Nols

Membres

Afficher le profil Afficher son activité

Compteur de contenus
13
Inscription
le 9 juin 2008
Dernière visite
le 20 janvier 2015

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par Nols

détournement du bureau

Nols a répondu à un(e) sujet de Nols dans Analyses et éradication malwares

Bonsoir, Ci joint rapport Combofix Merci a+ rapport combofix
- le 19 juin 2008
- 23 réponses
détournement du bureau

Nols a répondu à un(e) sujet de Nols dans Analyses et éradication malwares

j ai executé le post mais par contre impossible d installer la console de récup je ne retrouve pas le cd et je ne retrouve pas le dossier I386 sur disque dur par contre j ai pu acceder au forum voici le rapport Combofix http://www.mediafire.com/?dgbywg3umfz
- le 18 juin 2008
- 23 réponses
détournement du bureau

Nols a répondu à un(e) sujet de Nols dans Analyses et éradication malwares

Oui j'essayerai ce soir mais j ai toujours pas installé la console de récup je ne peux pas acceder au lien et je vais essayer de retrouver mon cd d installation merci a +
- le 18 juin 2008
- 23 réponses
détournement du bureau

Nols a répondu à un(e) sujet de Nols dans Analyses et éradication malwares

Bonjour, Il m'est impossible de me connecter sur le forum depuis chez moi la page ne se charge pas et c est pareil pour d autres sites comme microsoft ou certaines recherche google j ai néanmois réussi a effectuer un rapport hijackthis et réussi a l envoyer via Mediafire, le voici http://www.mediafire.com/?dijb9cgyfge Bonne journée merci a +
- le 18 juin 2008
- 23 réponses
détournement du bureau

Nols a répondu à un(e) sujet de Nols dans Analyses et éradication malwares

aussi j avais deja telecharger la console de récupération mais quand je fais le déplacement du fichier sur l'icône de Combofix.exe une fenêtre apparait me demandant si je veux executer Combofix.exe
- le 17 juin 2008
- 23 réponses
détournement du bureau

Nols a répondu à un(e) sujet de Nols dans Analyses et éradication malwares

Bonjour, Apres un week end d absence je suis de retour... J ai essayé d acceder au forum hier soir mais sans succes mon pc ne charge pas la page pourtant tout a l air de bien fonctionné je suis allée sur d autre sites et ca allait je n ai pas reussi non plus a aller sur le support microsoft pour pouvoir installer la console de récup je ne comprends pas je réessayerai ce soir Par contre concernant mon bureau le pb de la page pub est résolu et Antivir ne "bip" plus sans arret
- le 17 juin 2008
- 23 réponses
détournement du bureau

