Probleme internet explorer

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus.
Re: Probleme internet explorer

Message le 21 Avr 2010 18:56

peux tu me dire si tu as ce dossier...C:\WINDOWS\ERDNT\Hiv-backup

et si il contient ce qui est sur cette image...


* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "custom scan...."

%SYSTEMDRIVE%\userinit.exe /s /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ /s

* Cliques sur l'icône "RunScan" (en haut à gauche) /!\ ( pas runfix) /!\
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Re: Probleme internet explorer

Message le 21 Avr 2010 21:31

Re: Probleme internet explorer

Message le 21 Avr 2010 22:03

non ce dossier n'est pas sur mon pc. dois-je kan même faire le scan OTL?
Re: Probleme internet explorer

Message le 21 Avr 2010 22:05


oui, fais le scan OTL stp... :wink:
Re: Probleme internet explorer

Message le 22 Avr 2010 00:40

OTL logfile created on: 21/04/2010 18:00:36 - Run 3
OTL by OldTimer - Version Folder = C:\Windows\System32\config\systemprofile\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 56,16 Gb Free Space | 37,68% Space Free | Partition Type: NTFS
Drive D: | 3,23 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-USER
Current User Name: USER
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\System32\config\systemprofile\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.)
PRC - C:\Windows\vsnpstd3.exe ()
PRC - C:\Windows\tsnpstd3.exe ()
PRC - C:\Windows\FixCamera.exe ()

========== Modules (SafeList) ==========

MOD - C:\Windows\System32\config\systemprofile\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

========== Driver Services (SafeList) ==========

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (FETND6V) -- C:\Windows\System32\drivers\fetnd6v.sys (VIA Technologies, Inc. )
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (a016obex) -- C:\Windows\System32\drivers\a016obex.sys (MCCI Corporation)
DRV - (a016mdm) -- C:\Windows\System32\drivers\a016mdm.sys (MCCI Corporation)
DRV - (a016mgmt) Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\a016mgmt.sys (MCCI Corporation)
DRV - (a016mdfl) -- C:\Windows\System32\drivers\a016mdfl.sys (MCCI Corporation)
DRV - (a016bus) Sony Ericsson Device A016 driver (WDM) -- C:\Windows\System32\drivers\a016bus.sys (MCCI Corporation)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (s117obex) -- C:\Windows\System32\drivers\s117obex.sys (MCCI Corporation)
DRV - (s117mdm) -- C:\Windows\System32\drivers\s117mdm.sys (MCCI Corporation)
DRV - (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s117mgmt.sys (MCCI Corporation)
DRV - (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) -- C:\Windows\System32\drivers\s117unic.sys (MCCI Corporation)
DRV - (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) -- C:\Windows\System32\drivers\s117nd5.sys (MCCI Corporation)
DRV - (s117mdfl) -- C:\Windows\System32\drivers\s117mdfl.sys (MCCI Corporation)
DRV - (s117bus) Sony Ericsson Device 117 driver (WDM) -- C:\Windows\System32\drivers\s117bus.sys (MCCI Corporation)
DRV - (S3GIGP) -- C:\Windows\System32\drivers\VTGKModeDX32.sys (S3 Graphics Co., Ltd.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (Silicon Integrated Systems Corp.)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (eusk2par) -- C:\Windows\System32\drivers\eusk2par.sys (EUTRON)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ... x_homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 64 1F 7B 00 03 14 E6 41 80 CC 16 A6 78 7C A6 76 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {9CE11043-9A15-4207-A565-0C94C42D590D}:2.0
FF - prefs.js..extensions.enabledItems: {f3c12911-3343-c59a-8c82-74b377b2737f}:
FF - prefs.js..extensions.enabledItems:

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/19 19:55:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/17 15:30:08 | 000,000,000 | ---D | M]

[2010/04/19 20:22:18 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Extensions
[2010/04/21 09:09:17 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\hsscauah.default\extensions
[2010/04/21 09:09:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\hsscauah.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/19 21:44:50 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\hsscauah.default\extensions\
[2010/04/21 09:09:00 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/12/12 19:02:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/03/29 01:48:12 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files\mozilla firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
[2010/04/15 12:36:44 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\mozilla firefox\extensions\{f3c12911-3343-c59a-8c82-74b377b2737f}
[2006/09/26 06:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010/04/01 13:07:29 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/04/01 13:07:29 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/01 13:07:29 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/04/01 13:07:29 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/04/01 13:07:29 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ezLife] File not found
O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe (VIA.)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [S3Trayp] C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [zpkulydleetxdhle] C:\Windows\System32\aknqvjjjggvqx.dll File not found
O4 - HKLM..\RunOnce: [NSSInstallation] C:\Program Files\DivX\Symantec\scstubinstaller.exe (Symantec Corporation)
O4 - HKLM..\RunOnce: [VistaSetup] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} ... (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} ... (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ... (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} ... (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (c:\windows\system32\dnssd32.dll) - C:\Windows\System32\dnssd32.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/24 01:08:42 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/11/02 16:00:00 | 000,000,043 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2006/11/02 16:00:00 | 000,109,160 | R--- | M] (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\ [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/21 11:08:09 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~LS
[2010/04/21 11:01:39 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
[2010/04/21 07:39:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\HpUpdate
[2010/04/21 07:33:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Identities
[2010/04/20 23:03:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\WinRAR
[2010/04/20 19:45:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\vlc
[2010/04/20 18:29:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Adobe
[2010/04/20 16:29:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\DivX
[2010/04/19 21:58:16 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/04/19 21:45:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\Tracing
[2010/04/19 20:51:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia
[2010/04/19 20:51:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe
[2010/04/19 20:22:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp
[2010/04/19 20:22:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla
[2010/04/19 20:22:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Mozilla
[2010/04/19 19:55:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/17 20:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\Laura Jones and the Gates of Good and Evil
[2010/04/17 20:29:12 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2010/04/17 15:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/03/30 21:58:24 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010/03/29 01:14:06 | 000,000,000 | ---D | C] -- C:\Boot
[2010/03/24 01:08:42 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2008/12/18 13:12:39 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll
[2008/12/18 13:12:39 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2008/12/18 13:12:38 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2008/12/18 13:12:38 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll

========== Files - Modified Within 30 Days ==========

[2010/04/21 17:53:52 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/21 17:30:59 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/21 17:30:59 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/21 13:45:38 | 000,008,012 | ---- | M] () -- C:\2187 - Pokemon - Version Emeraude (F).clt
[2010/04/21 12:46:50 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/04/21 11:44:03 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/04/21 11:44:02 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/04/21 09:09:34 | 000,007,168 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/21 08:45:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/21 07:33:29 | 000,001,838 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\Install_NSS.lnk
[2010/04/21 07:33:29 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\Install_NSS.job
[2010/04/20 23:53:44 | 000,002,032 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
[2010/04/19 21:45:06 | 000,108,768 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/19 20:15:12 | 000,399,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/18 18:19:10 | 003,467,376 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/04/18 18:19:10 | 001,476,972 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/18 18:19:10 | 001,084,950 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/04/18 18:19:10 | 000,955,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/18 18:19:10 | 000,004,926 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/18 00:44:56 | 000,021,840 | ---- | M] () -- C:\Windows\System32\SIntfNT.dll
[2010/04/18 00:44:56 | 000,017,212 | ---- | M] () -- C:\Windows\System32\SIntf32.dll
[2010/04/18 00:44:56 | 000,012,067 | ---- | M] () -- C:\Windows\System32\SIntf16.dll
[2010/04/17 20:41:08 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Jouer à Laura Jones and the Gates of Good and Evil.lnk
[2010/04/17 20:41:08 | 000,001,250 | ---- | M] () -- C:\Users\Public\Desktop\Encore plus de jeux.lnk
[2010/04/17 20:29:13 | 000,001,700 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/04/17 15:29:14 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/04/17 15:28:31 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/04/15 13:03:47 | 000,524,288 | -HS- | M] () -- C:\Windows\system32\config\systemprofile\ntuser.dat{be3ce39b-7a5b-11da-96a4-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/04/15 13:03:47 | 000,262,144 | ---- | M] () -- C:\Windows\system32\config\systemprofile\ntuser.dat
[2010/04/15 13:03:47 | 000,065,536 | -HS- | M] () -- C:\Windows\system32\config\systemprofile\ntuser.dat{be3ce39b-7a5b-11da-96a4-806e6f6e6963}.TM.blf
[2010/04/15 12:51:46 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/14 18:10:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{334A4BE3-F41F-44AD-887E-AFD029110187}.job
[2010/04/14 18:10:00 | 000,000,400 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{000EE505-DF96-49B3-A96A-C4275A922361}.job
[2010/04/14 17:36:06 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/14 14:40:44 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/14 14:40:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/14 14:06:11 | 000,012,288 | ---- | M] () -- C:\Windows\System32\umstartup000.etl
[2010/04/14 13:01:34 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/03/30 21:58:24 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010/03/30 21:58:04 | 002,083,312 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxsfs.dll
[2010/03/30 21:58:04 | 000,678,384 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\px.dll
[2010/03/30 21:58:04 | 000,559,600 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxdrv.dll
[2010/03/30 21:58:04 | 000,440,816 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxwave.dll
[2010/03/30 21:58:04 | 000,219,632 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxmas.dll
[2010/03/30 21:58:04 | 000,133,616 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxafs.dll
[2010/03/30 21:58:04 | 000,100,848 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\vxblock.dll
[2010/03/30 21:58:04 | 000,072,176 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxhpinst.exe
[2010/03/30 21:58:04 | 000,068,080 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxinsa64.exe
[2010/03/30 21:58:04 | 000,068,080 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\pxcpya64.exe
[2010/03/28 20:56:11 | 268,435,456 | -HS- | M] () -- C:\WinPEpge.sys
[2010/03/25 01:50:01 | 268,435,456 | -HS- | M] () -- C:\WinPEpge(333).sys
[2010/03/24 14:58:48 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2010/03/24 01:09:45 | 000,005,982 | ---- | M] () -- C:\

========== Files Created - No Company Name ==========

[2010/04/21 17:53:52 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/21 07:33:29 | 000,001,838 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\Install_NSS.lnk
[2010/04/20 16:29:25 | 000,007,168 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/17 20:41:08 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Jouer à Laura Jones and the Gates of Good and Evil.lnk
[2010/04/17 20:29:13 | 000,001,700 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/04/17 20:29:12 | 000,001,250 | ---- | C] () -- C:\Users\Public\Desktop\Encore plus de jeux.lnk
[2010/04/17 15:29:14 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/04/17 15:28:31 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/04/17 15:26:36 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\Install_NSS.job
[2010/04/15 16:18:27 | 000,008,012 | ---- | C] () -- C:\2187 - Pokemon - Version Emeraude (F).clt
[2010/04/14 14:06:11 | 000,012,288 | ---- | C] () -- C:\Windows\System32\umstartup000.etl
[2010/04/14 12:46:28 | 000,000,400 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{000EE505-DF96-49B3-A96A-C4275A922361}.job
[2010/03/25 00:06:43 | 268,435,456 | -HS- | C] () -- C:\WinPEpge.sys
[2010/03/25 00:06:43 | 268,435,456 | -HS- | C] () -- C:\WinPEpge(333).sys
[2010/03/24 14:58:48 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010/03/24 01:09:44 | 000,005,982 | ---- | C] () -- C:\
[2009/09/30 10:08:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/18 09:05:34 | 000,000,040 | ---- | C] () -- C:\Windows\NAVIGMA.INI
[2009/08/04 07:20:06 | 000,000,026 | ---- | C] () -- C:\Windows\System32\satsukidecodersettings.ini
[2009/02/03 08:05:01 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/01/15 08:59:55 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/12/18 13:12:41 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2008/12/01 11:20:09 | 000,000,079 | ---- | C] () -- C:\Windows\few-oneclick-repertoire.ini
[2008/12/01 11:19:57 | 000,000,079 | ---- | C] () -- C:\Windows\few-repertoire-1024.ini
[2008/11/30 22:23:06 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2008/11/21 02:51:05 | 000,000,064 | ---- | C] () -- C:\Windows\yesmessenger.ini
[2008/11/08 21:36:04 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008/10/28 12:23:40 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/10/28 12:23:40 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/10/28 12:23:40 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/10/22 09:03:28 | 000,003,660 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/03/05 09:28:28 | 000,286,208 | ---- | C] () -- C:\Windows\System32\cncs232.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006/11/02 11:19:49 | 000,001,024 | -H-- | C] () -- C:\Windows\System32\config\systemprofile\ntuser.dat.LOG
[2006/11/02 08:59:50 | 000,002,032 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\d3d9caps.dat
[2006/11/02 08:40:55 | 000,262,144 | -H-- | C] () -- C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
[2006/11/02 08:40:55 | 000,262,144 | ---- | C] () -- C:\Windows\System32\config\systemprofile\ntuser.dat
[2006/11/02 08:40:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\config\systemprofile\ntuser.dat.LOG2
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/01/01 11:51:22 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2006/01/01 11:51:21 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/12/31 20:15:58 | 000,524,288 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\ntuser.dat{be3ce39b-7a5b-11da-96a4-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2005/12/31 20:15:58 | 000,524,288 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\ntuser.dat{be3ce39b-7a5b-11da-96a4-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2005/12/31 20:15:58 | 000,065,536 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\ntuser.dat{be3ce39b-7a5b-11da-96a4-806e6f6e6963}.TM.blf
[1999/01/22 08:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Custom Scans ==========

< %SYSTEMDRIVE%\userinit.exe /s /md5 >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ /s >
"ReportBootOk" = 1
"Shell" = explorer.exe -- [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
"Userinit" = C:\Windows\system32\userinit.exe, -- File not found
"VmApplet" = rundll32 shell32,Control_RunDLL "sysdm.cpl" -- [2008/01/19 03:32:57 | 000,242,688 | ---- | M] (Microsoft Corporation)
"AutoRestartShell" = 1
"LegalNoticeCaption" =
"LegalNoticeText" =
"PowerdownAfterShutdown" = 0
"ShutdownWithoutLogon" = 0
"cachedlogonscount" = 10
"forceunlocklogon" = 0
"passwordexpirywarning" = 14
"Background" = 0 0 0
"DebugServerCommand" = no
"WinStationsDisabled" = 0
"DisableCAD" = 1
"scremoveoption" = 0
"ShutdownFlags" = 39
"AutoAdminLogon" = 0
"SFCDisable" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"" = Wireless Group Policy
"DisplayName" = @wlgpclnt.dll,-100
"ProcessGroupPolicyEx" = ProcessWLANPolicyEx
"GenerateGroupPolicy" = GenerateWLANPolicy
"DllName" = wlgpclnt.dll -- [2009/04/11 02:28:25 | 000,083,456 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"" = Folder Redirection
"ProcessGroupPolicyEx" = ProcessGroupPolicyEx
"DllName" = fdeploy.dll -- [2009/04/11 02:28:19 | 000,053,760 | ---- | M] (Microsoft Corporation)
"NoMachinePolicy" = 1
"NoSlowLink" = 1
"PerUserLocalSettings" = 1
"NoGPOListChanges" = 0
"NoBackgroundPolicy" = 0
"GenerateGroupPolicy" = GenerateGroupPolicy
"EventSources" = (Folder Redirection,Application) [binary data]
"DisplayName" = @fdeploy.dll,-261
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"" = Microsoft Disk Quota -- [2006/11/02 08:45:01 | 000,000,000 | --SD | M]
"DisplayName" = @%SystemRoot%\System32\dskquota.dll,-100
"NoMachinePolicy" = 0
"NoUserPolicy" = 1
"NoSlowLink" = 1
"NoBackgroundPolicy" = 1
"NoGPOListChanges" = 1
"PerUserLocalSettings" = 0
"RequiresSuccessfulRegistry" = 1
"EnableAsynchronousProcessing" = 0
"DllName" = %SystemRoot%\System32\dskquota.dll -- [2008/01/19 03:34:06 | 000,086,528 | ---- | M] (Microsoft Corporation)
"ProcessGroupPolicy" = ProcessGroupPolicy
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"" = QoS Packet Scheduler
"DisplayName" = @gptext.dll,-201
"ProcessGroupPolicy" = ProcessPSCHEDPolicy
"DllName" = gptext.dll -- [2006/11/02 05:46:05 | 000,016,896 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"ProcessGroupPolicy" = ProcessGroupPolicyForZoneMap
"DllName" = C:\Windows\System32\iedkcs32.dll -- [2010/01/02 02:32:26 | 000,387,584 | ---- | M] (Microsoft Corporation)
"" = Internet Explorer Zonemapping
"NoGPOListChanges" = 1
"DisplayName" = @C:\Windows\System32\iedkcs32.dll,-3051
"RequiresSuccessfulRegistry" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
"" = Windows Search Group Policy Extension
"DllName" = %SystemRoot%\System32\srchadmin.dll -- [2009/04/11 02:28:24 | 000,301,568 | ---- | M] (Microsoft Corporation)
"EnableAsynchronousProcessing" = 1
"NoBackgroundPolicy" = 0
"NoGPOListChanges" = 1
"NoMachinePolicy" = 0
"NoSlowLink" = 0
"NoUserPolicy" = 0
"PerUserLocalSettings" = 0
"ProcessGroupPolicy" = ProcessGroupPolicy
"RequiresSuccessfulRegistry" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
"" = Internet Explorer User Accelerators
"ProcessGroupPolicy" = ProcessGroupPolicyForActivities
"DllName" = C:\Windows\System32\iedkcs32.dll -- [2010/01/02 02:32:26 | 000,387,584 | ---- | M] (Microsoft Corporation)
"RequiresSuccessfulRegistry" = 1
"ProcessGroupPolicyEx" = ProcessGroupPolicyForActivitiesEx
"NoGPOListChanges" = 1
"DisplayName" = @C:\Windows\System32\iedkcs32.dll,-3051
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"" = Security -- [2006/11/02 05:43:08 | 000,005,120 | ---- | M] (Microsoft Corporation)
"DisplayName" = @(runtime.system32)\scecli.dll,-7650
"ProcessGroupPolicy" = SceProcessSecurityPolicyGPO
"GenerateGroupPolicy" = SceGenerateGroupPolicy
"ExtensionRsopPlanningDebugLevel" = 1
"ProcessGroupPolicyEx" = SceProcessSecurityPolicyGPOEx
"ExtensionDebugLevel" = 1
"DllName" = scecli.dll -- [2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
"EnableAsynchronousProcessing" = 1
"MaxNoGPOListChangesInterval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"ProcessGroupPolicyEx" = ProcessGroupPolicyEx
"GenerateGroupPolicy" = GenerateGroupPolicy
"ProcessGroupPolicy" = ProcessGroupPolicy
"DllName" = C:\Windows\System32\iedkcs32.dll -- [2010/01/02 02:32:26 | 000,387,584 | ---- | M] (Microsoft Corporation)
"" = Internet Explorer Branding
"NoSlowLink" = 1
"NoBackgroundPolicy" = 0
"NoGPOListChanges" = 1
"NoMachinePolicy" = 1
"DisplayName" = @C:\Windows\System32\iedkcs32.dll,-3014
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy" = SceProcessEFSRecoveryGPO
"DllName" = scecli.dll -- [2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation)
"" = EFS recovery
"DisplayName" = @(runtime.system32)\scecli.dll,-7651
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
"RequiresSuccessfulRegistry" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
"" = 802.3 Group Policy
"DisplayName" = @dot3gpclnt.dll,-100
"ProcessGroupPolicyEx" = ProcessLANPolicyEx
"GenerateGroupPolicy" = GenerateLANPolicy
"DllName" = dot3gpclnt.dll -- [2008/01/19 03:34:05 | 000,043,008 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
"" = Internet Explorer Machine Accelerators
"ProcessGroupPolicy" = ProcessGroupPolicyForActivities
"DllName" = C:\Windows\System32\iedkcs32.dll -- [2010/01/02 02:32:26 | 000,387,584 | ---- | M] (Microsoft Corporation)
"RequiresSuccessfulRegistry" = 1
"ProcessGroupPolicyEx" = ProcessGroupPolicyForActivitiesEx
"NoGPOListChanges" = 1
"DisplayName" = @C:\Windows\System32\iedkcs32.dll,-3051
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"" = IP Security
"ProcessGroupPolicyEx" = ProcessIPSECPolicyEx
"GenerateGroupPolicy" = GenerateIPSECPolicy
"DllName" = %SystemRoot%\System32\polstore.dll -- [2008/10/23 21:44:21 | 000,272,896 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 0
"DisplayName" = @C:\Windows\system32\polstore.dll,-5012
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}]
"" = Enterprise QoS
"DisplayName" = @gptext.dll,-203
"ProcessGroupPolicy" = ProcessEQoSPolicy
"DllName" = gptext.dll -- [2006/11/02 05:46:05 | 000,016,896 | ---- | M] (Microsoft Corporation)
"RequiresSuccessfulRegistry" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked]

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ /s >
"AppInit_DLLs" = c:\windows\system32\dnssd32.dll, -- File not found
"LoadAppInit_DLLs" = 1
"IconServiceLib" = IconCodecService.dll -- [2006/11/02 08:33:49 | 000,009,728 | ---- | M] (Microsoft Corporation)
"DdeSendTimeout" = 0
"DesktopHeapLogging" = 1
"GDIProcessHandleQuota" = 10000
"ShutdownWarningDialogTimeout" = -1
"USERPostMessageLimit" = 10000
"USERProcessHandleQuota" = 10000
"" = mnmsrvc
"DeviceNotSelectedTimeout" = 15
"Spooler" = yes
"TransmissionRetryTimeout" = 90
"DisableSR" = 0
"USERNestedWindowLimit" = 50

