi que la case "Contrôle Total" soit bien cochée ,si ce n'est pas le cas,coche puis clique sur "ok" .

 

- fais un clic droit sur la clé et sélectionne "Supprimer"

 

*Fais pareil avec les clés suivantes=>

 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV

 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOL

 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPOOLV

 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PRINT_SPOOLER

 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV

 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPOOLV

 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PRINT_SPOOLER

 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_RDRIV

 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SPOOLV

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PRINT_SPOOLER

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPOOLV

 

Quitte le registre.

Attention!! Ne touche surtout pas à cette clé => LEGACY_SPOOLER qui elle est légitime!! Regarde bien le nom des clés en question avant suppression!

 

Étape 3:

 

Redémarre normalement et regarde si elles sont encore présentes dans le registre en relançant la même

recherche avec Regsearch:poste le nouveau rapport :-P

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...