Nols a répondu à un(e) sujet de Nols dans Analyses et éradication malwares

en fait en mode sans echec j avais un ecran noir sans meme de barre de démarrage j ai executé combofix en mode normal voici le rapport : ComboFix 08-06-10.5 - Nolwenn 2008-06-12 23:16:55.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1033.18.267 [GMT 2:00] Running from: C:\Documents and Settings\Nolwenn\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\WINDOWS\BMab83a148.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\awTmNgdc.dll C:\WINDOWS\system32\fgjfvrah.dll C:\WINDOWS\system32\gqkoykjw.dll C:\WINDOWS\system32\harvfjgf.ini C:\WINDOWS\system32\klpskqhf.ini C:\WINDOWS\system32\kmmpWvut.ini C:\WINDOWS\system32\kmmpWvut.ini2 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\tuvWpmmk.dll C:\WINDOWS\system32\wadyyjst.dll . ((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 ))))))))))))))))))))))))))))))) . 2008-06-12 22:14 . 2008-06-12 22:14 <DIR> d-------- C:\Documents and Settings\Administrator 2008-06-12 21:32 . 2008-06-12 21:32 99,328 --a------ C:\WINDOWS\system32\rdbvpcbe.dll 2008-06-11 22:45 . 2008-06-11 22:45 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-06-11 22:05 . 2008-06-11 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-06-11 18:14 . 2008-06-11 18:14 89,600 --a------ C:\WINDOWS\system32\sgqeimvq.dll 2008-06-09 17:40 . 2008-06-09 17:40 <DIR> d-------- C:\Program Files\Avira 2008-06-09 17:40 . 2008-06-09 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-08 17:11 . 2008-06-08 17:11 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-06-08 17:10 . 2008-06-08 17:10 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared 2008-06-08 17:09 . 2008-06-08 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-06-08 16:27 . 2008-06-11 22:23 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-06-08 16:27 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-05-20 21:24 . 2008-05-20 21:24 244 --ah----- C:\sqmnoopt18.sqm 2008-05-20 21:24 . 2008-05-20 21:24 232 --ah----- C:\sqmdata18.sqm 2008-05-20 21:19 . 2008-05-20 21:19 244 --ah----- C:\sqmnoopt17.sqm 2008-05-20 21:19 . 2008-05-20 21:19 232 --ah----- C:\sqmdata17.sqm 2008-05-20 21:17 . 2008-05-20 21:17 244 --ah----- C:\sqmnoopt16.sqm 2008-05-20 21:17 . 2008-05-20 21:17 232 --ah----- C:\sqmdata16.sqm 2008-05-18 11:41 . 2008-05-18 11:41 <DIR> d-------- C:\Program Files\Lavasoft 2008-05-18 11:41 . 2008-05-18 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-18 10:50 . 2008-05-18 11:35 <DIR> d-------- C:\WINDOWS\BDOSCAN8 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-08 15:10 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-06-08 15:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca 2008-06-08 13:45 --------- d-----w C:\Program Files\Nokia 2008-06-08 13:33 --------- d-----w C:\Program Files\Sony 2008-06-08 11:57 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-08 11:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak 2008-06-08 10:54 --------- d-----w C:\Program Files\Kodak EasyShare software 2008-05-18 11:36 --------- d-----w C:\Program Files\Azureus 2008-05-11 22:51 --------- d-----w C:\Program Files\eMule 2008-05-11 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-11 17:37 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-05-03 22:23 --------- d-----w C:\Program Files\RADVideo 2008-05-03 09:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc 2008-05-01 20:02 --------- d-----w C:\Documents and Settings\Nolwenn\Application Data\uTorrent 2008-05-01 14:47 --------- d-----w C:\Program Files\Pinnacle 2008-04-29 21:55 --------- d-----w C:\Program Files\Microsoft Picture It! 7 2008-04-29 20:37 --------- d-----w C:\Documents and Settings\Nolwenn\Application Data\Leadertech 2008-04-28 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle 2008-04-28 19:13 --------- d-----w C:\Program Files\DivX 2008-04-28 18:50 --------- d-----w C:\Program Files\SmartSound Software 2008-04-21 19:42 --------- d-----w C:\Documents and Settings\Nolwenn\Application Data\Teleca 2008-04-21 19:41 --------- d-----w C:\Documents and Settings\Nolwenn\Application Data\Sony Ericsson 2008-04-21 19:36 --------- d-----w C:\Program Files\Sony Ericsson 2008-04-21 19:34 --------- d-----w C:\Documents and Settings\Nolwenn\Application Data\AdobeUM 2008-04-21 19:24 --------- d-----w C:\Documents and Settings\Nolwenn\Application Data\FileZilla 2008-04-14 17:14 --------- d-----w C:\Documents and Settings\Nolwenn\Application Data\Media Player Classic . ------- Sigcheck ------- 2004-12-02 11:00 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{135F469E-0FD0-4EF5-A834-B5A29AE2410E}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{317B4DF8-42C4-41E5-9041-40D228DE730F}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AB98CD7-D55A-4D7E-9217-187484A3A249}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{442E6FEE-111C-4AAE-81EC-7DA32B8C967B}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69C21BFC-B729-446F-92B6-BFFE2A0E523B}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9DF827A-8FA7-48A3-B268-CA4DB563EA40}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-12-02 11:00 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 17:03 94208] "NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-12-11 13:10 49152] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-21 18:11 68856] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-27 16:25 77824] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-12-11 13:10 3022848] "nwiz"="nwiz.exe" [2003-12-11 13:10 753664 C:\WINDOWS\system32\nwiz.exe] "WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2004-02-25 10:23 159744] "SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 15:26 406016] "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-24 21:20 28672] "SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 11:43 5146448] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 01:07 593920] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "a8b092d4"="C:\WINDOWS\system32\fhqksplk.dll" [ ] "BMab83a148"="C:\WINDOWS\system32\sgqeimvq.dll" [2008-06-11 18:14 89600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-12-02 11:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awTmNgdc] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= vdrcodec.dll "VIDC.YV12"= yv12vfw.dll "msacm.ac3filter"= ac3filter.acm "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll [HKLM\~\startupfolder\C:^Documents and Settings^Nolwenn^Start Menu^Programs^Startup^MagicDisc.lnk] path=C:\Documents and Settings\Nolwenn\Start Menu\Programs\Startup\MagicDisc.lnk backup=C:\WINDOWS\pss\MagicDisc.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\Li st] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"= "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\french\\setup.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 20:22] R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2003-01-07 10:16] S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 20:07] S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07] S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-12 23:24:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\ehome\ehRecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehmsas.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SoftwareDistribution\Download\4a70167257b9ec465806ced7f92b65d8\update\update.exe C:\WINDOWS\system32\imapi.exe . ************************************************************************** . Completion time: 2008-06-12 23:30:32 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-12 21:30:21 Pre-Run: 13,143,490,560 bytes free Post-Run: 13,050,056,704 bytes free 179 --- E O F --- 2008-06-10 06:22:16
- le 12 juin 2008
- 23 réponses
détournement du bureau

Nols a répondu à un(e) sujet de Nols dans Analyses et éradication malwares

non en fait quand je démarre en mode sans echec j ai pas d icone sur le bureau pour pouvoir lancer combofix (alors que la derniere fois les icones y etaient)
- le 12 juin 2008
- 23 réponses
détournement du bureau

Nols a répondu à un(e) sujet de Nols dans Analyses et éradication malwares

Bonsoir, J'ai suivi tes explications et suivi tous les tutos mais au moment de passer en mode sans echec pour démarrer COmbofix sur le mode sans echec (safe mode sur mon pc) je n ai plus accès au bureau ce qui me semble bizarre car lors d'un analyse j ai utilisé ce mode et n'ai eu aucun soucis! Que Faire? Merci pour ta patience @+
- le 12 juin 2008
- 23 réponses
détournement du bureau