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ /s >
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Data\Linkage]
"Export" = 2e,00,4e,00,45,00,54,00,20,00,43,00,4c,00,52,00,20,00,44,00,61,00,74,00,61,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Data\Performance]
"IsMultiInstance" = 1
"CategoryOptions" = 1
"Open" = OpenPerformanceData
"Collect" = CollectPerformanceData
"Close" = ClosePerformanceData
"Library" = netfxperf.dll -- [2008/07/27 14:03:17 | 000,041,984 | ---- | M] (Microsoft Corporation)
"Counter Types" = 655366553665536655366553665536 [binary data]
"Counter Names" = [Binary data over 100 bytes]
"InstallType" = 1
"PerfIniFile" = _DataPerfCounters_D.ini
"First Counter" = 3502
"Last Counter" = 3514
"First Help" = 3503
"Last Help" = 3515
"Object List" = 3502
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Linkage]
"Export" = 2e,00,4e,00,45,00,54,00,20,00,43,00,4c,00,52,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,69,00,6e,00,67,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance]
"IsMultiInstance" = 1
"FileMappingSize" = 131072
"CategoryOptions" = 3
"Collect" = CollectPerformanceData
"Close" = ClosePerformanceData
"Library" = netfxperf.dll -- [2008/07/27 14:03:17 | 000,041,984 | ---- | M] (Microsoft Corporation)
"Counter Types" = 6553665792657926553665536 [binary data]
"Open" = OpenPerformanceData
"Counter Names" = [Binary data over 100 bytes]
"InstallType" = 1
"PerfIniFile" = _Networkingperfcounters_D.ini
"First Counter" = 3460
"Last Counter" = 3470
"First Help" = 3461
"Last Help" = 3471
"Object List" = 3460
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET Data Provider for Oracle]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET Data Provider for Oracle\Linkage]
"Export" = 2e,00,4e,00,45,00,54,00,20,00,44,00,61,00,74,00,61,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,20,00,66,00,6f,00,72,00,20,00,4f,00,72,00,61,00,63,00,6c,00,65,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET Data Provider for Oracle\Performance]
"Close" = ClosePerformanceData
"Counter Names" = [Binary data over 100 bytes]
"IsMultiInstance" = 1
"Open" = OpenPerformanceData
"Collect" = CollectPerformanceData
"Library" = netfxperf.dll -- [2008/07/27 14:03:17 | 000,041,984 | ---- | M] (Microsoft Corporation)
"Counter Types" = [Binary data over 100 bytes]
"FileMappingSize" = 131072
"CategoryOptions" = 3
"InstallType" = 1
"PerfIniFile" = _DataOracleClientPerfCounters_shared12_neutral_D.ini
"First Counter" = 3692
"Last Counter" = 3720
"First Help" = 3693
"Last Help" = 3721
"Object List" = 3692
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET Data Provider for SqlServer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET Data Provider for SqlServer\Linkage]
"Export" = 2e,00,4e,00,45,00,54,00,20,00,44,00,61,00,74,00,61,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,20,00,66,00,6f,00,72,00,20,00,53,00,71,00,6c,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET Data Provider for SqlServer\Performance]
"Open" = OpenPerformanceData
"CategoryOptions" = 3
"Counter Names" = [Binary data over 100 bytes]
"Close" = ClosePerformanceData
"Library" = netfxperf.dll -- [2008/07/27 14:03:17 | 000,041,984 | ---- | M] (Microsoft Corporation)
"Counter Types" = [Binary data over 100 bytes]
"IsMultiInstance" = 1
"FileMappingSize" = 131072
"Collect" = CollectPerformanceData
"InstallType" = 1
"PerfIniFile" = _dataperfcounters_shared12_neutral_D.ini
"First Counter" = 3472
"Last Counter" = 3500
"First Help" = 3473
"Last Help" = 3501
"Object List" = 3472
"Close" = CloseCtrs
"Collect" = CollectCtrs
"Open" = OpenCtrs
"Library" = mscoree.dll -- [2009/03/30 00:42:21 | 000,278,848 | ---- | M] (Microsoft Corporation)
"InstallType" = 1
"PerfIniFile" = corperfmonsymbols_D.ini
"First Counter" = 3516
"Last Counter" = 3690
"First Help" = 3517
"Last Help" = 3691
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 20
"ImagePath" = system32\DRIVERS\a016bus.sys -- [2008/01/18 10:16:22 | 000,083,880 | ---- | M] (MCCI Corporation)
"DisplayName" = Sony Ericsson Device A016 driver (WDM)
"Group" = Base
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\a016mdfl.sys -- [2008/01/18 10:16:24 | 000,015,016 | ---- | M] (MCCI Corporation)
"DisplayName" = Sony Ericsson Device A016 USB WMC Modeme Filter
"Description" = Sony Ericsson Device A016 USB WMC Modem Filter
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\a016mdm.sys -- [2008/01/18 10:16:26 | 000,110,504 | ---- | M] (MCCI Corporation)
"DisplayName" = Sony Ericsson Device A016 USB WMC Modem Driver
"Description" = Sony Ericsson Device A016 USB WMC Modem Driver
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\a016mgmt.sys -- [2008/01/18 10:16:26 | 000,104,488 | ---- | M] (MCCI Corporation)
"DisplayName" = Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM)
"Description" = Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM)
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\a016obex.sys -- [2008/01/18 10:16:28 | 000,100,648 | ---- | M] (MCCI Corporation)
"DisplayName" = Sony Ericsson Device A016 USB WMC OBEX Interface
"Description" = Sony Ericsson Device A016 USB WMC OBEX Interface
"Tag" = 1
"DisplayName" = Pilote ACPI Microsoft
"Group" = Boot Bus Extender -- [2009/09/30 18:24:05 | 000,000,000 | ---D | M]
"ImagePath" = system32\drivers\acpi.sys -- [2009/04/11 02:32:46 | 000,265,688 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 3
"Start" = 0
"Type" = 1
"AMLIMaxCTObjs" = [binary data]
"WHEAOSCImplemented" = [binary data]
"FixedEventMask" = 20 01 [binary data]
"FixedEventStatus" = 00 85 [binary data]
"GenericEventMask" = ! [binary data]
"GenericEventStatus" = [binary data]
"0" = ACPI_HAL\PNP0C08\0
"Count" = 1
"NextInstance" = 1
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\adp94xx.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"BusType" = 10
"DriverParameter" = DisableIoctl=1;
"5" = 1
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\adpahci.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"DriverParameter" = DisableIoctl=1;
"5" = 1
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\adpu160m.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"BusType" = 1
"5" = 1
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\adpu320.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"BusType" = 1
"DriverParameter" = /MAXTAGS=64
"5" = 1
"PerMachine" = 0
"DisplayName" = @%SystemRoot%\system32\aelupsvc.dll,-1
"ImagePath" = %systemroot%\system32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\aelupsvc.dll,-2
"ObjectName" = localSystem
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"RequiredPrivileges" = SeTcbPrivilegeSeImpersonatePrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\aelupsvc.dll -- [2006/11/02 05:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"DisplayName" = PPdus ASPI Shell
"ErrorControl" = 1
"Group" = filter
"Start" = 3
"Type" = 1
"ImagePath" = system32\drivers\Afc.sys -- [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.)
"Security" = [Binary data over 100 bytes]
"0" = IDE\CdRomOptiarc_DVD_RW_AD-7540A_________________1.42____\5&143dcd71&0&1.0.0
"Count" = 3
"NextInstance" = 3
"1" = SCSI\CdRom&Ven_PK1222U&Prod_KAQ358Z&Rev_2.0B\5&2c4f72d4&0&000000
"2" = SCSI\CdRom&Ven_JIXKRK&Prod_1M781I3G&Rev_1.03\5&36e5972&0&000000
"DisplayName" = Ancilliary Function Driver for Winsock
"Group" = PNP_TDI
"ImagePath" = \SystemRoot\system32\drivers\afd.sys
"Description" = Ancilliary Function Driver for Winsock
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"BootFlags" = 1
"0" = Root\LEGACY_AFD\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = Intel AGP Bus Filter
"Group" = PnP Filter
"ImagePath" = \SystemRoot\system32\drivers\agp440.sys
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"3D3D07A1" = 04 00 00 00 00 00 00 00 [binary data]
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\djsvs.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"5" = 1
"DisplayName" = @%SystemRoot%\system32\Alg.exe,-112
"ImagePath" = %SystemRoot%\System32\alg.exe -- [2008/01/19 03:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\Alg.exe,-113
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 3
"Type" = 16
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"Group" = System Bus Extender
"ImagePath" = \SystemRoot\system32\drivers\aliide.sys
"ErrorControl" = 3
"Start" = 4
"Type" = 1
"DisplayName" = AMD AGP Bus Filter Driver
"Group" = PnP Filter
"ImagePath" = \SystemRoot\system32\drivers\amdagp.sys
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"10DE002D" = 00 00 10 00 8F FA 84 D5 [binary data]
"102B0525" = 00 00 10 00 8E F8 83 A5 [binary data]
"53338A22" = 00 00 10 00 8E F8 83 A5 [binary data]
"Group" = System Bus Extender
"ImagePath" = \SystemRoot\system32\drivers\amdide.sys
"ErrorControl" = 3
"Start" = 4
"Type" = 1
"DisplayName" = AMD K7 Processor Driver
"Group" = Extended Base
"ImagePath" = \SystemRoot\system32\drivers\amdk7.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"DisplayName" = Pilote de processeur AMD K8
"Group" = Extended Base
"ImagePath" = system32\DRIVERS\amdk8.sys -- [2008/01/19 01:27:20 | 000,044,032 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"Tag" = 12
"0" = ACPI\AuthenticAMD_-_x86_Family_15_Model_76\_0
"Count" = 1
"NextInstance" = 1
"DisplayName" = @%systemroot%\system32\appinfo.dll,-100
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\appinfo.dll,-101
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = RpcSsProfSvc [binary data]
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = FF FF FF FF 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\appinfo.dll -- [2008/01/19 03:33:43 | 000,033,280 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Apple Mobile Device]
"Type" = 16
"Start" = 2
"ErrorControl" = 1
"ImagePath" = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" -- [2009/07/09 06:22:18 | 000,144,712 | ---- | M] (Apple Inc.)
"DisplayName" = Apple Mobile Device
"DependOnService" = Tcpip [binary data]
"ObjectName" = LocalSystem
"Description" = Fournit l’interface pour les appareils mobiles Apple.
"FailureActions" = 80 51 01 00 01 00 00 00 01 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Apple Mobile Device\Parameters]
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\arc.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"BusType" = 8
"5" = 1
"Group" = SCSI miniport
"ImagePath" = \SystemRoot\system32\drivers\arcsas.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"BusType" = 10
"5" = 1
"DisplayName" = aswFsBlk
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\aswFsBlk.sys -- [2009/11/24 19:50:00 | 000,020,560 | ---- | M] (ALWIL Software)
"Type" = 2
"Start" = 2
"Group" = FSFilter Activity Monitor
"DependOnService" = FltMgr [binary data]
"Tag" = 2
"Description" = avast! mini-filter driver (aswFsBlk)
"DefaultInstance" = aswFsBlk Instance
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance]
"Altitude" = 388400
"Flags" = 0
"0" = Root\LEGACY_ASWFSBLK\0000
"Count" = 1
"NextInstance" = 1
"Type" = 2
"Start" = 2
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\aswMonFlt.sys -- [2009/11/24 19:49:48 | 000,053,328 | ---- | M] (ALWIL Software)
"DisplayName" = aswMonFlt
"Group" = FSFilter Anti-Virus
"DependOnService" = FltMgr [binary data]
"Description" = avast! mini-filter driver (aswMonFlt)
"DefaultInstance" = aswMonFlt Instance
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance]
"Altitude" = 320700
"Flags" = 0
"0" = Root\LEGACY_ASWMONFLT\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = aswRdr
"ErrorControl" = 1
"Type" = 1
"Start" = 1
"Group" = PNP_TDI
"DependOnService" = tcpip [binary data]
"IgnoreLSPDefault" = nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll
"IgnoreLSPDefault" = vlsp.dll
"0" = Root\LEGACY_ASWRDR\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = avast! Self Protection
"ErrorControl" = 1
"Type" = 1
"Start" = 1
"ProgramFolder" = \Device\HarddiskVolume1\Program Files\Alwil Software\Avast4
"ProgramFolder2" = \DosDevices\C:\Program Files\Alwil Software\Avast4
"0" = Root\LEGACY_ASWSP\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = avast! Network Shield Support
"ErrorControl" = 1
"Type" = 1
"Group" = PNP_TDI
"Start" = 1
"DependOnService" = tcpip [binary data]
"Tag" = 10
"ProviderStart" = 1
"0" = Root\LEGACY_ASWTDI\0000
"Count" = 1
"NextInstance" = 1
"Type" = 272
"Start" = 2
"ErrorControl" = 1
"ImagePath" = "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" -- [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software)
"DisplayName" = avast! iAVS4 Control Service
"Group" = ShellSvcGroup
"ObjectName" = LocalSystem
"Description" = Fournit la mise à jour automatique pour l'antivirus avast!.
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\asyncmac.sys -- [2008/01/19 01:56:29 | 000,017,408 | ---- | M] (Microsoft Corporation)
"DisplayName" = Pilote de média asynchrone RAS
"Description" = Pilote de média asynchrone RAS
"DisplayName" = Canal IDE
"Group" = SCSI Miniport
"ImagePath" = system32\drivers\atapi.sys -- [2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 3
"Start" = 0
"Type" = 1
"Tag" = 33
"0" = PCIIDE\IDEChannel\4&11102ce6&0&0
"Count" = 4
"NextInstance" = 4
"1" = PCIIDE\IDEChannel\4&11102ce6&0&1
"2" = PCIIDE\IDEChannel\4&1945b649&0&0
"3" = PCIIDE\IDEChannel\4&1945b649&0&1
"DisplayName" = @%SystemRoot%\system32\audiosrv.dll,-204
"Group" = AudioGroup
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\audiosrv.dll,-205
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = PlugPlay [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilege [binary data]
"FailureActions" = 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\Audiosrv.dll -- [2009/04/11 02:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"DisplayName" = @%SystemRoot%\system32\audiosrv.dll,-200
"Group" = AudioGroup
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\audiosrv.dll,-201
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = AudioEndpointBuilderRpcSsMMCSS [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\Audiosrv.dll -- [2009/04/11 02:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"0" = Root\LEGACY_AUDIOSRV\0000
"Count" = 1
"NextInstance" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Antivirus]
"Description" = Gère et implémente les services de l'antivirus avast! pour cet ordinateur. Ceci inclut la protection résidente, la zone de quarantaine et le planificateur.
"DependOnService" = aswMonFltRpcSS [binary data]
"Type" = 272
"Start" = 2
"ErrorControl" = 1
"ImagePath" = "C:\Program Files\Alwil Software\Avast4\ashServ.exe" -- [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software)
"DisplayName" = avast! Antivirus
"Group" = ShellSvcGroup
"ObjectName" = LocalSystem
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Mail Scanner]
"Type" = 272
"Start" = 3
"ErrorControl" = 1
"ImagePath" = "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service -- [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software)
"DisplayName" = avast! Mail Scanner
"Group" = ShellSvcGroup
"DependOnService" = avast! Antivirus [binary data]
"ObjectName" = LocalSystem
"Description" = Implémente l'analyse du courrier électronique pour l'antivirus avast!.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Web Scanner]
"Type" = 272
"Start" = 3
"ErrorControl" = 1
"ImagePath" = "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service -- [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software)
"DisplayName" = avast! Web Scanner
"Group" = ShellSvcGroup
"DependOnService" = avast! Antivirus [binary data]
"ObjectName" = LocalSystem
"Description" = Implémente l'analyse du contenu web (HTTP) pour l'antivirus avast!.
"MofImagePath" = system32\drivers\battc.sys -- [2008/01/19 03:41:39 | 000,028,216 | ---- | M] (Microsoft Corporation)
"DisplayName" = Beep
"Group" = Base
"ErrorControl" = 1
"Start" = 1
"Tag" = 2
"Type" = 1
"0" = Root\LEGACY_BEEP\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = @%SystemRoot%\system32\bfe.dll,-1001
"Group" = NetworkProvider
"ImagePath" = %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\bfe.dll,-1002
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = RpcSs [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ServiceSidType" = 3
"RequiredPrivileges" = SeAuditPrivilegeSeImpersonatePrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\bfe.dll -- [2009/04/11 02:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"ServiceMain" = BfeServiceMain
"{dc95b53e-01cf-4058-821d-350b3d0d4676}" = [Binary data over 100 bytes]
"{0c41d586-9c19-4e01-9d66-b5b98a97576e}" = [Binary data over 100 bytes]
"{12c38916-82ac-4737-8f38-b6957ffebad6}" = [Binary data over 100 bytes]
"{c970a45d-57f9-4e32-a5bd-886a9662641e}" = [Binary data over 100 bytes]
"{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}" = [Binary data over 100 bytes]
"{074f7f68-ee10-428a-89d1-ba78f6c327ca}" = [Binary data over 100 bytes]
"{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}" = [Binary data over 100 bytes]
"{a47525e2-725b-4888-8af1-ba5a60c04f4d}" = [Binary data over 100 bytes]
"{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}" = [Binary data over 100 bytes]
"{2dd96961-5757-434f-b617-34e732517c0e}" = [Binary data over 100 bytes]
"{2729ee66-d21e-4f00-b440-b11f9e8b1bc4}" = [Binary data over 100 bytes]
"{a5f7f5de-ff63-4626-bb95-a6b1c6ec65d0}" = [Binary data over 100 bytes]
"{7e07c361-3d1a-4c91-ba62-8553922c464b}" = [Binary data over 100 bytes]
"{a78018b0-7397-45e7-886d-2fc6e7a878cf}" = [Binary data over 100 bytes]
"{0aa8b2a7-d8e6-4574-8b79-5389071e8fa2}" = [Binary data over 100 bytes]
"{790018f5-8e05-4a78-88ac-ebc35a2e5ee5}" = [Binary data over 100 bytes]
"{dc95b53e-01cf-4058-821d-350b3d0d4676}" = [Binary data over 100 bytes]
"{f444c576-6e60-4ea2-9faa-80d57ed12cd2}" = [Binary data over 100 bytes]
"{0c41d586-9c19-4e01-9d66-b5b98a97576e}" = [Binary data over 100 bytes]
"{12c38916-82ac-4737-8f38-b6957ffebad6}" = [Binary data over 100 bytes]
"{c970a45d-57f9-4e32-a5bd-886a9662641e}" = [Binary data over 100 bytes]
"{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}" = [Binary data over 100 bytes]
"{4d9581d2-aef8-4993-84cd-b986ced80d42}" = [Binary data over 100 bytes]
"{be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}" = [Binary data over 100 bytes]
"{716b48eb-0a35-4a76-92ab-1d987230d288}" = [Binary data over 100 bytes]
"{1165065e-4996-4338-abaf-4b8556b4d431}" = [Binary data over 100 bytes]
"{07a24961-a760-4e80-b263-6d275e1b09cb}" = [Binary data over 100 bytes]
"{5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}" = [Binary data over 100 bytes]
"{b6b2ca61-fb98-4422-adc2-e7cf56b3680c}" = [Binary data over 100 bytes]
"{0aa7fff8-919f-453c-928c-28a12122ba38}" = [Binary data over 100 bytes]
"{074f7f68-ee10-428a-89d1-ba78f6c327ca}" = [Binary data over 100 bytes]
"{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}" = [Binary data over 100 bytes]
"{a47525e2-725b-4888-8af1-ba5a60c04f4d}" = [Binary data over 100 bytes]
"{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}" = [Binary data over 100 bytes]
"{91ffecf0-0a9e-4572-95f1-a7111af86967}" = [Binary data over 100 bytes]
"{64e55933-15a5-495d-a928-ccca43d44875}" = [Binary data over 100 bytes]
"{13bfd422-6f75-4408-8924-9400ec0cb19c}" = [Binary data over 100 bytes]
"{cbfb56db-3c85-4543-9bc2-76ea28cdd74e}" = [Binary data over 100 bytes]
"{2dd96961-5757-434f-b617-34e732517c0e}" = [Binary data over 100 bytes]
"{375fb39b-08c6-40f2-bdf2-08fa63f970a2}" = [Binary data over 100 bytes]
"{3cd72f71-3c6e-49fd-b77c-4e58456a8d7a}" = [Binary data over 100 bytes]
"{55208d43-d432-42a7-a38a-c3d2a6461f78}" = [Binary data over 100 bytes]
"{25434595-0231-4312-81d8-e3e7e2cb81e3}" = [Binary data over 100 bytes]
"{76e819cb-d317-4f73-af11-ee05d19211c5}" = [Binary data over 100 bytes]
"{877a423b-9710-4a3e-beb6-0a8cfebdc642}" = [Binary data over 100 bytes]
"{b232d62d-7510-4cff-94a1-7fa9f3353a3f}" = [Binary data over 100 bytes]
"{2729ee66-d21e-4f00-b440-b11f9e8b1bc4}" = [Binary data over 100 bytes]
"{a5f7f5de-ff63-4626-bb95-a6b1c6ec65d0}" = [Binary data over 100 bytes]
"{7e07c361-3d1a-4c91-ba62-8553922c464b}" = [Binary data over 100 bytes]
"{a78018b0-7397-45e7-886d-2fc6e7a878cf}" = [Binary data over 100 bytes]
"{0aa8b2a7-d8e6-4574-8b79-5389071e8fa2}" = [Binary data over 100 bytes]
"{790018f5-8e05-4a78-88ac-ebc35a2e5ee5}" = [Binary data over 100 bytes]
"{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}" = [Binary data over 100 bytes]
"{4b153735-1049-4480-aab4-d1b9bdc03710}" = [Binary data over 100 bytes]
"{1bebc969-61a5-4732-a177-847a0817862a}" = [Binary data over 100 bytes]
"{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}" = [Binary data over 100 bytes]
"{b3cdd441-af90-41ba-a745-7c6008ff2300}" = [Binary data over 100 bytes]
"{b3cdd441-af90-41ba-a745-7c6008ff2301}" = [Binary data over 100 bytes]
"DisplayName" = @%SystemRoot%\system32\qmgr.dll,-1000
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\qmgr.dll,-1001
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"DelayedAutoStart" = 1
"Type" = 32
"DependOnService" = RpcSsEventSystem [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\qmgr.dll -- [2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation)
"Library" = bitsperf.dll -- [2006/11/02 05:46:02 | 000,017,920 | ---- | M] (Microsoft Corporation)
"Open" = PerfMon_Open
"Collect" = PerfMon_Collect
"Close" = PerfMon_Close
"InstallType" = 1
"PerfIniFile" = bitsctrs.ini
"First Counter" = 1908
"Last Counter" = 1924
"First Help" = 1909
"Last Help" = 1925
"Object List" = 1908
"PerfMMFileName" = Global\MMF_BITS_s
"Security" = [Binary data over 100 bytes]
"ImagePath" = \SystemRoot\system32\drivers\blbdrive.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bonjour Service]
"Type" = 16
"Start" = 2
"ErrorControl" = 1
"ImagePath" = "C:\Program Files\Bonjour\mDNSResponder.exe" -- [2008/12/12 06:17:38 | 000,238,888 | ---- | M] (Apple Inc.)
"DisplayName" = Service Bonjour
"DependOnService" = Tcpip [binary data]
"ObjectName" = LocalSystem
"Description" = Bonjour permet à des applications comme iTunes et Safari d’annoncer et de découvrir des services sur le réseau local. En gardant Bonjour en exécution, vous pouvez vous connecter à des périphériques comme l’Apple TV et à des services logiciels comme le partage iTunes et AirTunes. Si vous désactivez Bonjour, tous les services réseau qui en dépendent de manière explicite ne démarreront pas.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bonjour Service\Parameters]
"ManageLLRouting" = 1
"DisplayName" = Bowser
"Group" = Network
"ImagePath" = system32\DRIVERS\bowser.sys -- [2008/01/19 01:28:26 | 000,069,632 | ---- | M] (Microsoft Corporation)
"Description" = Implements the datagram receiver for the computer browser browser service.
"ErrorControl" = 1
"Start" = 3
"Tag" = 5
"Type" = 2
"0" = Root\LEGACY_BOWSER\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = Brother USB Mass-Storage Lower Filter Driver
"Group" = extended base
"ImagePath" = \SystemRoot\system32\drivers\brfiltlo.sys
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"DisplayName" = Brother USB Mass-Storage Upper Filter Driver
"Group" = extended base
"ImagePath" = \SystemRoot\system32\drivers\brfiltup.sys
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"DisplayName" = @%systemroot%\system32\browser.dll,-100
"Group" = NetworkProvider
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\browser.dll,-101
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = LanmanWorkstationLanmanServer [binary data]
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\browser.dll -- [2008/01/19 03:33:49 | 000,081,920 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"MaintainServerList" = Auto
"DisplayName" = Brother MFC Serial Port Interface Driver (WDM)
"ImagePath" = \SystemRoot\system32\drivers\brserid.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"DisplayName" = Brother WDM Serial driver
"ImagePath" = \SystemRoot\system32\drivers\brserwdm.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"DisplayName" = Brother MFC USB Fax Only Modem
"ImagePath" = \SystemRoot\system32\drivers\brusbmdm.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"DisplayName" = Brother MFC USB Serial WDM Driver
"ImagePath" = \SystemRoot\system32\drivers\brusbser.sys
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\BthEnum.sys -- [2009/04/11 00:43:10 | 000,022,528 | ---- | M] (Microsoft Corporation)
"DisplayName" = Service d'énumérateur Bluetooth
"DisplayName" = Pilote de communications modem Bluetooth
"ImagePath" = system32\DRIVERS\bthmodem.sys -- [2009/04/11 00:43:10 | 000,041,472 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 27
"ImagePath" = system32\DRIVERS\bthpan.sys -- [2008/01/19 01:53:44 | 000,092,160 | ---- | M] (Microsoft Corporation)
"DisplayName" = Périphérique Bluetooth (réseau personnel)
"Group" = NDIS
"Description" = Périphérique Bluetooth (réseau personnel)
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 8
"ImagePath" = System32\Drivers\BTHport.sys -- [2009/04/11 00:43:10 | 000,507,904 | ---- | M] (Microsoft Corporation)
"DisplayName" = Pilote de port Bluetooth
"Group" = PNP Filter
"Slave Role COD Masks" = 00 00 1F 00 00 00 04 00 00 20 00 00 00 20 00 00 00 04 00 00 00 04 00 00 [binary data]
"SecurityLevel" = 1
"DibServiceVersion" = 131072
"COD" = 5243404
"Name" = Ronald DnTn [Nokia E65] [binary data]
"00010000" = [Binary data over 100 bytes]
"0001000d" = [Binary data over 100 bytes]
"0001000e" = [Binary data over 100 bytes]
"0001000f" = [Binary data over 100 bytes]
"00010010" = [Binary data over 100 bytes]
"00010011" = [Binary data over 100 bytes]
"00010012" = [Binary data over 100 bytes]
"00010013" = [Binary data over 100 bytes]
"00010014" = 35 5E 09 00 00 0A 00 01 00 14 09 00 01 35 06 19 11 2D 19 12 04 09 00 02 0A 00 00 00 06 09 00 04 35 0C 35 03 19 01 00 35 05 19 00 03 08 08 09 00 05 35 03 19 10 02 09 00 06 35 09 09 45 4E 09 00 6A 09 01 00 09 00 09 35 08 35 06 19 11 2D 09 01 01 09 01 00 25 0A 53 49 4D 20 41 63 63 65 73 73 [binary data]
"00010015" = [Binary data over 100 bytes]
"00010016" = [Binary data over 100 bytes]
"00010018" = [Binary data over 100 bytes]
"Instance" = 1
"PriLangServiceName" = [Binary data over 100 bytes]
"DeviceString" =
"CounterInstanceId" = 0
"Enabled" = 1
"Instance" = 1
"PriLangServiceName" = [Binary data over 100 bytes]
"DeviceString" =
"CounterInstanceId" = 0
"Enabled" = 1
"Instance" = 1
"PriLangServiceName" = [Binary data over 100 bytes]
"DeviceString" =
"CounterInstanceId" = 0
"Enabled" = 1
"Instance" = 1
"PriLangServiceName" = [Binary data over 100 bytes]
"DeviceString" =
"CounterInstanceId" = 0
"Enabled" = 1
"Instance" = 1
"PriLangServiceName" = [Binary data over 100 bytes]
"DeviceString" =
"CounterInstanceId" = 0
"Enabled" = 1
"Instance" = 1
"PriLangServiceName" = [Binary data over 100 bytes]
"DeviceString" =
"CounterInstanceId" = 0
"Enabled" = 1
"Flag" = 12
"Flag" = 12
"Flag" = 12
"Flag" = 12
"Flag" = 12
"" =
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Restrictions\COD Major 05 Minor 10]
"DontAddIncomingSPPInWizard" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Restrictions\COD Major 05 Minor 20]
"DontAddIncomingSPPInWizard" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Restrictions\COD Major 05 Minor 30]
"DontAddIncomingSPPInWizard" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Restrictions\COD Major 06 Minor 20]
"DontAddIncomingSPPInWizard" = 1
"MonoAudio" = [Binary data over 100 bytes]
"SecurityFlags" = 1
"SecurityFlags" = 2
"SecurityFlags" = 2
"{00001124-0000-1000-8000-00805f9b34fb}" = 1
"{00001126-0000-1000-8000-00805f9b34fb}" = 1
"{00001103-0000-1000-8000-00805f9b34fb}" = 1
"{00001101-0000-1000-8000-00805f9b34fb}" = 1
"{00001200-0000-1000-8000-00805F9B34FB}" = 1
"{00001000-0000-1000-8000-00805f9b34fb}" = 1
"{00001001-0000-1000-8000-00805f9b34fb}" = 1
"{00001002-0000-1000-8000-00805f9b34fb}" = 1
"{00001115-0000-1000-8000-00805f9b34fb}" = 1
"{00001105-0000-1000-8000-00805f9b34fb}" = 1
"{00001106-0000-1000-8000-00805f9b34fb}" = 1
"{00001107-0000-1000-8000-00805f9b34fb}" = 1
"{00001116-0000-1000-8000-00805f9b34fb}" = 1
"{00001117-0000-1000-8000-00805f9b34fb}" = 1
"{0000110a-0000-1000-8000-00805f9b34fb}" = 1
"{0000110C-0000-1000-8000-00805f9b34fb}" = 1
"{00001112-0000-1000-8000-00805f9b34fb}" = 1
"{0000111f-0000-1000-8000-00805f9b34fb}" = 1
"{00001104-0000-1000-8000-00805f9b34fb}" = 1
"{0000112d-0000-1000-8000-00805f9b34fb}" = 1
"{0000112e-0000-1000-8000-00805f9b34fb}" = 1
"{0000112f-0000-1000-8000-00805f9b34fb}" = 1
"{00001111-0000-1000-8000-00805f9b34fb}" = 1
"Type" = 32
"Start" = 2
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k bthsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"DisplayName" = @%SystemRoot%\System32\bthserv.dll,-101
"DependOnService" = rpcss [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ObjectName" = NT AUTHORITY\LocalService
"ServiceDll" = %SystemRoot%\System32\bthserv.dll -- [2009/04/11 02:28:18 | 000,040,960 | ---- | M] (Microsoft Corporation)
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 7
"ImagePath" = System32\Drivers\BTHUSB.sys -- [2009/04/11 00:43:08 | 000,029,696 | ---- | M] (Microsoft Corporation)
"DisplayName" = Pilote USB radio Bluetooth
"Group" = PNP Filter
"DisplayName" = CD/DVD File System Reader
"Group" = File System
"ImagePath" = system32\DRIVERS\cdfs.sys -- [2008/01/19 01:28:02 | 000,070,144 | ---- | M] (Microsoft Corporation)
"Description" = ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)
"ErrorControl" = 1
"Start" = 4
"Type" = 2
"DependOnGroup" = SCSI CDROM Class [binary data]
"0" = Root\LEGACY_CDFS\0000
"Count" = 1
"NextInstance" = 1
"AutoRun" = 1
"AutoRunAlwaysDisable" = [Binary data over 100 bytes]
"DisplayName" = Pilote de CD-ROM
"Group" = SCSI CDROM Class
"ImagePath" = system32\DRIVERS\cdrom.sys -- [2009/04/11 00:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"Tag" = 3
"0" = IDE\CdRomOptiarc_DVD_RW_AD-7540A_________________1.42____\5&143dcd71&0&1.0.0
"Count" = 3
"NextInstance" = 3
"1" = SCSI\CdRom&Ven_PK1222U&Prod_KAQ358Z&Rev_2.0B\5&2c4f72d4&0&000000
"2" = SCSI\CdRom&Ven_JIXKRK&Prod_1M781I3G&Rev_1.03\5&36e5972&0&000000
"DisplayName" = @%SystemRoot%\System32\certprop.dll,-11
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\certprop.dll,-12
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = RpcSs [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\certprop.dll -- [2009/04/11 02:28:18 | 000,040,448 | ---- | M] (Microsoft Corporation)
"ServiceMain" = CertPropServiceMain
"ServiceDllUnloadOnStop" = 1
"Security" = [Binary data over 100 bytes]
"DisplayName" = Consumer IR Devices
"Group" = Extended Base
"ImagePath" = \SystemRoot\system32\drivers\circlass.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"DecoderName" = Philips RC6 32-bit
"DecoderID" = 1
"DecoderType" = BiPhase
"BitOrder" = MSBFirst
"CodeMinBits" = 32
"CodeMaxBits" = 32
"OnePatternMin" = 300 -666
"OnePatternMax" = 666 -300
"ZeroPatternMin" = -666 300
"ZeroPatternMax" = -300 666
"HasRepeatData" = 1
"RepeatPrefixPatternMin" = 2300 -1110 300 -666 300 -666 300 -1110 300 -1110 666
"RepeatPrefixPatternMax" = 2900 -666 666 -300 666 -300 666 -666 666 -666 1110
"MaxRepeatPauseInterval" = 80000
"MaxRepeatTimeout" = 120000
"DecoderName" = Sony 12 to 15-bit
"DecoderID" = 2
"DecoderType" = Pulse
"BitOrder" = LSBFirst
"CodeMinBits" = 12
"CodeMaxBits" = 15
"OnePatternMin" = 1000 -800
"OnePatternMax" = 1400 -400
"ZeroPatternMin" = 400 -800
"ZeroPatternMax" = 800 -400
"HasRepeatData" = 1
"RepeatPrefixPatternMin" = 2000 -800
"RepeatPrefixPatternMax" = 2800 -400
"MaxRepeatPauseInterval" = 32000
"MaxRepeatTimeout" = 50000
"DecoderName" = WebTV 13-bit
"DecoderID" = 3
"DecoderType" = Space
"BitOrder" = MSBFirst
"CodeMinBits" = 13
"CodeMaxBits" = 13
"OnePatternMin" = 400 -1800
"OnePatternMax" = 800 -1100
"ZeroPatternMin" = 400 -2900
"ZeroPatternMax" = 800 -2300
"HasRepeatData" = 1
"RepeatPrefixPatternMin" = 400 -6500
"RepeatPrefixPatternMax" = 800 -5500
"MaxRepeatPauseInterval" = 32000
"MaxRepeatTimeout" = 50000
"DecoderName" = NEC 32-bit
"DecoderID" = 4
"DecoderType" = Space
"BitOrder" = LSBFirst
"CodeMinBits" = 32
"CodeMaxBits" = 32
"OnePatternMin" = 360 -1890
"OnePatternMax" = 760 -1490
"ZeroPatternMin" = 360 -760
"ZeroPatternMax" = 760 -360
"HasRepeatData" = 1
"RepeatPrefixPatternMin" = 4000 -5000
"RepeatPrefixPatternMax" = 5000 -4000
"RepeatSuffixPatternMin" = 360 -760
"RepeatSuffixPatternMax" = 760 -360
"MaxRepeatPauseInterval" = 60000
"MaxRepeatTimeout" = 120000
"DecoderName" = Thompson 24-bit
"DecoderID" = 5
"DecoderType" = Space
"BitOrder" = MSBFirst
"CodeMinBits" = 24
"CodeMaxBits" = 24
"OnePatternMin" = 300 -1200
"OnePatternMax" = 700 -800
"ZeroPatternMin" = 300 -2200
"ZeroPatternMax" = 700 -1800
"HasRepeatData" = 1
"RepeatPrefixPatternMin" = 3500 -4500
"RepeatPrefixPatternMax" = 4500 -3500
"RepeatSuffixPatternMin" = 300 -700
"RepeatSuffixPatternMax" = 700 -300
"MaxRepeatPauseInterval" = 10000
"MaxRepeatTimeout" = 70000
"DecoderName" = MCIR Standard Keyboard 32-bit
"DecoderID" = 6
"DecoderType" = BiPhase
"BitOrder" = MSBFirst
"CodeMinBits" = 32
"CodeMaxBits" = 32
"OnePatternMin" = 150 -450
"OnePatternMax" = 450 -150
"ZeroPatternMin" = -450 150
"ZeroPatternMax" = -150 450
"HasRepeatData" = 1
"RepeatPrefixPatternMin" = 2300 -350 200 -450 450 -800 200 -450 200
"RepeatPrefixPatternMax" = 2900 -100 500 -150 800 -450 450 -150 450
"MaxRepeatPauseInterval" = 80000
"MaxRepeatTimeout" = 250000
"AllowSimultaneousKeys" = 1
"DecoderName" = MCIR Japanese Keyboard 32-bit
"DecoderID" = 7
"DecoderType" = BiPhase
"BitOrder" = MSBFirst
"CodeMinBits" = 32
"CodeMaxBits" = 32
"OnePatternMin" = 150 -450
"OnePatternMax" = 450 -150
"ZeroPatternMin" = -450 150
"ZeroPatternMax" = -150 450
"HasRepeatData" = 1
"RepeatPrefixPatternMin" = 2300 -450 150 -450 150 -450 450 -750 150
"RepeatPrefixPatternMax" = 2900 -100 450 -150 450 -150 750 -450 450
"MaxRepeatPauseInterval" = 80000
"MaxRepeatTimeout" = 250000
"AllowSimultaneousKeys" = 1
"DecoderName" = MCIR Three Button Mouse 29-bit
"DecoderID" = 8
"DecoderType" = BiPhase
"BitOrder" = MSBFirst
"CodeMinBits" = 29
"CodeMaxBits" = 29
"OnePatternMin" = 150 -450
"OnePatternMax" = 450 -150
"ZeroPatternMin" = -450 150
"ZeroPatternMax" = -150 450
"HasRepeatData" = 1
"RepeatPrefixPatternMin" = 2300 -450 150 -450 150 -450 150 -450 450 -450
"RepeatPrefixPatternMax" = 2900 -100 450 -150 450 -150 450 -150 750 -150
"MaxRepeatPauseInterval" = 80000
"MaxRepeatTimeout" = 250000
"SuppressRepeatPacketFilter" = 1
"AllowSimultaneousKeys" = 1
"PortCount" = 0
"DisplayName" = Common Log (CLFS)
"Group" = Filter
"ImagePath" = System32\CLFS.sys -- [2009/04/11 02:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation)
"Description" = Common Log (CLFS)
"ErrorControl" = 3
"Start" = 0
"Tag" = 1
"Type" = 1
"MasterFilePath" = \SystemRoot\System32\config
"EventLogLevel" = 2
"FlushThreshold" = 40000
"Security" = [Binary data over 100 bytes]
"0" = Root\LEGACY_CLFS\0000
"Count" = 1
"NextInstance" = 1
"DelayedAutostart" = 1
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 04 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 00 A6 0E 00 01 00 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 [binary data]
"RequiredPrivileges" = [Binary data over 100 bytes]
"DisplayName" = Microsoft .NET Framework NGEN v2.0.50727_X86
"ImagePath" = %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation)
"Description" = Microsoft .NET Framework NGEN
"ObjectName" = LocalSystem
"ErrorControl" = 0
"Start" = 3
"Type" = 16
"Type" = 32
"Start" = 2
"ErrorControl" = 0
"ImagePath" = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon -- File not found
"DisplayName" = Symantec Lic NetConnect service
"ObjectName" = LocalSystem
"Description" = Symantec Lic NetConnect Service
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\CmBatt.sys -- [2008/01/19 01:32:47 | 000,014,208 | ---- | M] (Microsoft Corporation)
"DisplayName" = Pilote pour Batterie à méthode de contrôle ACPI Microsoft
"0" = ACPI\ACPI0003\2&daba3ff&1
"Count" = 2
"NextInstance" = 2
"1" = ACPI\PNP0C0A\1
"Group" = System Bus Extender
"ImagePath" = \SystemRoot\system32\drivers\cmdide.sys
"ErrorControl" = 3
"Start" = 4
"Type" = 1
"DisplayName" = Pilote de batterie composite Microsoft
"Group" = System Bus Extender
"ImagePath" = system32\DRIVERS\compbatt.sys -- [2008/01/19 03:41:25 | 000,020,792 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 3
"Start" = 0
"Type" = 1
"Tag" = 7
"Count" = 1
"NextInstance" = 1
"DisplayName" = @comres.dll,-947
"ImagePath" = %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} -- [2006/11/02 05:45:02 | 000,007,168 | ---- | M] (Microsoft Corporation)
"Description" = @comres.dll,-948
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 16
"DependOnService" = RpcSsEventSystemSENS [binary data]
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 1E 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 E8 03 00 00 01 00 00 00 88 13 00 00 00 00 00 00 00 00 00 00 [binary data]
"DisplayName" = Crcdisk Filter Driver
"Group" = Pnp Filter
"ImagePath" = system32\drivers\crcdisk.sys -- [2006/11/02 05:49:43 | 000,022,632 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 0
"Type" = 1
"0" = Root\LEGACY_CRCDISK\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = Transmeta Crusoe Processor Driver
"Group" = Extended Base
"ImagePath" = \SystemRoot\system32\drivers\crusoe.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"DisplayName" = @%SystemRoot%\system32\cryptsvc.dll,-1001
"ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\cryptsvc.dll,-1002
"ObjectName" = NT Authority\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = RpcSs [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\system32\cryptsvc.dll -- [2009/04/11 02:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation)
"ServiceMain" = CryptServiceMain
"ServiceDllUnloadOnStop" = 1
"Security" = 00 00 0E 00 01 [binary data]
"DisplayName" = @oleres.dll,-5012
"Group" = COM Infrastructure -- [2008/11/21 15:18:07 | 000,000,000 | ---D | M]
"ImagePath" = %SystemRoot%\system32\svchost.exe -k DcomLaunch -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @oleres.dll,-5013
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"FailureActions" = 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 02 00 00 00 60 EA 00 00 [binary data]
"RequiredPrivileges" = [Binary data over 100 bytes]
"ServiceSidType" = 1
"ServiceDll" = %SystemRoot%\system32\rpcss.dll -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"Security" = [Binary data over 100 bytes]
"DisplayName" = @%systemroot%\system32\drivers\dfsc.sys,-101
"Group" = Network
"ImagePath" = System32\Drivers\dfsc.sys -- [2009/04/11 00:14:12 | 000,075,264 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\drivers\dfsc.sys,-102
"ErrorControl" = 1
"Start" = 1
"Type" = 2
"DependOnService" = Mup [binary data]
"0" = Root\LEGACY_DFSC\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = @dfsrres.dll,-101
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\DFSR.exe -- [2009/04/11 02:27:31 | 002,092,544 | ---- | M] (Microsoft Corporation)
"Start" = 3
"Type" = 16
"Description" = @dfsrres.dll,-102
"DependOnService" = RpcSsEventSystem [binary data]
"ObjectName" = LocalSystem
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"1008" = Reg Error: Unknown registry data type -- File not found
"Security" = [Binary data over 100 bytes]
"ServiceDll" = %SystemRoot%\system32\dhcpcsvc.dll -- [2009/04/11 02:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation)
"DisplayName" = @%SystemRoot%\system32\dhcpcsvc.dll,-100
"Group" = TDI
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\dhcpcsvc.dll,-101
"ObjectName" = NT Authority\LocalService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = NSITdxAfd [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"Options" = 32 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 FF FF FF 7F 00 00 00 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 FF FF FF 7F 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\dhcpcsvc.dll -- [2009/04/11 02:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"KeyType" = 7
"RegLocation" = [Binary data over 100 bytes]
"KeyType" = 1
"RegLocation" = [Binary data over 100 bytes]
"KeyType" = 3
"RegSendLocation" = [Binary data over 100 bytes]
"VendorType" = 1
"KeyType" = 7
"RegLocation" = [Binary data over 100 bytes]
"KeyType" = 1
"RegLocation" = [Binary data over 100 bytes]
"KeyType" = 4
"RegLocation" = SYSTEM\CurrentControlSet\Services\NetBT\Parameters\DhcpNodeType
"KeyType" = 1
"RegLocation" = SYSTEM\CurrentControlSet\Services\NetBT\Parameters\DhcpScopeID
"KeyType" = 1
"RegLocation" = [Binary data over 100 bytes]
"KeyType" = 4
"OptionId" = 1
"VendorType" = 1
"RegLocation" = [Binary data over 100 bytes]
"DllName" = %SystemRoot%\system32\dhcpcsvc6.dll -- [2009/04/11 02:28:18 | 000,130,560 | ---- | M] (Microsoft Corporation)
"KeyType" = 3
"RegLocation" = [Binary data over 100 bytes]
"KeyType" = 3
"RegLocation" = [Binary data over 100 bytes]
"Security" = [Binary data over 100 bytes]
"AutoRunAlwaysDisable" = Brother RemovableDisk(U) [binary data]
"DisplayName" = Pilote de disque
"ImagePath" = system32\drivers\disk.sys -- [2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 0
"Type" = 1
"TimeOutValue" = 60
"0" = IDE\DiskWDC_WD1600BEVT-22ZCT0___________________11.01A11\5&a378056&0&0.0.0
"Count" = 1
"NextInstance" = 1
"DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101
"Group" = TDI
"ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\dnsapi.dll,-102
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = Tdx [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\dnsrslvr.dll -- [2009/04/11 02:28:18 | 000,086,528 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"Security" = [Binary data over 100 bytes]
"DisplayName" = @%systemroot%\system32\dot3svc.dll,-1102
"Group" = TDI
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\dot3svc.dll,-1103
"ObjectName" = localSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = RpcSsNdisuioEaphost [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\dot3svc.dll -- [2009/04/11 02:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"ServiceMain" = Dot3SvcMain
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\Dot4.sys -- [2008/01/19 01:49:12 | 000,131,584 | ---- | M] (Microsoft Corporation)
"DisplayName" = Pilote MS IEEE-1284.4
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\Dot4Prt.sys -- [2008/01/19 01:49:09 | 000,016,384 | ---- | M] (Microsoft Corporation)
"DisplayName" = Pilote de classe Imprimante pour IEEE-1284.4
"Type" = 1
"Start" = 3
"ErrorControl" = 0
"Tag" = 20
"ImagePath" = system32\DRIVERS\dot4usb.sys -- [2008/01/19 01:49:10 | 000,036,864 | ---- | M] (Microsoft Corporation)
"DisplayName" = MS Dot4USB Filter Dot4USB Filter
"Group" = extended base
"DisplayName" = @%systemroot%\system32\dps.dll,-500
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\dps.dll,-501
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"ServiceSidType" = 3
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\system32\dps.dll -- [2008/01/19 03:34:06 | 000,134,656 | ---- | M] (Microsoft Corporation)
"ServiceMain" = ServiceMain
"ServiceDllUnloadOnStop" = 1
"Security" = [Binary data over 100 bytes]
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\drivers\drmkaud.sys -- [2008/01/19 01:53:16 | 000,005,632 | ---- | M] (Microsoft Corporation)
"DisplayName" = Filtre de décodeur DRM (Noyau Microsoft)
"Count" = 0
"NextInstance" = 0
"DisplayName" = LDDM Graphics Subsystem
"Group" = Video Init
"ImagePath" = \SystemRoot\System32\drivers\dxgkrnl.sys
"Description" = Controls the underlying video driver stacks to provide fully-featured display capabilities.
"ErrorControl" = 0
"Start" = 3
"Tag" = 1
"Type" = 1
"0" = Root\LEGACY_DXGKRNL\0000
"Count" = 1
"NextInstance" = 1
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 16
"ImagePath" = system32\DRIVERS\E1G60I32.sys -- [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation)
"DisplayName" = Intel(R) PRO/1000 NDIS 6 Adapter Driver
"Group" = NDIS
"DisplayName" = @%systemroot%\system32\eapsvc.dll,-1
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\eapsvc.dll,-2
"ObjectName" = localSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = RPCSSKeyIso [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
"PeerFriendlyName" = WscEapPeerMethod
"Properties" = 8683520
"PeerInvokeUsernameDialog" = 0
"PeerInvokePasswordDialog" = 0
"PeerDllPath" = %SystemRoot%\System32\WscEapPr.dll -- [2009/04/11 02:28:26 | 000,291,328 | ---- | M] (Microsoft Corporation)
"ServiceDll" = %SystemRoot%\System32\eapsvc.dll -- [2008/01/19 03:34:08 | 000,057,344 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"PeerInstalled" = 1
"DisplayName" = ReadyBoost Caching Driver
"ErrorControl" = 3
"Group" = PnP Filter
"ImagePath" = System32\drivers\ecache.sys -- [2009/04/11 02:32:43 | 000,141,288 | ---- | M] (Microsoft Corporation)
"Start" = 0
"Type" = 1
"Description" = ReadyBoost Caching Driver
"Tag" = 2
"RegionSizeShift" = 20
"UpdateBufferCount" = 20
"LastBootStatus" = 0
"MemoryCacheSize" = 315055217
"LastBootPlanUserTime" = Thu, Nov 02 06, 05:03:53 AM
"TraceLevel" = 1
"UseReadyBoot" = 1
"\Device\HarddiskVolume1" = [Binary data over 100 bytes]
"LastBootPlanTime" = Reg Error: Unknown registry data type -- File not found
"ReadyBootPlanUsage" = 0
"ReadyBootVolumeUniqueId" = 25 DF 6A 96 00 00 10 00 00 00 00 00 [binary data]
"BootMinAvailableMemory" = 1055
"BootCacheDeletedPrematurely" = 0
"BootMinAvailableMemoryTimeMs" = 126150
"BootPlan" = [Binary data over 100 bytes]
"DiskNumber" = 0
"RPM" = 5400
"SizeInGb" = 149
"PeakTransferMBsPerSecond" = 65.7256002168
"SeekBreakPages" = 208
"LongSeekMillisecondsBase" = 8063.2100464249
"LongSeekMillisecondsPerSqrtGB" = 1488.0494996369
"VolumeSerialNumber" = 818884014 -- [2009/12/24 19:30:27 | 000,000,817 | ---- | M] ()
"VolumeCreateTime" = Reg Error: Unknown registry data type -- File not found
"IoReadCount" = 18896
"IoReadKB" = Reg Error: Unknown registry data type -- File not found
"CacheHitCount" = 10323
"CacheHitKB" = Reg Error: Unknown registry data type -- File not found
"CacheHitPercentage" = 54.63
"CacheFragmentation" = 7.26
"CompressedDataSizeKB" = Reg Error: Unknown registry data type -- File not found
"RawDataSizeKB" = Reg Error: Unknown registry data type -- File not found
"CompressionRatio" = 1.57
"CacheSizeKB" = 286600
"LastBootPlanUTC" = Reg Error: Unknown registry data type -- File not found
"BootTimeUTC" = Reg Error: Unknown registry data type -- File not found
"LastBootPlanUserTime" = Thu, Nov 02 06, 05:03:53 AM
"BootPrefetchDiskTimeUs" = Reg Error: Unknown registry data type -- File not found
"BootPrefetchDataReadBytes" = Reg Error: Unknown registry data type -- File not found
"Count" = 1
"NextInstance" = 1
"0" = STORAGE\Volume\1&19f7e59c&0&Signature966ADF25Offset100000Length2543100000
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\elxstor.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"Close" = CloseEmdPerf
"Open" = OpenEmdPerf
"Collect" = CollectEmdPerf
"Library" = %systemroot%\system32\emdmgmt.dll -- [2009/04/11 02:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation)
"InstallType" = 1
"PerfIniFile" = emdperf.ini
"First Counter" = 4112
"Last Counter" = 4138
"First Help" = 4113
"Last Help" = 4139
"1010" = Reg Error: Unknown registry data type -- File not found
"Start" = 2
"ServiceDllUnloadOnStop" = 1
"Description" = @%SystemRoot%\system32\emdmgmt.dll,-1001
"DisplayName" = @%SystemRoot%\system32\emdmgmt.dll,-1000
"ErrorControl" = 0
"ImagePath" = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Type" = 32
"DependOnService" = rpcssecacheslsvcfileinfo [binary data]
"ObjectName" = LocalSystem
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDllUnloadOnStop" = 1
"ServiceMain" = EMDMgmtServiceMain
"ServiceDll" = %systemroot%\system32\emdmgmt.dll -- [2009/04/11 02:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation)
"Open" = OpenPerformanceData
"Close" = ClosePerformanceData
"Collect" = CollectPerformanceData
"Library" = %systemroot%\system32\esentprf.dll -- [2008/01/19 03:34:20 | 000,036,352 | ---- | M] (Microsoft Corporation)
"InstallType" = 1
"PerfIniFile" = esentprf.ini
"First Counter" = 2246
"Last Counter" = 3206
"First Help" = 2247
"Last Help" = 3207
"Object List" = 2246 2698 2840
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"ImagePath" = \??\C:\Windows\system32\Drivers\eusk2par.sys -- [2004/11/18 12:49:14 | 000,024,786 | ---- | M] (EUTRON)
"DisplayName" = EUTRON SmartKey Parallel Driver
"Count" = 0
"NextInstance" = 0
"ServiceDll" = %SystemRoot%\System32\wevtsvc.dll -- [2009/04/11 02:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation)
"ServiceMain" = ServiceMain
"PlugPlayServiceType" = 3
"ServiceDllUnloadOnStop" = 1
"DisplayName" = @%SystemRoot%\system32\wevtsvc.dll,-200
"Group" = Event Log
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\wevtsvc.dll,-201
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeImpersonatePrivilege [binary data]
"FailureActionsOnNonCrashFailures" = 1
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
"File" = %SystemRoot%\system32\winevt\Logs\Antivirus.evtx -- [2010/04/21 07:39:48 | 001,118,208 | ---- | M] ()
"PrimaryModule" = Antivirus
"Sources" = [binary data]
"MaxSize" = 10485760
"RestrictGuestAccess" = 1
"Retention" = 0
"CategoryCount" = 7
"CategoryMessageFile" = C:\Program Files\Alwil Software\Avast4\aswRes.dll -- [2009/11/24 19:40:31 | 000,147,456 | ---- | M] (ALWIL Software)
"EventMessageFile" = C:\Program Files\Alwil Software\Avast4\aswRes.dll -- [2009/11/24 19:40:31 | 000,147,456 | ---- | M] (ALWIL Software)
"DisplayNameFile" = %SystemRoot%\system32\wevtapi.dll -- [2009/04/11 02:28:25 | 000,250,368 | ---- | M] (Microsoft Corporation)
"DisplayNameID" = 256
"PrimaryModule" = Application
"File" = %SystemRoot%\system32\winevt\Logs\Application.evtx -- [2010/04/21 07:29:53 | 020,975,616 | ---- | M] ()
"MaxSize" = 20971520
"Retention" = 0
"RestrictGuestAccess" = 1
"AutoBackupLogFiles" = 0
"Sources" = MSDMine [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\.NET Runtime]
"TypesSupported" = 7
"EventMessageFile" = C:\Windows\system32\mscoree.dll -- [2009/03/30 00:42:21 | 000,278,848 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\.NET Runtime Optimization Service]
"TypesSupported" = 7
"EventMessageFile" = C:\Windows\system32\mscoree.dll -- [2009/03/30 00:42:21 | 000,278,848 | ---- | M] (Microsoft Corporation)
"CategoryCount" = 7
"CategoryMessageFile" = %SystemRoot%\system32\wevtapi.dll -- [2009/04/11 02:28:25 | 000,250,368 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Error]
"EventMessageFile" = %SystemRoot%\System32\wer.dll -- [2009/04/11 02:28:25 | 000,876,032 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Hang]
"EventMessageFile" = %SystemRoot%\System32\wersvc.dll -- [2009/04/11 02:28:25 | 000,126,976 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ASP.NET 2.0.50727.0]
"TypesSupported" = 7
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\fr\aspnet_rc.dll -- [2009/03/30 00:42:26 | 000,097,104 | ---- | M] (Microsoft Corporation)
"CategoryCount" = 5
"CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\fr\aspnet_rc.dll -- [2009/03/30 00:42:26 | 000,097,104 | ---- | M] (Microsoft Corporation)
"ProviderGuid" = {F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Bonjour Service]
"EventMessageFile" = C:\Program Files\Bonjour\mDNSResponder.exe -- [2008/12/12 06:17:38 | 000,238,888 | ---- | M] (Apple Inc.)
"TypesSupported" = 31
"CategoryCount" = 1
"CategoryMessageFile" = C:\Windows\System32\icardres.dll -- [2009/02/18 14:38:47 | 000,009,048 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll;C:\Windows\System32\icardres.dll -- [2009/02/18 14:38:42 | 000,009,064 | ---- | M] (Microsoft Corporation)
"ProviderGuid" = {54164045-7C50-4905-963F-E5BC1EEF0CCA}
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\ulib.dll -- [2009/04/11 02:28:25 | 000,099,840 | ---- | M] (Microsoft Corporation)
"providerGuid" = {bf406804-6afa-46e7-8a48-6c357e1d6d61}
"providerGuid" = {0f177893-4a9c-4709-b921-f432d67f43d5}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Customer Experience Improvement Program]
"providerGuid" = {A402FE09-DA6E-45F2-82AF-3CB37170EE0C}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Desktop Window Manager]
"EventMessageFile" = %SystemRoot%\system32\dwm.exe -- [2009/04/11 02:27:33 | 000,081,920 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\dskquota.dll -- [2008/01/19 03:34:06 | 000,086,528 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 0x00000007
"EventMessageFile" = %systemroot%\system32\esent.dll -- [2009/04/11 02:28:19 | 001,459,200 | ---- | M] (Microsoft Corporation)
"CategoryMessageFile" = %systemroot%\system32\esent.dll -- [2009/04/11 02:28:19 | 001,459,200 | ---- | M] (Microsoft Corporation)
"CategoryCount" = 16
"TypesSupported" = 7
"providerGuid" = {899daace-4868-4295-afcd-9eb8fb497561}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Family Safety Service]
"EventMessageFile" = C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Folder Redirection]
"EventMessageFile" = %SystemRoot%\System32\fdeploy.dll -- [2009/04/11 02:28:19 | 000,053,760 | ---- | M] (Microsoft Corporation)
"ProviderGuid" = {7D7B0C39-93F6-4100-BD96-4DDA859652C5}
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\FrontPage 4.0]
"TypesSupported" = 7
"EventMessageFile" = C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40\bin\fp4Autl.dll -- [1999/03/19 18:54:06 | 000,618,605 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Group Policy]
"EventMessageFile" = %SystemRoot%\System32\gpapi.dll -- [2009/04/11 02:28:19 | 000,075,264 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE -- [2008/11/04 01:44:24 | 000,814,464 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll -- [2008/07/27 14:03:11 | 000,798,224 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Interactive Services detection]
"EventMessageFile" = %SystemRoot%\System32\UI0Detect.exe -- [2008/01/19 03:33:33 | 000,035,840 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Java VM]
"EventMessageFile" = C:\Windows\system32\vmhelper.dll -- [2001/01/12 13:04:06 | 000,286,992 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 07 00 00 00 [binary data]
"ProviderGuid" = {122EE297-BB47-41AE-B265-1CA8D1886D40}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Office 12]
"EventMessageFile" = C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE -- [2008/11/04 01:44:24 | 000,814,464 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"providerGuid" = {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}
"TypesSupported" = 7
"EventMessageFile" = %systemroot%\system32\dfrgres.dll -- [2006/11/02 05:39:13 | 000,031,744 | ---- | M] (Microsoft Corp.)
"providerGuid" = {D6795C62-6F24-4363-99CE-2FF3F4B1FABA}
"ProviderGuid" = {9485FA1E-23CD-49A1-84E3-11D8BC550CB7}
"EventMessageFile" = %SystemRoot%\system32\propsys.dll -- [2009/04/11 02:28:23 | 000,754,688 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"CategoryCount" = 14
"CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009/02/18 14:38:42 | 000,009,064 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009/02/18 14:38:42 | 000,009,064 | ---- | M] (Microsoft Corporation)
"CategoryCount" = 2
"CategoryMessageFile" = C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDMINE.DLL -- [2005/05/04 00:06:30 | 001,411,816 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDMINE.DLL -- [2005/05/04 00:06:30 | 001,411,816 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 00 12 B8 58 [binary data]
"providerGuid" = {719BE4ED-E9BC-4DD8-A7CF-C85CE8E4975D}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC 2]
"providerGuid" = {5D9E0020-3761-4f36-90C8-38CE6511BD12}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC Client]
"providerGuid" = {7A67066E-193F-4D3A-82D3-322FEE5259DE}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MSDTC Client 2]
"providerGuid" = {155CB334-3D7F-4ff1-B107-DF8AFC3C0363}
"EventMessageFile" = C:\Windows\system32\msimsg.dll -- [2009/04/11 00:27:17 | 000,002,560 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"TypesSupported" = 1
"CategoryCount" = 4
"EventMessageFile" = C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSSOAP30.DLL -- [2008/10/24 22:21:26 | 000,505,192 | ---- | M] (Microsoft Corporation)
"CategoryMessageFile" = C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSSOAP30.DLL -- [2008/10/24 22:21:26 | 000,505,192 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\PROGRA~1\MI1933~1\Office12\1036\MAPIR.DLL -- [2009/02/21 11:17:06 | 001,327,984 | ---- | M] (Microsoft Corporation)
"Version" = 13
"TypesSupported" = 7
"ProviderGuid" = {04D66358-C4A1-419B-8023-23B73902DE2C}
"ProviderGuid" = {973143DD-F3C7-4EF5-B156-544AC38C39B6}
"ProviderGuid" = {7F9D83DE-8ABB-457F-98E8-4AD161449ECC}
"ProviderGuid" = {13B197BD-7CEE-4B4E-8DD0-59314CE374CE}
"ProviderGuid" = {CAB2B8A5-49B9-4EEC-B1B0-FAC21DA05A3B}
"ProviderGuid" = {F82FB576-E941-4956-A2C7-A0CF83F6450A}
"ProviderGuid" = {72D211E1-4C54-4A93-9520-4901681B2271}
"EventMessageFile" = %SystemRoot%\System32\profsvc.dll -- [2009/04/11 02:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"ProviderGuid" = {89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}
"EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2008/01/19 03:34:53 | 000,124,928 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 31
"providerGuid" = {f4aed7c7-a898-4627-b053-44a7caa12fcd}
"EventMessageFile" = %SystemRoot%\System32\scecli.dll -- [2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\scesrv.dll -- [2009/04/11 02:28:24 | 000,306,176 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- [2009/05/19 05:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 31
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\wscsvc.dll -- [2009/04/11 02:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ServiceModel Audit]
"TypesSupported" = 31
"CategoryCount" = 2
"CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009/02/18 14:38:42 | 000,009,064 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009/02/18 14:38:42 | 000,009,064 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = %SystemRoot%\System32\sxs.dll -- [2008/01/19 03:36:37 | 000,376,832 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Licensing Service]
"EventMessageFile" = %windir%\system32\slsvc.exe -- [2009/04/11 02:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"ProviderGuid" = {1FD7C1D2-D037-4620-8D29-B2C7E5FCC13A}
"TypesSupported" = 7
"EventMessageFile" = %systemroot%\system32\sxproxy.dll -- [2008/01/19 03:36:37 | 000,028,160 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Standard TCP/IP Port]
"ProviderGuid" = {CAD2D809-03D9-4F46-9CF4-72AA4F04B6B9}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\System Restore]
"TypesSupported" = 7
"EventMessageFile" = %systemroot%\system32\srcore.dll -- [2009/04/11 02:28:24 | 000,378,368 | ---- | M] (Microsoft Corporation)
"CategoryCount" = 14
"CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009/02/18 14:38:42 | 000,009,064 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009/02/18 14:38:42 | 000,009,064 | ---- | M] (Microsoft Corporation)
"CategoryCount" = 14
"CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009/02/18 14:38:42 | 000,009,064 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009/02/18 14:38:42 | 000,009,064 | ---- | M] (Microsoft Corporation)
"CategoryCount" = 14
"CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009/02/18 14:38:42 | 000,009,064 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009/02/18 14:38:42 | 000,009,064 | ---- | M] (Microsoft Corporation)
"CategoryCount" = 14
"CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009/02/18 14:38:42 | 000,009,064 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009/02/18 14:38:42 | 000,009,064 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = %SystemRoot%\system32\usbperf.dll -- [2008/01/19 03:36:46 | 000,011,264 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\userenv.dll -- [2009/04/11 02:28:25 | 000,108,544 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"ProviderGuid" = {DB00DFB6-29F9-4A9C-9B3B-1F4F9E7D9770}
"EventMessageFile" = C:\Windows\system32\msvbvm60.dll -- [2008/01/19 03:35:15 | 001,386,496 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 4
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\VSSVC.EXE -- [2009/04/11 02:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = %SystemRoot%\System32\wersvc.dll -- [2009/04/11 02:28:25 | 000,126,976 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WGA Scanner]
"EventMessageFile" = C:\Windows\SoftwareDistribution\Download\Install\WGAER_M.exe -- File not found
"ParameterMessageFile" = %ProgramFiles%\Windows Defender\MpEvMsg.dll -- [2006/11/02 08:33:51 | 000,065,640 | ---- | M] (Microsoft Corporation)
"ProviderGuid" = {11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}
"TypesSupported" = 7
"EventMessageFile" = %ProgramFiles%\Windows Defender\MpEvMsg.dll -- [2006/11/02 08:33:51 | 000,065,640 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Backup]
"TypesSupported" = 7
"EventMessageFile" = %systemroot%\system32\sdengin2.dll -- [2008/01/19 03:36:20 | 000,730,624 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Error Reporting]
"EventMessageFile" = %SystemRoot%\System32\wer.dll -- [2009/04/11 02:28:25 | 000,876,032 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Search Service]
"ProviderGuid" = {CA4E628D-8567-4896-AB6B-835B221F373F}
"TypesSupported" = 7
"CategoryCount" = 7
"CategoryMessageFile" = %systemroot%\system32\tquery.dll -- [2009/04/11 02:28:24 | 001,576,960 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = %systemroot%\system32\tquery.dll -- [2009/04/11 02:28:24 | 001,576,960 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Search Service Profile Notification]
"ProviderGuid" = {FC6F77DD-769A-470E-BCF9-1B6555A118BE}
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\system32\wsepno.dll -- [2009/04/11 02:28:26 | 000,029,184 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = %SystemRoot%\System32\wininit.exe -- [2008/01/19 03:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"providerGuid" = {206f6dea-d3c5-4d10-bc72-989f03c8b84b}
"EventMessageFile" = %SystemRoot%\System32\winlogon.exe -- [2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"providerGuid" = {DBE9B383-7CF3-4331-91CC-A3CB16A3B538}
"ProviderGuid" = {1edeee53-0afe-4609-b846-d8c0b2075b1f}
"EventMessageFile" = %SystemRoot%\System32\winlogon.exe -- [2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"providerGuid" = {DBE9B383-7CF3-4331-91CC-A3CB16A3B538}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WMI.NET Provider Extension]
"EventMessageFile" = c:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll -- [2008/07/27 14:03:11 | 000,798,224 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\wshext.dll -- [2009/04/11 02:28:26 | 000,090,112 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 31
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\DFS Replication]
"DisplayNameFile" = %SystemRoot%\System32\dfsrres.dll -- [2006/11/02 08:35:06 | 000,002,048 | ---- | M] (Microsoft Corporation)
"DisplayNameID" = 101
"MaxSize" = 15532032
"Sources" = DFSRDFS Replication [binary data]
"Retention" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\DFS Replication\DFS Replication]
"TypesSupported" = 31
"EventMessageFile" = %SystemRoot%\System32\dfsrres.dll -- [2006/11/02 08:35:06 | 000,002,048 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\DFS Replication\DFSR]
"TypesSupported" = 31
"EventMessageFile" = %SystemRoot%\System32\dfsrres.dll -- [2006/11/02 08:35:06 | 000,002,048 | ---- | M] (Microsoft Corporation)
"DisplayNameFile" = %SystemRoot%\system32\wecsvc.dll -- [2008/01/19 03:36:52 | 000,145,408 | ---- | M] (Microsoft Corporation)
"DisplayNameID" = 256
"File" = %systemroot%\system32\winevt\logs\HardwareEvents.evtx -- [2005/12/31 20:21:47 | 000,069,632 | ---- | M] ()
"MaxSize" = 20971520
"Retention" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Internet Explorer]
"CustomSD" = O:BAG:SYD:(A;;0x07;;;WD)S:(ML;;0x1;;;LW)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service]
"MaxSize" = 20971520
"Retention" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service\KmsRequests]
"EventMessageFile" = %windir%\system32\slsvc.exe -- [2009/04/11 02:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"ProviderGuid" = {1FD7C1D2-D037-4620-8D29-B2C7E5FCC13A}
"DisplayNameFile" = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL -- [2009/04/02 12:02:00 | 000,012,616 | ---- | M] ()
"DisplayNameID" = 101
"MaxSize" = 16777216
"PrimaryModule" = ODiag
"Retention" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\ODiag\Microsoft Office 12 Diagnostics]
"EventMessageFile" = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL -- [2009/04/02 12:02:00 | 000,012,616 | ---- | M] ()
"TypesSupported" = 7
"DisplayNameFile" = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL -- [2009/04/02 12:02:00 | 000,012,616 | ---- | M] ()
"DisplayNameID" = 100
"MaxSize" = 16777216
"PrimaryModule" = OSessions
"Retention" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\OSession\Microsoft Office 12 Sessions]
"EventMessageFile" = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL -- [2009/04/02 12:02:00 | 000,012,616 | ---- | M] ()
"TypesSupported" = 7
"DisplayNameFile" = %SystemRoot%\system32\wevtapi.dll -- [2009/04/11 02:28:25 | 000,250,368 | ---- | M] (Microsoft Corporation)
"DisplayNameID" = 257
"Isolation" = 2
"PrimaryModule" = Security -- [2006/11/02 05:43:08 | 000,005,120 | ---- | M] (Microsoft Corporation)
"File" = %SystemRoot%\System32\winevt\Logs\Security.evtx -- [2010/04/21 07:29:54 | 020,975,616 | ---- | M] ()
"MaxSize" = 20971520
"Retention" = 0
"RestrictGuestAccess" = 1
"Security" = [Binary data over 100 bytes]
"ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2008/01/19 03:29:57 | 000,058,880 | ---- | M] (Microsoft Corporation)
"Directory Service Object" = 7680
"ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2008/01/19 03:29:57 | 000,058,880 | ---- | M] (Microsoft Corporation)
"PolicyObject" = 5632
"SecretObject" = 5648
"TrustedDomainObject" = 5664
"UserAccountObject" = 5680
"ProviderGuid" = {fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}
"EventMessageFile" = %SystemRoot%\System32\wevtsvc.dll -- [2009/04/11 02:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation)
"ProviderGuid" = {54849625-5478-4994-a5ba-3e3b0328c30d}
"EventMessageFile" = %SystemRoot%\System32\adtschema.dll -- [2009/04/11 00:12:43 | 000,617,984 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager]
"ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2008/01/19 03:29:57 | 000,058,880 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames]
"SC_MANAGER Object" = 7168
"SERVICE Object" = 7184
"CategoryCount" = 9
"CategoryMessageFile" = %SystemRoot%\System32\MsAuditE.dll -- [2006/11/02 05:40:16 | 000,145,920 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = %SystemRoot%\System32\MsAuditE.dll -- [2006/11/02 05:40:16 | 000,145,920 | ---- | M] (Microsoft Corporation)
"ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2008/01/19 03:29:57 | 000,058,880 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 28
"AdtSecurity" = 7936
"Channel" = 5120
"Desktop" = 6672
"Device" = 4352
"Directory" = 4368
"Event" = 4384
"EventPair" = 4400
"File" = 4416
"IoCompletion" = 4864
"Job" = 5136
"Key" = 4432
"KeyedEvent" = 5696
"MailSlot" = 4416
"Mutant" = 4448
"NamedPipe" = 4416
"Port" = 4464
"Process" = 4480
"Profile" = 4496
"Section" = 4512
"Semaphore" = 4528
"SymbolicLink" = 4544
"Thread" = 4560
"Timer" = 4576
"Token" = 4592
"Type" = 4608
"WaitablePort" = 4464
"WindowStation" = 6656
"WMI Namespace" = 16896
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager]
"ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2008/01/19 03:29:57 | 000,058,880 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames]
"SAM_ALIAS" = 5424
"SAM_DOMAIN" = 5392
"SAM_GROUP" = 5408
"SAM_SERVER" = 5376
"SAM_USER" = 5440
"ParameterMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009/02/18 14:38:42 | 000,009,064 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 31
"CategoryCount" = 3
"CategoryMessageFile" = %SystemRoot%\System32\MsAuditE.dll -- [2006/11/02 05:40:16 | 000,145,920 | ---- | M] (Microsoft Corporation)
"EventSourceFlags" = 1
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009/02/18 14:38:42 | 000,009,064 | ---- | M] (Microsoft Corporation)
"ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2008/01/19 03:29:57 | 000,058,880 | ---- | M] (Microsoft Corporation)
"Document" = 6944
"Printer" = 6928
"Server" = 6912
"ParameterMessageFile" = %SystemRoot%\System32\MsObjs.dll -- [2008/01/19 03:29:57 | 000,058,880 | ---- | M] (Microsoft Corporation)
"InternetPort" = 8064
"EventMessageFile" = %SystemRoot%\System32\VSSVC.EXE -- [2009/04/11 02:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation)
"EventSourceFlags" = 0
"DisplayNameFile" = %SystemRoot%\system32\wevtapi.dll -- [2009/04/11 02:28:25 | 000,250,368 | ---- | M] (Microsoft Corporation)
"DisplayNameID" = 258
"PrimaryModule" = System
"File" = %SystemRoot%\system32\winevt\Logs\System.evtx -- [2010/04/21 07:29:53 | 020,975,616 | ---- | M] ()
"MaxSize" = 20971520
"Retention" = 0
"RestrictGuestAccess" = 1
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\acpi.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\aelupsvc.dll -- [2006/11/02 05:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\amdk7.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\amdk8.sys -- File not found
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Application Popup]
"EventMessageFile" = %SystemRoot%\System32\ntdll.dll -- [2009/04/11 02:27:49 | 001,202,168 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2008/01/19 03:34:53 | 000,124,928 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 31
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %systemroot%\system32\netevent.dll -- [2009/08/14 11:53:34 | 000,017,920 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %systemroot%\system32\netevent.dll -- [2009/08/14 11:53:34 | 000,017,920 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Bthport.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Bthport.sys;%SystemRoot%\System32\Drivers\BthUsb.sys -- File not found
"TypesSupported" = 7
"providerGuid" = {ABCE23E7-DE45-4366-8631-84FA6C525952}
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Client Side Rendering Spooler]
"EventMessageFile" = %systemroot%\system32\win32spl.dll -- [2009/04/11 02:28:25 | 000,443,392 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"providerGuid" = {13E8B4F7-4D1C-4F65-95A2-39C6B26A3012}
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\crusoe.sys -- File not found
"TypesSupported" = 7
"providerGuid" = {1B562E86-B7AA-4131-BADC-B6F3A001407E}
"ProviderGuid" = {7DA4FE0E-FD42-4708-9AA5-89B77A224885}
"providerGuid" = {15A7A4F8-0072-4EAB-ABAD-F98A4D666AED}
"EventMessageFile" = %SystemRoot%\System32\dhcpcsvc.dll -- [2009/04/11 02:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation)
"ParameterMessageFile" = %SystemRoot%\System32\kernel32.dll -- [2009/04/11 02:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation)
"providerGuid" = {6A1F2B00-6A90-4C38-95A5-5CAB3B056778}
"EventMessageFile" = %SystemRoot%\system32\dhcpcsvc6.dll -- [2009/04/11 02:28:18 | 000,130,560 | ---- | M] (Microsoft Corporation)
"ParameterMessageFile" = %SystemRoot%\system32\kernel32.dll -- [2009/04/11 02:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = %Systemroot%\System32\dhcpqec.dll -- [2008/01/19 03:34:03 | 000,066,048 | ---- | M] (Microsoft Corporation)
"ParameterMessageFile" = %Systemroot%\System32\dhcpqec.dll -- [2008/01/19 03:34:03 | 000,066,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 31
"providerGuid" = {F6DA35CE-D312-41C8-9828-5A2E173C91B6}
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\DispCI.dll -- [2008/01/19 03:34:04 | 000,035,328 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"ParameterMessageFile" = %Systemroot%\system32\kernel32.dll -- [2009/04/11 02:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = %Systemroot%\system32\netevent.dll -- [2009/08/14 11:53:34 | 000,017,920 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\netevent.dll;%SystemRoot%\System32\drivers\E1G60I32.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009/08/14 11:53:34 | 000,017,920 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009/08/14 11:53:34 | 000,017,920 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009/08/14 11:53:34 | 000,017,920 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009/08/14 11:53:34 | 000,017,920 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\drivers\fltmgr.sys;%SystemRoot%\System32\IoLogMsg.dll -- File not found
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\hidbth.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"ProviderGuid" = {7b6bc78c-898b-4170-bbf8-1a469ea43fc5}
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\i8042prt.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\iaStorV.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\igmpv2.dll -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\intelppm.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\ipbootp.dll -- File not found
"TypesSupported" = 7
"providerGuid" = {29D13147-1C2E-48EC-9994-E29DFE496EB3}
"EventMessageFile" = %SystemRoot%\System32\rtm.dll -- [2008/01/19 03:36:17 | 000,114,688 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\drivers\ipmidrv.sys -- [2006/11/02 04:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"providerGuid" = {A6F32731-9A38-4159-A220-3D9B7FC5FE5D}
"EventMessageFile" = %SystemRoot%\System32\ipnathlp.dll;%SystemRoot%\System32\ws03res.dll -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\iprip2.dll -- File not found
"TypesSupported" = 7
"providerGuid" = {F2C628AE-D26C-4352-9C45-74754E1E2F9F}
"EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2008/01/19 03:34:53 | 000,124,928 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\isapnp.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\iscsilog.dll -- [2009/04/11 00:39:57 | 000,016,384 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\iteatapi.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\iteraid.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\jraid.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdclass.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\kbdhid.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\kerberos.dll -- [2009/06/15 10:52:38 | 000,499,712 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"ProviderGuid" = {98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009/08/14 11:53:34 | 000,017,920 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009/08/14 11:53:34 | 000,017,920 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\system32\lsasrv.dll -- [2009/06/15 10:52:43 | 001,259,008 | ---- | M] (Microsoft Corporation)
"CategoryMessageFile" = %SystemRoot%\system32\lsasrv.dll -- [2009/06/15 10:52:43 | 001,259,008 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"CategoryCount" = 4
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\system32\lsm.exe -- [2008/01/19 03:33:14 | 000,229,888 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"providerGuid" = {5d896912-022d-40aa-a3a8-4fa5515c76d7}
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"ProviderGuid" = {aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}
"EventMessageFile" = %SystemRoot%\System32\gpsvc.dll -- [2009/04/11 02:28:19 | 000,576,512 | ---- | M] (Microsoft Corporation)
"ParameterMessageFile" = %SystemRoot%\System32\gpsvc.dll -- [2009/04/11 02:28:19 | 000,576,512 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\servicing\cbsmsg.dll -- [2008/01/19 03:33:50 | 000,022,016 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"ProviderGuid" = {bd12f3b8-fc40-4a61-a307-b7a013a069c1}
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouclass.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mouhid.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\mpio.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %systemroot%\system32\netevent.dll;%systemroot%\system32\iologmsg.dll -- File not found
"TypesSupported" = 7
"ParameterMessageFile" = %SystemRoot%\System32\kernel32.dll -- [2009/04/11 02:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MSDTC Gateway]
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll -- [2008/07/27 14:03:11 | 000,798,224 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\MSDTC WS-AT Protocol]
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll -- [2008/07/27 14:03:11 | 000,798,224 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = %systemroot%\System32\iscsiexe.dll -- [2008/01/19 03:34:35 | 000,111,616 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = C:\Windows\system32\netevent.dll;C:\Windows\system32\iologmsg.dll -- [2009/08/14 11:53:34 | 000,017,920 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"providerGuid" = {8115579E-2BEA-4C9E-9AB1-821CC2C98AB0}
"EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2008/01/19 03:34:53 | 000,124,928 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 31
"EventMessageFile" = %SystemRoot%\System32\iologmsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009/08/14 11:53:34 | 000,017,920 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\netmsg.dll -- [2006/11/02 05:41:17 | 000,002,048 | ---- | M] (Microsoft Corporation)
"ParameterMessageFile" = %SystemRoot%\System32\kernel32.dll -- [2009/04/11 02:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\drivers\ntfs.sys;%SystemRoot%\System32\IoLogMsg.dll -- File not found
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\ntrigdigi.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\nvstor.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parport.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\parVdm.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\Pcmcia.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\umpnpmgr.dll -- [2009/04/11 02:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"ProviderGuid" = {BBE94F36-F8DC-4C33-8227-81602B7A3D53}
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009/08/14 11:53:34 | 000,017,920 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\ntprint.dll -- [2009/04/11 02:28:23 | 000,216,064 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"providerGuid" = {e4c60dfa-ecc5-4889-b406-e9ddd38463c8}
"ProviderGuid" = {5B33145C-1C66-49F3-B4CA-F563C165F2C0}
"TypesSupported" = 1
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\processr.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2008/01/19 03:34:53 | 000,124,928 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 31
"EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2008/01/19 03:34:53 | 000,124,928 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 31
"ProviderGuid" = {6c260f2c-049a-43d8-bf4d-d350a4e6611a}
"TypesSupported" = 28
"EventMessageFile" = %systemroot%\system32\sstpsvc.dll -- [2008/01/19 03:36:36 | 000,116,736 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\system32\netevent.dll -- [2009/08/14 11:53:34 | 000,017,920 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\mprmsg.dll -- [2008/01/19 03:34:53 | 000,124,928 | ---- | M] (Microsoft Corporation)
"ParameterMessageFile" = %SystemRoot%\System32\iassvcs.dll -- [2009/04/11 02:28:19 | 000,076,288 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 31
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009/08/14 11:53:34 | 000,017,920 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\samsrv.dll -- [2009/04/11 02:28:24 | 000,483,328 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"providerGuid" = {0D4FDC09-8C27-494A-BDA0-505E4FD8ADAE}
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\sbp2port.sys -- File not found
"TypesSupported" = 7
"providerGuid" = {4FCBF664-A33A-4652-B436-9D558983D955}
"EventMessageFile" = %SystemRoot%\system32\lsasrv.dll -- [2009/06/15 10:52:43 | 001,259,008 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\serial.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\sermouse.sys -- File not found
"TypesSupported" = 7
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009/08/14 11:53:34 | 000,017,920 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Service Control Manager]
"ProviderGuid" = {555908D1-A6D7-4695-8E1E-26931D2012F4}
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009/08/14 11:53:34 | 000,017,920 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"TypesSupported" = 7
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009/08/14 11:53:34 | 000,017,920 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"CategoryCount" = 14
"CategoryMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009/02/18 14:38:42 | 000,009,064 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll -- [2009/02/18 14:38:42 | 000,009,064 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = %SystemRoot%\System32\snmptrap.exe -- [2006/11/02 05:45:46 | 000,012,800 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"ProviderGuid" = {CD75048F-1233-4F58-B9ED-98BA2097AC7E}
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009/08/14 11:53:34 | 000,017,920 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\wiaservc.dll -- [2009/04/11 02:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\SynTP.sys -- File not found
"TypesSupported" = 7
"CategoryCount" = 7
"CategoryMessageFile" = %SystemRoot%\system32\wevtapi.dll -- [2009/04/11 02:28:25 | 000,250,368 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009/08/14 11:53:34 | 000,017,920 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009/08/14 11:53:34 | 000,017,920 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\tcpmon.dll -- [2009/04/11 02:28:24 | 000,135,168 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\system32\ntdll.dll -- [2009/04/11 02:27:49 | 001,202,168 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = %SystemRoot%\system32\termsrv.dll -- [2009/04/11 02:28:24 | 000,449,024 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"providerGuid" = {C76BAA63-AE81-421C-B425-340B4B24157F}
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009/08/14 11:53:34 | 000,017,920 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\netevent.dll -- [2009/08/14 11:53:34 | 000,017,920 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = C:\Windows\system32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\ulsata2.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\user32.dll -- [2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Basic Provider]
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\vdsbas.dll -- [2008/01/19 03:36:47 | 000,152,064 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Dynamic Provider]
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\vdsdyn.dll -- [2009/04/11 02:28:25 | 000,507,904 | ---- | M] (Microsoft Corporation)
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\vgapnp.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\viac7.sys -- File not found
"TypesSupported" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Virtual Disk Service]
"EventMessageFile" = %SystemRoot%\System32\vds.exe -- [2009/04/11 02:28:09 | 000,385,536 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\Drivers\VolSnap.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%System32\IoLogMsg.dll -- File not found
"TypesSupported" = 7
"EventMessageFile" = %Systemroot%\system32\w32time.dll -- [2009/04/11 02:28:25 | 000,282,624 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"ProviderGuid" = {06EDCFEB-0FD0-4E53-ACCA-A6F8BBF81BCB}
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll;%SystemRoot%\System32\drivers\wacompen.sys -- File not found
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\drivers\wd.sys -- [2006/11/02 05:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = \SystemRoot\system32\drivers\Wdf01000.sys
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\wecsvc.dll -- [2008/01/19 03:36:52 | 000,145,408 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\win32k.sys -- [2009/08/14 09:27:17 | 002,036,736 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"ParameterMessageFile" = %ProgramFiles%\Windows Defender\MpEvMsg.dll -- [2006/11/02 08:33:51 | 000,065,640 | ---- | M] (Microsoft Corporation)
"ProviderGuid" = {11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}
"TypesSupported" = 7
"EventMessageFile" = %ProgramFiles%\Windows Defender\MpEvMsg.dll -- [2006/11/02 08:33:51 | 000,065,640 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Disk Diagnostic]
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\DFDTS.dll -- [2008/01/19 03:34:03 | 000,039,936 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Script Host]
"EventMessageFile" = %SystemRoot%\System32\wshext.dll -- [2009/04/11 02:28:26 | 000,090,112 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 24
"EventMessageFile" = winhttp.dll -- [2009/08/24 07:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation)
"ProviderGuid" = {7D44233D-3055-4B9C-BA64-0D47CA40A232}
"TypesSupported" = 7
"ProviderGuid" = {A7975C8F-AC13-49F1-87DA-5A984A4AB417}
"EventMessageFile" = %SystemRoot%\System32\IoLogMsg.dll -- [2006/11/02 05:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"ProviderGuid" = {6A2DC7C1-930A-4FB5-BB44-80B30AEBED6C}
"EventMessageFile" = C:\Windows\system32\netmsg.dll -- [2006/11/02 05:41:17 | 000,002,048 | ---- | M] (Microsoft Corporation)
"TypesSupported" = 7
"TypesSupported" = 7
"EventMessageFile" = %SystemRoot%\System32\wpcsvc.dll -- [2009/04/11 02:28:25 | 000,140,288 | ---- | M] (Microsoft Corporation)
"ProviderGuid" = {AD5162D8-DAF0-4A25-88A7-01CBEB33902E}
"DisplayName" = @comres.dll,-2450
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @comres.dll,-2451
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = rpcss [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeImpersonatePrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 E8 03 00 00 01 00 00 00 88 13 00 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %systemroot%\system32\es.dll -- [2009/04/11 02:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation)
"ServiceDllUnLoadOnStop" = 1
"DisplayName" = exFAT File System Driver
"ErrorControl" = 1
"Group" = Boot File System -- [2009/09/30 18:24:05 | 000,000,000 | ---D | M]
"Start" = 3
"Type" = 2
"Description" = exFAT File System Driver
"DisplayName" = FAT12/16/32 File System Driver
"Group" = Boot File System -- [2009/09/30 18:24:05 | 000,000,000 | ---D | M]
"Description" = Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces)
"ErrorControl" = 1
"Start" = 3
"Type" = 2
"0" = Root\LEGACY_FASTFAT\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = Floppy Disk Controller Driver
"ImagePath" = system32\DRIVERS\fdc.sys -- [2006/11/02 04:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"SetupDone" = 1
"DisplayName" = @%systemroot%\system32\fdPHost.dll,-100
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\fdPHost.dll,-101
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = RpcSshttp [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeImpersonatePrivilege [binary data]
"FailureActions" = 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 00 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\system32\fdPHost.dll -- [2008/01/19 03:34:21 | 000,013,312 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"DisplayName" = @%systemroot%\system32\fdrespub.dll,-100
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\fdrespub.dll,-101
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = RpcSshttp [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\system32\fdrespub.dll -- [2006/11/02 05:46:04 | 000,027,648 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"Security" = [Binary data over 100 bytes]
"FirstStart" = 5F 03 00 00 00 00 00 00 [binary data]
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 21
"ImagePath" = system32\DRIVERS\fetnd5bv.sys -- [2006/12/20 10:00:38 | 000,045,568 | ---- | M] (VIA Technologies, Inc. )
"DisplayName" = VIA Rhine-Family Fast-Ethernet Adapter Driver Service
"Group" = NDIS
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 29
"ImagePath" = system32\DRIVERS\fetnd6v.sys -- [2008/09/21 21:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc. )
"DisplayName" = VIA Rhine Family Fast Ethernet Adapter Driver
"Group" = NDIS
"BootFlags" = 1
"0" = PCI\VEN_1106&DEV_3065&SUBSYS_10D91734&REV_7C\3&18d45aa6&0&90
"Count" = 1
"NextInstance" = 1
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 20
"ImagePath" = system32\DRIVERS\fetnd5.sys -- [2006/11/02 03:30:56 | 000,045,568 | ---- | M] (VIA Technologies, Inc. )