Nols a répondu à un(e) sujet de Nols dans Analyses et éradication malwares

Bonjour, Voici les fichiers de rapport - Rapport OTscanIt avant analyse Kaspersky http://www.mediafire.com/?bjg224enh9e - Rapport Kaspersky : - Rapport OTscanIt après Kaspersky http://www.mediafire.com/?zty2mmmu1xd merci @+ KASPERSKY ON-LINE SCANNER REPORT Thursday, June 12, 2008 8:39:24 AM Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 11/06/2008 Enregistrements dans la base antivirus Kaspersky : 759113 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail A:\ C:\ D:\ E:\ F:\ Statistiques de l'analyse Total d'objets analysés 66834 Nombre de virus trouvés 2 Nombre d'objets infectés 4 / 0 Nombre d'objets suspects 0 Durée de l'analyse 01:23:36 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Nolwenn\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Nolwenn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\Nolwenn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Nolwenn\Local Settings\History\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Nolwenn\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Nolwenn\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Nolwenn\NTUSER.DAT.LOG L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{7E906DA1-186B-4E09-8E7B-5ACE5554A6FA}\RP164\A0025290.dll Infecté : Trojan.Win32.Monder.gen ignoré C:\System Volume Information\_restore{7E906DA1-186B-4E09-8E7B-5ACE5554A6FA}\RP186\A0027908.dll Infecté : Trojan-Downloader.Win32.ConHook.aek ignoré C:\System Volume Information\_restore{7E906DA1-186B-4E09-8E7B-5ACE5554A6FA}\RP186\A0027909.dll Infecté : Trojan-Downloader.Win32.ConHook.aek ignoré C:\System Volume Information\_restore{7E906DA1-186B-4E09-8E7B-5ACE5554A6FA}\RP187\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{5D63C383-80AC-4A69-8684-262D45E01AD4}.crmlog L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\system32\awTmNgdc.dll Infecté : Trojan-Downloader.Win32.ConHook.aek ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Media Ce.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré Analyse terminée.
- le 12 juin 2008
- 23 réponses
détournement du bureau

Nols a répondu à un(e) sujet de Nols dans Analyses et éradication malwares

Je ne connaissais pas Mediafire alors j espere que c bien ca http://www.mediafire.com/?venmceiuc1p
- le 10 juin 2008
- 23 réponses
détournement du bureau