"DisplayName" = Service de pilote de carte VIA famille Rhine 10/100Mo Fast Ethernet
"Group" = NDIS
"DisplayName" = File Information FS MiniFilter
"Group" = FSFilter Bottom
"ImagePath" = system32\drivers\fileinfo.sys -- [2008/01/19 03:42:31 | 000,058,936 | ---- | M] (Microsoft Corporation)
"Description" = Collects information about files in memory to be consumed by other system services.
"ErrorControl" = 1
"Start" = 0
"Type" = 2
"DependOnService" = fltmgr [binary data]
"DefaultInstance" = FileInfo
"Altitude" = 45000
"Flags" = 0
"0" = Root\LEGACY_FILEINFO\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = FileTrace
"Group" = FSFilter Activity Monitor
"ImagePath" = system32\drivers\filetrace.sys -- [2008/01/19 01:30:23 | 000,027,648 | ---- | M] (Microsoft Corporation)
"Description" = ETW File Trace Filter
"ErrorControl" = 1
"Start" = 3
"Tag" = 1
"Type" = 2
"DependOnService" = FltMgr [binary data]
"DefaultInstance" = FileTrace - Top Instance
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Filetrace\Instances\FileTrace - Top Instance]
"Altitude" = 385000
"Flags" = 0
"DisplayName" = Floppy Disk Driver
"ImagePath" = system32\DRIVERS\flpydisk.sys -- [2006/11/02 04:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"AttachWhenLoaded" = 1
"DisplayName" = FltMgr
"Group" = FSFilter Infrastructure
"ImagePath" = system32\drivers\fltmgr.sys -- [2009/04/11 02:32:46 | 000,190,424 | ---- | M] (Microsoft Corporation)
"Description" = File System Filter Manager Driver
"ErrorControl" = 3
"Start" = 0
"Tag" = 1
"Type" = 2
"0" = Root\LEGACY_FLTMGR\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = @%systemroot%\system32\FntCache.dll,-100
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Start" = 3
"Type" = 32
"Description" = @%systemroot%\system32\FntCache.dll,-101
"ObjectName" = NT AUTHORITY\LocalService
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeAuditPrivilege [binary data]
"FailureActions" = 2C 01 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDllUnloadOnStop" = 1
"InitialUserCacheSize" = 4194304
"MaximumUserCacheSize" = 67108864
"InitialSystemCacheSize" = 4194304
"ServiceDll" = %SystemRoot%\system32\FntCache.dll -- [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation)
"MaximumSystemCacheSize" = 16777216
"Security" = [Binary data over 100 bytes]
"DisplayName" = @%SystemRoot%\system32\PresentationHost.exe,-3309
"ErrorControl" = 1
"ImagePath" = %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- [2009/02/18 14:39:20 | 000,043,904 | ---- | M] (Microsoft Corporation)
"Start" = 3
"Type" = 16
"Description" = @%SystemRoot%\system32\PresentationHost.exe,-3310
"ObjectName" = NT Authority\LocalService
"ServiceSidType" = 1
"FailureActions" = 10 0E 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"Security" = [Binary data over 100 bytes]
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 28
"ImagePath" = system32\DRIVERS\fssfltr.sys -- [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation)
"DisplayName" = FssFltr
"Group" = NDIS
"DependOnService" = tcpip [binary data]
"Order" = -736320295
"RefCount" = [Binary data over 100 bytes]
"Type" = 16
"Start" = 3
"ErrorControl" = 1
"ImagePath" = "C:\Program Files\Windows Live\Family Safety\fsssvc.exe" -- [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation)
"DisplayName" = Service Windows Live Contrôle parental
"DependOnService" = rpcss [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ObjectName" = LocalSystem
"Description" = Ce service permet d'activer le Contrôle parental sur l'ordinateur. Si ce service ne fonctionne pas, le Contrôle parental ne fonctionne pas non plus.
"FailureActions" = 80 51 01 00 01 00 00 00 01 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"Group" = Boot file system -- [2009/09/30 18:24:05 | 000,000,000 | ---D | M]
"ErrorControl" = 0
"Start" = 1
"Type" = 8
"0" = Root\LEGACY_FS_REC\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = Filtre AGP version 3.0 générique Microsoft pour plates-formes à base de processeur K8
"Group" = PnP Filter
"ImagePath" = system32\DRIVERS\gagp30kx.sys -- [2008/01/19 03:42:35 | 000,061,496 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 0
"Type" = 1
"Tag" = 5
"10227454" = 00 00 D0 00 00 00 00 00 [binary data]
"0" = PCI\VEN_1106&DEV_B188&SUBSYS_00000000&REV_00\3&18d45aa6&0&08
"Count" = 1
"NextInstance" = 1
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = \??\C:\Users\USER\AppData\Local\Temp\NBO29C8.tmp -- File not found
"DisplayName" = GarenaPEngine
"Count" = 1
"NextInstance" = 1
"PreshutdownTimeout" = 900000
"DisplayName" = @gpapi.dll,-112
"Group" = ProfSvc_Group
"ImagePath" = %windir%\system32\svchost.exe -k GPSvcGroup -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @gpapi.dll,-113
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"Type" = 16
"DependOnService" = RPCSSMup [binary data]
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\gpsvc.dll -- [2009/04/11 02:28:19 | 000,576,512 | ---- | M] (Microsoft Corporation)
"ServiceMain" = GroupPolicyClientServiceMain
"ServiceDllUnloadOnStop" = 1
"Security" = [Binary data over 100 bytes]
"Type" = 16
"Start" = 2
"ErrorControl" = 1
"ImagePath" = "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc -- [2009/07/07 09:30:26 | 000,133,104 | ---- | M] (Google Inc.)
"DisplayName" = Service Google Update (gupdate1c9ff072b4e50fb)
"DependOnService" = RPCSS [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ObjectName" = LocalSystem
"Description" = Permet de maintenir votre logiciel Google à jour. Si ce service est désactivé ou interrompu, votre logiciel Google ne sera plus mis à jour. Toute faille de sécurité susceptible d'apparaître ne pourrait alors pas être réparée et certaines fonctionnalités pourraient être endommagées. Cette tâche se désinstalle automatiquement lorsqu'aucun logiciel Google ne l'utilise.
"Type" = 16
"Start" = 3
"ErrorControl" = 0
"ImagePath" = "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" -- [2009/04/19 19:49:55 | 000,182,768 | ---- | M] (Google)
"DisplayName" = Google Software Updater
"DependOnService" = RPCSS [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ObjectName" = LocalSystem
"Description" = Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work.
"DelayedAutostart" = 1
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 A0 BB 0D 00 01 00 00 00 A0 BB 0D 00 00 00 00 00 00 00 00 00 [binary data]
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\drivers\HdAudio.sys -- [2006/11/02 03:36:49 | 000,235,520 | ---- | M] (Microsoft Corporation)
"DisplayName" = Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio
"DisplayName" = Pilote de bus UAA Microsoft pour High Definition Audio
"Group" = Extended Base
"ImagePath" = system32\DRIVERS\HDAudBus.sys -- [2009/04/11 00:42:42 | 000,561,152 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"Tag" = 13
"0" = PCI\VEN_1106&DEV_3288&SUBSYS_10D91734&REV_10\4&2fca240a&0&0898
"Count" = 1
"NextInstance" = 1
"DisplayName" = Microsoft Bluetooth HID Miniport
"Group" = extended base
"ImagePath" = \SystemRoot\system32\drivers\hidbth.sys
"ErrorControl" = 0
"Start" = 4
"Type" = 1
"DisplayName" = Microsoft Infrared HID Driver
"Group" = extended base
"ImagePath" = \SystemRoot\system32\drivers\hidir.sys
"ErrorControl" = 0
"Start" = 4
"Type" = 1
"RemoteName" = RC6 based MCE remote
"EnableDebounce" = 1
"EnableVendorPassThrough" = 1
"DecoderID" = 1
"CodeSetID" = 0
"CodeBitLen" = 32
"CodeSetNum0" = 1
"CodeSetNum1" = 2
"CodeSetNum2" = 3
"CodeSetNum3" = 4
"CodeSetNumMask" = 28672
"CodeSetNumShiftBits" = 12
"CodeMatchMask" = -61696
"CodeMatchValue" = -2146499584
"DataMask" = 255
"DataShiftBits" = 0
"ReportLength" = 3
"ReportDescriptor" = [Binary data over 100 bytes]
"ReportMappingTable" = [Binary data over 100 bytes]
"RemoteName" = Samsung MCE remote
"EnableDebounce" = 0
"DecoderID" = 4
"CodeSetID" = 0
"CodeBitLen" = 32
"CodeSetNum0" = 0
"CodeSetNum1" = 0
"CodeSetNum2" = 0
"CodeSetNum3" = 0
"CodeSetNumMask" = 0
"CodeSetNumShiftBits" = 0
"CodeMatchMask" = 65535
"CodeMatchValue" = 44417
"DataMask" = 16711680
"DataShiftBits" = 16
"ReportLength" = 3
"ReportDescriptor" = [Binary data over 100 bytes]
"ReportMappingTable" = [Binary data over 100 bytes]
"RemoteName" = MCIR Standard Keyboard Remote
"EnableDebounce" = 0
"EnablePassThrough" = 5
"DecoderID" = 6
"CodeSetID" = 0
"CodeBitLen" = 32
"CodeSetNum0" = 0
"CodeSetNum1" = 0
"CodeSetNum2" = 0
"CodeSetNum3" = 0
"CodeSetNumMask" = -536870912
"CodeSetNumShiftBits" = 29
"CodeMatchMask" = 0
"CodeMatchValue" = 0
"DataMask" = 16777215
"DataShiftBits" = 0
"CheckSumResultsMasks" = 00 00 00 1F [binary data]
"CheckSumResultsShiftBits" = 18 [binary data]
"CheckSumOperation" = 1
"CheckSumWordsMasks" = FF FF FF E0 [binary data]
"CheckSumWordsShiftBits" = [binary data]
"ReportLength" = 4
"ReportDescriptor" = 05 01 09 06 A1 01 85 05 05 07 19 E0 29 E7 15 00 25 01 75 01 95 08 81 02 19 00 29 91 15 00 26 FF 00 75 08 95 02 81 00 C0 [binary data]
"ReportMappingTable" = 00 00 00 00 05 00 00 00 [binary data]
"RemoteName" = MCIR Japanese Keyboard Remote
"EnableDebounce" = 0
"EnablePassThrough" = 6
"ForceUniqueReport" = 1
"DecoderID" = 7
"CodeSetID" = 0
"CodeBitLen" = 32
"CodeSetNum0" = 0
"CodeSetNum1" = 0
"CodeSetNum2" = 0
"CodeSetNum3" = 0
"CodeSetNumMask" = -536870912
"CodeSetNumShiftBits" = 29
"CodeMatchMask" = 0
"CodeMatchValue" = 0
"DataMask" = 16777215
"DataShiftBits" = 0
"CheckSumResultsMasks" = 00 00 00 1F [binary data]
"CheckSumResultsShiftBits" = 18 [binary data]
"CheckSumOperation" = 1
"CheckSumWordsMasks" = FF FF FF E0 [binary data]
"CheckSumWordsShiftBits" = [binary data]
"ReportLength" = 4
"ReportDescriptor" = 05 01 09 06 A1 01 85 06 05 07 19 E0 29 E7 15 00 25 01 75 01 95 08 81 02 19 00 29 98 15 00 26 FF 00 75 08 95 02 81 00 C0 [binary data]
"ReportMappingTable" = 00 00 00 00 06 00 00 00 [binary data]
"RemoteName" = MCIR Three Button Mouse Remote
"EnableDebounce" = 0
"EnablePassThrough" = 7
"DecoderID" = 8
"CodeSetID" = 0
"CodeBitLen" = 29
"CodeSetNum0" = 0
"CodeSetNum1" = 0
"CodeSetNum2" = 0
"CodeSetNum3" = 0
"CodeSetNumMask" = 469762048
"CodeSetNumShiftBits" = 26
"CodeMatchMask" = 0
"CodeMatchValue" = 0
"DataMask" = 2097120
"DataShiftBits" = 5
"CheckSumResultsMasks" = 00 00 E0 03 1F 00 00 00 [binary data]
"CheckSumResultsShiftBits" = 15 00 [binary data]
"CheckSumOperation" = 2
"CheckSumWordsMasks" = E0 FF 1F 1C [binary data]
"CheckSumWordsShiftBits" = [binary data]
"ReportLength" = 3
"ReportDescriptor" = 05 01 09 01 A1 01 85 07 05 09 19 01 29 02 15 00 25 01 75 01 95 02 81 02 05 01 09 30 09 31 15 C1 25 3F 75 07 95 02 81 06 C0 [binary data]
"ReportMappingTable" = 00 00 00 00 07 00 00 [binary data]
"DisplayName" = @%SystemRoot%\System32\hidserv.dll,-101
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\hidserv.dll,-102
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDllUnloadOnStop" = 1
"ServiceDll" = %SystemRoot%\system32\hidserv.dll -- [2009/04/11 02:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation)
"DisplayName" = Pilote de classe HID Microsoft
"Group" = extended base
"ImagePath" = system32\DRIVERS\hidusb.sys -- [2009/04/11 00:42:48 | 000,012,800 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 0
"Start" = 3
"Type" = 1
"Tag" = 18
"0" = USB\VID_04F3&PID_0230\5&c94ea49&0&1
"Count" = 1
"NextInstance" = 1
"DisplayName" = @%SystemRoot%\system32\kmsvc.dll,-6
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\kmsvc.dll,-7
"ObjectName" = localSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = RpcSs [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeImpersonatePrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 00 5C 26 05 00 00 00 00 00 00 00 00 [binary data]
"ServiceDLL" = %SystemRoot%\system32\kmsvc.dll -- [2008/01/19 03:34:36 | 000,068,096 | ---- | M] (Microsoft Corporation)
"ServiceDLLUnloadOnStop" = 1
"Tag" = 259
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\hpcisss.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"BusType" = 8
"5" = 1
"Type" = 32
"Start" = 3
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k hpdevmgmt -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"DisplayName" = hpqcxs08
"DependOnService" = RPCSS [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ObjectName" = LocalSystem
"ServiceDll" = C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- [2009/05/21 20:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.)
"Type" = 32
"Start" = 2
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k hpdevmgmt -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"DisplayName" = Service HP CUE DeviceDiscovery
"DependOnService" = RPCSS [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ObjectName" = LocalSystem
"Description" = Ce service détecte et surveille les périphériques CUE sur votre système.
"ServiceDll" = C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- [2008/03/25 15:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.)
"DisplayName" = HTTP
"ImagePath" = system32\drivers\HTTP.sys -- [2009/11/03 15:41:44 | 000,411,648 | ---- | M] (Microsoft Corporation)
"Description" = This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"http://*:2869/" = 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 1C 00 01 00 00 00 00 00 14 00 00 00 00 20 01 01 00 00 00 00 00 05 13 00 00 00 [binary data]
"http://+:10243/WMPNSSv4/" = 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 30 00 01 00 00 00 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 39 0B 9A 8D 3E 6D C7 2D 58 A4 AD D2 48 66 EF 3B C8 B6 4A AB [binary data]
"https://+:2178/BITS-peer-caching/" = 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 30 00 01 00 00 00 00 00 28 00 00 00 00 20 01 06 00 00 00 00 00 05 50 00 00 00 D8 92 8D 33 CB 5E 10 08 19 8C 0C B8 00 2A 56 66 BD 1F 90 FC [binary data]
"http://+:80/wsman/" = 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 1C 00 01 00 00 00 00 00 14 00 00 00 00 10 01 01 00 00 00 00 00 05 14 00 00 00 [binary data]
"http://+:80/Temporary_Listen_Addresses/" = 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 1C 00 01 00 00 00 00 00 14 00 00 00 00 20 01 01 00 00 00 00 00 01 00 00 00 00 [binary data]
"https://+:443/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/" = [Binary data over 100 bytes]
"http://*:5357/" = 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 34 00 02 00 00 00 00 00 18 00 00 00 00 20 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 00 14 00 00 00 00 20 01 01 00 00 00 00 00 05 13 00 00 00 [binary data]
"https://*:5358/" = 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 34 00 02 00 00 00 00 00 18 00 00 00 00 20 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 00 14 00 00 00 00 20 01 01 00 00 00 00 00 05 13 00 00 00 [binary data]
"Security" = [Binary data over 100 bytes]
"0" = Root\LEGACY_HTTP\0000
"Count" = 1
"NextInstance" = 1
"Group" = SCSI miniport
"ImagePath" = \SystemRoot\system32\drivers\i2omp.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"BusType" = 8
"5" = 1
"DisplayName" = Pilote pour clavier i8042 et souris sur port PS/2
"Group" = Keyboard Port
"ImagePath" = system32\DRIVERS\i8042prt.sys -- [2008/01/19 01:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"Tag" = 5
"PollingIterations" = 12000
"PollingIterationsMaximum" = 12000
"ResendIterations" = 3
"LayerDriver JPN" = kbd101.dll -- [2006/11/02 05:39:43 | 000,006,656 | ---- | M] (Microsoft Corporation)
"LayerDriver KOR" = kbd101a.dll -- [2006/11/02 05:39:43 | 000,006,144 | ---- | M] (Microsoft Corporation)
"0" = ACPI\SYN1907\4&1bb5acf3&0
"Count" = 2
"NextInstance" = 2
"1" = ACPI\PNP0303\4&1bb5acf3&0
"Tag" = 25
"DisplayName" = Intel RAID Controller Vista
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\iastorv.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"queuePriorityEnable" = 0
"BusType" = 8
"AN" = 0
"LPM" = 1
"GTF" = 0
"DIPM" = 1
"AN" = 0
"LPM" = 1
"GTF" = 0
"DIPM" = 1
"AN" = 0
"LPM" = 1
"GTF" = 0
"DIPM" = 1
"Type" = 16
"Start" = 3
"ErrorControl" = 0
"ImagePath" = "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" -- [2005/04/03 19:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation)
"DisplayName" = InstallDriver Table Manager
"ObjectName" = LocalSystem
"Description" = Provides support for the Running Object Table for InstallShield Drivers
"DisplayName" = @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193
"ErrorControl" = 1
"ImagePath" = "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" -- [2009/02/18 14:38:42 | 000,879,448 | ---- | M] (Microsoft Corporation)
"Start" = 3
"Type" = 32
"Description" = @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192
"ObjectName" = LocalSystem
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"Security" = [Binary data over 100 bytes]
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\iirsp.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"BusType" = 8
"5" = 1
"DisplayName" = @%SystemRoot%\system32\ikeext.dll,-501
"ImagePath" = %systemroot%\system32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\ikeext.dll,-502
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = BFE [binary data] -- [2009/04/11 02:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation)
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\ikeext.dll -- [2009/04/11 02:28:20 | 000,438,784 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"ServiceMain" = IkeServiceMain
"Group" = System Bus Extender
"ImagePath" = \SystemRoot\system32\drivers\intelide.sys
"ErrorControl" = 3
"Start" = 4
"Type" = 1
"Tag" = 6
"DisplayName" = Intel Processor Driver
"Group" = Extended Base
"ImagePath" = system32\DRIVERS\intelppm.sys -- [2006/11/02 04:30:18 | 000,039,424 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"Tag" = 11
"DisplayName" = @%systemroot%\system32\IPBusEnum.dll,-102
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\IPBusEnum.dll,-103
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = RpcSsfdPHost [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\system32\ipbusenum.dll -- [2008/01/19 03:34:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"Security" = [Binary data over 100 bytes]
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\ipfltdrv.sys -- [2008/01/19 01:56:23 | 000,047,616 | ---- | M] (Microsoft Corporation)
"DisplayName" = @%systemroot%\system32\rascfg.dll,-32013
"DependOnService" = Tcpip [binary data]
"Description" = @%systemroot%\system32\rascfg.dll,-32013
"DisplayName" = @%SystemRoot%\system32\iphlpsvc.dll,-200
"ImagePath" = %SystemRoot%\System32\svchost.exe -k NetSvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\iphlpsvc.dll,-201
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = RpcSSTdxwinmgmttcpipnsi [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeCreateGlobalPrivilegeSeImpersonatePrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\iphlpsvc.dll -- [2009/04/11 02:28:20 | 000,199,168 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"SP1Installed" = 1
"ClientLocalPort" = 62148
"AddressCreationTimestamp" = 9696416
"TeredoAddress" = 2001:0:4137:9e50:3458:d3b:2a43:4568
"ClientLocalPort" = 64058
"AddressCreationTimestamp" = 9701559
"TeredoAddress" = 2001:0:4137:9e50:3c95:5c5:2a43:4568
"ClientLocalPort" = 62104
"AddressCreationTimestamp" = 27498019
"TeredoAddress" = 2001:0:4137:9e76:ef:d67:a286:2d23
"ClientLocalPort" = 52519
"AddressCreationTimestamp" = 21071029
"TeredoAddress" = 2001:0:4137:9e50:1c1a:32d8:2aef:ea56
"ClientLocalPort" = 60103
"AddressCreationTimestamp" = 25699776
"TeredoAddress" = 2001:0:5ef5:73ba:14dd:1538:a5c0:5d76
"TeredoAddress" = 2001:0:d5c7:a2d6:2405:1e17:ae07:fb76
"ClientLocalPort" = 57832
"AddressCreationTimestamp" = -1377425
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\ipinip.sys -- File not found
"DisplayName" = IP in IP Tunnel Driver
"DependOnService" = Tcpip [binary data]
"Description" = IP in IP Tunnel Driver
"ImagePath" = \SystemRoot\system32\drivers\ipmidrv.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"DisplayName" = IP Network Address Translator
"ImagePath" = system32\DRIVERS\ipnat.sys -- [2008/01/19 01:56:28 | 000,100,864 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"DependOnService" = Tcpip [binary data]
"Description" = IP Network Address Translator
"DisplayName" = IR Bus Enumerator
"ImagePath" = system32\drivers\irenum.sys -- [2008/01/19 01:55:19 | 000,013,312 | ---- | M] (Microsoft Corporation)
"Description" = IR Bus Enumerator
"ErrorControl" = 0
"Start" = 3
"Type" = 1
"HasBootConfig" = 0
"DisplayName" = PnP ISA/EISA Bus Driver
"Group" = Boot Bus Extender -- [2009/09/30 18:24:05 | 000,000,000 | ---D | M]
"ImagePath" = \SystemRoot\system32\drivers\isapnp.sys
"ErrorControl" = 3
"Start" = 4
"Type" = 1
"DisplayName" = Pilote iScsiPort
"ImagePath" = system32\DRIVERS\msiscsi.sys -- [2009/04/11 02:32:46 | 000,180,712 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"BootFlags" = 1
"BusType" = 9
"0" = Root\ISCSIPRT\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = ITEATAPI_Service_Install
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\iteatapi.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"BusType" = 8
"5" = 1
"DisplayName" = ITERAID_Service_Install
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\iteraid.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"BusType" = 8
"5" = 1
"parameter0" = 0
"parameter1" = 0
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\jraid.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"5" = 1
"DisplayName" = Pilote de la classe Clavier
"Group" = Keyboard Class
"ImagePath" = system32\DRIVERS\kbdclass.sys -- [2008/01/19 03:41:52 | 000,035,384 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"Tag" = 2
"ConnectMultiplePorts" = 0
"KeyboardDataQueueSize" = 100
"KeyboardDeviceBaseName" = KeyboardClass
"MaximumPortsServiced" = 3
"SendOutputToAllPorts" = 1
"0" = Root\RDP_KBD\0000
"Count" = 2
"NextInstance" = 2
"1" = ACPI\PNP0303\4&1bb5acf3&0
"DisplayName" = Pilote HID de clavier
"Group" = Keyboard Port
"ImagePath" = system32\DRIVERS\kbdhid.sys -- [2009/04/11 00:38:40 | 000,017,408 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 0
"Start" = 1
"Type" = 1
"Tag" = 6
"WorkNicely" = 0
"Count" = 0
"NextInstance" = 0
"DisplayName" = @keyiso.dll,-100
"ImagePath" = %SystemRoot%\system32\lsass.exe -- [2009/06/15 08:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation)
"Description" = @keyiso.dll,-101
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = RpcSs [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"Security" = [Binary data over 100 bytes]
"Group" = Base
"ImagePath" = System32\Drivers\ksecdd.sys -- [2009/06/15 19:15:25 | 000,439,864 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 3
"Start" = 0
"Type" = 1
"0" = Root\LEGACY_KSECDD\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = @comres.dll,-2946
"ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @comres.dll,-2947
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"DelayedAutoStart" = 1
"Type" = 32
"DependOnService" = RPCSSSamSS [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeImpersonatePrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 E8 03 00 00 01 00 00 00 F8 2A 00 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %systemroot%\system32\msdtckrm.dll -- [2008/01/19 03:34:56 | 000,344,576 | ---- | M] (Microsoft Corporation)
"ServiceMain" = KtmRmServiceMain
"ServiceDllUnloadOnStop" = 1
"Security" = [Binary data over 100 bytes]
"DisplayName" = @%systemroot%\system32\srvsvc.dll,-100
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\srvsvc.dll,-101
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = SamSSSrv [binary data]
"ServiceSidType" = 1
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
"SrvsvcConfigInfo" = [Binary data over 100 bytes]
"SrvsvcTransportEnum" = [Binary data over 100 bytes]
"SrvsvcConnection" = [Binary data over 100 bytes]
"SrvsvcServerDiskEnum" = [Binary data over 100 bytes]
"SrvsvcFile" = [Binary data over 100 bytes]
"SrvsvcSessionInfo" = [Binary data over 100 bytes]
"SrvsvcShareFileInfo" = [Binary data over 100 bytes]
"SrvsvcSharePrintInfo" = [Binary data over 100 bytes]
"SrvsvcShareAdminInfo" = [Binary data over 100 bytes]
"SrvsvcShareConnect" = [Binary data over 100 bytes]
"SrvsvcShareAdminConnect" = [Binary data over 100 bytes]
"SrvsvcStatisticsInfo" = [Binary data over 100 bytes]
"AnonymousDescriptorsUpgraded" = 1
"PreviousAnonymousRestriction" = 0
"SessionSecurityDescriptorRegenerated" = 1
"InteractiveDescriptorsRegenerated" = 0
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
"ServiceDll" = %SystemRoot%\system32\srvsvc.dll -- [2009/04/11 02:28:24 | 000,122,880 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"NullSessionPipes" = netlogonlsarpcsamrbrowser [binary data]
"autodisconnect" = 15
"enableforcedlogoff" = 1
"enablesecuritysignature" = 0
"requiresecuritysignature" = 0
"restrictnullsessaccess" = 1
"Lmannounce" = 0
"Size" = 1
"AdjustedNullSessionPipes" = 2
"CachedOpenLimit" = 0
"srvcomment" = nanoua
"Guid" = 56 6B B4 CE 2C E9 E7 48 98 05 EA 67 0A 84 EA EA [binary data]
"Users" = [Binary data over 100 bytes]
"Public" = [Binary data over 100 bytes]
"print$" = [Binary data over 100 bytes]
"Microsoft Office" = [Binary data over 100 bytes]
"HP Deskjet F2200 series" = [Binary data over 100 bytes]
"Users" = [Binary data over 100 bytes]
"Public" = [Binary data over 100 bytes]
"print$" = [Binary data over 100 bytes]
"Microsoft Office" = 01 00 04 80 30 00 00 00 40 00 00 00 00 00 00 00 14 00 00 00 02 00 1C 00 01 00 00 00 00 00 14 00 FF 01 1F 00 01 01 00 00 00 00 00 01 00 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 05 00 00 00 00 00 05 15 00 00 00 FC 1E FB A8 65 CB EA AA 98 C9 75 65 01 02 00 00 [binary data]
"HP Deskjet F2200 series" = [Binary data over 100 bytes]
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-100
"Group" = NetworkProvider
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\wkssvc.dll,-101
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = BowserMRxSmb10MRxSmb20NSI [binary data]
"ServiceSidType" = 1
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
"DeviceName" = \Device\LanmanRedirector
"Name" = Microsoft Windows Network
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-102
"ProviderPath" = %SystemRoot%\System32\ntlanman.dll -- [2008/01/19 03:35:58 | 000,063,488 | ---- | M] (Microsoft Corporation)
"ServiceDll" = %SystemRoot%\System32\wkssvc.dll -- [2009/06/10 07:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"EnablePlainTextPassword" = 0
"EnableSecuritySignature" = 1
"RequireSecuritySignature" = 0
"OtherDomains" = [binary data]
"ldapclientintegrity" = 1
"Type" = 1
"Start" = 2
"ErrorControl" = 1
"Tag" = 15
"ImagePath" = system32\DRIVERS\lltdio.sys -- [2008/01/19 01:55:03 | 000,047,104 | ---- | M] (Microsoft Corporation)
"DisplayName" = Pilote d’E/S du mappage de découverte de topologie de la couche de liaison
"Group" = NDIS
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
"0" = Root\LEGACY_LLTDIO\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = @%SystemRoot%\system32\lltdres.dll,-1
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\lltdres.dll,-2
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = rpcsslltdio [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeImpersonatePrivilegeSeChangeNotifyPrivilege [binary data]
"FailureActions" = 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 00 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\lltdsvc.dll -- [2008/01/19 03:34:42 | 000,188,928 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"DisplayName" = @%SystemRoot%\system32\lmhsvc.dll,-101
"Group" = TDI
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\lmhsvc.dll,-102
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = NetBTAfd [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeCreateGlobalPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 64 00 00 00 01 00 00 00 64 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\lmhsvc.dll -- [2006/11/02 05:46:05 | 000,018,944 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"Close" = CloseLsaPerformanceData
"Collect" = CollectLsaPerformanceData
"Open" = OpenLsaPerformanceData
"Library" = Secur32.dll -- [2009/06/15 10:53:43 | 000,072,704 | ---- | M] (Microsoft Corporation)
"Object List" = 1570 1670
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\lsi_fc.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"BusType" = 6
"5" = 1
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\lsi_sas.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"BusType" = 10
"5" = 1
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\lsi_scsi.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"Tag" = 34
"BusType" = 1
"5" = 1
"DisplayName" = UAC File Virtualization
"Group" = FSFilter Virtualization
"ImagePath" = \SystemRoot\system32\drivers\luafv.sys
"Description" = Virtualizes file write failures to per-user locations.
"ErrorControl" = 1
"Start" = 2
"Type" = 2
"DependOnService" = FltMgr [binary data]
"DefaultInstance" = luafv
"Altitude" = 135000
"Flags" = 0
"ProgramData" = C:\ProgramData -- [2010/04/19 19:57:06 | 000,000,000 | -H-D | M]
"0" = Root\LEGACY_LUAFV\0000
"Count" = 1
"NextInstance" = 1
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\megasas.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"BusType" = 8
"5" = 1
"DisplayName" = @%systemroot%\system32\mmcss.dll,-100
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\mmcss.dll,-101
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"RequiredPrivileges" = SeIncreaseBasePriorityPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\system32\mmcss.dll -- [2008/01/19 03:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation)
"ServiceMain" = ServiceMain
"ServiceDllUnloadOnStop" = 1
"Group" = Extended base
"ImagePath" = system32\drivers\modem.sys -- [2008/01/19 01:57:16 | 000,031,744 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 0
"Start" = 3
"Tag" = 4
"Type" = 1
"0" = HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_10573055&REV_1007\5&107ff244&0&0101
"Count" = 1
"NextInstance" = 1
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\monitor.sys -- [2008/01/19 01:52:19 | 000,041,984 | ---- | M] (Microsoft Corporation)
"DisplayName" = Service Pilote de fonction de classe Moniteur Microsoft
"Count" = 1
"NextInstance" = 1
"0" = DISPLAY\MS_0000\5&49d4741&0&UID2
"DisplayName" = Pilote de la classe Souris
"Group" = Pointer Class
"ImagePath" = system32\DRIVERS\mouclass.sys -- [2008/01/19 03:41:52 | 000,034,360 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"Tag" = 2
"0" = Root\RDP_MOU\0000
"Count" = 3
"NextInstance" = 3
"1" = ACPI\SYN1907\4&1bb5acf3&0
"2" = HID\VID_04F3&PID_0230\6&12e98ff3&0&0000
"DisplayName" = Pilote HID de souris
"Group" = Pointer Port
"ImagePath" = system32\DRIVERS\mouhid.sys -- [2008/01/19 01:49:16 | 000,015,872 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 0
"Start" = 3
"Type" = 1
"Tag" = 5
"UseOnlyMice" = 0
"TreatAbsoluteAsRelative" = 0
"TreatAbsolutePointerAsAbsolute" = 0
"0" = HID\VID_04F3&PID_0230\6&12e98ff3&0&0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = Mount Point Manager
"Group" = System Bus Extender
"ImagePath" = System32\drivers\mountmgr.sys -- [2008/01/19 03:42:28 | 000,057,400 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 3
"Start" = 0
"Type" = 1
"Description" = Driver responsible with maintaining persistent drive letters and names for volumes
"0" = Root\LEGACY_MOUNTMGR\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = Microsoft Multi-Path Bus Driver
"Group" = Boot Bus Extender -- [2009/09/30 18:24:05 | 000,000,000 | ---D | M]
"ImagePath" = \SystemRoot\system32\drivers\mpio.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"DisplayName" = @%SystemRoot%\system32\FirewallAPI.dll,-23092
"Group" = network
"ImagePath" = System32\drivers\mpsdrv.sys -- [2008/01/19 01:54:46 | 000,064,000 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\FirewallAPI.dll,-23093
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"0" = Root\LEGACY_MPSDRV\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = @%SystemRoot%\system32\FirewallAPI.dll,-23090
"Group" = NetworkProvider
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\FirewallAPI.dll,-23091
"ObjectName" = NT Authority\LocalService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = mpsdrvbfe [binary data]
"ServiceSidType" = 3
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\system32\mpssvc.dll -- [2009/04/11 02:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"Collection" = 87 00 01 00 [binary data]
"Collection" = [Binary data over 100 bytes]
"Security" = [Binary data over 100 bytes]
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\mraid35x.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"BusType" = 8
"NumberOfRequests" = 189
"CreateInitiatorLU" = 1
"5" = 1
"DisplayName" = WebDav Client Redirector Driver
"ErrorControl" = 1
"ImagePath" = \SystemRoot\system32\drivers\mrxdav.sys
"Start" = 3
"Type" = 2
"Description" = WebDav Client Redirector Driver
"DependOnService" = rdbss [binary data]
"EncryptedDirectories" =
"UMRxDebugFlag" = 0
"FinalizeVNetRootRequestTimeoutInSec" = 600
"CreateRequestTimeoutInSec" = 1800
"CloseRequestTimeoutInSec" = 1800
"FileInformationCacheLifeTimeInSec" = 60
"SetFileInfoRequestTimeoutInSec" = 600
"QueryDirectoryRequestTimeoutInSec" = 600
"FileNotFoundCacheLifeTimeInSec" = 60
"FinalizeSrvCallRequestTimeoutInSec" = 600
"NameCacheMaxEntries" = 300
"FsCtlRequestTimeoutInSec" = 1800
"QueryVolumeInfoRequestTimeoutInSec" = 600
"CreateSrvCallRequestTimeoutInSec" = 20
"FinalizeFcbRequestTimeoutInSec" = 60
"CreateVNetRootRequestTimeoutInSec" = 60
"ReNameRequestTimeoutInSec" = 600
"DAVDebugFlag" = 0
"LockRefreshRequestTimeoutInSec" = 600
"QueryFileInfoRequestTimeoutInSec" = 600
"FinalizeFobxRequestTimeoutInSec" = 60
"DevFsCtlRequestTimeoutInSec" = 600
"0" = Root\LEGACY_MRXDAV\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = SMB MiniRedirector Wrapper and Engine
"Group" = Network
"ImagePath" = system32\DRIVERS\mrxsmb.sys -- [2009/12/04 11:56:09 | 000,105,984 | ---- | M] (Microsoft Corporation)
"Description" = Implements the framework for the SMB filesystem redirector
"ErrorControl" = 1
"Start" = 3
"Tag" = 5
"Type" = 2
"DependOnService" = rdbss [binary data]
"0" = Root\LEGACY_MRXSMB\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = SMB 1.x MiniRedirector
"Group" = Network
"ImagePath" = system32\DRIVERS\mrxsmb10.sys -- [2009/12/04 11:56:16 | 000,212,992 | ---- | M] (Microsoft Corporation)
"Description" = Implements the SMB 1.x (CIFS) protocol. This protocol provides connectivity to network resources on pre-Windows Vista servers
"ErrorControl" = 1
"Start" = 3
"Tag" = 6
"Type" = 2
"DependOnService" = mrxsmb [binary data]
"0" = Root\LEGACY_MRXSMB10\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = SMB 2.0 MiniRedirector
"Group" = Network
"ImagePath" = system32\DRIVERS\mrxsmb20.sys -- [2009/04/11 00:14:29 | 000,079,360 | ---- | M] (Microsoft Corporation)
"Description" = Implements the SMB 2.0 protocol, which provides connectivity to network resources on Windows Vista and later servers
"ErrorControl" = 1
"Start" = 3
"Tag" = 7
"Type" = 2
"DependOnService" = mrxsmb [binary data]
"0" = Root\LEGACY_MRXSMB20\0000
"Count" = 1
"NextInstance" = 1
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\msahci.sys
"ErrorControl" = 3
"Start" = 4
"Type" = 1
"DisplayName" = Microsoft Multi-Path Device Specific Module
"Group" = System Bus Extender
"ImagePath" = \SystemRoot\system32\drivers\msdsm.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"DsmSupportedDeviceList" = Vendor 8Product 16 [binary data]
"DisplayName" = @comres.dll,-2797
"ImagePath" = %SystemRoot%\System32\msdtc.exe -- [2008/01/19 03:33:16 | 000,105,984 | ---- | M] (Microsoft Corporation)
"Description" = @comres.dll,-2798
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 3
"Type" = 16
"DependOnService" = RPCSSSamSS [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 E8 03 00 00 01 00 00 00 F8 2A 00 00 00 00 00 00 00 00 00 00 [binary data]
"DelayedAutostart" = 1
"Library" = msdtcuiu.DLL -- [2008/01/19 03:34:57 | 000,215,040 | ---- | M] (Microsoft Corporation)
"Open" = DtcPerfOpen
"Collect" = DtcPerfCollect
"Close" = DtcPerfClose
"InstallType" = 1
"PerfIniFile" = msdtcprf.ini
"First Counter" = 3208
"Last Counter" = 3234
"First Help" = 3209
"Last Help" = 3235
"Object List" = 3208
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC Bridge]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC Bridge\Performance]
"CategoryOptions" = 3
"Counter Types" = [Binary data over 100 bytes]
"Close" = ClosePerformanceData
"Counter Names" = [Binary data over 100 bytes]
"IsMultiInstance" = 0
"Open" = OpenPerformanceData
"Collect" = CollectPerformanceData
"Library" = NETFXPerf.dll -- [2008/07/27 14:03:17 | 000,041,984 | ---- | M] (Microsoft Corporation)
"InstallType" = 1
"PerfIniFile" = _TransactionBridgePerfCounters_D.ini
"First Counter" = 4250
"Last Counter" = 4272
"First Help" = 4251
"Last Help" = 4273
"Object List" = 4250
"ErrorControl" = 1
"Group" = File system
"Start" = 1
"Type" = 2
"0" = Root\LEGACY_MSFS\0000
"Count" = 1
"NextInstance" = 1
"Tag" = 2
"DisplayName" = Pilote de classe ISA/EISA
"Group" = Boot Bus Extender -- [2009/09/30 18:24:05 | 000,000,000 | ---D | M]
"ImagePath" = system32\drivers\msisadrv.sys -- [2008/01/19 03:41:14 | 000,016,440 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 3
"Start" = 0
"Type" = 1
"0" = Root\LEGACY_MSISADRV\0000
"Count" = 2
"NextInstance" = 2
"1" = PCI\VEN_1106&DEV_3337&SUBSYS_32371106&REV_00\3&18d45aa6&0&88
"DisplayName" = @%SystemRoot%\system32\iscsidsc.dll,-5000
"Group" = iSCSI
"ImagePath" = %systemroot%\system32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\iscsidsc.dll,-5001
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActionsOnNonCrashFailures" = 1
"FailureActions" = 50 46 00 00 01 00 00 00 01 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"RebootMessage" = See Note 3 below
"FailureCommand" = customScript.cmd
"ServiceDll" = %systemroot%\system32\iscsiexe.dll -- [2008/01/19 03:34:35 | 000,111,616 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"DisplayName" = @%SystemRoot%\system32\msimsg.dll,-27
"ImagePath" = %systemroot%\system32\msiexec /V -- [2009/04/11 02:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\msimsg.dll,-32
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 16
"DependOnService" = rpcss [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 16
"ImagePath" = system32\drivers\MSKSSRV.sys -- [2008/01/19 01:49:20 | 000,008,192 | ---- | M] (Microsoft Corporation)
"DisplayName" = Proxy de service de répartition Microsoft
"Group" = Extended Base
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 14
"ImagePath" = system32\drivers\MSPCLOCK.sys -- [2008/01/19 01:49:18 | 000,005,888 | ---- | M] (Microsoft Corporation)
"DisplayName" = Proxy d'horloge de répartition Microsoft
"Group" = Extended Base
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 15
"ImagePath" = system32\drivers\MSPQM.sys -- [2008/01/19 01:49:18 | 000,005,504 | ---- | M] (Microsoft Corporation)
"DisplayName" = Proxy de gestion de qualité de répartition Microsoft
"Group" = Extended Base
"ErrorControl" = 1
"Start" = 3
"Tag" = 1
"Type" = 1
"Close" = Close
"Open" = Open
"Collect" = Collect
"Library" = %systemroot%\system32\msscntrs.dll -- [2009/04/11 02:28:22 | 000,060,416 | ---- | M] (Microsoft Corporation)
"DisplayName" = Pilote BIOS de gestion de systèmes Microsoft
"ImagePath" = system32\DRIVERS\mssmbios.sys -- [2008/01/19 03:41:49 | 000,031,288 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"AcpiData" = [Binary data over 100 bytes]
"RegistersData" = [Binary data over 100 bytes]
"BiosData" = [Binary data over 100 bytes]
"SMBiosData" = [Binary data over 100 bytes]
"0" = Root\SYSTEM\0002
"Count" = 1
"NextInstance" = 1
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 17
"ImagePath" = system32\drivers\MSTEE.sys -- [2008/01/19 01:49:19 | 000,006,016 | ---- | M] (Microsoft Corporation)
"DisplayName" = Convertisseur en T/site-à-site de répartition Microsoft
"Group" = Extended Base
"DisplayName" = Mup
"Group" = Network
"ImagePath" = System32\Drivers\mup.sys -- [2009/04/11 02:32:31 | 000,048,104 | ---- | M] (Microsoft Corporation)
"Description" = Multiple UNC Provider
"ErrorControl" = 1
"Start" = 0
"Type" = 2
"0" = Root\LEGACY_MUP\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = @%SystemRoot%\system32\qagentrt.dll,-6
"ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\qagentrt.dll,-7
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = RpcSs [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeImpersonatePrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 00 5C 26 05 00 00 00 00 00 00 00 00 [binary data]
"ServiceDLL" = %SystemRoot%\system32\qagentRT.dll -- [2009/04/11 02:28:23 | 000,302,592 | ---- | M] (Microsoft Corporation)
"ServiceDLLUnloadOnStop" = 1
"Id" = 79617
"Friendly Name" = @%SystemRoot%\system32\dhcpqec.dll,-100 -- [2008/01/19 03:34:03 | 000,066,048 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\dhcpqec.dll,-101
"Version" = 1.0
"Vendor Name" = Microsoft Corporation -- [2006/11/02 08:45:01 | 000,000,000 | --SD | M]
"Enabled" = 1
"Id" = 79618
"Vendor Name" = Microsoft Corporation -- [2006/11/02 08:45:01 | 000,000,000 | --SD | M]
"Friendly Name" = @%Systemroot%\system32\rasqec.dll,-200 -- [2008/01/19 03:36:16 | 000,069,632 | ---- | M] (Microsoft Corporation)
"Description" = @%Systemroot%\system32\rasqec.dll,-201
"Version" = 1.0
"Registration Date" =
"Enabled" = 1
"Id" = 79619
"Friendly Name" = @%SystemRoot%\system32\napipsec.dll,-1 -- [2008/01/19 03:35:35 | 000,034,304 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\napipsec.dll,-2
"Version" = @%SystemRoot%\system32\napipsec.dll,-4 -- [2008/01/19 03:35:35 | 000,034,304 | ---- | M] (Microsoft Corporation)
"Vendor Name" = @%SystemRoot%\system32\napipsec.dll,-3 -- [2008/01/19 03:35:35 | 000,034,304 | ---- | M] (Microsoft Corporation)
"Component Type" = 2
"Id" = 79621
"Friendly Name" = @%SystemRoot%\system32\tsgqec.dll,-100 -- [2009/04/11 02:28:24 | 000,053,248 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\tsgqec.dll,-101
"Version" = 1.0
"Vendor Name" = Microsoft Corporation -- [2006/11/02 08:45:01 | 000,000,000 | --SD | M]
"Enabled" = 1
"Id" = 79623
"Friendly Name" = @%SystemRoot%\system32\eapqec.dll,-100 -- [2008/01/19 03:34:08 | 000,067,584 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\eapqec.dll,-101
"Version" = 1.0
"Vendor Name" = Microsoft Corporation -- [2006/11/02 08:45:01 | 000,000,000 | --SD | M]
"Enabled" = 1
"Security" = [Binary data over 100 bytes]
"Version" = 1
"Id" = 79744
"Enabled" = 1
"Vendor Name" = Microsoft Corporation -- [2006/11/02 08:45:01 | 000,000,000 | --SD | M]
"Info Clsid" = {7886B467-66D4-4163-82BA-D9212FDB4CA8}
"Description" = Microsoft Out-of-Box System Health Agent
"Friendly Name" = Microsoft Out-of-Box System Health Agent -- [2006/11/02 08:45:01 | 000,000,000 | --SD | M]
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 18
"ImagePath" = system32\DRIVERS\nwifi.sys -- [2009/04/11 00:43:28 | 000,148,480 | ---- | M] (Microsoft Corporation)
"DisplayName" = Filtre NativeWiFi
"Group" = NDIS
"DefaultFilterSettings" = 1
"InterfaceGuid" = 58 07 38 B4 5C 7A DA 11 B5 CD 00 A0 D1 C7 6A 7E [binary data]
"Count" = 1
"NextInstance" = 1
"Start" = 3
"DisplayName" = NDIS System Driver
"Group" = NDIS Wrapper
"ImagePath" = system32\drivers\ndis.sys -- [2009/04/11 02:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation)
"Description" = NDIS System Driver
"ErrorControl" = 3
"Start" = 0
"Type" = 1
"IfType" = 1
"IfUsedNetLuidIndices" = 01 [binary data]
"IfType" = 131
"IfUsedNetLuidIndices" = ? [binary data]
"IfType" = 23
"IfUsedNetLuidIndices" = 03 [binary data]
"IfType" = 24
"IfUsedNetLuidIndices" = 01 [binary data]
"IfType" = 6
"IfUsedNetLuidIndices" = D9 06 [binary data]
"IfType" = 71
"IfUsedNetLuidIndices" = 09 [binary data]
"PortAuthReceiveAuthorizationState" = 2
"PortAuthReceiveControlState" = 2
"PortAuthSendAuthorizationState" = 2
"PortAuthSendControlState" = 2
"PortAuthReceiveAuthorizationState" = 2
"PortAuthReceiveControlState" = 2
"PortAuthSendAuthorizationState" = 2
"PortAuthSendControlState" = 2
"ProcessorAffinityMask" = -1
"0" = Root\LEGACY_NDIS\0000
"Count" = 1
"NextInstance" = 1
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\ndistapi.sys -- [2008/01/19 01:56:24 | 000,020,992 | ---- | M] (Microsoft Corporation)
"DisplayName" = @%systemroot%\system32\rascfg.dll,-32001
"Description" = @%systemroot%\system32\rascfg.dll,-32001
"AsyncEventQueueSize" = 768
"0" = Root\MS_NDISWANBH\0000
"Count" = 5
"NextInstance" = 5
"1" = Root\MS_NDISWANIP\0000
"2" = Root\MS_NDISWANIPV6\0000
"3" = Root\MS_PPPOEMINIPORT\0000
"4" = Root\MS_PPTPMINIPORT\0000
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 13
"ImagePath" = system32\DRIVERS\ndisuio.sys -- [2008/01/19 01:55:40 | 000,016,896 | ---- | M] (Microsoft Corporation)
"DisplayName" = NDIS mode utilisateur E/S Protocole
"Group" = NDIS
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
"0" = Root\LEGACY_NDISUIO\0000
"Count" = 1
"NextInstance" = 1
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\ndiswan.sys -- [2009/04/11 00:46:32 | 000,121,344 | ---- | M] (Microsoft Corporation)
"DisplayName" = @%systemroot%\system32\rascfg.dll,-32002
"Description" = @%systemroot%\system32\rascfg.dll,-32002
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
"0" = Root\MS_NDISWANBH\0000
"Count" = 3
"NextInstance" = 3
"1" = Root\MS_NDISWANIP\0000
"2" = Root\MS_NDISWANIPV6\0000
"DisplayName" = NDIS Proxy [binary data]
"ErrorControl" = 1
"Group" = PNP_TDI
"Start" = 3
"Type" = 1
"0" = Root\LEGACY_NDPROXY\0000
"Count" = 1
"NextInstance" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Net Driver HPZ12]
"Type" = 16
"Start" = 2
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\System32\svchost.exe -k HPZ12 -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"ObjectName" = NT AUTHORITY\LocalService
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Net Driver HPZ12\Parameters]
"ServiceDll" = C:\Windows\system32\HPZinw12.dll -- [2008/07/18 07:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Net Driver HPZ12\Security]
"Security" = [Binary data over 100 bytes]
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/01/19 01:55:45 | 000,035,840 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
"LanaMap" = 01 0D 01 0B 01 06 01 02 01 00 01 04 01 08 01 0E 01 0A 01 0C 01 09 01 07 01 03 01 01 01 05 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
"MaxLana" = 14
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006/11/02 05:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation)
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"NameServerList" = [binary data]
"NetbiosOptions" = 0
"NameServerList" = [binary data]
"NetbiosOptions" = 0
"NameServerList" = [binary data]
"NetbiosOptions" = 0
"NameServerList" = [binary data]
"NetbiosOptions" = 0
"NameServerList" = [binary data]
"NetbiosOptions" = 0
"NameServerList" = [binary data]
"NetbiosOptions" = 0
"Security" = [Binary data over 100 bytes]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = @%SystemRoot%\System32\netlogon.dll,-102
"Group" = MS_WindowsRemoteValidation
"ImagePath" = %systemroot%\system32\lsass.exe -- [2009/06/15 08:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\netlogon.dll,-103
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = LanmanWorkstation [binary data]
"Update" = no
"disablepasswordchange" = 0
"maximumpasswordage" = 30
"requiresignorseal" = 1
"requirestrongkey" = 0
"sealsecurechannel" = 1
"signsecurechannel" = 1
"DisplayName" = @%SystemRoot%\system32\netman.dll,-109
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\netman.dll,-110
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = RpcSsnsi [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeImpersonatePrivilegeSeChangeNotifyPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 64 00 00 00 01 00 00 00 64 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\netman.dll -- [2008/01/19 03:35:36 | 000,274,432 | ---- | M] (Microsoft Corporation)
"DisplayName" = @%SystemRoot%\system32\netprof.dll,-246
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\netprof.dll,-247
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = RpcSsnlasvc [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeImpersonatePrivilegeSeChangeNotifyPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 64 00 00 00 01 00 00 00 64 00 00 00 00 00 00 00 64 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\netprofm.dll -- [2008/01/19 03:35:36 | 000,237,056 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"DisplayName" = @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201
"ErrorControl" = 1
"ImagePath" = "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" -- [2009/02/18 14:38:43 | 000,129,880 | ---- | M] (Microsoft Corporation)
"Start" = 4
"Type" = 32
"Description" = @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8200
"ObjectName" = NT AUTHORITY\LocalService
"ServiceSidType" = 3
"RequiredPrivileges" = SeCreateGlobalPrivilege [binary data]
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"Security" = [Binary data over 100 bytes]
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\nfrd960.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"BusType" = 8
"5" = 1
"DisplayName" = @%SystemRoot%\System32\nlasvc.dll,-1
"ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\nlasvc.dll,-2
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = NSIRpcSsTcpIp [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 64 00 00 00 01 00 00 00 64 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\nlasvc.dll -- [2008/01/19 03:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"Tlag" = 500
"PassivePollPeriod" = 5
"StaleThreshold" = 30
"WebTimeout" = 10
"EnableActiveProbing" = 1
"ActiveWebProbeHost" =
"ActiveWebProbePath" = ncsi.txt
"ActiveWebProbeContent" = Microsoft NCSI -- [2006/11/02 08:45:01 | 000,000,000 | --SD | M]
"ActiveDnsProbeHost" =
"ActiveDnsProbeContent" =
"KnownProxylessGateways" = 00-1f-95-0b-3c-d8 149485
"Tresolve" = 2000
"Security" = [Binary data over 100 bytes]
"ErrorControl" = 1
"Group" = File system
"Start" = 1
"Type" = 2
"lsass" = protected_storagenetlogonlsarpcsamr [binary data]
"ntsvcs" = svcctl [binary data]
"0" = Root\LEGACY_NPFS\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = @%SystemRoot%\system32\nsisvc.dll,-200
"ImagePath" = %systemroot%\system32\svchost.exe -k LocalService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\nsisvc.dll,-201
"ObjectName" = NT Authority\LocalService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = nsiproxy [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeCreateGlobalPrivilegeSeImpersonatePrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %systemroot%\system32\nsisvc.dll -- [2008/01/19 03:35:57 | 000,018,432 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"DisplayName" = NSI proxy service
"ImagePath" = system32\drivers\nsiproxy.sys -- [2008/01/19 01:55:50 | 000,016,384 | ---- | M] (Microsoft Corporation)
"Description" = NSI proxy service
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"0" = Root\LEGACY_NSIPROXY\0000
"Count" = 1
"NextInstance" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\RID Values]
"Group" = FileSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 2
"0" = Root\LEGACY_NTFS\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = N-trig HID Tablet Driver
"Group" = Extended Base
"ImagePath" = \SystemRoot\system32\drivers\ntrigdigi.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"ErrorControl" = 1
"Group" = Base
"Start" = 1
"Tag" = 1
"Type" = 1
"0" = Root\LEGACY_NULL\0000
"Count" = 1
"NextInstance" = 1
"Group" = System Bus Extender
"ImagePath" = \SystemRoot\system32\drivers\nvraid.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"DisplayName" = NVIDIA nForce(tm) RAID Class Driver
"DisableFilterCache" = 1
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\nvstor.sys
"ErrorControl" = 3
"Start" = 4
"Type" = 1
"BusType" = 8
"5" = 1
"DisplayName" = NVIDIA nForce AGP Bus Filter
"Group" = PnP Filter
"ImagePath" = \SystemRoot\system32\drivers\nv_agp.sys
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\nwlnkflt.sys -- File not found
"DisplayName" = IPX Traffic Filter Driver
"DependOnService" = NwlnkFwd [binary data]
"Description" = IPX Traffic Filter Driver
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\nwlnkfwd.sys -- File not found
"DisplayName" = IPX Traffic Forwarder Driver
"Description" = IPX Traffic Forwarder Driver
"Type" = 16
"Start" = 3
"ErrorControl" = 1
"ImagePath" = "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" -- [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation)
"DisplayName" = Microsoft Office Diagnostics Service
"ObjectName" = LocalSystem
"Description" = Exécute des sections de Microsoft Office Diagnostics.
"Security" = [Binary data over 100 bytes]
"DisplayName" = NEC FireWarden OHCI Compliant IEEE 1394 Host Controller
"ImagePath" = \SystemRoot\system32\drivers\ohci1394.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"Type" = 16
"Start" = 3
"ErrorControl" = 1
"ImagePath" = "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" -- [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation)
"DisplayName" = Office Source Engine
"ObjectName" = LocalSystem
"Description" = Enregistre les fichiers d'installation utilisés pour les mises à jour et réparations. Est requis pour le téléchargement des mises à jour d'installation et des rapports d'erreur Watson.
"Security" = [Binary data over 100 bytes]
"Library" = C:\PROGRA~1\MI1933~1\Office12\OLMAPI32.DLL -- [2009/08/17 22:54:46 | 002,968,432 | ---- | M] (Microsoft Corporation)
"Debug" = 0
"Version" = 14
"Close" = ClosePerformanceData
"Collect" = CollectPerformanceData
"Open" = OpenPerformanceData
"DisplayName" = @%SystemRoot%\system32\p2psvc.dll,-8004
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Start" = 3
"Type" = 32
"Description" = @%SystemRoot%\system32\p2psvc.dll,-8005
"ObjectName" = NT AUTHORITY\LocalService
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 E0 93 04 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDllUnloadOnStop" = 1
"ServiceMain" = IMServiceMain
"ServiceDll" = %SystemRoot%\system32\p2psvc.dll -- [2009/04/11 02:28:23 | 000,644,608 | ---- | M] (Microsoft Corporation)
"Security" = [Binary data over 100 bytes]
"DisplayName" = @%SystemRoot%\system32\p2psvc.dll,-8006
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Start" = 3
"Type" = 32
"Description" = @%SystemRoot%\system32\p2psvc.dll,-8007
"DependOnService" = p2pimsvcPNRPSvc [binary data]
"ObjectName" = NT AUTHORITY\LocalService
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 E0 93 04 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDllUnloadOnStop" = 1
"ServiceMain" = GroupServiceMain
"ServiceDll" = %SystemRoot%\system32\p2psvc.dll -- [2009/04/11 02:28:23 | 000,644,608 | ---- | M] (Microsoft Corporation)
"Security" = [Binary data over 100 bytes]
"DisplayName" = Parallel port driver
"Group" = Parallel arbitrator
"ImagePath" = \SystemRoot\system32\drivers\parport.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"DisplayName" = Partition Manager
"Group" = Boot Bus Extender -- [2009/09/30 18:24:05 | 000,000,000 | ---D | M]
"ImagePath" = System32\drivers\partmgr.sys -- [2009/04/11 02:32:31 | 000,054,248 | ---- | M] (Microsoft Corporation)
"Description" = Disk class filter driver that auctions out partitions to volume managers
"ErrorControl" = 3
"Start" = 0
"Type" = 1
"506d5086" = 1
"966adf25" = 1
"SanPolicy" = 1
"0" = Root\LEGACY_PARTMGR\0000
"Count" = 2
"NextInstance" = 2
"1" = IDE\DiskWDC_WD1600BEVT-22ZCT0___________________11.01A11\5&a378056&0&0.0.0
"Group" = Extended Base
"ImagePath" = \SystemRoot\system32\drivers\parvdm.sys
"ErrorControl" = 0
"Start" = 2
"Type" = 1
"DependOnGroup" = Parallel arbitrator [binary data]
"DependOnService" = Parport [binary data]
"DisplayName" = @%SystemRoot%\system32\pcasvc.dll,-1
"ErrorControl" = 1
"ImagePath" = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Start" = 2
"Type" = 32
"Description" = @%SystemRoot%\system32\pcasvc.dll,-2
"DependOnService" = RpcSs [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ObjectName" = LocalSystem
"ServiceSidType" = 1
"RequiredPrivileges" = SeDebugPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDllUnloadOnStop" = 1
"ServiceMain" = ServiceMain
"ServiceDll" = %SystemRoot%\System32\pcasvc.dll -- [2008/01/19 03:36:03 | 000,037,888 | ---- | M] (Microsoft Corporation)
"Security" = [Binary data over 100 bytes]
"Tag" = 3
"DisplayName" = Pilote de bus PCI
"Group" = Boot Bus Extender -- [2009/09/30 18:24:05 | 000,000,000 | ---D | M]
"ImagePath" = system32\drivers\pci.sys -- [2009/04/11 02:32:55 | 000,149,480 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 3
"Start" = 0
"Type" = 1
"0" = ACPI\PNP0A03\2&daba3ff&1
"Count" = 6
"NextInstance" = 6
"1" = PCI\VEN_1106&DEV_B188&SUBSYS_00000000&REV_00\3&18d45aa6&0&08
"2" = PCI\VEN_1106&DEV_A238&SUBSYS_00000000&REV_00\3&18d45aa6&0&10
"3" = PCI\VEN_1106&DEV_C238&SUBSYS_00000000&REV_00\3&18d45aa6&0&18
"4" = PCI\VEN_1106&DEV_337B&SUBSYS_337B1106&REV_00\3&18d45aa6&0&98
"5" = PCI\VEN_1106&DEV_337A&SUBSYS_337A1106&REV_00\3&18d45aa6&0&99
"Group" = System Bus Extender
"ImagePath" = \SystemRoot\system32\drivers\pciide.sys
"ErrorControl" = 3
"Start" = 4
"Type" = 1
"Group" = System Bus Extender
"ImagePath" = \SystemRoot\system32\drivers\pcmcia.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"DataPath" = C:\ProgramData\Microsoft\MF -- [2006/11/02 08:35:51 | 000,000,000 | ---D | M]
"Options" = 0
"DisplayName" = PEAUTH
"ImagePath" = system32\drivers\peauth.sys -- [2006/11/02 05:04:35 | 000,878,080 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 2
"Type" = 1
"DefaultInstance" = PEAUTH
"0" = Root\LEGACY_PEAUTH\0000
"Count" = 1
"NextInstance" = 1
"Close" = CloseDiskObject
"Collect" = CollectDiskObjectData
"Collect Timeout" = 2000
"Library" = perfdisk.dll -- [2009/04/11 02:28:23 | 000,031,744 | ---- | M] (Microsoft Corporation)
"Object List" = 234 236
"Open" = OpenDiskObject
"Open Timeout" = 5000
"Close" = CloseNetSvcsObject
"Collect" = CollectNetSvcsObjectData
"Collect Timeout" = 5000
"Library" = perfnet.dll -- [2008/01/19 03:36:03 | 000,019,968 | ---- | M] (Microsoft Corporation)
"Object List" = 52 262 330 1300
"Open" = OpenNetSvcsObject
"Open Timeout" = 8000
"Close" = CloseOSObject
"Collect" = CollectOSObjectData
"Collect Timeout" = 8000
"Library" = perfos.dll -- [2006/11/02 05:46:12 | 000,028,672 | ---- | M] (Microsoft Corporation)
"Object List" = 2 4 86 238 260 700
"Open" = OpenOSObject
"Open Timeout" = 5000
"Disable Performance Counters" = 0
"Close" = CloseSysProcessObject
"Collect" = CollectSysProcessObjectData
"Collect Timeout" = 8000
"Library" = perfproc.dll -- [2006/11/02 05:46:12 | 000,035,840 | ---- | M] (Microsoft Corporation)
"Object List" = 230 232 786 740 816 1408 1500 1548 1760
"Open" = OpenSysProcessObject
"Open Timeout" = 10000
"Disable Performance Counters" = 0
"DisplayName" = @%systemroot%\system32\pla.dll,-500
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\pla.dll,-501
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = RPCSS [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ServiceSidType" = 3
"RequiredPrivileges" = SeImpersonatePrivilege [binary data]
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"EventBookmark" = [Binary data over 100 bytes]
"ServiceDll" = %systemroot%\system32\pla.dll -- [2008/01/19 03:36:06 | 001,502,208 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"Security" = [Binary data over 100 bytes]
"DisplayName" = @%SystemRoot%\system32\umpnpmgr.dll,-100
"Group" = PlugPlay
"ImagePath" = %SystemRoot%\system32\svchost.exe -k DcomLaunch -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\umpnpmgr.dll,-101
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 02 00 00 00 60 EA 00 00 02 00 00 00 60 EA 00 00 02 00 00 00 60 EA 00 00 [binary data]
"ServiceDll" = %SystemRoot%\system32\umpnpmgr.dll -- [2009/04/11 02:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Pml Driver HPZ12]
"Type" = 16
"Start" = 2
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\System32\svchost.exe -k HPZ12 -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"ObjectName" = NT AUTHORITY\LocalService
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Pml Driver HPZ12\Parameters]
"ServiceDll" = C:\Windows\system32\HPZipm12.dll -- [2008/07/18 07:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Pml Driver HPZ12\Security]
"Security" = [Binary data over 100 bytes]
"DisplayName" = @%SystemRoot%\system32\p2psvc.dll,-8002
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Start" = 3
"Type" = 32
"Description" = @%SystemRoot%\system32\p2psvc.dll,-8003
"DependOnService" = pnrpsvc [binary data]
"ObjectName" = NT AUTHORITY\LocalService
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDllUnloadOnStop" = 1
"ServiceMain" = PnrpAutoSVCServiceMain
"ServiceDll" = %SystemRoot%\system32\p2psvc.dll -- [2009/04/11 02:28:23 | 000,644,608 | ---- | M] (Microsoft Corporation)
"Security" = [Binary data over 100 bytes]
"DisplayName" = @%SystemRoot%\system32\p2psvc.dll,-8000
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Start" = 3
"Type" = 32
"Description" = @%SystemRoot%\system32\p2psvc.dll,-8001
"DependOnService" = p2pimsvc [binary data]
"ObjectName" = NT AUTHORITY\LocalService
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 E0 93 04 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDllUnloadOnStop" = 1
"ServiceMain" = SVCServiceMain
"ServiceDll" = %SystemRoot%\system32\p2psvc.dll -- [2009/04/11 02:28:23 | 000,644,608 | ---- | M] (Microsoft Corporation)
"Close" = PrfData_Close
"Open" = PrfData_Open_Client
"Collect" = PrfData_Collect
"Library" = %SystemRoot%\system32\pnrpperf.dll -- [2006/11/02 08:34:46 | 000,018,944 | ---- | M] (Microsoft Corporation)
"InstallType" = 1
"PerfIniFile" = pnrpclientperfcounters.ini
"First Counter" = 4028
"Last Counter" = 4038
"First Help" = 4029
"Last Help" = 4039
"Object List" = 4028
"Security" = [Binary data over 100 bytes]
"DisplayName" = @%SystemRoot%\System32\polstore.dll,-5010
"ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\polstore.dll,-5011
"ObjectName" = NT Authority\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = Tcpipbfe [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\ipsecsvc.dll -- [2009/04/11 02:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"ServiceMain" = SpdServiceMain
"Open" = OpenIPSecPerformanceData
"Close" = CloseIPSecPerformanceData
"Collect" = CollectIPSecPerformanceData
"Library" = %SystemRoot%\System32\ipsecsvc.dll -- [2009/04/11 02:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation)
"1005" = Reg Error: Unknown registry data type -- File not found
"Disable Performance Counters" = 1
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\raspptp.sys -- [2008/01/19 01:56:34 | 000,062,976 | ---- | M] (Microsoft Corporation)
"DisplayName" = Miniport réseau étendu WAN (PPTP)
"Description" = Miniport réseau étendu WAN (PPTP)
"0" = Root\MS_PPTPMINIPORT\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = Processor Driver
"Group" = Extended Base
"ImagePath" = \SystemRoot\system32\drivers\processr.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"DisplayName" = @%systemroot%\system32\profsvc.dll,-300
"Group" = profsvc_group
"ImagePath" = %systemroot%\system32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\profsvc.dll,-301
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = RpcSs [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %systemroot%\system32\profsvc.dll -- [2009/04/11 02:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation)
"ServiceMain" = UserProfileServiceMain
"ServiceDllUnloadOnStop" = 1
"DisplayName" = @%systemroot%\system32\psbase.dll,-300
"ImagePath" = %SystemRoot%\system32\lsass.exe -- [2009/06/15 08:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\psbase.dll,-301
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = RpcSs [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 00 [binary data]
"Security" = [Binary data over 100 bytes]
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 17
"ImagePath" = system32\DRIVERS\pacer.sys -- [2009/04/11 00:45:51 | 000,072,192 | ---- | M] (Microsoft Corporation)
"DisplayName" = @%SystemRoot%\System32\drivers\pacer.sys,-101
"Group" = NDIS
"Description" = @%SystemRoot%\System32\drivers\pacer.sys,-101
"DefaultFilterSettings" = 1
"InterfaceGuid" = 55 07 38 B4 5C 7A DA 11 B5 CD 00 A0 D1 C7 6A 7E [binary data]
"InterfaceGuid" = 89 2E 93 D8 6F 6A DB 11 B6 AB 00 14 22 0F 6F 7E [binary data]
"InterfaceGuid" = B7 E3 3C BE 5B 7A DA 11 96 A4 97 03 08 0B C4 4C [binary data]
"InterfaceGuid" = 8C 2E 93 D8 6F 6A DB 11 B6 AB 00 14 22 0F 6F 7E [binary data]
"InterfaceGuid" = 8B 2E 93 D8 6F 6A DB 11 B6 AB 00 14 22 0F 6F 7E [binary data]
"InterfaceGuid" = 57 C4 D4 B8 FF C2 DE 11 B7 8A 00 A0 D1 C7 6A 7E [binary data]
"InterfaceGuid" = 8A 2E 93 D8 6F 6A DB 11 B6 AB 00 14 22 0F 6F 7E [binary data]
"InterfaceGuid" = 94 6B 6B 9A 29 B5 DD 11 B5 BB 00 A0 D1 C7 6A 7E [binary data]
"InterfaceGuid" = F0 D5 08 BC 01 B8 DD 11 AD 86 00 A0 D1 C7 6A 7E [binary data]
"HelperDllName" = %Systemroot%\System32\wshqos.dll -- [2006/11/02 05:46:14 | 000,013,824 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 28
"MinSockAddrLength" = 16
"Mapping" = [Binary data over 100 bytes]
"Library" = pacerprf.dll -- [2006/11/02 05:46:12 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Open" = OpenPacerPerformanceData
"Close" = ClosePacerPerformanceData
"Collect" = CollectPacerPerformanceData
"PerfIniFile" = pacerprf.ini -- [2006/09/18 17:37:10 | 000,013,750 | ---- | M] ()
"Last Counter" = 4462
"Last Help" = 4463
"First Counter" = 4386
"First Help" = 4387
"0" = Root\LEGACY_PSCHED\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = QLogic Fibre Channel Miniport Driver
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\ql2300.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"5" = 1
"DisplayName" = QLogic iSCSI Miniport Driver
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\ql40xx.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"5" = 1
"DisplayName" = @%SystemRoot%\system32\qwave.dll,-1
"ErrorControl" = 1
"ImagePath" = %windir%\system32\svchost.exe -k LocalService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Start" = 3
"Type" = 32
"Description" = @%SystemRoot%\system32\qwave.dll,-2
"DependOnService" = rpcsspschedQWAVEdrvLLTDIO [binary data]
"ObjectName" = NT AUTHORITY\LocalService
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilege [binary data]
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ETWTrace" = 0
"LLTD" = 1
"ProbegapTrace" = 0
"ServiceDllUnloadOnStop" = 1
"ServiceMain" = ServiceMain
"ServiceDll" = %windir%\system32\qwave.dll -- [2008/01/19 03:36:14 | 000,243,712 | ---- | M] (Microsoft Corporation)
"Security" = [Binary data over 100 bytes]
"DisplayName" = @%SystemRoot%\system32\drivers\qwavedrv.sys,-1
"ErrorControl" = 1
"ImagePath" = \SystemRoot\system32\drivers\qwavedrv.sys
"Start" = 3
"Type" = 1
"Description" = @%SystemRoot%\system32\drivers\qwavedrv.sys,-2
"Security" = [Binary data over 100 bytes]
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = System32\DRIVERS\rasacd.sys -- [2008/01/19 01:56:31 | 000,011,776 | ---- | M] (Microsoft Corporation)
"DisplayName" = Remote Access Auto Connection Driver
"Group" = Streams Drivers
"Description" = Remote Access Auto Connection Driver
"Security" = [Binary data over 100 bytes]
"0" = Root\LEGACY_RASACD\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = @%Systemroot%\system32\rasauto.dll,-200
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%Systemroot%\system32\rasauto.dll,-201
"ObjectName" = localSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = RasManTapisrv [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\rasauto.dll -- [2008/01/19 03:36:15 | 000,090,624 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"Security" = [Binary data over 100 bytes]
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\rasl2tp.sys -- [2008/01/19 01:56:34 | 000,076,288 | ---- | M] (Microsoft Corporation)
"DisplayName" = Miniport réseau étendu WAN (L2TP)
"Description" = Miniport réseau étendu WAN (L2TP)
"0" = Root\MS_L2TPMINIPORT\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = @%Systemroot%\system32\rasmans.dll,-200
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%Systemroot%\system32\rasmans.dll,-201
"ObjectName" = localSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = TapisrvSstpSvc [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\rasmans.dll -- [2009/04/11 02:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation)
"Medias" = rastapi [binary data] -- [2009/04/11 02:28:24 | 000,069,632 | ---- | M] (Microsoft Corporation)
"CustomDLL" = [binary data]
"ServiceDllUnloadOnStop" = 1
"AllowL2TPWeakCrypto" = 0
"AllowPPTPWeakCrypto" = 0
"KeepRasConnections" = 0
"AutoRefreshEnabled" = 0
"AutoRefreshTimeout" = 25200000
"Enabled" = 1
"WorkItemTimeout" = 3000
"MaxConfigure" = 10
"MaxFailure" = 10
"MaxReject" = 5
"MaxTerminate" = 2
"Multilink" = 0
"NegotiateTime" = 150
"RestartTimer" = 3
"Path" = %SystemRoot%\System32\rasppp.dll -- [2009/04/11 02:28:24 | 000,259,584 | ---- | M] (Microsoft Corporation)
"Path" = %SystemRoot%\System32\raschap.dll -- [2009/04/11 02:28:23 | 000,281,088 | ---- | M] (Microsoft Corporation)
"Path" = %SystemRoot%\System32\rasppp.dll -- [2009/04/11 02:28:24 | 000,259,584 | ---- | M] (Microsoft Corporation)
"FriendlyName" = @%SystemRoot%\system32\rastls.dll,-2001 -- [2009/10/07 07:36:36 | 000,243,712 | ---- | M] (Microsoft Corporation)
"Path" = %SystemRoot%\System32\rastls.dll -- [2009/10/07 07:36:36 | 000,243,712 | ---- | M] (Microsoft Corporation)
"ConfigCLSID" = {58AB2366-D597-11d1-B90E-00C04FC9B263}
"ConfigUiPath" = %SystemRoot%\System32\rastls.dll -- [2009/10/07 07:36:36 | 000,243,712 | ---- | M] (Microsoft Corporation)
"IdentityPath" = %SystemRoot%\System32\rastls.dll -- [2009/10/07 07:36:36 | 000,243,712 | ---- | M] (Microsoft Corporation)
"InteractiveUIPath" = %SystemRoot%\System32\rastls.dll -- [2009/10/07 07:36:36 | 000,243,712 | ---- | M] (Microsoft Corporation)
"InvokePasswordDialog" = 0
"InvokeUsernameDialog" = 0
"MPPEEncryptionSupported" = 1
"NoRootRevocationCheck" = 1
"PerPolicyConfig" = 1
"RolesSupported" = 3
"StandaloneSupported" = 0
"Properties" = 7133359
"" = Microsoft -- [2006/11/02 08:45:01 | 000,000,000 | --SD | M]
"FriendlyName" = @%SystemRoot%\system32\rastls.dll,-2002 -- [2009/10/07 07:36:36 | 000,243,712 | ---- | M] (Microsoft Corporation)
"Path" = %SystemRoot%\System32\rastls.dll -- [2009/10/07 07:36:36 | 000,243,712 | ---- | M] (Microsoft Corporation)
"ConfigCLSID" = {58AB2366-D597-11d1-B90E-00C04FC9B263}
"ConfigUiPath" = %SystemRoot%\System32\rastls.dll -- [2009/10/07 07:36:36 | 000,243,712 | ---- | M] (Microsoft Corporation)
"IdentityPath" = %SystemRoot%\System32\rastls.dll -- [2009/10/07 07:36:36 | 000,243,712 | ---- | M] (Microsoft Corporation)
"InteractiveUIPath" = %SystemRoot%\System32\rastls.dll -- [2009/10/07 07:36:36 | 000,243,712 | ---- | M] (Microsoft Corporation)
"InvokePasswordDialog" = 0
"InvokeUsernameDialog" = 0
"MPPEEncryptionSupported" = 1
"NoRootRevocationCheck" = 1
"PerPolicyConfig" = 1
"RolesSupported" = 35
"StandaloneSupported" = 1
"Properties" = 8321215
"" = Microsoft -- [2006/11/02 08:45:01 | 000,000,000 | --SD | M]
"FriendlyName" = @%SystemRoot%\system32\raschap.dll,-2002 -- [2009/04/11 02:28:23 | 000,281,088 | ---- | M] (Microsoft Corporation)
"Path" = %SystemRoot%\System32\raschap.dll -- [2009/04/11 02:28:23 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ConfigCLSID" = {2af6bcaa-f526-4803-aeb8-5777ce386647}
"ConfigUiPath" = %SystemRoot%\System32\raschap.dll -- [2009/04/11 02:28:23 | 000,281,088 | ---- | M] (Microsoft Corporation)
"IdentityPath" = %SystemRoot%\System32\raschap.dll -- [2009/04/11 02:28:23 | 000,281,088 | ---- | M] (Microsoft Corporation)
"InteractiveUIPath" = %SystemRoot%\System32\raschap.dll -- [2009/04/11 02:28:23 | 000,281,088 | ---- | M] (Microsoft Corporation)
"InvokePasswordDialog" = 0
"InvokeUsernameDialog" = 0
"MPPEEncryptionSupported" = 1
"PerPolicyConfig" = 1
"RolesSupported" = 23
"StandaloneSupported" = 1
"Properties" = 7094382
"" = Microsoft -- [2006/11/02 08:45:01 | 000,000,000 | --SD | M]
"Security" = [Binary data over 100 bytes]
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\raspppoe.sys -- [2009/04/11 00:46:30 | 000,041,472 | ---- | M] (Microsoft Corporation)
"DisplayName" = @%systemroot%\system32\rascfg.dll,-32007
"Description" = @%systemroot%\system32\rascfg.dll,-32007
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
"0" = Root\MS_PPPOEMINIPORT\0000
"Count" = 1
"NextInstance" = 1
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\rassstp.sys -- [2009/04/11 00:46:40 | 000,069,120 | ---- | M] (Microsoft Corporation)
"DisplayName" = @%systemroot%\system32\sstpsvc.dll,-202
"Description" = @%systemroot%\system32\sstpsvc.dll,-202
"0" = Root\MS_SSTPMINIPORT\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = Redirected Buffering Sub Sysytem
"Group" = Network
"ImagePath" = system32\DRIVERS\rdbss.sys -- [2009/04/11 00:14:29 | 000,225,280 | ---- | M] (Microsoft Corporation)
"Description" = Provides the framework for network mini-redirectors
"ErrorControl" = 1
"Start" = 1
"Tag" = 4
"Type" = 2
"DependOnService" = Mup [binary data]
"0" = Root\LEGACY_RDBSS\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = RDPCDD
"Group" = Video Save
"ImagePath" = System32\DRIVERS\RDPCDD.sys -- [2008/01/19 02:01:08 | 000,006,144 | ---- | M] (Microsoft Corporation)
"Description" = RDPDD Chained DD
"ErrorControl" = 0
"Start" = 1
"Type" = 1
"Device Description" = RDPDD Chained DD -- [2008/01/19 02:01:34 | 000,134,656 | ---- | M] (Microsoft Corporation)
"InstalledDisplayDrivers" = RDPDD [binary data] -- [2008/01/19 02:01:34 | 000,134,656 | ---- | M] (Microsoft Corporation)
"MirrorDriver" = 1
"VgaCompatible" = 0
"VideoID" = {DEB039CC-B704-4F53-B43E-9DD4432FA2E9}
"Service" = RDPCDD
"0" = Root\LEGACY_RDPCDD\0000
"Count" = 1
"NextInstance" = 1
"Attach.RelativeX" = 0
"Attach.RelativeY" = 0
"Attach.ToDesktop" = 1
"DefaultSettings.XResolution" = 800
"DefaultSettings.YResolution" = 600
"Device Description" = RDPDD Chained DD -- [2008/01/19 02:01:34 | 000,134,656 | ---- | M] (Microsoft Corporation)
"InstalledDisplayDrivers" = RDPDD [binary data] -- [2008/01/19 02:01:34 | 000,134,656 | ---- | M] (Microsoft Corporation)
"VgaCompatible" = 0
"DisplayName" = Terminal Server Device Redirector Driver
"ImagePath" = \SystemRoot\system32\drivers\rdpdr.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"DisplayName" = RDP Encoder Mirror Driver
"Group" = Video Save
"ImagePath" = system32\drivers\rdpencdd.sys -- [2008/01/19 02:01:09 | 000,006,144 | ---- | M] (Microsoft Corporation)
"Description" = RDP Encoder Mirror Driver
"ErrorControl" = 0
"Start" = 1
"Type" = 1
"Device Description" = RDP Encoder Mirror Driver
"InstalledDisplayDrivers" = RDPENCDD [binary data] -- [2008/01/19 03:31:18 | 000,118,272 | ---- | M] (Microsoft Corporation)
"MirrorDriver" = 1
"VgaCompatible" = 0
"VideoID" = {42cf9257-1d96-4c9d-87f3-0d8e74595f78}
"Service" = RDPENCDD -- [2008/01/19 03:31:18 | 000,118,272 | ---- | M] (Microsoft Corporation)
"0" = Root\LEGACY_RDPENCDD\0000
"Count" = 1
"NextInstance" = 1
"Description" = @%systemroot%\system32\drprov.dll,-101
"DisplayName" = @%systemroot%\system32\drprov.dll,-100
"DeviceName" = \Device\RdpDr
"Name" = Microsoft Terminal Services
"DisplayName" = @%systemroot%\system32\drprov.dll,-100
"ProviderPath" = %SystemRoot%\System32\drprov.dll -- [2006/11/02 05:46:04 | 000,017,920 | ---- | M] (Microsoft Corporation)
"DisplayName" = RDP Winstation Driver
"ErrorControl" = 0
"Start" = 3
"Type" = 1
"DisplayName" = @%Systemroot%\system32\mprdim.dll,-200
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%Systemroot%\system32\mprdim.dll,-201
"ObjectName" = localSystem
"ErrorControl" = 1
"Start" = 4
"Type" = 32
"DependOnGroup" = NetBIOSGroup [binary data]
"DependOnService" = RpcSSRasManbfe [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ConfigurationFlags" = 0
"" =
"AccountSessionIdStart" = 1
"ActiveProvider" = {1AA7F846-C7F5-11D0-A376-00C04FC9DA04}
"ConfigClsid" = {1AA7F840-C7F5-11D0-A376-00C04FC9DA04}
"DisplayName" = @%Systemroot%\system32\mprddm.dll,-202
"VendorName" = Microsoft -- [2006/11/02 08:45:01 | 000,000,000 | --SD | M]
"ProviderTypeGUID" = {76560D00-2BFD-11d2-9539-3078302C2030}
"Path" = %SystemRoot%\System32\mprddm.dll -- [2008/01/19 03:34:53 | 000,104,960 | ---- | M] (Microsoft Corporation)
"ConfigClsid" =
"DisplayName" = @%Systemroot%\system32\mprddm.dll,-203
"ProviderTypeGUID" = {76560D81-2BFD-11d2-9539-3078302C2030}
"VendorName" = Microsoft -- [2006/11/02 08:45:01 | 000,000,000 | --SD | M]
"ActiveProvider" = {1AA7F841-C7F5-11D0-A376-00C04FC9DA04}
"ConfigClsid" = {1AA7F83F-C7F5-11D0-A376-00C04FC9DA04}
"DisplayName" = @%Systemroot%\system32\mprddm.dll,-201
"VendorName" = Microsoft -- [2006/11/02 08:45:01 | 000,000,000 | --SD | M]
"ProviderTypeGUID" = {76560D00-2BFD-11d2-9539-3078302C2030}
"Path" = %SystemRoot%\System32\mprddm.dll -- [2008/01/19 03:34:53 | 000,104,960 | ---- | M] (Microsoft Corporation)
"ConfigClsid" =
"DisplayName" = @%Systemroot%\system32\mprddm.dll,-200
"VendorName" = Microsoft -- [2006/11/02 08:45:01 | 000,000,000 | --SD | M]
"ProviderTypeGUID" = {76560D01-2BFD-11d2-9539-3078302C2030}
"DllPath" = %SystemRoot%\System32\mprddm.dll -- [2008/01/19 03:34:53 | 000,104,960 | ---- | M] (Microsoft Corporation)
"Stamp" = 0
"InterfaceName" = Boucle de rappel
"Type" = 5
"Enabled" = 1
"Stamp" = 0
"ProtocolId" = 33
"InterfaceInfo" = [Binary data over 100 bytes]
"ProtocolId" = 87
"InterfaceInfo" = [Binary data over 100 bytes]
"InterfaceName" = Interne
"Type" = 4
"Enabled" = 1
"Stamp" = 0
"ProtocolId" = 33
"InterfaceInfo" = [Binary data over 100 bytes]
"ProtocolId" = 87
"InterfaceInfo" = [Binary data over 100 bytes]
"InterfaceName" = {B593C447-7A90-4161-80DA-AC7B1A3C54D7}
"Type" = 3
"Enabled" = 1
"Stamp" = 0
"ProtocolId" = 33
"InterfaceInfo" = [Binary data over 100 bytes]
"ProtocolId" = 87
"InterfaceInfo" = [Binary data over 100 bytes]
"InterfaceName" = {CADDC85B-6D07-454E-A0A0-0653411431B7}
"Type" = 3
"Enabled" = 1
"Stamp" = 0
"ProtocolId" = 33
"InterfaceInfo" = [Binary data over 100 bytes]
"ProtocolId" = 87
"InterfaceInfo" = [Binary data over 100 bytes]
"InterfaceName" = {4A2B864F-C00C-494D-A4B7-8CCF82A43EE8}
"Type" = 3
"Enabled" = 1
"Stamp" = 0
"ProtocolId" = 33
"InterfaceInfo" = [Binary data over 100 bytes]
"ProtocolId" = 87
"InterfaceInfo" = [Binary data over 100 bytes]
"InterfaceName" = {0FA55481-AB69-4A20-B634-2F3C2AF5B354}
"Type" = 3
"Enabled" = 1
"Stamp" = 0
"ProtocolId" = 33
"InterfaceInfo" = [Binary data over 100 bytes]
"ProtocolId" = 87
"InterfaceInfo" = [Binary data over 100 bytes]
"InterfaceName" = {6D8E9F7A-1CE4-4D3F-AD78-45665F6A0EC0}
"Type" = 3
"Enabled" = 1
"Stamp" = 0
"ProtocolId" = 33
"InterfaceInfo" = [Binary data over 100 bytes]
"ProtocolId" = 87
"InterfaceInfo" = [Binary data over 100 bytes]
"ServiceDLL" = %SystemRoot%\System32\mprdim.dll -- [2008/01/19 03:34:53 | 000,068,608 | ---- | M] (Microsoft Corporation)
"QuarantineInstalled" = 1
"LoggingFlags" = 2
"ServerFlags" = 8398338
"ServiceDllUnloadOnStop" = 1
"Stamp" = 0
"UsersConfigured" = 0
"RouterType" = 7
"AllowNetworkAccess" = 1
"EnableIn" = 1
"EnableRoute" = 1
"IpAddress" =
"IpMask" =
"UseDhcpAddressing" = 1
"EnableNetbtBcastFwd" = 1
"AllowClientIpAddresses" = 0
"AllowNetworkAccess" = 1
"EnableIn" = 0
"EnableRoute" = 1
"UseDhcpAddressing" = 0
"AdvertiseDefaultRoute" = 1
"AllowNetworkAccess" = 1
"EnableIn" = 1
"Library" = rasctrs.dll -- [2008/01/19 03:36:15 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Open" = OpenRasPerformanceData
"Close" = CloseRasPerformanceData
"Collect" = CollectRasPerformanceData
"InstallType" = 1
"PerfIniFile" = rasctrs.ini
"First Counter" = 1868
"Last Counter" = 1906
"First Help" = 1869
"Last Help" = 1907
"Allow LM Authentication" = 0
"ProductDir" = %SystemRoot%\System32\IAS -- [2008/11/21 15:17:51 | 000,000,000 | ---D | M]
"" = IAS.ProxyPolicyEnforcer
"Requests" = 0 1 2
"Responses" = 0 1 2 3 4
"" = IAS.Realm
"Providers" = 1
"Requests" = 0 1
"Responses" = 0
"" = IAS.Realm
"Requests" = 0 1
"Responses" = 0
"Providers" = 0 2
"" = IAS.NTSamNames
"Providers" = 1
"Responses" = 0
"Requests" = 0
"" = IAS.CRPBasedEAP
"Providers" = 1
"Requests" = 0 2
"Responses" = 0
"" = IAS.Realm
"Providers" = 1
"Requests" = 0
"Responses" = 0
"Replays" = 0
"" = IAS.NTSamNames
"Providers" = 1
"Requests" = 0
"Responses" = 0
"Replays" = 0
"" = IAS.MachineNameMapper
"Providers" = 1
"Requests" = 0
"Responses" = 0
"Replays" = 0
"" = IAS.BaseCampHost
"Replays" = 0
"" = IAS.RadiusProxy
"Providers" = 2
"Responses" = 0
"Replays" = 0
"" = IAS.ExternalAuthNames
"Providers" = 2
"Requests" = 0
"Responses" = 1
"Replays" = 0
"" = IAS.NTSamAuthentication
"Requests" = 0
"Responses" = 0 1 2
"Providers" = 1
"Replays" = 0
"" = IAS.UserAccountValidation
"Providers" = 1 3
"Requests" = 0
"Replays" = 0
"Responses" = 0 1
"Reasons" = 33
"" = IAS.MachineAccountValidation
"Providers" = 1
"Requests" = 0
"Responses" = 0 1
"Replays" = 0
"" = IAS.EAPIdentity
"Providers" = 1
"Requests" = 0
"Replays" = 0
"Responses" = 0
"" = IAS.QuarantineEvaluator
"Providers" = 1
"Requests" = 0
"Replays" = 0
"Responses" = 0 1
"" = IAS.PolicyEnforcer
"Providers" = 1 3
"Requests" = 0
"Replays" = 0
"Responses" = 0 1
"Reasons" = 33
"" = IAS.NTSamPerUser
"Providers" = 1 3
"Requests" = 0
"Replays" = 0
"Responses" = 0 1
"Reasons" = 33
"" = IAS.URHandler
"Providers" = 1 3
"Requests" = 0
"Replays" = 0
"Responses" = 0 1
"Reasons" = 33
"" = IAS.RAPBasedEAP
"Providers" = 1
"Requests" = 0 2
"Replays" = 0
"Responses" = 0
"" = IAS.PostEapRestrictions
"Providers" = 0 1 3
"Requests" = 0
"Replays" = 0
"Responses" = 0 1
"" = IAS.PostQuarantineEvaluator
"Providers" = 1
"Requests" = 0
"Replays" = 0
"Responses" = 1 2 5
"" = IAS.ChangePassword
"Providers" = 1
"Requests" = 0
"Replays" = 0
"Responses" = 1
"" = IAS.AuthorizationHost
"Replays" = 0
"" = IAS.EAPTerminator
"Providers" = 0 1
"Requests" = 0 2
"Replays" = 0
"Responses" = 1 2 3 5
"" = IAS.Accounting
"" = IAS.DatabaseAccounting
"" = IAS.MSChapErrorReporter
"Providers" = 0 1 3
"Requests" = 0
"Replays" = 0
"Responses" = 2
"Stamp" = 0
"ProtocolId" = 33
"GlobalInfo" = [Binary data over 100 bytes]
"DLLPath" = %SystemRoot%\System32\iprtrmgr.dll -- [2008/01/19 03:34:34 | 000,252,416 | ---- | M] (Microsoft Corporation)
"ProtocolId" = 87
"GlobalInfo" = [Binary data over 100 bytes]
"DLLPath" = %SystemRoot%\System32\iprtrmgr.dll -- [2008/01/19 03:34:34 | 000,252,416 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\RoutingTableManager\Instance 00000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\RoutingTableManager\Instance 00000\AddressFamily 00002]
"AddressSize" = 4
"MaxChangeNotifyRegistrations" = 16
"MaxHandlesReturnedInEnum" = 25
"MaxNextHopsInRoute" = 3
"MaxOpaqueInfoPointers" = 5
"ViewsSupported" = 3
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\RoutingTableManager\Instance 00000\AddressFamily 00023]
"AddressSize" = 16
"MaxChangeNotifyRegistrations" = 16
"MaxHandlesReturnedInEnum" = 25
"MaxNextHopsInRoute" = 3
"MaxOpaqueInfoPointers" = 5
"ViewsSupported" = 3
"Security" = [Binary data over 100 bytes]
"DisplayName" = @regsvc.dll,-1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k regsvc -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @regsvc.dll,-2
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = RPCSS [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ServiceSidType" = 1
"RequiredPrivileges" = SeCreateGlobalPrivilegeSeImpersonatePrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDllUnloadOnStop" = 1
"ServiceDll" = %SystemRoot%\system32\regsvc.dll -- [2009/04/11 02:28:24 | 000,107,008 | ---- | M] (Microsoft Corporation)
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 11
"ImagePath" = system32\DRIVERS\rfcomm.sys -- [2009/04/11 00:43:12 | 000,148,992 | ---- | M] (Microsoft Corporation)
"DisplayName" = Périphérique Bluetooth (TDI protocole RFCOMM)
"Group" = PNP_TDI
"Description" = Périphérique Bluetooth (TDI protocole RFCOMM)
"HelperDllName" = %SystemRoot%\System32\wshBth.dll -- [2009/04/11 02:28:26 | 000,034,304 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 50
"MinSockAddrLength" = 28
"Mapping" = 04 00 00 00 03 00 00 00 20 00 00 00 01 00 00 00 00 01 00 00 20 00 00 00 00 00 00 00 00 01 00 00 20 00 00 00 01 00 00 00 03 00 00 00 20 00 00 00 00 00 00 00 03 00 00 00 [binary data]
"DisplayName" = @%systemroot%\system32\Locator.exe,-2
"ImagePath" = %SystemRoot%\system32\locator.exe -- [2006/11/02 05:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\Locator.exe,-3
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 3
"Type" = 16
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"DisplayName" = @oleres.dll,-5010
"Group" = COM Infrastructure -- [2008/11/21 15:18:07 | 000,000,000 | ---D | M]
"ImagePath" = %SystemRoot%\system32\svchost.exe -k rpcss -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @oleres.dll,-5011
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = DcomLaunch [binary data]
"FailureActions" = 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 02 00 00 00 60 EA 00 00 [binary data]
"RequiredPrivileges" = [Binary data over 100 bytes]
"ServiceSidType" = 1
"ServiceDll" = %SystemRoot%\system32\rpcss.dll -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"Security" = [Binary data over 100 bytes]
"Type" = 1
"Start" = 2
"ErrorControl" = 1
"Tag" = 14
"ImagePath" = system32\DRIVERS\rspndr.sys -- [2008/01/19 01:55:03 | 000,060,416 | ---- | M] (Microsoft Corporation)
"DisplayName" = Répondeur de découverte de topologie de la couche de liaison
"Group" = NDIS
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
"0" = Root\LEGACY_RSPNDR\0000
"Count" = 1
"NextInstance" = 1
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 26
"ImagePath" = system32\DRIVERS\s0016bus.sys -- [2008/05/16 07:33:12 | 000,089,256 | ---- | M] (MCCI Corporation)
"DisplayName" = Sony Ericsson Device 0016 driver (WDM)
"Group" = Base
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\s0016mdfl.sys -- [2008/05/16 07:33:14 | 000,015,016 | ---- | M] (MCCI Corporation)
"DisplayName" = Sony Ericsson Device 0016 USB WMC Modem Filter
"Description" = Sony Ericsson Device 0016 USB WMC Modem Filter
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\s0016mdm.sys -- [2008/05/16 07:33:12 | 000,120,744 | ---- | M] (MCCI Corporation)
"DisplayName" = Sony Ericsson Device 0016 USB WMC Modem Driver
"Description" = Sony Ericsson Device 0016 USB WMC Modem Driver
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\s0016mgmt.sys -- [2008/05/16 07:33:12 | 000,114,216 | ---- | M] (MCCI Corporation)
"DisplayName" = Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
"Description" = Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 30
"ImagePath" = system32\DRIVERS\s0016nd5.sys -- [2008/05/16 07:33:14 | 000,025,512 | ---- | M] (MCCI Corporation)
"DisplayName" = Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
"Group" = NDIS
"BootFlags" = 1
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\s0016obex.sys -- [2008/05/16 07:33:12 | 000,110,632 | ---- | M] (MCCI Corporation)
"DisplayName" = Sony Ericsson Device 0016 USB WMC OBEX Interface
"Description" = Sony Ericsson Device 0016 USB WMC OBEX Interface
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 27
"ImagePath" = system32\DRIVERS\s0016unic.sys -- [2008/05/16 07:33:14 | 000,115,752 | ---- | M] (MCCI Corporation)
"DisplayName" = Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
"Group" = Base
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 24
"ImagePath" = system32\DRIVERS\s117bus.sys -- [2007/06/25 05:43:22 | 000,082,984 | ---- | M] (MCCI Corporation)
"DisplayName" = Sony Ericsson Device 117 driver (WDM)
"Group" = Base
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\s117mdfl.sys -- [2007/06/25 05:43:26 | 000,014,888 | ---- | M] (MCCI Corporation)
"DisplayName" = Sony Ericsson Device 117 USB WMC Modem Filter
"Description" = Sony Ericsson Device 117 USB WMC Modem Filter
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\s117mdm.sys -- [2007/06/25 05:43:36 | 000,108,456 | ---- | M] (MCCI Corporation)
"DisplayName" = Sony Ericsson Device 117 USB WMC Modem Driver
"Description" = Sony Ericsson Device 117 USB WMC Modem Driver
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\s117mgmt.sys -- [2007/06/25 05:43:36 | 000,100,264 | ---- | M] (MCCI Corporation)
"DisplayName" = Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
"Description" = Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 26