Nols a répondu à un(e) sujet de Nols dans Analyses et éradication malwares

voici le rapport OTscan et merci d'avance OTScanIt logfile created on: 10/06/2008 18:34:28 OTScanIt by OldTimer - Version 1.0.15.12 Folder = C:\Documents and Settings\Nolwenn\Desktop\OTScanIt Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 511,48 Mb Total Physical Memory | 261,74 Mb Available Physical Memory | 51,17% Memory free 1,22 Gb Paging File | 0,87 Gb Available in Paging File | 71,71% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 76,32 Gb Total Space | 12,40 Gb Free Space | 16,24% Space Free | Partition Type: NTFS Drive D: | 1002,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Unable to calculate disk information. F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NOL Current User Name: Nolwenn Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 17272 bytes | Modified Date = 16/05/2008 01:06:57 | Attr = ] ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 144760 bytes | Modified Date = 16/05/2008 01:19:24 | Attr = ] sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 8.00.00.12 | Size = 68865 bytes | Modified Date = 07/03/2008 12:00:08 | Attr = ] ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 79224 bytes | Modified Date = 16/05/2008 01:19:31 | Attr = ] wfwiz.exe -> %ProgramFiles%\WinFast\WFTVFM\WFWIZ.exe -> Leadtek Research Inc. [Ver = 5.13.01.2003-1.67 | Size = 159744 bytes | Modified Date = 25/02/2004 10:23:28 | Attr = ] soundman.exe -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 58 | Size = 577536 bytes | Modified Date = 17/11/2006 05:42:52 | Attr = R ] wkufind.exe -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe -> Microsoft® Corporation [Ver = 7.00.0724.0 | Size = 28672 bytes | Modified Date = 24/07/2002 21:20:02 | Attr = ] avgnt.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 8.00.00.07 | Size = 262401 bytes | Modified Date = 12/02/2008 10:06:50 | Attr = ] nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 2, 0, 6 | Size = 94208 bytes | Modified Date = 21/04/2006 17:03:34 | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolba rNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 21/09/2007 18:11:33 | Attr = ] teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 28/01/2008 11:43:40 | Attr = RHS] magicdisc.exe -> %ProgramFiles%\MagicDisc\MagicDisc.exe -> [Ver = | Size = 534016 bytes | Modified Date = 26/09/2006 09:59:14 | Attr = ] avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 8.00.01.18 | Size = 147201 bytes | Modified Date = 10/06/2008 18:17:51 | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.12 | Size = 397312 bytes | Modified Date = 07/06/2008 11:09:00 | Attr = ] [Win32 Services - Non-Microsoft Only] (AntiVirScheduler) Avira AntiVir Personal – Free Antivirus Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 8.00.00.12 | Size = 68865 bytes | Modified Date = 07/03/2008 12:00:08 | Attr = ] (AntiVirService) Avira AntiVir Personal – Free Antivirus Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 8.00.01.18 | Size = 147201 bytes | Modified Date = 10/06/2008 18:17:51 | Attr = ] (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 17272 bytes | Modified Date = 16/05/2008 01:06:57 | Attr = ] (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 144760 bytes | Modified Date = 16/05/2008 01:19:24 | Attr = ] (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 247160 bytes | Modified Date = 16/05/2008 01:19:00 | Attr = ] (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 349560 bytes | Modified Date = 16/05/2008 01:16:59 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 02/12/2004 11:00:00 | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 17/09/2007 20:58:17 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 14/11/2005 01:06:04 | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5306 | Size = 77824 bytes | Modified Date = 11/12/2003 13:10:00 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\Run -> avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 79224 bytes | Modified Date = 16/05/2008 01:19:31 | Attr = ] avgnt -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe ["C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min] -> Avira GmbH [Ver = 8.00.00.07 | Size = 262401 bytes | Modified Date = 12/02/2008 10:06:50 | Attr = ] BMab83a148 -> %SystemRoot%\system32\jcxqfpki.DLL [Rundll32.exe "C:\WINDOWS\system32\jcxqfpki.dll",s] -> File not found Microsoft Works Update Detection -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe [C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe] -> Microsoft® Corporation [Ver = 7.00.0724.0 | Size = 28672 bytes | Modified Date = 24/07/2002 21:20:02 | Attr = ] NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 12/01/2006 16:40:44 | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.5306 | Size = 3022848 bytes | Modified Date = 11/12/2003 13:10:00 | Attr = ] nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> NVIDIA Corporation [Ver = 6.14.10.5306 | Size = 753664 bytes | Modified Date = 11/12/2003 13:10:00 | Attr = ] PinnacleDriverCheck -> %SystemRoot%\system32\PSDrvCheck.exe [C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg] -> [Ver = 1.0.0.63 | Size = 406016 bytes | Modified Date = 10/03/2004 15:26:10 | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 6.4 | Size = 77824 bytes | Modified Date = 27/08/2007 16:25:49 | Attr = ] Sony Ericsson PC Suite -> %ProgramFiles%\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ["C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions] -> [Ver = 2.0.10.129 | Size = 593920 bytes | Modified Date = 28/03/2007 01:07:42 | Attr = R ] SoundMan -> %SystemRoot%\soundman.exe [SOUNDMAN.EXE] -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 58 | Size = 577536 bytes | Modified Date = 17/11/2006 05:42:52 | Attr = R ] SpybotSnD -> %ProgramFiles%\Spybot - Search & Destroy\SpybotSD.exe ["C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"] -> Safer Networking Limited [Ver = 1, 5, 2, 20 | Size = 5146448 bytes | Modified Date = 28/01/2008 11:43:36 | Attr = RHS] WinFast Schedule -> %ProgramFiles%\WinFast\WFTVFM\WFWIZ.exe [C:\Program Files\WinFast\WFTVFM\WFWIZ.exe] -> Leadtek Research Inc. [Ver = 5.13.01.2003-1.67 | Size = 159744 bytes | Modified Date = 25/02/2004 10:23:28 | Attr = ] < RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\RunOnceEx -> Flag -> [] -> File not found < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers ion\Run -> BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"] -> Nero AG [Ver = 1, 2, 0, 6 | Size = 94208 bytes | Modified Date = 21/04/2006 17:03:34 | Attr = ] NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.5306 | Size = 49152 bytes | Modified Date = 11/12/2003 13:10:00 | Attr = ] SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 28/01/2008 11:43:40 | Attr = RHS] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolba rNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 21/09/2007 18:11:33 | Attr = ] WebSUpdater -> %ProgramFiles%\winvi\wupda.exe ["C:\Program Files\winvi\wupda.exe" /background] -> File not found WinUpdater -> %ProgramFiles%\winvi\update.exe ["C:\Program Files\winvi\update.exe" /background] -> File not found < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Nolwenn Startup Folder > -> C:\Documents and Settings\Nolwenn\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\MagicDisc.lnk -> %ProgramFiles%\MagicDisc\MagicDisc.exe -> [Ver = | Size = 534016 bytes | Modified Date = 26/09/2006 09:59:14 | Attr = ] < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\Explorer\ShellExecuteHooks -> {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\awTmNgdc.dll [] -> [Ver = | Size = 52736 bytes | Modified Date = 11/05/2008 19:17:45 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secu rityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> awTmNgdc -> %SystemRoot%\system32\awTmNgdc.dll -> [Ver = | Size = 52736 bytes | Modified Date = 11/05/2008 19:17:45 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\ActiveDesktop\\NoAddingComponents -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\ActiveDesktop\\NoDeletingComponents -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\ActiveDesktop\\NoEditingComponents -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\ActiveDesktop\\NoChangingWallpaper -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\ActiveDesktop\\NoActiveDesktopChanges -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90A B50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8E F6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728 E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\system\\InstallVisualStyle -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\system\\InstallTheme -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers ion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers ion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers ion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers ion\policies\ActiveDesktop\\NoAddingComponents -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers ion\policies\ActiveDesktop\\NoEditingComponents -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers ion\policies\ActiveDesktop\\NoChangingWallpaper -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers ion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers ion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers ion\policies\Explorer\\ForceActiveDesktopOn -> 0 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cd rom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr om\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr om\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr om\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr om\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr om\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr om\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr om\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr om\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr om\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 02/12/2004 11:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr om\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr om\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr om\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr om\Enum\\0 -> IDE\CdRom_NEC_DVD_RW_ND-2510A____________________2.15___ _\5&1ba9decb&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr om\Enum\\Count -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr om\Enum\\NextInstance -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr om\Enum\\1 -> IDE\CdRomSAMSUNG_CD-ROM_SC-152G__________________C401___ _\5&1ba9decb&0&0.1.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr om\Enum\\2 -> SCSI\CdRom&Ven_MagicISO&Prod_Virtual_DVD-ROM&Rev_1.0A\1& 2afd7d61&0&0000 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 19/08/2007 00:29:33 | Attr = ] < HOSTS File > (238945 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&a r=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesea rch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&c lcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust .htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.fr/ -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\Internet Settings\ZoneMap\Domains\ -> [Key] 4423 domain(s) found. -> 33 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\ZoneMap\Domains\ -> [Key] 4422 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVer sion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 02/03/2001 12:02:04 | Attr = ] {2166923B-DC40-4FDD-B8D5-56D16C2BAF3E} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\qOifeefd.dll [Reg Error: Value does not exist or could not be read.] -> File not found {3DAEA73C-010A-4580-B8A4-2512DC5E6770} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {43772ae3-ea6e-42c6-9adb-10527b90cfd7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 11:43:28 | Attr = ] {76489CEC-C772-49E4-94F2-2272D2008678} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\hgGwVlIY.dll [Reg Error: Value does not exist or could not be read.] -> File not found {7E200256-73B9-44A0-859F-C60E90CD58BD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {A585C407-ADDA-4F25-872B-2174E507CFA2} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 17/09/2007 20:58:16 | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164 \swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 21/09/2007 18:11:32 | Attr = ] {c1a48912-69af-459e-b2cd-7e16c2be70b9} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {E2AD6BDE-E3E5-4905-A79B-36BFF8CEF6AE} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\pmnmjGYo.dll [Reg Error: Value does not exist or could not be read.] -> File not found {E8A26038-AAB8-4080-B64E-9F46C84EE2E7} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\byXOhGYS.dll [Reg Error: Value does not exist or could not be read.] -> File not found {F0F34798-63D1-4BFD-9E2C-9324ABA97D35} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\rqRJYroO.dll [Reg Error: Value does not exist or could not be read.] -> File not found {F8F9FEDB-B70C-4420-9E06-3A4AED22CA83} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\awTmNgdc.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 52736 bytes | Modified Date = 11/05/2008 19:17:45 | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 17/09/2007 20:58:16 | Attr = R ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 17/09/2007 20:58:16 | Attr = R ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [Ver = | Size = 53248 bytes | Modified Date = 25/05/2006 01:22:06 | Attr = ] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D 53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 11:43:28 | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [Ver = | Size = 53248 bytes | Modified Date = 25/05/2006 01:22:06 | Attr = ] CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 11:43:28 | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mi me=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcp ip\Parameters\Adapters\ -> {3C7F8D70-5ECF-4187-B1BB-C5F6375ABC13} -> (VIA Compatable Fast Ethernet Adapter) -> {81021D37-AF9F-4DDD-9218-0E130A5FEE0C} -> () -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHIN E] -> [Reg Error: Key does not exist or could not be opened.] -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHIN E] -> http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab[BDSCA NONLINE Control] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHIN E] -> http://download.macromedia.com/pub/shockwave/cabs/flash/ swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/bdoscandel.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/bdoscandel.exe\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/bdoscandel.exe\\{5D86DDB5-BD F9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/bdoscandellang.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/bdoscandellang.ini\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/bdoscandellang.ini\\{5D86DDB 5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdcore.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdcore.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdcore.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdupd.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdupd.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdupd.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipsupd.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipsupd.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipsupd.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/lang.