"ImagePath" = system32\DRIVERS\s117nd5.sys -- [2007/06/25 05:43:36 | 000,022,952 | ---- | M] (MCCI Corporation)
"DisplayName" = Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)
"Group" = NDIS
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\s117obex.sys -- [2007/06/25 05:43:38 | 000,098,344 | ---- | M] (MCCI Corporation)
"DisplayName" = Sony Ericsson Device 117 USB WMC OBEX Interface
"Description" = Sony Ericsson Device 117 USB WMC OBEX Interface
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 25
"ImagePath" = system32\DRIVERS\s117unic.sys -- [2007/06/25 05:43:36 | 000,098,856 | ---- | M] (MCCI Corporation)
"DisplayName" = Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)
"Group" = Base
"Type" = 1
"Start" = 3
"ErrorControl" = 0
"Tag" = 3
"ImagePath" = system32\DRIVERS\VTGKModeDX32.sys -- [2007/06/14 10:56:30 | 000,780,288 | ---- | M] (S3 Graphics Co., Ltd.)
"Group" = Video
"Device Description" = VIA Chrome9 HC IGP Family WDDM
"Device Description" = VIA Chrome9 HC IGP Family WDDM
"0" = PCI\VEN_1106&DEV_3230&SUBSYS_10D91734&REV_01\4&294cf79e&0&0008
"Count" = 1
"NextInstance" = 1
"Description" = @%SystemRoot%\system32\samsrv.dll,-2
"DisplayName" = @%SystemRoot%\system32\samsrv.dll,-1
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\lsass.exe -- [2009/06/15 08:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation)
"ObjectName" = LocalSystem
"Start" = 2
"Type" = 32
"Group" = MS_WindowsLocalValidation
"DependOnService" = RPCSS [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"Security" = [Binary data over 100 bytes]
"Start" = 3
"Start" = 1
"DisplayName" = SBP-2 Transport/Protocol Bus Driver
"ImagePath" = \SystemRoot\system32\drivers\sbp2port.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"DisplayName" = @%SystemRoot%\System32\SCardSvr.dll,-1
"Group" = SmartCardGroup
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\SCardSvr.dll,-5
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = PlugPlay [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\SCardSvr.dll -- [2009/04/11 02:28:24 | 000,095,232 | ---- | M] (Microsoft Corporation)
"ServiceMain" = CalaisMain
"ServiceDllUnloadOnStop" = 1
"Security" = [Binary data over 100 bytes]
"AtTaskMaxHours" = 0
"DisplayName" = @%SystemRoot%\system32\schedsvc.dll,-100
"Group" = SchedulerGroup
"ImagePath" = %systemroot%\system32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\schedsvc.dll,-101
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = RPCSSEventLog [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 00 [binary data]
"NextAtJobId" = 1
"ServiceDll" = %systemroot%\system32\schedsvc.dll -- [2009/04/11 02:28:24 | 000,595,456 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"ServiceMain" = ServiceMain
"Security" = [Binary data over 100 bytes]
"DisplayName" = @%SystemRoot%\System32\certprop.dll,-13
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\certprop.dll,-14
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = RpcSs [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\certprop.dll -- [2009/04/11 02:28:18 | 000,040,448 | ---- | M] (Microsoft Corporation)
"ServiceMain" = ScPolicyServiceMain
"ServiceDllUnloadOnStop" = 1
"Security" = [Binary data over 100 bytes]
"DisplayName" = @%SystemRoot%\system32\sdrsvc.dll,-107
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k SDRSVC -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Start" = 3
"Type" = 16
"Description" = @%SystemRoot%\system32\sdrsvc.dll,-102
"DependOnService" = RPCSS [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ObjectName" = localSystem
"ServiceSidType" = 1
"ServiceDll" = %Systemroot%\System32\SDRSVC.dll -- [2008/01/19 03:36:20 | 000,104,960 | ---- | M] (Microsoft Corporation)
"Type" = 16
"Start" = 2
"ErrorControl" = 1
"ImagePath" = "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" -- [2009/05/19 05:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)
"DisplayName" = SeaPort
"ObjectName" = LocalSystem
"Description" = Enables the detection, download and installation of up-to-date configuration files for Microsoft Search Enhancement applications. Also provides server communication for the customer experience improvement program. If this service is disabled, search enhancement features such as search history may not work correctly.
"DisplayName" = Security Driver
"ErrorControl" = 1
"Start" = 2
"Type" = 1
"Security" = [Binary data over 100 bytes]
"0" = Root\LEGACY_SECDRV\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = @%SystemRoot%\system32\seclogon.dll,-7001
"ImagePath" = %windir%\system32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\seclogon.dll,-7000
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %windir%\system32\seclogon.dll -- [2008/01/19 03:36:20 | 000,019,968 | ---- | M] (Microsoft Corporation)
"ServiceMain" = SvcEntry_Seclogon
"ServiceDllUnloadOnStop" = 1
"DisplayName" = @%SystemRoot%\system32\Sens.dll,-200
"Group" = ProfSvc_Group
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\Sens.dll,-201
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = EventSystem [binary data]
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\sens.dll -- [2008/01/19 03:36:21 | 000,047,104 | ---- | M] (Microsoft Corporation)
"ServiceMain" = ServiceMain
"ServiceDllUnloadOnStop" = 1
"Security" = [Binary data over 100 bytes]
"DisplayName" = Serenum Filter Driver
"Group" = PNP Filter
"ImagePath" = \SystemRoot\system32\drivers\serenum.sys
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"DisplayName" = Serial Port Driver
"Group" = Extended base
"ImagePath" = \SystemRoot\system32\drivers\serial.sys
"ErrorControl" = 0
"Start" = 3
"Type" = 1
"DisplayName" = Serial Mouse Driver
"Group" = Pointer Port
"ImagePath" = \SystemRoot\system32\drivers\sermouse.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"CategoryOptions" = 3
"Counter Types" = [Binary data over 100 bytes]
"Close" = ClosePerformanceData
"Counter Names" = [Binary data over 100 bytes]
"IsMultiInstance" = 1
"Open" = OpenPerformanceData
"Collect" = CollectPerformanceData
"Library" = NETFXPerf.dll -- [2008/07/27 14:03:17 | 000,041,984 | ---- | M] (Microsoft Corporation)
"InstallType" = 1
"PerfIniFile" = _ServiceModelEndpointPerfCounters_D.ini
"First Counter" = 4072
"Last Counter" = 4110
"First Help" = 4073
"Last Help" = 4111
"Object List" = 4072
"CategoryOptions" = 3
"Counter Types" = [Binary data over 100 bytes]
"Close" = ClosePerformanceData
"Counter Names" = [Binary data over 100 bytes]
"IsMultiInstance" = 1
"Open" = OpenPerformanceData
"Collect" = CollectPerformanceData
"Library" = NETFXPerf.dll -- [2008/07/27 14:03:17 | 000,041,984 | ---- | M] (Microsoft Corporation)
"InstallType" = 1
"PerfIniFile" = _ServiceModelOperationPerfCounters_D.ini
"First Counter" = 4040
"Last Counter" = 4070
"First Help" = 4041
"Last Help" = 4071
"Object List" = 4040
"CategoryOptions" = 3
"Counter Types" = [Binary data over 100 bytes]
"Close" = ClosePerformanceData
"Counter Names" = [Binary data over 100 bytes]
"IsMultiInstance" = 1
"Open" = OpenPerformanceData
"Collect" = CollectPerformanceData
"Library" = NETFXPerf.dll -- [2008/07/27 14:03:17 | 000,041,984 | ---- | M] (Microsoft Corporation)
"InstallType" = 1
"PerfIniFile" = _ServiceModelServicePerfCounters_D.ini
"First Counter" = 4274
"Last Counter" = 4340
"First Help" = 4275
"Last Help" = 4341
"Object List" = 4274
"DisplayName" = @%SystemRoot%\System32\SessEnv.dll,-1026
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\SessEnv.dll,-1027
"ObjectName" = localSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = RPCSSLanmanWorkstation [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeImpersonatePrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 60 EA 00 00 [binary data]
"ServiceDLL" = %SystemRoot%\system32\sessenv.dll -- [2008/01/19 03:36:21 | 000,084,992 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"Security" = [Binary data over 100 bytes]
"Type" = 1
"Start" = 0
"ErrorControl" = 1
"ImagePath" = System32\drivers\sfdrv01.sys -- [2005/08/10 08:44:04 | 000,050,688 | ---- | M] (Protection Technology)
"DisplayName" = StarForce Protection Environment Driver (version 1.x)
"Count" = 0
"NextInstance" = 0
"DisplayName" = SFF Storage Class Driver
"ImagePath" = \SystemRoot\system32\drivers\sffdisk.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"DisplayName" = SFF Storage Protocol Driver for MMC
"ImagePath" = \SystemRoot\system32\drivers\sffp_mmc.sys
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"SdCmdFlags" = 09 01 0A 01 0D 01 20 01 21 01 26 01 22 01 23 01 24 01 25 01 32 01 39 01 [binary data]
"SdAppCmdFlags" = 0D 01 12 01 19 01 1A 01 26 01 2B 01 2C 01 2D 01 2E 01 2F 01 30 01 31 01 33 01 [binary data]
"DisplayName" = SFF Storage Protocol Driver for SDBus
"ImagePath" = \SystemRoot\system32\drivers\sffp_sd.sys
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"SdCmdFlags" = 09 01 0A 01 0D 01 20 01 21 01 26 01 22 01 23 01 24 01 25 01 32 01 39 01 [binary data]
"SdAppCmdFlags" = 0D 01 12 01 19 01 1A 01 26 01 2B 01 2C 01 2D 01 2E 01 2F 01 30 01 31 01 33 01 [binary data]
"Type" = 1
"Start" = 0
"ErrorControl" = 1
"ImagePath" = System32\drivers\sfhlp02.sys -- [2005/05/16 09:20:39 | 000,006,656 | ---- | M] (Protection Technology)
"DisplayName" = StarForce Protection Helper Driver (version 2.x)
"0" = Root\LEGACY_SFHLP02\0000
"Count" = 1
"NextInstance" = 1
"AutoRun" = 0
"DisplayName" = Lecteur de disquettes haute densité
"ImagePath" = system32\DRIVERS\sfloppy.sys -- [2008/01/19 01:49:48 | 000,013,312 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"Type" = 1
"Start" = 0
"ErrorControl" = 1
"ImagePath" = System32\drivers\sfvfs02.sys -- [2005/11/03 10:40:07 | 000,063,488 | ---- | M] (Protection Technology)
"DisplayName" = StarForce Protection VFS Driver (version 2.x)
"Count" = 0
"NextInstance" = 0
"DisplayName" = @%SystemRoot%\system32\ipnathlp.dll,-106
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\ipnathlp.dll,-107
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = NetmanWinMgmtRasManBFE [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"IPSecExempt" = 1
"DisableStatefulFTP" = 0
"DisableStatefulPPTP" = 0
"PolicyVersion" = 513
"DisableNotifications" = 0
"EnableFirewall" = 1
"LogFileSize" = 4096
"LogFilePath" = %systemroot%\system32\LogFiles\Firewall\pfirewall.log -- File not found
"PerfLogsAlerts-PLASrv-In-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\plasrv.exe|Name=@PlaSrv.exe,-10000|Desc=@PlaSrv.exe,-10001|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|
"PerfLogsAlerts-DCOM-In-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=rpcss|Name=@PlaSrv.exe,-10002|Desc=@PlaSrv.exe,-10003|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|
"PerfLogsAlerts-PLASrv-In-TCP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\plasrv.exe|Name=@PlaSrv.exe,-10000|Desc=@PlaSrv.exe,-10001|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|
"PerfLogsAlerts-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|Name=@PlaSrv.exe,-10002|Desc=@PlaSrv.exe,-10003|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE|
"WMP-In-UDP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31003|Desc=@FirewallAPI.dll,-31006|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE|
"WMP-Out-UDP" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31007|Desc=@FirewallAPI.dll,-31010|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE|
"WMP-Out-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31011|Desc=@FirewallAPI.dll,-31014|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE|
"WMPNSS-QWave-In-UDP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-QWave-Out-UDP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-QWave-In-TCP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-QWave-Out-TCP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-HTTPSTR-In-TCP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|App=System|Name=@FirewallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-HTTPSTR-Out-TCP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=10243|App=System|Name=@FirewallAPI.dll,-31289|Desc=@FirewallAPI.dll,-31292|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-WMP-In-UDP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-WMP-Out-UDP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-WMP-Out-TCP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-In-UDP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31305|Desc=@FirewallAPI.dll,-31308|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-Out-UDP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-Out-TCP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-QWave-In-UDP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-QWave-Out-UDP" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-QWave-In-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-QWave-Out-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31277|Desc=@FirewallAPI.dll,-31280|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31281|Desc=@FirewallAPI.dll,-31284|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-HTTPSTR-In-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-HTTPSTR-Out-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31289|Desc=@FirewallAPI.dll,-31292|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-WMP-In-UDP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-WMP-Out-UDP" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-WMP-Out-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-In-UDP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31305|Desc=@FirewallAPI.dll,-31308|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-Out-UDP" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-In-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-Out-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%ProgramFiles%\Windows Media Player\wmpnetwk.exe|Name=@FirewallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"WMPNSS-UPnP-Out-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-31321|Desc=@FirewallAPI.dll,-31322|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|
"MSDTC-In-TCP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe|Name=@FirewallAPI.dll,-33503|Desc=@FirewallAPI.dll,-33506|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|
"MSDTC-Out-TCP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msdtc.exe|Name=@FirewallAPI.dll,-33507|Desc=@FirewallAPI.dll,-33510|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|
"MSDTC-KTMRM-In-TCP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|Name=@FirewallAPI.dll,-33511|Desc=@FirewallAPI.dll,-33512|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|
"MSDTC-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-33513|Desc=@FirewallAPI.dll,-33514|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|
"MSDTC-In-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe|Name=@FirewallAPI.dll,-33503|Desc=@FirewallAPI.dll,-33506|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|
"MSDTC-Out-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\msdtc.exe|Name=@FirewallAPI.dll,-33507|Desc=@FirewallAPI.dll,-33510|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|
"MSDTC-KTMRM-In-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=ktmrm|Name=@FirewallAPI.dll,-33511|Desc=@FirewallAPI.dll,-33512|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|
"MSDTC-RPCSS-In-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-33513|Desc=@FirewallAPI.dll,-33514|EmbedCtxt=@FirewallAPI.dll,-33502|Edge=FALSE|
"WPDMTP-Out-TCP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\wudfhost.exe|Name=@FirewallAPI.dll,-30503|Desc=@FirewallAPI.dll,-30506|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|
"WPDMTP-Out-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\wudfhost.exe|Name=@FirewallAPI.dll,-30503|Desc=@FirewallAPI.dll,-30506|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|
"WPDMTP-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30507|Desc=@FirewallAPI.dll,-30510|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|
"WPDMTP-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30511|Desc=@FirewallAPI.dll,-30514|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|
"WPDMTP-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-30515|Desc=@FirewallAPI.dll,-30518|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|
"WPDMTP-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-30519|Desc=@FirewallAPI.dll,-30522|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|
"WPDMTP-UPnP-Out-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-30523|Desc=@FirewallAPI.dll,-30524|EmbedCtxt=@FirewallAPI.dll,-30502|Edge=FALSE|
"RemoteSvcAdmin-In-TCP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|Name=@FirewallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|
"RemoteSvcAdmin-NP-In-TCP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-29507|Desc=@FirewallAPI.dll,-29510|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|
"RemoteSvcAdmin-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|
"RemoteSvcAdmin-In-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\services.exe|Name=@FirewallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|
"RemoteSvcAdmin-NP-In-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-29507|Desc=@FirewallAPI.dll,-29510|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|
"RemoteSvcAdmin-RPCSS-In-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|Edge=FALSE|
"WinCollab-DFSR-In-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=5722|App=%SystemRoot%\system32\dfsr.exe|Svc=Dfsr|Name=@FirewallAPI.dll,-32253|Desc=@FirewallAPI.dll,-32256|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE|
"WinCollab-DFSR-Out-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=5722|App=%SystemRoot%\system32\dfsr.exe|Svc=Dfsr|Name=@FirewallAPI.dll,-32257|Desc=@FirewallAPI.dll,-32260|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE|
"WinCollab-In-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|Name=@FirewallAPI.dll,-32261|Desc=@FirewallAPI.dll,-32264|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE|
"WinCollab-Out-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|Name=@FirewallAPI.dll,-32265|Desc=@FirewallAPI.dll,-32268|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE|
"WinCollab-In-UDP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|Name=@FirewallAPI.dll,-32269|Desc=@FirewallAPI.dll,-32272|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE|
"WinCollab-Out-UDP" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Collaboration\WinCollab.exe|Name=@FirewallAPI.dll,-32273|Desc=@FirewallAPI.dll,-32276|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE|
"WinCollab-P2P-In-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=3587|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|Name=@FirewallAPI.dll,-32277|Desc=@FirewallAPI.dll,-32280|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=TRUE|
"WinCollab-P2P-Out-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=3587|App=%SystemRoot%\system32\svchost.exe|Svc=P2PSvc|Name=@FirewallAPI.dll,-32281|Desc=@FirewallAPI.dll,-32284|EmbedCtxt=@FirewallAPI.dll,-32252|Edge=FALSE|
"RemoteFwAdmin-In-TCP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|Name=@FirewallAPI.dll,-30003|Desc=@FirewallAPI.dll,-30006|EmbedCtxt=@FirewallAPI.dll,-30002|Edge=FALSE|
"RemoteFwAdmin-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-30007|Desc=@FirewallAPI.dll,-30010|EmbedCtxt=@FirewallAPI.dll,-30002|Edge=FALSE|
"RemoteFwAdmin-In-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=policyagent|Name=@FirewallAPI.dll,-30003|Desc=@FirewallAPI.dll,-30006|EmbedCtxt=@FirewallAPI.dll,-30002|Edge=FALSE|
"RemoteFwAdmin-RPCSS-In-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-30007|Desc=@FirewallAPI.dll,-30010|EmbedCtxt=@FirewallAPI.dll,-30002|Edge=FALSE|
"PNRPMNRS-PNRP-In-UDP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=@FirewallAPI.dll,-34003|Desc=@FirewallAPI.dll,-34004|EmbedCtxt=@FirewallAPI.dll,-34002|Edge=TRUE|
"PNRPMNRS-PNRP-Out-UDP" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=3540|App=%SystemRoot%\system32\svchost.exe|Svc=PNRPSvc|Name=@FirewallAPI.dll,-34005|Desc=@FirewallAPI.dll,-34006|EmbedCtxt=@FirewallAPI.dll,-34002|Edge=FALSE|
"PNRPMNRS-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-34007|Desc=@FirewallAPI.dll,-34008|EmbedCtxt=@FirewallAPI.dll,-34002|Edge=FALSE|
"PNRPMNRS-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-34009|Desc=@FirewallAPI.dll,-34010|EmbedCtxt=@FirewallAPI.dll,-34002|Edge=FALSE|
"RemoteEventLogSvc-In-TCP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|Name=@FirewallAPI.dll,-29253|Desc=@FirewallAPI.dll,-29256|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE|
"RemoteEventLogSvc-NP-In-TCP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-29257|Desc=@FirewallAPI.dll,-29260|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE|
"RemoteEventLogSvc-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29265|Desc=@FirewallAPI.dll,-29268|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE|
"RemoteEventLogSvc-In-TCP" = v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Eventlog|Name=@FirewallAPI.dll,-29253|Desc=@FirewallAPI.dll,-29256|EmbedCtxt=@FirewallAPI.dll,-29252|Edge=FALSE|
"First Help" = 4221
"Last Help" = 4249
"Object List" = 4220
"DisplayName" = @%SystemRoot%\system32\snmptrap.exe,-3
"ImagePath" = %SystemRoot%\System32\snmptrap.exe -- [2006/11/02 05:45:46 | 000,012,800 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\snmptrap.exe,-4
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 3
"Type" = 16
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilege [binary data]
"FailureActions" = FF FF FF FF 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 00 [binary data]
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\snpstd3.sys -- [2007/05/24 12:59:48 | 010,343,680 | ---- | M] (Sonix Co. Ltd.)
"DisplayName" = USB PC Camera (SNPSTD3)
"DisplayName" = Security Processor Loader Driver
"ErrorControl" = 3
"Start" = 0
"Type" = 1
"0" = Root\LEGACY_SPLDR\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = @%systemroot%\system32\spoolsv.exe,-1
"Group" = SpoolerGroup
"ImagePath" = %SystemRoot%\System32\spoolsv.exe -- [2009/04/11 02:28:05 | 000,127,488 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\spoolsv.exe,-2
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"Type" = 272
"DependOnService" = RPCSShttp [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 00 [binary data]
"Close" = PerfClose
"Collect" = PerfCollect
"Collect Timeout" = 2000
"Library" = winspool.drv -- [2009/09/24 18:54:55 | 000,258,048 | ---- | M] (Microsoft Corporation)
"Object List" = 1450
"Open" = PerfOpen
"Open Timeout" = 4000
"Security" = [Binary data over 100 bytes]
"0" = Root\LEGACY_SPOOLER\0000
"Count" = 1
"NextInstance" = 1
"Type" = 1
"Start" = 0
"ErrorControl" = 1
"Tag" = 7
"ImagePath" = System32\Drivers\sptd.sys -- [2009/02/03 08:05:02 | 000,717,296 | ---- | M] ()
"Group" = Boot Bus Extender -- [2009/09/30 18:24:05 | 000,000,000 | ---D | M]
"0" = Root\LEGACY_SPTD\0000
"Count" = 1
"NextInstance" = 1
"Start" = 0
"FirstRun" = 0
"Group" = Network
"ImagePath" = System32\DRIVERS\srv.sys -- [2009/12/11 07:43:30 | 000,302,080 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 3
"Type" = 2
"DependOnService" = srv2 [binary data]
"0" = Root\LEGACY_SRV\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = srv2
"Group" = Network
"ImagePath" = System32\DRIVERS\srv2.sys -- [2009/09/14 05:29:50 | 000,144,896 | ---- | M] (Microsoft Corporation)
"Description" = Default SDDL for Windows Resource Protected file
"ErrorControl" = 1
"Start" = 3
"Type" = 2
"DependOnService" = srvnet [binary data]
"0" = Root\LEGACY_SRV2\0000
"Count" = 1
"NextInstance" = 1
"Group" = Network
"ImagePath" = System32\DRIVERS\srvnet.sys -- [2009/12/11 07:43:11 | 000,098,816 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 3
"Type" = 2
"0" = Root\LEGACY_SRVNET\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = @%systemroot%\system32\ssdpsrv.dll,-100
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\ssdpsrv.dll,-101
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = HTTP [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 64 00 00 00 01 00 00 00 64 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\ssdpsrv.dll -- [2008/01/19 03:36:36 | 000,155,648 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"Security" = [Binary data over 100 bytes]
"DisplayName" = @%SystemRoot%\system32\sstpsvc.dll,-200
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Start" = 3
"Type" = 32
"Description" = @%SystemRoot%\system32\sstpsvc.dll,-201
"ObjectName" = NT Authority\LocalService
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ListenerPort" = 0
"UseHttps" = 1
"ServiceDllUnloadOnStop" = 1
"ServerURI" = /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/
"ServiceDll" = %SystemRoot%\system32\sstpsvc.dll -- [2008/01/19 03:36:36 | 000,116,736 | ---- | M] (Microsoft Corporation)
"V4CertPlumbedBySstp" = 0
"UseHttps" = 1
"V6CertPlumbedBySstp" = 0
"ListenerPort" = 0
"Security" = [Binary data over 100 bytes]
"Type" = 16
"Start" = 2
"ErrorControl" = 1
"ImagePath" = C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software)
"DisplayName" = StarWind AE Service
"ObjectName" = LocalSystem
"Description" = Enables network access to local burners via iSCSI protocol.
"CommandLine" = [Binary data over 100 bytes]
"Start" = 2
"DisplayName" = @%SystemRoot%\system32\wiaservc.dll,-9
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k imgsvc -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Type" = 16
"Description" = @%SystemRoot%\system32\wiaservc.dll,-10
"DependOnService" = RpcSsShellHWDetection [binary data]
"ObjectName" = NT Authority\LocalService
"RequiredPrivileges" = [Binary data over 100 bytes]
"ServiceSidType" = 1
"ServiceDll" = %SystemRoot%\System32\wiaservc.dll -- [2009/04/11 02:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation)
"Security" = [Binary data over 100 bytes]
"DisplayName" = Pilote de bus logiciel
"ImagePath" = system32\DRIVERS\swenum.sys -- [2008/01/19 03:41:14 | 000,015,288 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"0" = Root\SYSTEM\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = @%SystemRoot%\System32\swprv.dll,-103
"ImagePath" = %SystemRoot%\System32\svchost.exe -k swprv -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\swprv.dll,-102
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 16
"DependOnService" = RPCSS [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"RequiredPrivileges" = [Binary data over 100 bytes]
"ServiceSidType" = 1
"ServiceDll" = %Systemroot%\System32\swprv.dll -- [2009/04/11 02:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation)
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\symc8xx.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"BusType" = 1
"5" = 1
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\sym_hi.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"BusType" = 1
"5" = 1
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\sym_u3.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"BusType" = 1
"5" = 1
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 4
"ImagePath" = system32\DRIVERS\SynTP.sys -- [2006/11/10 07:38:28 | 000,181,176 | ---- | M] (Synaptics, Inc.)
"DisplayName" = Synaptics TouchPad Driver
"Group" = Pointer Port
"DetectTimeMS" = 734
"EnableKey" = 0
"DisableKey" = 0
"KmdfLibraryVersion" = 1.0
"ASUS_01" = USB\VID_0A81&PID_0103&MI_00*
"ASUS_02" = USB\VID_0A81&PID_0103&MI_01*
"ASUS_03" = HID\Vid_046d&Pid_c50e&Rev_2500
"ASUS_04" = HID\Vid_046d&Pid_c50e&Rev_2510
"ASUS_05" = HID\Vid_0A81&Pid_0103&MI_01&Col02
"ASUS_06" = HID\Vid_0A81&Pid_0103&MI_01&Col03
"ASUS_07" = HID\Vid_04B8&Pid_030E&Rev_0100&MI_*
"ASUS_08" = HID\Vid_05E3&Pid_FFE2&Rev_0001&MI_*
"ASUS_09" = HID\Vid_0A81&Pid_0103&Rev_0110&MI_*
"BTC_01" = USB\VID_0637&PID_0001*
"BTC_02" = HID\Vid_046e&Pid_6782&MI_00
"BTC_03" = HID\Vid_046e&Pid_6782&MI_01&Col01
"BTC_04" = HID\Vid_046e&Pid_6782&MI_01&Col02
"BTC_05" = HID\Vid_046e&Pid_6782&Rev_2110&MI_00
"BTC_06" = HID\Vid_046e&Pid_6782&Rev_2110&MI_01&Col01
"BTC_07" = HID\Vid_046e&Pid_6782&Rev_2110&MI_01&Col02
"Fujitsu_01" = SERENUM\FJC5000
"Fujitsu_02" = HID\Vid_0430&Pid_0002&Rev_0100&MI_00
"Fujitsu_03" = HID\Vid_0430&Pid_0002&Rev_0100&MI_01
"Fujitsu_04" = HID\Vid_0430&Pid_0002&MI_00
"Fujitsu_05" = HID\Vid_0430&Pid_0002&MI_01
"Fujitsu_06" = HID\FUJ02E5&Col02
"Fujitsu_07" = HID\FUJ02E6&Col02
"IBM_01" = IBM0057
"IBM_02" = *IBM0057
"IBM_03" = ACPI\IBM0057
"Microsoft_01" = HID\Vid_0609&Pid_031d
"Microsoft_02" = HID\Vid_0609&Pid_032d
"Sharp_01" = HID\VID_044F&PID_E000
"Sharp_02" = HID\VID_04F2&PID_0001&MI_01
"Sharp_03" = HID\VID_044F&PID_B304&REV_0100&COL02
"Sharp_04" = HID\Vid_04f2&Pid_0001&Rev_0100&MI_00
"Sharp_05" = HID\Vid_04f2&Pid_0001&Rev_0100&MI_01
"Toshiba_01" = HID\TOS_BT_MOU_0004&0005
"0" = ACPI\SYN1907\4&1bb5acf3&0
"Count" = 1
"NextInstance" = 1
"DisplayName" = @%SystemRoot%\system32\sysmain.dll,-1000
"Description" = @%SystemRoot%\system32\sysmain.dll,-1001
"ImagePath" = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"ObjectName" = LocalSystem
"ErrorControl" = 0
"Start" = 2
"Type" = 32
"DependOnService" = rpcssfileinfo [binary data]
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %systemroot%\system32\sysmain.dll -- [2009/04/11 02:28:24 | 000,558,080 | ---- | M] (Microsoft Corporation)
"ServiceMain" = SysMtServiceMain
"ServiceDllUnloadOnStop" = 1
"DisplayName" = @%SystemRoot%\system32\TabSvc.dll,-100
"ErrorControl" = 1
"Group" = PlugPlay
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Start" = 2
"Type" = 32
"Description" = @%SystemRoot%\system32\TabSvc.dll,-101
"DependOnService" = PlugPlayRpcSs [binary data]
"ObjectName" = LocalSystem
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDllUnloadOnStop" = 1
"ServiceDll" = %SystemRoot%\System32\TabSvc.dll -- [2006/11/02 08:34:40 | 000,068,096 | ---- | M] (Microsoft Corporation)
"DisplayName" = @%SystemRoot%\system32\tapisrv.dll,-10100
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Start" = 3
"Type" = 32
"Description" = @%SystemRoot%\system32\tapisrv.dll,-10101
"DependOnService" = PlugPlayRpcSs [binary data]
"ObjectName" = NT AUTHORITY\NetworkService
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\tapisrv.dll -- [2009/04/11 02:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"Close" = CloseTapiPerformanceData
"Collect" = CollectTapiPerformanceData
"Library" = tapiperf.dll -- [2006/11/02 05:46:13 | 000,008,704 | ---- | M] (Microsoft Corporation)
"ObjectList" = 1150
"Open" = OpenTapiPerformanceData
"InstallType" = 1
"PerfIniFile" = tapiperf.ini
"First Counter" = 1848
"Last Counter" = 1866
"First Help" = 1849
"Last Help" = 1867
"Security" = [Binary data over 100 bytes]
"DisplayName" = @%SystemRoot%\system32\tbssvc.dll,-100
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\tbssvc.dll,-101
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"DelayedAutoStart" = 1
"ServiceDll" = %SystemRoot%\System32\tbssvc.dll -- [2008/01/19 03:36:39 | 000,056,320 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"Security" = [Binary data over 100 bytes]
"DisplayName" = @%SystemRoot%\system32\tcpipcfg.dll,-50003
"Group" = PNP_TDI
"ImagePath" = System32\drivers\tcpip.sys -- [2009/12/08 16:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 0
"Tag" = 3
"Type" = 1
"Description" = @%SystemRoot%\system32\tcpipcfg.dll,-50003
"BootFlags" = 1
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
"ICSDomain" =
"SyncDomainWithMembership" = 1
"NV Hostname" = PC-de-USER
"DataBasePath" = %SystemRoot%\System32\drivers\etc -- [2009/10/16 13:17:41 | 000,000,000 | ---D | M]
"NameServer" =
"ForwardBroadcasts" = 0
"IPEnableRouter" = 0
"Domain" =
"Hostname" = PC-de-USER
"SearchList" =
"UseDomainNameDevolution" = 1
"EnableICMPRedirect" = 1
"DeadGWDetectDefault" = 1
"DontAddDefaultGatewayDefault" = 0
"OverrideDefaultAddressSelection" = 1
"EnableWsd" = 1
"QualifyingDestinationThreshold" = 3
"DhcpNameServer" =
"LLInterface" =
"IpConfig" = [Binary data over 100 bytes]
"LLInterface" =
"IpConfig" = [Binary data over 100 bytes]
"LLInterface" =
"IpConfig" = [Binary data over 100 bytes]
"LLInterface" =
"IpConfig" = [Binary data over 100 bytes]
"LLInterface" =
"IpConfig" = [Binary data over 100 bytes]
"LLInterface" =
"IpConfig" = [Binary data over 100 bytes]
"UseZeroBroadcast" = 0
"EnableDeadGWDetect" = 1
"EnableDHCP" = 1
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"DhcpServer" =
"Lease" = 604800
"LeaseObtainedTime" = 1271589710
"T1" = 1271892110
"T2" = 1272118910
"LeaseTerminatesTime" = 1272194510
"AddressType" = 0
"IsServerNapAware" = 0
"DhcpConnForceBroadcastFlag" = 1
"IPAutoconfigurationAddress" =
"DhcpIPAddress" =
"DhcpSubnetMask" =
"DhcpInterfaceOptions" = [Binary data over 100 bytes]
"UseZeroBroadcast" = 0
"EnableDeadGWDetect" = 1
"EnableDHCP" = 1
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"UseZeroBroadcast" = 0
"EnableDeadGWDetect" = 1
"EnableDHCP" = 1
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"DhcpIPAddress" =
"DhcpSubnetMask" =
"DhcpServer" =
"Lease" = 604800
"LeaseObtainedTime" = 1271853956
"T1" = 1272156356
"T2" = 1272383156
"LeaseTerminatesTime" = 1272458756
"AddressType" = 0
"IsServerNapAware" = 0
"DhcpConnForceBroadcastFlag" = 1
"IPAutoconfigurationAddress" =
"DhcpInterfaceOptions" = [Binary data over 100 bytes]
"DhcpNameServer" =
"DhcpDefaultGateway" = [binary data]
"DhcpSubnetMaskOpt" = [binary data]
"UseZeroBroadcast" = 0
"EnableDeadGWDetect" = 1
"EnableDHCP" = 1
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"DhcpIPAddress" =
"DhcpSubnetMask" =
"DhcpServer" =
"Lease" = 0
"LeaseObtainedTime" = 0
"T1" = 0
"T2" = 0
"LeaseTerminatesTime" = 0
"AddressType" = 0
"IsServerNapAware" = 0
"DhcpConnForceBroadcastFlag" = 1
"UseZeroBroadcast" = 0
"EnableDeadGWDetect" = 1
"EnableDHCP" = 1
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"DhcpServer" =
"Lease" = 0
"LeaseObtainedTime" = 0
"T1" = 0
"T2" = 0
"LeaseTerminatesTime" = 0
"AddressType" = 0
"IsServerNapAware" = 0
"DhcpConnForceBroadcastFlag" = 1
"IPAutoconfigurationAddress" =
"UseZeroBroadcast" = 0
"EnableDeadGWDetect" = 1
"EnableDHCP" = 1
"NameServer" =
"Domain" =
"RegistrationEnabled" = 1
"RegisterAdapterName" = 0
"DhcpIPAddress" =
"DhcpSubnetMask" =
"DhcpServer" =
"Lease" = 0
"LeaseObtainedTime" = 0
"T1" = 0
"T2" = 0
"LeaseTerminatesTime" = 0
"AddressType" = 0
"IsServerNapAware" = 0
"DhcpConnForceBroadcastFlag" = 1
"HelperDllName" = %SystemRoot%\System32\wshtcpip.dll -- [2008/01/19 03:37:11 | 000,009,216 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 16
"MinSockAddrLength" = 16
"Mapping" = [Binary data over 100 bytes]
"UseDelayedAcceptance" = 0
"Close" = CloseTcpIpPerformanceData
"Collect" = CollectTcpIpPerformanceData
"Library" = Perfctrs.dll -- [2006/11/02 05:46:12 | 000,039,424 | ---- | M] (Microsoft Corporation)
"Open" = OpenTcpIpPerformanceData
"Object List" = 502 510 546 548 582 638 658 1530 1532 1534
"Class" = 8
"DnsPriority" = 2000
"HostsPriority" = 500
"LocalPriority" = 499
"Name" = TCP/IP
"NetbtPriority" = 2001
"ProviderPath" = %SystemRoot%\System32\wsock32.dll -- [2008/01/19 03:37:11 | 000,015,360 | ---- | M] (Microsoft Corporation)
"0" = Root\LEGACY_TCPIP\0000
"Count" = 1
"NextInstance" = 1
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 8
"ImagePath" = system32\DRIVERS\tcpip.sys -- [2009/12/08 16:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation)
"DisplayName" = Pilote de protocole IPv6 Microsoft
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"Description" = Pilote de protocole IPv6 Microsoft
"TextModeFlags" = 1
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
"Dhcpv6DUID" = 00 01 00 01 0B 48 D8 43 00 A0 D1 C7 6A 7E [binary data]
"Dhcpv6Iaid" = 218110361
"Dhcpv6State" = 0
"Dhcpv6Iaid" = 318767104
"Dhcpv6State" = 0
"Dhcpv6Iaid" = 301989888
"Dhcpv6State" = 0
"Dhcpv6Iaid" = 201367761
"Dhcpv6State" = 1
"Dhcpv6Iaid" = 117445666
"Dhcpv6State" = 0
"Dhcpv6Iaid" = 285343828
"Dhcpv6State" = 0
"Dhcpv6Iaid" = 419594295
"Dhcpv6State" = 0
"Dhcpv6Iaid" = 100668450
"Dhcpv6State" = 0
"Dhcpv6Iaid" = 318930999
"Dhcpv6State" = 0
"Dhcpv6Iaid" = 402655892
"Dhcpv6State" = 0
"UseDelayedAcceptance" = 0
"HelperDllName" = %SystemRoot%\System32\wship6.dll -- [2008/01/19 03:37:11 | 000,009,216 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 28
"MinSockAddrLength" = 28
"Mapping" = [Binary data over 100 bytes]
"DisplayName" = TCP/IP Registry Compatibility
"ImagePath" = System32\drivers\tcpipreg.sys -- [2009/12/08 13:26:18 | 000,030,720 | ---- | M] (Microsoft Corporation)
"Description" = Provides compatibility for legacy applications which interact with TCP/IP through the registry. If this service is stopped, certain applications may have impaired functionality.
"ErrorControl" = 1
"Start" = 2
"Type" = 1
"DependOnService" = tcpip [binary data]
"0" = Root\LEGACY_TCPIPREG\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = TDPIPE
"ImagePath" = system32\drivers\tdpipe.sys -- [2008/01/19 02:01:07 | 000,017,920 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"DisplayName" = TDTCP
"ImagePath" = system32\drivers\tdtcp.sys -- [2008/01/19 02:01:08 | 000,029,184 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"DisplayName" = @%SystemRoot%\system32\tcpipcfg.dll,-50004
"Group" = PNP_TDI
"ImagePath" = system32\DRIVERS\tdx.sys -- [2009/04/11 00:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 1
"Tag" = 4
"Type" = 1
"DependOnService" = Tcpip [binary data]
"Description" = @%SystemRoot%\system32\tcpipcfg.dll,-50004
"0" = Root\LEGACY_TDX\0000
"Count" = 1
"NextInstance" = 1
"PortDriverEnable" = 1
"DisplayName" = Pilote de périphérique terminal
"ImagePath" = system32\DRIVERS\termdd.sys -- [2009/04/11 02:32:52 | 000,053,224 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"0" = Root\RDP_KBD\0000
"Count" = 2
"NextInstance" = 2
"1" = Root\RDP_MOU\0000
"DisplayName" = @%SystemRoot%\System32\termsrv.dll,-268
"ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\termsrv.dll,-267
"ObjectName" = NT Authority\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = RPCSSTermDD [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 60 EA 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\termsrv.dll -- [2009/04/11 02:28:24 | 000,449,024 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"Close" = CloseTSObject
"Collect Timeout" = 1000
"Collect" = CollectTSObjectData
"Open Timeout" = 1000
"Open" = OpenTSObject
"Library" = perfts.dll -- [2008/01/19 03:36:03 | 000,017,408 | ---- | M] (Microsoft Corporation)
"InstallType" = 1
"PerfIniFile" = tslabels.ini
"First Counter" = 4740
"Last Counter" = 4860
"First Help" = 4741
"Last Help" = 4861
"Object List" = 4740
"DisplayName" = @%SystemRoot%\System32\shsvcs.dll,-8192
"Group" = ProfSvc_Group
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\shsvcs.dll,-8193
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\system32\shsvcs.dll -- [2009/04/11 02:28:24 | 000,247,296 | ---- | M] (Microsoft Corporation)
"ServiceMain" = ThemeServiceMain
"ServiceDllUnloadOnStop" = 1
"DisplayName" = @%systemroot%\system32\mmcss.dll,-102
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\mmcss.dll,-103
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\system32\mmcss.dll -- [2008/01/19 03:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation)
"ServiceMain" = ToServiceMain
"ServiceDllUnloadOnStop" = 1
"Start" = 3
"ServiceDll" = %SystemRoot%\System32\trkwks.dll -- [2008/01/19 03:36:42 | 000,075,264 | ---- | M] (Microsoft Corporation)
"DisplayName" = @%SystemRoot%\system32\trkwks.dll,-1
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\trkwks.dll,-2
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = RpcSs [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ServiceSidType" = 1
"RequiredPrivileges" = SeRestorePrivilegeSeImpersonatePrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\trkwks.dll -- [2008/01/19 03:36:42 | 000,075,264 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"DisplayName" = @%SystemRoot%\servicing\TrustedInstaller.exe,-100
"ImagePath" = %SystemRoot%\servicing\TrustedInstaller.exe -- [2009/04/11 02:28:07 | 000,039,424 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\servicing\TrustedInstaller.exe,-101
"ObjectName" = localSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 16
"ServiceSidType" = 1
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"BlockTime" = 10800
"PreshutdownTimeout" = 3600000
"Group" = ProfSvc_Group
"Security" = [Binary data over 100 bytes]
"InstalledDisplayDrivers" = TSDDD [binary data] -- [2008/01/19 02:01:09 | 000,014,336 | ---- | M] (Microsoft Corporation)
"VgaCompatible" = 0
"DisplayName" = Terminal Services Security Filter Driver
"ImagePath" = System32\DRIVERS\tssecsrv.sys -- [2008/01/19 02:01:15 | 000,023,552 | ---- | M] (Microsoft Corporation)
"Description" = Terminal Services Security Filter Driver
"ErrorControl" = 0
"Start" = 3
"Type" = 1
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 23
"ImagePath" = system32\DRIVERS\tunmp.sys -- [2008/01/19 01:55:41 | 000,015,360 | ---- | M] (Microsoft Corporation)
"DisplayName" = Pilote de carte miniport Microsoft Tun
"Group" = NDIS
"0" = Root\*TUNMP\0000
"Count" = 1
"NextInstance" = 1
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 19
"ImagePath" = system32\DRIVERS\tunnel.sys -- [2008/01/19 01:55:50 | 000,023,040 | ---- | M] (Microsoft Corporation)
"DisplayName" = Pilote de carte miniport Microsoft IPv6 Tunnel
"Group" = NDIS
"0" = Root\*ISATAP\0000
"Count" = 2
"NextInstance" = 2
"1" = Root\*ISATAP\0001
"DisplayName" = Microsoft AGPv3.5 Filter
"Group" = PnP Filter
"ImagePath" = \SystemRoot\system32\drivers\uagp35.sys
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"1106316800" = 0 [binary data]
"1106316802" = 0 [binary data]
"1106316803" = 0 [binary data]
"1106318900" = p [binary data]
"DisplayName" = udfs
"Group" = File System
"ImagePath" = system32\DRIVERS\udfs.sys -- [2009/04/11 00:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation)
"Description" = Reads/Writes UDF 1.02,1.5,2.0x,2.5 disc formats, usually found on C/DVD discs. (Core) (All pieces)
"ErrorControl" = 1
"Start" = 4
"Type" = 2
"0" = Root\LEGACY_UDFS\0000
"Count" = 1
"NextInstance" = 1
"Close" = Close
"Open" = Open
"Collect" = Collect
"Library" = %systemroot%\system32\msscntrs.dll -- [2009/04/11 02:28:22 | 000,060,416 | ---- | M] (Microsoft Corporation)
"InstallType" = 1
"PerfIniFile" = gsrvctr.ini
"First Counter" = 3722
"Last Counter" = 3826
"First Help" = 3723
"Last Help" = 3827
"Close" = Close
"Open" = Open
"Collect" = Collect
"Library" = %systemroot%\system32\msscntrs.dll -- [2009/04/11 02:28:22 | 000,060,416 | ---- | M] (Microsoft Corporation)
"InstallType" = 1
"PerfIniFile" = gthrctr.ini
"First Counter" = 3828
"Last Counter" = 3898
"First Help" = 3829
"Last Help" = 3899
"DisplayName" = @%SystemRoot%\system32\ui0detect.exe,-101
"ImagePath" = %SystemRoot%\system32\UI0Detect.exe -- [2008/01/19 03:33:33 | 000,035,840 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\ui0detect.exe,-102
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 272
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"DisplayName" = Uli AGP Bus Filter
"Group" = PnP Filter
"ImagePath" = \SystemRoot\system32\drivers\uliagpkx.sys
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\uliahci.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"BusType" = 8
"EnableNCQ" = [binary data]
"DisableWC" = [binary data]
"5" = 1
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\ulsata.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"BusType" = 11
"DefSize" = 9437184
"Flag" = TRUE
"DrvSetting" = 0
"5" = 1
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\ulsata2.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"LongBurstDisable" = 1
"TAG_CMD" = 0
"NumberOfRequests" = 128
"5" = 1
"DisplayName" = Pilote d’énumérateur UMBus
"Group" = Extended Base
"ImagePath" = system32\DRIVERS\umbus.sys -- [2008/01/19 01:53:40 | 000,034,816 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"Tag" = 10
"0" = Root\UMBUS\0000
"Count" = 2
"NextInstance" = 2
"1" = UMB\UMB\1&841921d&0&PrinterBusEnumerator
"DisplayName" = @%systemroot%\system32\upnphost.dll,-213
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\upnphost.dll,-214
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = SSDPSRVHTTP [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 64 00 00 00 01 00 00 00 64 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\upnphost.dll -- [2008/01/19 03:36:46 | 000,259,072 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"Security" = [Binary data over 100 bytes]
"FastS4_OverrideBiosS4" = 1
"DisplayName" = Pilote parent générique USB Microsoft
"Group" = Base
"ImagePath" = system32\DRIVERS\usbccgp.sys -- [2008/01/19 01:53:29 | 000,073,216 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"Tag" = 21
"DisplayName" = eHome Infrared Receiver (USBCIR)
"Group" = Extended Base
"ImagePath" = \SystemRoot\system32\drivers\usbcir.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"PowerKey" = [Binary data over 100 bytes]
"PowerKeyRxOnly" = [Binary data over 100 bytes]
"PowerKeySamsung" = [Binary data over 100 bytes]
"PowerKeyRC6All" = [Binary data over 100 bytes]
"DisplayName" = Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0
"Group" = Base
"ImagePath" = system32\DRIVERS\usbehci.sys -- [2009/04/11 00:42:52 | 000,039,936 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"Tag" = 18
"0" = PCI\VEN_1106&DEV_3104&SUBSYS_31041106&REV_86\3&18d45aa6&0&84
"Count" = 1
"NextInstance" = 1
"DisplayName" = Concentrateur USB2
"Group" = Base
"ImagePath" = system32\DRIVERS\usbhub.sys -- [2009/04/11 00:43:16 | 000,196,096 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"Tag" = 19
"Library" = %SystemRoot%\system32\usbperf.dll -- [2008/01/19 03:36:46 | 000,011,264 | ---- | M] (Microsoft Corporation)
"Open" = OpenUsbPerformanceData
"Close" = CloseUsbPerformanceData
"Collect" = CollectUsbPerformanceData
"InstallType" = 1
"PerfIniFile" = usbperf.ini
"First Counter" = 3424
"Last Counter" = 3458
"First Help" = 3425
"Last Help" = 3459
"0" = USB\ROOT_HUB\4&4079a62&0
"Count" = 5
"NextInstance" = 5
"1" = USB\ROOT_HUB\4&366e56e4&0
"2" = USB\ROOT_HUB\4&23b4a63f&0
"3" = USB\ROOT_HUB\4&10faf59a&0
"4" = USB\ROOT_HUB20\4&36e50c66&0
"DisplayName" = Microsoft USB Open Host Controller Miniport Driver
"Group" = Base
"ImagePath" = \SystemRoot\system32\drivers\usbohci.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"DisplayName" = Classe d'imprimantes USB Microsoft
"Group" = extended base
"ImagePath" = system32\DRIVERS\usbprint.sys -- [2008/01/19 02:14:40 | 000,018,944 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"Tag" = 19
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 22
"ImagePath" = system32\DRIVERS\usbscan.sys -- [2008/01/19 02:14:09 | 000,035,328 | ---- | M] (Microsoft Corporation)
"DisplayName" = Pilote de scanneur USB
"Group" = Base
"DisplayName" = Pilote de stockage de masse USB
"ImagePath" = system32\DRIVERS\USBSTOR.SYS -- [2009/04/11 00:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"DisplayName" = Pilote miniport de contrôleur hôte universel USB Microsoft
"Group" = Base
"ImagePath" = system32\DRIVERS\usbuhci.sys -- [2008/01/19 01:53:20 | 000,023,552 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"Tag" = 17
"0" = PCI\VEN_1106&DEV_3038&SUBSYS_30381106&REV_A0\3&18d45aa6&0&80
"Count" = 4
"NextInstance" = 4
"1" = PCI\VEN_1106&DEV_3038&SUBSYS_30381106&REV_A0\3&18d45aa6&0&81
"2" = PCI\VEN_1106&DEV_3038&SUBSYS_30381106&REV_A0\3&18d45aa6&0&82
"3" = PCI\VEN_1106&DEV_3038&SUBSYS_30381106&REV_A0\3&18d45aa6&0&83
"Type" = 272
"Start" = 3
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"DisplayName" = User Privilege Service
"ObjectName" = LocalSystem
"Security" = 01 00 14 88 30 00 00 00 3C 00 00 00 14 00 00 00 00 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [binary data]
"DisplayName" = @%SystemRoot%\system32\dwm.exe,-2000
"Group" = UIGroup
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\dwm.exe,-2001
"ObjectName" = localSystem
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\uxsms.dll -- [2009/04/11 02:28:25 | 000,029,184 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"ServiceMain" = ServiceMain
"DisplayName" = @%SystemRoot%\system32\vds.exe,-100
"ImagePath" = %SystemRoot%\System32\vds.exe -- [2009/04/11 02:28:09 | 000,385,536 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\vds.exe,-112
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 16
"DependOnService" = RpcSsPlugPlay [binary data]
"ServiceSidType" = 1
"FailureActions" = 78 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
"DisableReenumDelay" = 0
"" = Alignment Settings in Bytes
"Between4_8GB" = 1048576
"Between8_32GB" = 1048576
"GreaterThan32GB" = 1048576
"LessThan4GB" = 65536
"Security" = [Binary data over 100 bytes]
"" = Microsoft Virtual Disk Service Dynamic Provider -- [2006/11/02 08:45:01 | 000,000,000 | --SD | M]
"Clsid" = {02A3586C-D264-40BF-97F7-FE40F7E3A882}
"Version" =
"VersionId" = {61CBC199-5CCA-4214-BBA8-BFBFCE740CFD}
"" = Microsoft Virtual Disk Service Basic Provider -- [2006/11/02 08:45:01 | 000,000,000 | --SD | M]
"Clsid" = {DE010DA1-289B-4232-8CD0-5112DCA6A7B3}
"Version" =
"VersionId" = {f5a11d0a-cd5d-43f9-b6a1-9e4ff8cfee7a}
"Type" = 1
"Start" = 3
"ErrorControl" = 0
"Tag" = 2
"ImagePath" = system32\DRIVERS\vgapnp.sys -- [2006/11/02 04:53:56 | 000,026,112 | ---- | M] (Microsoft Corporation)
"Group" = Video
"InstalledDisplayDrivers" = vgaframebufvga256vga64k [binary data]
"VgaCompatible" = 1
"Device Description" = Carte graphique VGA standard
"Service" = vga -- [2008/01/19 01:52:08 | 000,010,752 | ---- | M] (Microsoft Corporation)
"Group" = Video Save
"ImagePath" = \SystemRoot\System32\drivers\vga.sys
"ErrorControl" = 0
"Start" = 1
"Tag" = 1
"Type" = 1
"InstalledDisplayDrivers" = vgaframebufvga256vga64k [binary data]
"RequestedResources" = [Binary data over 100 bytes]
"VgaCompatible" = 1
"Service" = VgaSave
"VideoID" = {23A77BF7-ED96-40EC-AF06-9B1F4867732A}
"InstalledDisplayDrivers" = vgaframebufvga256vga64k [binary data]
"0" = Root\LEGACY_VGASAVE\0000
"Count" = 1
"NextInstance" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VIA HD Audio Codec Default]
"Sys32CPLFile" = C:\Program Files\VIA\VIAudioi\VistaADeck -- [2006/01/01 12:19:09 | 000,000,000 | ---D | M]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VIA HD Audio Codec Default\DriverCaps]
"DrvHPAlwaysEnable" = 01 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VIA HD Audio Codec Default\InitVerbs]
"DisplayName" = VIA AGP Bus Filter
"Group" = PnP Filter
"ImagePath" = \SystemRoot\system32\drivers\viaagp.sys
"ErrorControl" = 1
"Start" = 3
"Type" = 1
"DisplayName" = VIA C7 Processor Driver
"Group" = Extended Base
"ImagePath" = \SystemRoot\system32\drivers\viac7.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\drivers\viahduaa.sys -- [2007/09/28 08:51:52 | 000,228,352 | ---- | M] (VIA Technologies, Inc.)
"DisplayName" = VIA High Definition Audio Driver Service
"Count" = 1
"NextInstance" = 1
"0" = HDAUDIO\FUNC_01&VEN_1106&DEV_1708&SUBSYS_173410D9&REV_1007\5&107ff244&0&0001
"Group" = System Bus Extender
"ImagePath" = system32\drivers\viaide.sys -- [2008/01/19 03:41:25 | 000,020,024 | ---- | M] (VIA Technologies, Inc.)
"ErrorControl" = 3
"Start" = 0
"Type" = 1
"Tag" = 15
"0" = PCI\VEN_1106&DEV_0591&SUBSYS_10D91734&REV_80\3&18d45aa6&0&78
"Count" = 2
"NextInstance" = 2
"1" = PCI\VEN_1106&DEV_0571&SUBSYS_10D91734&REV_07\3&18d45aa6&0&79
"DisplayName" = Pilote du Gestionnaire de volume
"Group" = System Bus Extender
"ImagePath" = system32\drivers\volmgr.sys -- [2008/01/19 03:42:18 | 000,052,792 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 3
"Start" = 0
"Type" = 1
"Tag" = 9
"0" = Root\volmgr\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = Dynamic Volume Manager
"Group" = System Bus Extender
"ImagePath" = System32\drivers\volmgrx.sys -- [2009/04/11 02:33:03 | 000,292,840 | ---- | M] (Microsoft Corporation)
"Description" = Extension of the volume manager driver that manages software RAID volumes (spanned, striped, mirrored, RAID-5) on dynamic disks
"ErrorControl" = 3
"Start" = 0
"Type" = 1
"Tag" = 10
"0" = Root\LEGACY_VOLMGRX\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = Volumes de stockage
"ImagePath" = system32\drivers\volsnap.sys -- [2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 3
"Start" = 0
"Type" = 1
"0" = Root\LEGACY_VOLSNAP\0000
"Count" = 2
"NextInstance" = 2
"1" = STORAGE\Volume\1&19f7e59c&0&Signature966ADF25Offset100000Length2543100000
"Group" = SCSI Miniport
"ImagePath" = \SystemRoot\system32\drivers\vsmraid.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"BusType" = 8
"5" = 1
"DisplayName" = @%systemroot%\system32\vssvc.exe,-102
"ImagePath" = %systemroot%\system32\vssvc.exe -- [2009/04/11 02:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\vssvc.exe,-101
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 16
"DependOnService" = RPCSS [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ServiceSidType" = 1
"SppCreate (Enter)" = 40 00 00 00 00 00 00 00 DE A2 BC 7F 0F DC CA 01 7C 0B 00 00 2C 0A 00 00 D0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"SppGatherWriterMetadata (Enter)" = 40 00 00 00 00 00 00 00 12 FB C4 7F 0F DC CA 01 7C 0B 00 00 2C 0A 00 00 D3 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"SppGatherWriterMetadata (Leave)" = 40 00 00 00 00 00 00 00 EE 53 8C 95 0F DC CA 01 7C 0B 00 00 2C 0A 00 00 D3 07 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"SppCreate (Leave)" = 40 00 00 00 00 00 00 00 12 C4 7F B7 0F DC CA 01 7C 0B 00 00 2C 0A 00 00 D0 07 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"SppAddInterestingComponents (Enter)" = 40 00 00 00 00 00 00 00 EE 53 8C 95 0F DC CA 01 7C 0B 00 00 2C 0A 00 00 D4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"SppAddInterestingComponents (Leave)" = 40 00 00 00 00 00 00 00 70 7B ED 95 0F DC CA 01 7C 0B 00 00 2C 0A 00 00 D4 07 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"SppEnumGroups (Enter)" = 40 00 00 00 00 00 00 00 98 AF 1E 7F 0F DC CA 01 7C 0B 00 00 2C 0A 00 00 D1 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"SppGetSnapshots (Enter)" = 40 00 00 00 00 00 00 00 98 AF 1E 7F 0F DC CA 01 7C 0B 00 00 2C 0A 00 00 D2 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"SppGetSnapshots (Leave)" = 40 00 00 00 00 00 00 00 74 A5 24 7F 0F DC CA 01 7C 0B 00 00 2C 0A 00 00 D2 07 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"SppEnumGroups (Leave)" = 40 00 00 00 00 00 00 00 0A 3E 25 7F 0F DC CA 01 7C 0B 00 00 2C 0A 00 00 D1 07 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"SrCreateRp (Enter)" = 40 00 00 00 00 00 00 00 48 0A BC 7F 0F DC CA 01 7C 0B 00 00 2C 0A 00 00 D5 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"SrCreateRp (Leave)" = 40 00 00 00 00 00 00 00 B0 83 87 B7 0F DC CA 01 7C 0B 00 00 2C 0A 00 00 D5 07 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag\MSSearch Service Writer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag\System Writer]
"Volume{be3ce389-7a5b-11da-96a4-806e6f6e6963}DiscoverSnapshots (Enter)" = 40 00 00 00 00 00 00 00 F6 D2 B4 D4 45 E1 CA 01 00 00 00 00 00 00 00 00 20 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"Volume{be3ce389-7a5b-11da-96a4-806e6f6e6963}Activate (Enter)" = 40 00 00 00 00 00 00 00 50 35 B7 D4 45 E1 CA 01 00 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"Volume{be3ce389-7a5b-11da-96a4-806e6f6e6963}ActivateLoop (Enter)" = 40 00 00 00 00 00 00 00 50 35 B7 D4 45 E1 CA 01 00 00 00 00 00 00 00 00 1A 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"Volume{be3ce389-7a5b-11da-96a4-806e6f6e6963}ActivateLoop (Leave)" = 40 00 00 00 00 00 00 00 00 B9 3C D5 45 E1 CA 01 00 00 00 00 00 00 00 00 1B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"Volume{be3ce389-7a5b-11da-96a4-806e6f6e6963}ComputeIgnorableProduct (Enter)" = 40 00 00 00 00 00 00 00 B4 7D 41 D5 45 E1 CA 01 00 00 00 00 00 00 00 00 0C 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"Volume{be3ce389-7a5b-11da-96a4-806e6f6e6963}ComputeIgnorableProduct (Leave)" = 40 00 00 00 00 00 00 00 C2 A4 48 D5 45 E1 CA 01 00 00 00 00 00 00 00 00 0D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"Volume{be3ce389-7a5b-11da-96a4-806e6f6e6963}Activate (Leave)" = 40 00 00 00 00 00 00 00 C2 A4 48 D5 45 E1 CA 01 00 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"Volume{be3ce389-7a5b-11da-96a4-806e6f6e6963}DiscoverSnapshots (Leave)" = 40 00 00 00 00 00 00 00 C2 A4 48 D5 45 E1 CA 01 00 00 00 00 00 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"Volume{be3ce389-7a5b-11da-96a4-806e6f6e6963}DeleteProcess (Enter)" = 40 00 00 00 00 00 00 00 E7 82 41 C4 64 E1 CA 01 00 00 00 00 00 00 00 00 12 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"Volume{be3ce389-7a5b-11da-96a4-806e6f6e6963}SetIgnorable (Enter)" = 40 00 00 00 00 00 00 00 1C 07 4B D5 45 E1 CA 01 00 00 00 00 00 00 00 00 0A 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"Volume{be3ce389-7a5b-11da-96a4-806e6f6e6963}SetIgnorable (Leave)" = 40 00 00 00 00 00 00 00 14 B2 7D D7 45 E1 CA 01 00 00 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"Volume{be3ce389-7a5b-11da-96a4-806e6f6e6963}AdjustBitmap (Enter)" = 40 00 00 00 00 00 00 00 76 C3 AF D7 45 E1 CA 01 00 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"Volume{be3ce389-7a5b-11da-96a4-806e6f6e6963}ValidateDiffAreaFiles (Enter)" = 40 00 00 00 00 00 00 00 76 C3 AF D7 45 E1 CA 01 00 00 00 00 00 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"VolumesSafeForWrite (Enter)" = 40 00 00 00 00 00 00 00 6E 9B 13 DB 45 E1 CA 01 00 00 00 00 00 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"VolumesSafeForWrite (Leave)" = 40 00 00 00 00 00 00 00 30 87 1F DB 45 E1 CA 01 00 00 00 00 00 00 00 00 1F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"Volume{be3ce389-7a5b-11da-96a4-806e6f6e6963}ValidateDiffAreaFiles (Leave)" = 40 00 00 00 00 00 00 00 30 87 1F DB 45 E1 CA 01 00 00 00 00 00 00 00 00 1D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"Volume{be3ce389-7a5b-11da-96a4-806e6f6e6963}AdjustBitmap (Leave)" = 40 00 00 00 00 00 00 00 30 87 1F DB 45 E1 CA 01 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"Volume{be3ce389-7a5b-11da-96a4-806e6f6e6963}DeleteProcess (Leave)" = 40 00 00 00 00 00 00 00 0C A9 41 C4 64 E1 CA 01 00 00 00 00 00 00 00 00 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"" = Microsoft Software Shadow Copy provider 1.0 -- [2006/11/02 08:45:01 | 000,000,000 | --SD | M]
"Type" = 1
"Version" =
"VersionId" = {00000001-0000-0000-0007-000000000001}
"" = {65EE1DBA-8FF4-4a58-AC1C-3470EE2F376A}
"{2707761B-2324-473D-88EB-EB007A359533}" = DFS-R Writer
"{D76F5A28-3092-4589-BA48-2958FB88CE29}" = FRS Writer
"{B2014C9E-8711-4C5C-A5A9-3CF384484757}" = AD Writer
"{DD846AAA-A1B6-42a8-AAF8-03DCB6114BFD}" = ADAM Writer
"TornComponentsBlockRevert" = 1
"NT Authority\NetworkService" = 1
"Start" = [binary data]
"StaticVxD" = JAVASUP.VXD -- [2001/01/12 11:27:04 | 000,007,315 | ---- | M] ()
"DisplayName" = @%SystemRoot%\system32\w32time.dll,-200
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\w32time.dll,-201
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
"FrequencyCorrectRate" = 4
"PollAdjustFactor" = 5
"LargePhaseOffset" = 50000000
"SpikeWatchPeriod" = 900
"LocalClockDispersion" = 10
"HoldPeriod" = 5
"PhaseCorrectRate" = 1
"UpdateInterval" = 360000
"EventLogFlags" = 2
"AnnounceFlags" = 10
"TimeJumpAuditOffset" = 28800
"MinPollInterval" = 10
"MaxPollInterval" = 15
"MaxNegPhaseCorrection" = 54000
"MaxPosPhaseCorrection" = 54000
"MaxAllowedPhaseOffset" = 1
"ServiceDll" = %systemroot%\system32\w32time.dll -- [2009/04/11 02:28:25 | 000,282,624 | ---- | M] (Microsoft Corporation)
"ServiceMain" = SvchostEntry_W32Time
"ServiceDllUnloadOnStop" = 1
"Type" = NTP
"NtpServer" =,0x9
"DllName" = %systemroot%\system32\w32time.dll -- [2009/04/11 02:28:25 | 000,282,624 | ---- | M] (Microsoft Corporation)
"Enabled" = 1
"InputProvider" = 1
"AllowNonstandardModeCombinations" = 1
"CrossSiteSyncFlags" = 2
"ResolvePeerBackoffMinutes" = 15
"ResolvePeerBackoffMaxTimes" = 7
"CompatibilityFlags" = -2147483648
"EventLogFlags" = 1
"LargeSampleSkew" = 3
"SpecialPollInterval" = 604800
"SpecialPollTimeRemaining" =,7b26d9e [binary data]
"DllName" = %systemroot%\system32\w32time.dll -- [2009/04/11 02:28:25 | 000,282,624 | ---- | M] (Microsoft Corporation)
"Enabled" = 0
"InputProvider" = 0
"AllowNonstandardModeCombinations" = 1
"EventLogFlags" = 0
"ChainEntryTimeout" = 16
"ChainMaxEntries" = 128
"ChainMaxHostEntries" = 4
"ChainDisable" = 0
"ChainLoggingRate" = 30
"DisplayName" = Wacom Serial Pen HID Driver
"Group" = Extended Base
"ImagePath" = \SystemRoot\system32\drivers\wacompen.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\wanarp.sys -- [2008/01/19 01:56:31 | 000,062,464 | ---- | M] (Microsoft Corporation)
"DisplayName" = Remote Access IP ARP Driver
"Description" = Remote Access IP ARP Driver
"Bind" = \Device\NdisWanIp [binary data]
"Route" = "NdisWanIp" [binary data]
"Export" = \Device\Wanarp_NdisWanIp [binary data]
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\wanarp.sys -- [2008/01/19 01:56:31 | 000,062,464 | ---- | M] (Microsoft Corporation)
"DisplayName" = Remote Access IPv6 ARP Driver
"Description" = Remote Access IPv6 ARP Driver
"Bind" = \Device\NdisWanIpv6 [binary data]
"Route" = "NdisWanIpv6" [binary data]
"Export" = \Device\Wanarpv6_NdisWanIpv6 [binary data]
"0" = Root\LEGACY_WANARPV6\0000
"Count" = 1
"NextInstance" = 1
"DisplayName" = @%SystemRoot%\system32\wcncsvc.dll,-3
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Start" = 3
"Type" = 32
"Description" = @%SystemRoot%\system32\wcncsvc.dll,-4
"DependOnService" = rpcss [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ObjectName" = NT AUTHORITY\LocalService
"ServiceSidType" = 1
"RequiredPrivileges" = SeImpersonatePrivilegeSeChangeNotifyPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDllUnloadOnStop" = 1
"ServiceDll" = %SystemRoot%\System32\wcncsvc.dll -- [2009/04/11 02:28:25 | 000,413,696 | ---- | M] (Microsoft Corporation)
"DisplayName" = @%SystemRoot%\system32\WcsPlugInService.dll,-200
"ImagePath" = %SystemRoot%\system32\svchost.exe -k wcssvc -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\WcsPlugInService.dll,-201
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = RpcSs [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilege [binary data]
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\WcsPlugInService.dll -- [2006/11/02 05:46:13 | 000,032,256 | ---- | M] (Microsoft Corporation)
"ServiceDLLUnloadOnStop" = 1
"Security" = [Binary data over 100 bytes]
"DisplayName" = Microsoft Watchdog Timer Driver
"ImagePath" = \SystemRoot\system32\drivers\wd.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"DisplayName" = Kernel Mode Driver Frameworks service
"Group" = WdfLoadGroup
"ImagePath" = system32\drivers\Wdf01000.sys -- [2008/01/19 03:43:27 | 000,503,864 | ---- | M] (Microsoft Corporation)
"ErrorControl" = 1
"Start" = 0
"Type" = 1
"0" = Root\LEGACY_WDF01000\0000
"Count" = 1
"NextInstance" = 1
"MajorVersion" = 1
"MinorVersion" = 7
"BuildNumber" = 6001
"DisplayName" = @%systemroot%\system32\wdi.dll,-502
"ImagePath" = %SystemRoot%\System32\svchost.exe -k wdisvc -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\wdi.dll,-503
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeImpersonatePrivilege [binary data]
"FailureActions" = FF FF FF FF 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\system32\wdi.dll -- [2008/01/19 03:36:50 | 000,073,728 | ---- | M] (Microsoft Corporation)
"ServiceMain" = ServiceMain
"ServiceDllUnloadOnStop" = 1
"Security" = [Binary data over 100 bytes]
"DisplayName" = @%systemroot%\system32\wdi.dll,-500
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\wdi.dll,-501
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = FF FF FF FF 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\system32\wdi.dll -- [2008/01/19 03:36:50 | 000,073,728 | ---- | M] (Microsoft Corporation)
"ServiceMain" = ServiceMain
"ServiceDllUnloadOnStop" = 1
"Security" = [Binary data over 100 bytes]
"DisplayName" = @%systemroot%\system32\webclnt.dll,-100
"ErrorControl" = 1
"Group" = NetworkProvider
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Start" = 2
"Type" = 32
"Description" = @%systemroot%\system32\webclnt.dll,-101
"DependOnService" = MRxDAV [binary data]
"ObjectName" = NT AUTHORITY\LocalService
"ServiceSidType" = 1
"RequiredPrivileges" = SeImpersonatePrivilegeSeCreateGlobalPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"DeviceName" = \Device\WebDavRedirector
"ProviderPath" = %SystemRoot%\System32\davclnt.dll -- [2009/04/11 02:28:18 | 000,061,440 | ---- | M] (Microsoft Corporation)
"Name" = Web Client Network
"SupportLocking" = 1
"ClientDebug" = 0
"ServerNotFoundCacheLifeTimeInSec" = 60
"FileSizeLimitInBytes" = 50000000
"AcceptOfficeAndTahoeServers" = 1
"FileAttributesLimitInBytes" = 1000000
"ServiceDebug" = 0
"InternetServerTimeoutInSec" = 30
"ServiceDllUnloadOnStop" = 1
"LocalServerTimeoutInSec" = 15
"BasicAuthLevel" = 1
"ServiceDll" = %SystemRoot%\System32\webclnt.dll -- [2009/04/11 02:28:25 | 000,199,680 | ---- | M] (Microsoft Corporation)
"SendReceiveTimeoutInSec" = 60
"DisplayName" = @%SystemRoot%\system32\wecsvc.dll,-200
"ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\wecsvc.dll,-201
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"DependOnService" = HTTPEventlogmpssvc [binary data]
"ServiceDll" = %SystemRoot%\system32\wecsvc.dll -- [2008/01/19 03:36:52 | 000,145,408 | ---- | M] (Microsoft Corporation)
"ServiceMain" = ServiceMain
"ServiceDllUnloadOnStop" = 1
"DisplayName" = @%SystemRoot%\System32\wercplsupport.dll,-101
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\wercplsupport.dll,-100
"ObjectName" = localSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"ServiceSidType" = 1
"RequiredPrivileges" = SeImpersonatePrivilegeSeTcbPrivilege [binary data]
"ServiceDll" = %SystemRoot%\System32\wercplsupport.dll -- [2008/01/19 03:36:52 | 000,062,976 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"DisplayName" = @%SystemRoot%\System32\wersvc.dll,-100
"ImagePath" = %SystemRoot%\System32\svchost.exe -k WerSvcGroup -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\wersvc.dll,-101
"ObjectName" = localSystem
"ErrorControl" = 0
"Start" = 2
"Type" = 32
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\WerSvc.dll -- [2009/04/11 02:28:25 | 000,126,976 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"DisplayName" = @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
"ErrorControl" = 1
"Group" = COM Infrastructure -- [2008/11/21 15:18:07 | 000,000,000 | ---D | M]
"ImagePath" = %SystemRoot%\System32\svchost.exe -k secsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Start" = 2
"Type" = 32
"Description" = @%ProgramFiles%\Windows Defender\MsMpRes.dll,-3068
"DependOnService" = RpcSs [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ObjectName" = LocalSystem
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDllUnloadOnStop" = 1
"ServiceDll" = %ProgramFiles%\Windows Defender\mpsvc.dll -- [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation)
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Workflow Foundation]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Workflow Foundation\Performance]
"CategoryOptions" = 1
"Counter Types" = [Binary data over 100 bytes]
"Close" = ClosePerformanceData
"Counter Names" = [Binary data over 100 bytes]
"IsMultiInstance" = 1
"Open" = OpenPerformanceData
"Collect" = CollectPerformanceData
"Library" = netfxperf.dll -- [2008/07/27 14:03:17 | 000,041,984 | ---- | M] (Microsoft Corporation)
"InstallType" = 1
"PerfIniFile" = PerfCounters_D.ini
"First Counter" = 4342
"Last Counter" = 4384
"First Help" = 4343
"Last Help" = 4385
"Object List" = 4342
"DisplayName" = @%SystemRoot%\system32\winhttp.dll,-100
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\winhttp.dll,-101
"ObjectName" = NT AUTHORITY\LocalService
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = Dhcp [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 00 5C 26 05 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = winhttp.dll -- [2009/08/24 07:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation)
"ServiceMain" = WinHttpAutoProxySvcMain
"ServiceDllUnloadOnStop" = 1
"Security" = [Binary data over 100 bytes]
"DisplayName" = @%Systemroot%\system32\wbem\wmisvc.dll,-205
"ImagePath" = %systemroot%\system32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%Systemroot%\system32\wbem\wmisvc.dll,-204
"ObjectName" = localSystem
"ErrorControl" = 0
"Start" = 2
"Type" = 32
"DependOnService" = RPCSS [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ServiceSidType" = 1
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDllUnloadOnStop" = 0
"ServiceDll" = %SystemRoot%\system32\wbem\WMIsvc.dll -- [2009/04/11 02:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation)
"ServiceMain" = ServiceMain
"DisplayName" = @%Systemroot%\system32\wsmsvc.dll,-101
"ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%Systemroot%\system32\wsmsvc.dll,-102
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 3
"DelayedAutoStart" = 1
"Type" = 32
"DependOnService" = RPCSSHTTP [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\system32\WsmSvc.dll -- [2009/04/11 02:28:26 | 000,747,008 | ---- | M] (Microsoft Corporation)
"ServiceMain" = ServiceMain
"ServiceDllUnloadOnStop" = 1
"ErrorControl" = 1
"Start" = 3
"Type" = 4
"Transports" = Tcpip6RFCOMMTcpipPschedNetBIOS [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration]
"Setup Version" = 4105
"Provider List" = Tcpip6RFCOMMTcpipPschedNetBIOS [binary data]
"Known Static Providers" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers\NetBIOS]
"WinSock 1.1 Provider Data" = [Binary data over 100 bytes]
"WinSock 2.0 Provider ID" = 30 18 5F 8D 73 C2 CF 11 95 C8 00 80 5F 48 A1 92 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers\Psched]
"WinSock 2.0 Provider ID" = E0 A9 60 9D 7A 33 D0 11 BD 88 00 00 C0 82 E6 9A [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers\RFCOMM]
"WinSock 1.1 Provider Data" = 06 00 00 00 20 00 00 00 1E 00 00 00 1E 00 00 00 01 00 00 00 03 00 00 00 00 00 00 00 4E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 52 00 46 00 43 00 4F 00 4D 00 4D 00 00 00 [binary data]
"WinSock 2.0 Provider ID" = 64 80 C4 9F 98 72 E4 43 B7 BD 18 1F 20 89 79 2A [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers\Tcpip]
"WinSock 2.0 Provider ID" = A0 1A 0F E7 8B AB CF 11 8C A3 00 80 5F 48 A1 92 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers\Tcpip6]
"WinSock 2.0 Provider ID" = C0 B0 EA F9 D4 26 D0 11 BB BF 00 AA 00 6C 34 E4 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Well Known Guids]
"IsoTp" = B0 CB E4 89 C1 B9 CF 11 95 C8 00 80 5F 48 A1 92 [binary data]
"McsXns" = B1 CB E4 89 C1 B9 CF 11 95 C8 00 80 5F 48 A1 92 [binary data]
"AppleTalk" = A0 17 3B 2C DF C6 CF 11 95 C8 00 80 5F 48 A1 92 [binary data]
"WinSock_Registry_Version" = 2.0
"Current_NameSpace_Catalog" = NameSpace_Catalog5
"Current_Protocol_Catalog" = Protocol_Catalog9
"AppFullPath" = C:\Windows\system32\wininit.exe -- [2008/01/19 03:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation)
"PermittedLspCategories" = -2147483584
"AppFullPath" = C:\Windows\system32\svchost.exe -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"AppArgs" = -k NetworkService
"PermittedLspCategories" = -2147483580
"AppFullPath" = C:\Windows\system32\svchost.exe -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"AppArgs" = -k LocalServiceNetworkRestricted
"PermittedLspCategories" = -2147483584
"AppFullPath" = C:\Windows\system32\svchost.exe -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"AppArgs" = -k LocalService
"PermittedLspCategories" = -2147483580
"AppFullPath" = C:\Windows\system32\lsass.exe -- [2009/06/15 08:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation)
"PermittedLspCategories" = -2147483648
"Num_Catalog_Entries" = 8
"Serial_Access_Num" = 24
"LibraryPath" = %SystemRoot%\system32\NLAapi.dll -- [2008/01/19 03:35:38 | 000,048,128 | ---- | M] (Microsoft Corporation)
"DisplayString" = @%SystemRoot%\system32\nlasvc.dll,-1000 -- [2008/01/19 03:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation)
"ProviderId" = 3A 24 42 66 A8 3B A6 4A BA A5 2E 0B D7 1F DD 83 [binary data]
"SupportedNameSpace" = 15
"Enabled" = 1
"Version" = 0
"StoresServiceClassInfo" = 0
"ProviderInfo" = [Binary data over 100 bytes]
"LibraryPath" = %SystemRoot%\system32\napinsp.dll -- [2008/01/19 03:35:35 | 000,050,176 | ---- | M] (Microsoft Corporation)
"DisplayString" = @%SystemRoot%\system32\napinsp.dll,-1000 -- [2008/01/19 03:35:35 | 000,050,176 | ---- | M] (Microsoft Corporation)
"ProviderId" = A2 CB 4A 96 BC B2 EB 40 8C 6A A6 DB 40 16 1C AE [binary data]
"SupportedNameSpace" = 37
"Enabled" = 1
"Version" = 0
"StoresServiceClassInfo" = 0
"ProviderInfo" = [Binary data over 100 bytes]
"LibraryPath" = %SystemRoot%\system32\pnrpnsp.dll -- [2008/01/19 03:36:07 | 000,062,464 | ---- | M] (Microsoft Corporation)
"DisplayString" = @%SystemRoot%\system32\pnrpnsp.dll,-1000 -- [2008/01/19 03:36:07 | 000,062,464 | ---- | M] (Microsoft Corporation)
"ProviderId" = CE 89 FE 03 6D 76 76 49 B9 C1 BB 9B C4 2C 7B 4D [binary data]
"SupportedNameSpace" = 39
"Enabled" = 1
"Version" = 0
"StoresServiceClassInfo" = 0
"ProviderInfo" = [Binary data over 100 bytes]
"LibraryPath" = %SystemRoot%\system32\pnrpnsp.dll -- [2008/01/19 03:36:07 | 000,062,464 | ---- | M] (Microsoft Corporation)
"DisplayString" = @%SystemRoot%\system32\pnrpnsp.dll,-1001 -- [2008/01/19 03:36:07 | 000,062,464 | ---- | M] (Microsoft Corporation)
"ProviderId" = CD 89 FE 03 6D 76 76 49 B9 C1 BB 9B C4 2C 7B 4D [binary data]
"SupportedNameSpace" = 38
"Enabled" = 1
"Version" = 0
"StoresServiceClassInfo" = 0
"ProviderInfo" = [Binary data over 100 bytes]
"LibraryPath" = C:\Program Files\Bonjour\mdnsNSP.dll -- [2008/12/12 06:11:44 | 000,147,456 | ---- | M] (Apple Inc.)
"DisplayString" = mdnsNSP
"ProviderId" = E9 E6 00 B6 3B 55 19 4A 86 96 33 5E 5C 89 61 53 [binary data]
"SupportedNameSpace" = 12
"Enabled" = 1
"Version" = 1
"StoresServiceClassInfo" = 0
"ProviderInfo" = [Binary data over 100 bytes]
"LibraryPath" = %SystemRoot%\system32\wshbth.dll -- [2009/04/11 02:28:26 | 000,034,304 | ---- | M] (Microsoft Corporation)
"DisplayString" = Espace de noms Bluetooth
"ProviderId" = E0 63 AA 06 60 7D FF 41 AF B2 3E E6 D2 D9 39 2D [binary data]
"SupportedNameSpace" = 16
"Enabled" = 1
"Version" = 0
"StoresServiceClassInfo" = 0
"ProviderInfo" = [Binary data over 100 bytes]
"LibraryPath" = %SystemRoot%\System32\mswsock.dll -- [2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation)
"DisplayString" = @%SystemRoot%\system32\wshtcpip.dll,-60103 -- [2008/01/19 03:37:11 | 000,009,216 | ---- | M] (Microsoft Corporation)
"ProviderId" = 40 9D 05 22 9E 7E CF 11 AE 5A 00 AA 00 A7 11 2B [binary data]
"SupportedNameSpace" = 12
"Enabled" = 1
"Version" = 0
"StoresServiceClassInfo" = 0
"ProviderInfo" = [Binary data over 100 bytes]
"LibraryPath" = %SystemRoot%\System32\winrnr.dll -- [2009/04/11 02:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation)
"DisplayString" = NTDS
"ProviderId" = EE 37 26 3B 80 E5 CF 11 A5 55 00 C0 4F D8 D4 AC [binary data]
"SupportedNameSpace" = 32
"Enabled" = 1
"Version" = 0
"StoresServiceClassInfo" = 0
"ProviderInfo" = [Binary data over 100 bytes]
"Next_Catalog_Entry_ID" = 2118
"Num_Catalog_Entries" = 41
"Serial_Access_Num" = 92
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = @%SystemRoot%\System32\wshtcpip.dll,-60100 -- [2008/01/19 03:37:11 | 000,009,216 | ---- | M] (Microsoft Corporation)
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = @%SystemRoot%\System32\wshtcpip.dll,-60101 -- [2008/01/19 03:37:11 | 000,009,216 | ---- | M] (Microsoft Corporation)
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = @%SystemRoot%\System32\wshtcpip.dll,-60102 -- [2008/01/19 03:37:11 | 000,009,216 | ---- | M] (Microsoft Corporation)
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = @%SystemRoot%\System32\wship6.dll,-60100 -- [2008/01/19 03:37:11 | 000,009,216 | ---- | M] (Microsoft Corporation)
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = @%SystemRoot%\System32\wship6.dll,-60101 -- [2008/01/19 03:37:11 | 000,009,216 | ---- | M] (Microsoft Corporation)
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = @%SystemRoot%\System32\wship6.dll,-60102 -- [2008/01/19 03:37:11 | 000,009,216 | ---- | M] (Microsoft Corporation)
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = @%SystemRoot%\System32\wshqos.dll,-100 -- [2006/11/02 05:46:14 | 000,013,824 | ---- | M] (Microsoft Corporation)
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = @%SystemRoot%\System32\wshqos.dll,-101 -- [2006/11/02 05:46:14 | 000,013,824 | ---- | M] (Microsoft Corporation)
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = @%SystemRoot%\System32\wshqos.dll,-102 -- [2006/11/02 05:46:14 | 000,013,824 | ---- | M] (Microsoft Corporation)
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = @%SystemRoot%\System32\wshqos.dll,-103 -- [2006/11/02 05:46:14 | 000,013,824 | ---- | M] (Microsoft Corporation)
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD RfComm [Bluetooth] -- [2006/11/02 05:40:16 | 000,003,072 | ---- | M] (Microsoft Corporation)
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip_{B593C447-7A90-4161-80DA-AC7B1A3C54D7}] SEQPACKET 13
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip_{B593C447-7A90-4161-80DA-AC7B1A3C54D7}] DATAGRAM 13
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip_{F22B128A-74DA-41E6-A08C-8C5861790D50}] SEQPACKET 11
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip_{F22B128A-74DA-41E6-A08C-8C5861790D50}] DATAGRAM 11
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip_{CADDC85B-6D07-454E-A0A0-0653411431B7}] SEQPACKET 6
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip_{CADDC85B-6D07-454E-A0A0-0653411431B7}] DATAGRAM 6
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip_{4A2B864F-C00C-494D-A4B7-8CCF82A43EE8}] SEQPACKET 2
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip_{4A2B864F-C00C-494D-A4B7-8CCF82A43EE8}] DATAGRAM 2
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip_{0FA55481-AB69-4A20-B634-2F3C2AF5B354}] SEQPACKET 0
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip_{0FA55481-AB69-4A20-B634-2F3C2AF5B354}] DATAGRAM 0
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip_{6D8E9F7A-1CE4-4D3F-AD78-45665F6A0EC0}] SEQPACKET 4
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip_{6D8E9F7A-1CE4-4D3F-AD78-45665F6A0EC0}] DATAGRAM 4
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip6_{272D925B-08F6-4732-8016-454AFF095512}] SEQPACKET 8
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip6_{272D925B-08F6-4732-8016-454AFF095512}] DATAGRAM 8
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B593C447-7A90-4161-80DA-AC7B1A3C54D7}] SEQPACKET 14
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B593C447-7A90-4161-80DA-AC7B1A3C54D7}] DATAGRAM 14
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4D9612C5-167D-4050-9D5E-922B1749E05A}] SEQPACKET 10
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4D9612C5-167D-4050-9D5E-922B1749E05A}] DATAGRAM 10
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F22B128A-74DA-41E6-A08C-8C5861790D50}] SEQPACKET 12
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F22B128A-74DA-41E6-A08C-8C5861790D50}] DATAGRAM 12
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip6_{88AD3572-0DB1-47B5-B2DB-B6F8DA989CF7}] SEQPACKET 9
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip6_{88AD3572-0DB1-47B5-B2DB-B6F8DA989CF7}] DATAGRAM 9
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CADDC85B-6D07-454E-A0A0-0653411431B7}] SEQPACKET 7
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CADDC85B-6D07-454E-A0A0-0653411431B7}] DATAGRAM 7
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4A2B864F-C00C-494D-A4B7-8CCF82A43EE8}] SEQPACKET 3
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4A2B864F-C00C-494D-A4B7-8CCF82A43EE8}] DATAGRAM 3
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip6_{0FA55481-AB69-4A20-B634-2F3C2AF5B354}] SEQPACKET 1
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip6_{0FA55481-AB69-4A20-B634-2F3C2AF5B354}] DATAGRAM 1
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6D8E9F7A-1CE4-4D3F-AD78-45665F6A0EC0}] SEQPACKET 5
"PackedCatalogItem" = [Binary data over 100 bytes]
"ProtocolName" = MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6D8E9F7A-1CE4-4D3F-AD78-45665F6A0EC0}] DATAGRAM 5
"DisplayName" = @%SystemRoot%\System32\wlansvc.dll,-257
"ErrorControl" = 1
"Group" = TDI
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Start" = 2
"Type" = 32
"Description" = @%SystemRoot%\System32\wlansvc.dll,-258
"DependOnService" = nativewifipRpcSsNdisuioEaphost [binary data]
"ObjectName" = LocalSystem
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 2C 01 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDllUnloadOnStop" = 1
"ServiceMain" = WlanSvcMain
"ServiceDll" = %SystemRoot%\System32\wlansvc.dll -- [2009/07/11 15:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation)
"Interface Properties" = O:SYG:SYD:(A;;CCRC;;;BU)(A;;CCRC;;;NO)(A;;CCDCWPSDRCWD;;;NO)(A;;CCRC;;;BA)(A;;CCDCWPSDRCWD;;;BA)(D;;FA;;;WD)
"Current Operation Mode" = O:SYG:SYD:(A;;CCRC;;;BU)(A;;CCRC;;;NO)(A;;CCDCWPSDRCWD;;;NO)(A;;CCRC;;;BA)(A;;CCDCWPSDRCWD;;;BA)(D;;FA;;;WD)
"DisplayName" = Microsoft Windows Management Interface for ACPI
"Group" = Extended Base
"ImagePath" = \SystemRoot\system32\drivers\wmiacpi.sys
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"Library" = %systemroot%\system32\wbem\wmiaprpl.dll -- [2009/04/11 02:28:25 | 000,090,112 | ---- | M] (Microsoft Corporation)
"Open" = WmiOpenPerfData
"Collect" = WmiCollectPerfData
"Close" = WmiClosePerfData
"PerfIniFile" = WmiApRpl.ini
"Object List" = 40810 40816 40826 40836 40856 40900 40910 40948 40954 40970
"Last Counter" = 40976
"Last Help" = 40977
"First Counter" = 40810
"First Help" = 40811
"DisplayName" = @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
"ImagePath" = %systemroot%\system32\wbem\WmiApSrv.exe -- [2009/04/11 02:28:15 | 000,137,728 | ---- | M] (Microsoft Corporation)
"Description" = @%Systemroot%\system32\wbem\wmiapsrv.exe,-111
"ObjectName" = localSystem
"ErrorControl" = 1
"Start" = 3
"Type" = 16
"ServiceSidType" = 1
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"DisplayName" = @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101
"ErrorControl" = 1
"ImagePath" = "%ProgramFiles%\Windows Media Player\wmpnetwk.exe" -- [2008/01/19 03:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation)
"Start" = 2
"Type" = 16
"Description" = @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-102
"DependOnService" = UPnPHosthttp [binary data]
"ObjectName" = NT AUTHORITY\NetworkService
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 30 75 00 00 01 00 00 00 30 75 00 00 00 00 00 00 00 00 00 00 [binary data]
"DelayedAutostart" = 1
"Security" = [Binary data over 100 bytes]
"DisplayName" = @%SystemRoot%\system32\wpcsvc.dll,-100
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Start" = 3
"Type" = 32
"Description" = @%SystemRoot%\system32\wpcsvc.dll,-101
"DependOnService" = RpcSs [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ObjectName" = NT Authority\LocalService
"ServiceSidType" = 1
"RequiredPrivileges" = SeImpersonatePrivilege [binary data]
"FailureCommand" = customScript.cmd
"RebootMessage" = This service should not reboot the machine
"FailureActions" = 50 46 00 00 01 00 00 00 01 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDllUnloadOnStop" = 1
"ServiceDll" = %SystemRoot%\System32\wpcsvc.dll -- [2009/04/11 02:28:25 | 000,140,288 | ---- | M] (Microsoft Corporation)
"Security" = [Binary data over 100 bytes]
"Start" = 2
"DisplayName" = @%SystemRoot%\system32\wpdbusenum.dll,-100
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Type" = 32
"Description" = @%SystemRoot%\system32\wpdbusenum.dll,-101
"DependOnService" = RpcSs [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ObjectName" = LocalSystem
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"DCInterval" = 240
"ACInterval" = 120
"ServiceDllUnloadOnStop" = 1
"ServiceDll" = %SystemRoot%\system32\wpdbusenum.dll -- [2009/09/30 21:01:54 | 000,081,920 | ---- | M] (Microsoft Corporation)
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"Tag" = 23
"ImagePath" = system32\DRIVERS\wpdusb.sys -- [2009/09/30 21:01:54 | 000,040,448 | ---- | M] (Microsoft Corporation)
"DisplayName" = WpdUsb
"Group" = Base
"DisplayName" = Winsock IFS driver
"Group" = PNP_TDI
"ImagePath" = \SystemRoot\system32\drivers\ws2ifsl.sys
"Description" = Winsock IFS driver
"ErrorControl" = 1
"Start" = 4
"Type" = 1
"DisplayName" = @%SystemRoot%\System32\wscsvc.dll,-200
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Start" = 4
"Type" = 32
"Description" = @%SystemRoot%\System32\wscsvc.dll,-201
"DependOnService" = RpcSsWinMgmt [binary data]
"ObjectName" = NT AUTHORITY\LocalService
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeImpersonatePrivilege [binary data]
"DelayedAutoStart" = 1
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDllUnloadOnStop" = 1
"ServiceDll" = %SystemRoot%\System32\wscsvc.dll -- [2009/04/11 02:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation)
"Security" = [Binary data over 100 bytes]
"DisplayName" = @%systemroot%\system32\SearchIndexer.exe,-103
"ErrorControl" = 1
"ImagePath" = %systemroot%\system32\SearchIndexer.exe /Embedding -- [2009/04/11 02:27:59 | 000,441,344 | ---- | M] (Microsoft Corporation)
"Start" = 2
"Type" = 16
"Description" = @%systemroot%\system32\SearchIndexer.exe,-104
"DependOnService" = RPCSS [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ObjectName" = LocalSystem
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActionsOnNonCrashFailures" = 1
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 30 75 00 00 01 00 00 00 30 75 00 00 00 00 00 00 00 00 00 00 [binary data]
"Close" = PerfmonIDXClose
"Open" = PerfmonIDXOpen
"Collect" = PerfmonIDXCollect
"Library" = %systemroot%\system32\tquery.dll -- [2009/04/11 02:28:24 | 001,576,960 | ---- | M] (Microsoft Corporation)
"InstallType" = 1
"PerfIniFile" = idxcntrs.ini
"First Counter" = 3900
"Last Counter" = 4026
"First Help" = 3901
"Last Help" = 4027
"Object List" = 3900
"PreshutdownTimeout" = 57600000
"DisplayName" = @%systemroot%\system32\wuaueng.dll,-105
"ImagePath" = %systemroot%\system32\svchost.exe -k netsvcs -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\wuaueng.dll,-106
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"DelayedAutoStart" = 1
"Type" = 32
"DependOnService" = rpcss [binary data] -- [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation)
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %systemroot%\system32\wuaueng.dll -- [2009/08/06 22:23:45 | 001,929,952 | ---- | M] (Microsoft Corporation)
"ServiceMain" = WUServiceMain
"ServiceDllUnloadOnStop" = 1
"Security" = [Binary data over 100 bytes]
"0" = Root\LEGACY_WUAUSERV\0000
"Count" = 1
"NextInstance" = 1
"Type" = 1
"Start" = 3
"ErrorControl" = 1
"ImagePath" = system32\DRIVERS\WUDFRd.sys -- [2008/01/19 01:53:04 | 000,083,328 | ---- | M] (Microsoft Corporation)
"DisplayName" = @%SystemRoot%\system32\wudfsvc.dll,-1000
"Group" = PlugPlay
"ImagePath" = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -- [2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\wudfsvc.dll,-1001
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = PlugPlay [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = [Binary data over 100 bytes]
"FailureActions" = 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
"ServiceDll" = %SystemRoot%\System32\WUDFSvc.dll -- [2008/01/19 03:37:12 | 000,055,296 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"Security" = [Binary data over 100 bytes]
"QueryAlias" = eaptlsconnectionpropertiesv1
"SchemaFile" = eaptlsconnectionpropertiesv1.xsd
"QueryAlias" = mschapv2connectionpropertiesv1
"SchemaFile" = mschapv2connectionpropertiesv1.xsd
"QueryAlias" = mspeapconnectionpropertiesv1
"SchemaFile" = mspeapconnectionpropertiesv1.xsd
"QueryAlias" = eaptlsuserpropertiesv1
"SchemaFile" = eaptlsuserpropertiesv1.xsd
"QueryAlias" = mschapv2userpropertiesv1
"SchemaFile" = mschapv2userpropertiesv1.xsd
"QueryAlias" = mspeapuserpropertiesv1
"SchemaFile" = mspeapuserpropertiesv1.xsd
"EnableDHCP" = 1
"EnableDHCP" = 1
"EnableDHCP" = 1
"EnableDHCP" = 1
"EnableDHCP" = 1
"EnableDHCP" = 1
"Start" = 3
"Type" = 1
"Group" = SCSI miniport
"0" = ACPI\PNPA000\4&5d18f2df&1
"Count" = 1
"NextInstance" = 1
"0" = 1
"Start" = 3
"Type" = 1
"Group" = SCSI miniport
"0" = ACPI\PNPA000\4&5d18f2df&0
"Count" = 1
"NextInstance" = 1
"0" = 1