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/lang.ini\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/lang.ini\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libfn.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libfn.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libfn.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/live.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/live.ini\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/live.ini\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan8.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan8.ocx\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan8.ocx\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/scanoptions.tsi\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/scanoptions.tsi\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer sion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/scanoptions.tsi\\{5D86DDB5-BDF9-441B-9E9E-D4730F4E E499} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunch Permission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunch Restriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccess Restriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\Acti vationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\Acti vationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7 A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\Acti vationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-96 29-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\Acti vationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9D E0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\Acti vationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B9 9C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\Sys tem.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\W indowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFi rewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ \Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 02/12/2004 11:00:00 | Attr = ] C:\WINDOWS\system32\byXOhGYS -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ \Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ \Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 19:49:30 | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 02/12/2004 11:00:00 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 16:21:15 | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 02/12/2004 11:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ \ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ \LsaPid -> 704 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ \SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ \auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ \crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ \disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ \everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ \fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ \forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ \fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ \limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ \lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ \nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ \nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ \restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ \restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ \Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 02/12/2004 11:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 02/12/2004 11:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ Data\\Pattern -> F4 F8 05 0B B5 C6 F4 A9 E8 E4 C3 F7 17 47 50 6C 32 61 61 38 65 35 37 39 00 FD 07 00 5D CD 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 0C 74 4D 6B 38 0C A8 0A 25 FA 51 2A [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ GBG\\GrafBlumGroup -> 68 C1 00 3B 8E E1 C6 10 B4 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ JD\\Lookup -> 0F 28 D1 7F 0F 6C [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 02/12/2004 11:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ Skew1\\SkewMatrix -> 86 97 86 4E C0 AF 43 52 81 4B 16 86 DC FD 95 51 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\\Time -> 28 53 31 71 F2 E4 C7 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\digest.dll\\Time -> 00 A8 A5 4D 4D D8 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\msapsspc.dll\\Time -> 00 A8 A5 4D 4D D8 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\msnsspc.dll\\Time -> 00 A8 A5 4D 4D D8 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 02/12/2004 11:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Epoch\\Epoch -> 1753 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 02/12/2004 11:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\DomainProfile\Author izedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\DomainProfile\Author izedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\DomainProfile\Author izedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,- 22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 02/12/2004 11:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\DomainProfile\Author izedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 12:55:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\DomainProfile\Author izedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 04/01/2007 16:10:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\\Ena bleFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\\DoN otAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\\Dis ableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Auth orizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Auth orizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Auth orizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,- 22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 02/12/2004 11:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Auth orizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> %ProgramFiles%\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 12813096 bytes | Modified Date = 27/10/2006 15:16:48 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Auth orizedApplications\List\\C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe -> %ProgramFiles%\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Auth orizedApplications\List\\C:\Program Files\Kodak EasyShare software\bin\EasyShare.exe -> %ProgramFiles%\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Auth orizedApplications\List\\C:\Program Files\Freeplayer\vlc\vlc.exe -> %ProgramFiles%\Freeplayer\vlc\vlc.exe [C:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player] -> [Ver = | Size = 6415360 bytes | Modified Date = 02/09/2005 21:24:01 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Auth orizedApplications\List\\C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe -> %ProgramFiles%\Nero\Nero 7\Nero ShowTime\ShowTime.exe [C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime] -> Nero AG [Ver = 3, 0, 0, 1 | Size = 3739648 bytes | Modified Date = 23/03/2006 16:44:06 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Auth orizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 23/02/2008 10:38:21 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Auth orizedApplications\List\\C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe -> %ProgramFiles%\Nokia\Nokia Software Updater\nsu_ui_client.exe [C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Auth orizedApplications\List\\C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe -> %CommonProgramFiles%\Nokia\Service Layer\A\nsl_host_process.exe [C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process ] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Auth