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:7F66BF58
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1
< End of report >
Inscription: 22 Mar 2010 03:41

Re: Probleme internet explorer

Message le 22 Avr 2010 20:56


Fais cela stp...

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Output" (en haut à droite) la case "minimal Output" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Custom scan/fixes"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs" =-

O4 - HKLM\..\Run: [ezLife] File not found
O4 - HKLM\..\Run: [zpkulydleetxdhle] C:\Windows\System32\aknqvjjjggvqx.dll File not found

/!\ ne te trompe pas >> Cliques sur l'icône "Run Fix" (en haut à gauche) surtout pas sur "runscan"
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Ensuite, dis moi si tu constates des changements :wink:

Re: Probleme internet explorer

Message le 22 Avr 2010 23:39

========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs deleted successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.

OTL by OldTimer - Version log created on 04222010_183624
Re: Probleme internet explorer

Message le 22 Avr 2010 23:41

je n'est constaté aucun changement.
Re: Probleme internet explorer

Message le 23 Avr 2010 16:18

hello Nanoua,

humm, faut croire que le problème de démarrage en mode normal merdouille au niveau des clef de service...

Je demande conseil à des collègues et revient te dire ce qu'il en est...mais ne te fais pas de bile si la réponse tarde un peu, je ne te laisse pas tomber :wink:

Re: Probleme internet explorer

Message le 23 Avr 2010 17:43


essais cela stp...

Clique sur démarrer > exécuter > tapes cmd et valide en cliquant sur OK
  • Puis dans la fenêtre noir qui s'ouvre tapes SFC /SCANNOW
  • Attention: il faut un espace entre SFC et /SCANNOW
  • Le contrôle du disque démarre ( de 1% à 100% ) ,laisse le allez jusqu'à 100%...
  • Arriver à 100% tu auras un message qui apparaitra dans la fenêtre noir, indique moi ce qui est écrit...
Re: Probleme internet explorer

Message le 24 Avr 2010 05:23

j'ai fais comme tu ma dit et cela me dit :
"La protection des ressources Windows n'a pas réussi à démarrer le service de réparation"
Re: Probleme internet explorer

Message le 24 Avr 2010 07:06


mouai c'est pas rassurant... :-?

Relance OTL et colle ce script(comme d'habitude) puis clique sur "RUNFIX"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
C:\Windows\System32\userinit.exe|C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe /replace

poste le rapport...

>> Redémarre IMPÉRATIVEMENT ton PC <<

Si le problème persiste, faiS la suite....

On vas voir si il n'y aurait pas un rootkit...

Télécharge Gmer. (Przemyslaw Gmerek)
  • Désactive ton Anti-virus
  • Dézippe-le dans un dossier dédié ou sur ton Bureau.
  • Déconnecte toi d'Internet puis ferme tous les programmes.
  • Double-clique sur Gmer.exe et laisse GMER se lancer entièrement (environs 30 secondes).
    Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
  • Clique sur l'onglet Rootkit.
  • A droite, coche seulement Files, Services & Registry.
  • Clique maintenant sur Scan.
  • Lorsque le scan est terminé, clique sur Copy.
  • Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
  • Le rapport doit alors apparaître.
  • Enregistre le fichier sur ton Bureau et poste le contenu ici.