orizedApplications\List\\C:\Program Files\eMule\emule.exe -> %ProgramFiles%\eMule\emule.exe [C:\Program Files\eMule\emule.exe:*:Disabled:eMule] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Auth orizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 12:55:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Auth orizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 04/01/2007 16:10:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Auth orizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 13/10/2004 18:24:37 | Attr = HS] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Glob allyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Glob allyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Glob allyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Glob allyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Glob allyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Glob allyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Glob allyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Glob allyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Parameters\FirewallPolicy\StandardProfile\Glob allyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha redAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua userv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua userv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua userv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua userv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua userv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 02/12/2004 11:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua userv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua userv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua userv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua userv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua userv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 02/12/2004 11:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua userv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua userv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua userv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua userv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua userv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua userv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem oteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem oteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem oteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 06:39:49 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem oteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem oteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem oteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 02/12/2004 11:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem oteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem oteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem oteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem oteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem oteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem oteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem oteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 02/12/2004 11:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem oteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem oteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem oteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem oteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem oteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem oteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln tSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln tSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln tSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln tSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln tSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 02/12/2004 11:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln tSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln tSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 06:39:49 | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln tSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln tSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln tSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln tSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln tSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersi on\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersi on\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 30 days] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536399872 bytes | Created Date = 10/06/2008 08:09:52 | Attr = HS] sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm -> [Ver = | Size = 232 bytes | Created Date = 20/05/2008 21:17:43 | Attr = H ] sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [Ver = | Size = 232 bytes | Created Date = 20/05/2008 21:19:43 | Attr = H ] sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [Ver = | Size = 232 bytes | Created Date = 20/05/2008 21:24:05 | Attr = H ] sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm -> [Ver = | Size = 244 bytes | Created Date = 20/05/2008 21:17:42 | Attr = H ] sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [Ver = | Size = 244 bytes | Created Date = 20/05/2008 21:19:43 | Attr = H ] sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [Ver = | Size = 244 bytes | Created Date = 20/05/2008 21:24:05 | Attr = H ] Temp -> %SystemDrive%\Temp -> [Folder | Created Date = 11/05/2008 19:17:44 | Attr = ] aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 20560 bytes | Created Date = 11/05/2008 21:14:55 | Attr = ] aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 78416 bytes | Created Date = 11/05/2008 21:14:55 | Attr = ] avgntdd.sys -> %SystemRoot%\System32\drivers\avgntdd.sys -> Avira GmbH [Ver = 6.39.00.30 | Size = 41792 bytes | Created Date = 09/06/2008 17:40:43 | Attr = ] avgntmgr.sys -> %SystemRoot%\System32\drivers\avgntmgr.sys -> Avira GmbH [Ver = 6.37.01.02 | Size = 22336 bytes | Created Date = 09/06/2008 17:40:43 | Attr = ] avipbb.sys -> %SystemRoot%\System32\drivers\avipbb.sys -> Avira GmbH [Ver = 1.00.02.22 | Size = 79424 bytes | Created Date = 09/06/2008 17:40:40 | Attr = ] ssmdrv.sys -> %SystemRoot%\System32\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Created Date = 09/06/2008 17:40:43 | Attr = ] 20467 -> %SystemRoot%\System32\20467 -> [Folder | Created Date = 11/05/2008 19:18:02 | Attr = ] 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Created Date = 18/05/2008 13:35:51 | Attr = ] awTmNgdc.dll -> %SystemRoot%\System32\awTmNgdc.dll -> [Ver = | Size = 52736 bytes | Created Date = 11/05/2008 19:17:45 | Attr = ] bkEur01 -> %SystemRoot%\System32\bkEur01 -> [Folder | Created Date = 11/05/2008 19:17:46 | Attr = ] dfeefiOq.ini -> %SystemRoot%\System32\dfeefiOq.ini -> [Ver = | Size = 198110 bytes | Created Date = 11/05/2008 19:23:15 | Attr = HS] dfeefiOq.ini2 -> %SystemRoot%\System32\dfeefiOq.ini2 -> [Ver = | Size = 198110 bytes | Created Date = 11/05/2008 19:23:15 | Attr = HS] dwdxycbi.ini -> %SystemRoot%\System32\dwdxycbi.ini -> [Ver = | Size = 1604260 bytes | Created Date = 12/05/2008 10:35:53 | Attr = HS] fnwumdav.ini -> %SystemRoot%\System32\fnwumdav.ini -> [Ver = | Size = 1604647 bytes | Created Date = 18/05/2008 09:42:15 | Attr = HS] lqyuxovi.ini -> %SystemRoot%\System32\lqyuxovi.ini -> [Ver = | Size = 1505163 bytes | Created Date = 11/05/2008 19:29:48 | Attr = HS] mBL -> %SystemRoot%\System32\mBL -> [Folder | Created Date = 11/05/2008 19:18:07 | Attr = ] OorYJRqr.ini -> %SystemRoot%\System32\OorYJRqr.ini -> [Ver = | Size = 412451 bytes | Created Date = 12/05/2008 16:51:54 | Attr = HS] OorYJRqr.ini2 -> %SystemRoot%\System32\OorYJRqr.ini2 -> [Ver = | Size = 412451 bytes | Created Date = 12/05/2008 16:51:56 | Attr = HS] oYGjmnmp.ini -> %SystemRoot%\System32\oYGjmnmp.ini -> [Ver = | Size = 290 bytes | Created Date = 16/05/2008 17:48:13 | Attr = HS] oYGjmnmp.ini2 -> %SystemRoot%\System32\oYGjmnmp.ini2 -> [Ver = | Size = 705284 bytes | Created Date = 16/05/2008 17:48:14 | Attr = HS] PreInstall -> %SystemRoot%\System32\PreInstall -> [Folder | Created Date = 08/06/2008 16:27:46 | Attr = ] sikrjmrr.ini -> %SystemRoot%\System32\sikrjmrr.ini -> [Ver = | Size = 1990628 bytes | Created Date = 18/05/2008 20:58:14 | Attr = HS] SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution -> [Folder | Created Date = 08/06/2008 16:06:40 | Attr = ] sX1 -> %SystemRoot%\System32\sX1 -> [Folder | Created Date = 11/05/2008 19:17:56 | Attr = ] SYGhOXyb.ini -> %SystemRoot%\System32\SYGhOXyb.ini -> [Ver = | Size = 352379 bytes | Created Date = 18/05/2008 20:52:12 | Attr = HS] SYGhOXyb.ini2 -> %SystemRoot%\System32\SYGhOXyb.ini2 -> [Ver = | Size = 352379 bytes | Created Date = 18/05/2008 20:52:12 | Attr = HS] YIlVwGgh.ini -> %SystemRoot%\System32\YIlVwGgh.ini -> [Ver = | Size = 199229 bytes | Created Date = 12/05/2008 09:05:50 | Attr = HS] YIlVwGgh.ini2 -> %SystemRoot%\System32\YIlVwGgh.ini2 -> [Ver = | Size = 199229 bytes | Created Date = 12/05/2008 09:05:50 | Attr = HS] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Created Date = 08/06/2008 16:27:42 | Attr = H ] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 18/05/2008 10:50:20 | Attr = ] BMab83a148.xml -> %SystemRoot%\BMab83a148.xml -> [Ver = | Size = 109807 bytes | Created Date = 11/05/2008 19:25:20 | Attr = ] cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 219 bytes | Created Date = 18/05/2008 10:48:34 | Attr = ] pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Created Date = 11/05/2008 19:25:20 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Avira -> %AllUsersProfile%\Application Data\Avira -> [Folder | Created Date = 09/06/2008 17:40:30 | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Created Date = 18/05/2008 11:41:52 | Attr = ] Sony Ericsson -> %AllUsersProfile%\Application Data\Sony Ericsson -> [Folder | Created Date = 08/06/2008 17:09:31 | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Created Date = 11/05/2008 19:37:15 | Attr = ] AntiVir PE Classic.lnk -> %AllUsersProfile%\Desktop\AntiVir PE Classic.lnk -> [Ver = | Size = 1851 bytes | Created Date = 09/06/2008 17:41:15 | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 10/06/2008 18:26:13 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier install_Avira AntiVir Personal_.exe -> %UserProfile%\Desktop\install_Avira AntiVir Personal_.exe -> [Ver = | Size = 99383 bytes | Created Date = 09/06/2008 17:06:45 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\install_Avira AntiVir Personal_.exe:Zone.Identifier Lavasoft_Adaware2007_fr.exe -> %UserProfile%\Desktop\Lavasoft_Adaware2007_fr.exe -> [Ver = | Size = 21364592 bytes | Created Date = 18/05/2008 11:39:59 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Lavasoft_Adaware2007_fr.exe:Zone.I dentifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 10/06/2008 18:28:09 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568544 bytes | Created Date = 10/06/2008 18:26:56 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Procédure_de.doc -> %UserProfile%\Desktop\Procédure_de.doc -> [Ver = | Size = 33812 bytes | Created Date = 09/06/2008 17:37:44 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Procédure_de.doc:Zone.Identifier Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 963 bytes | Created Date = 11/05/2008 19:37:24 | Attr = ] Sony Ericsson Shared -> %CommonProgramFiles%\Sony Ericsson Shared -> [Folder | Created Date = 08/06/2008 17:10:18 | Attr = ] AntiSpywareMaster -> %ProgramFiles%\AntiSpywareMaster -> [Folder | Created Date = 11/05/2008 19:23:00 | Attr = ] Avira -> %ProgramFiles%\Avira -> [Folder | Created Date = 09/06/2008 17:40:30 | Attr = ] Lavasoft -> %ProgramFiles%\Lavasoft -> [Folder | Created Date = 18/05/2008 11:41:56 | Attr = ] MSXML 4.0 -> %ProgramFiles%\MSXML 4.0 -> [Folder | Created Date = 08/06/2008 17:11:17 | Attr = ] Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy -> [Folder | Created Date = 11/05/2008 19:37:15 | Attr = ] winvi -> %ProgramFiles%\winvi -> [Folder | Created Date = 11/05/2008 19:18:08 | Attr = ] [Files/Folders - Modified Within 30 days] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536399872 bytes | Modified Date = 10/06/2008 18:13:16 | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 09/06/2008 21:01:39 | Attr = R ] sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm -> [Ver = | Size = 232 bytes | Modified Date = 20/05/2008 21:17:43 | Attr = H ] sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [Ver = | Size = 232 bytes | Modified Date = 20/05/2008 21:19:43 | Attr = H ] sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [Ver = | Size = 232 bytes | Modified Date = 20/05/2008 21:24:05 | Attr = H ] sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm -> [Ver = | Size = 244 bytes | Modified Date = 20/05/2008 21:17:42 | Attr = H ] sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [Ver = | Size = 244 bytes | Modified Date = 20/05/2008 21:19:43 | Attr = H ] sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [Ver = | Size = 244 bytes | Modified Date = 20/05/2008 21:24:05 | Attr = H ] Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 18/05/2008 11:07:45 | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 10/06/2008 18:20:42 | Attr = ] aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 26944 bytes | Modified Date = 16/05/2008 01:13:26 | Attr = ] aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 20560 bytes | Modified Date = 16/05/2008 01:16:06 | Attr = ] aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 94416 bytes | Modified Date = 16/05/2008 01:18:33 | Attr = ] aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 23152 bytes | Modified Date = 16/05/2008 01:15:29 | Attr = ] aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 78416 bytes | Modified Date = 16/05/2008 01:20:32 | Attr = ] aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 42912 bytes | Modified Date = 16/05/2008 01:14:11 | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 08/06/2008 12:43:45 | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 238945 bytes | Modified Date = 08/06/2008 12:43:45 | Attr = R ] hosts.20080608-124345.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080608-124345. backup -> [Ver = | Size = 238945 bytes | Modified Date = 12/05/2008 17:21:59 | Attr = R ] hosts.ics -> %SystemRoot%\System32\drivers\etc\hosts.ics -> [Ver = | Size = 431 bytes | Modified Date = 18/05/2008 20:40:37 | Attr = ] 20467 -> %SystemRoot%\System32\20467 -> [Folder | Modified Date = 11/05/2008 19:18:07 | Attr = ] 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Modified Date = 18/05/2008 13:35:51 | Attr = ] aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 1152888 bytes | Modified Date = 16/05/2008 01:24:43 | Attr = ] AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 95608 bytes | Modified Date = 16/05/2008 01:12:36 | Attr = ] awTmNgdc.dll -> %SystemRoot%\System32\awTmNgdc.dll -> [Ver = | Size = 52736 bytes | Modified Date = 11/05/2008 19:17:45 | Attr = ] bkEur01 -> %SystemRoot%\System32\bkEur01 -> [Folder | Modified Date = 18/05/2008 12:10:09 | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 08/06/2008 17:01:55 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 10/06/2008 18:14:42 | Attr = ] color -> %SystemRoot%\System32\color -> [Folder | Modified Date = 08/06/2008 12:53:56 | Attr = ] Com -> %SystemRoot%\System32\Com -> [Folder | Modified Date = 09/06/2008 17:14:23 | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 08/06/2008 16:07:34 | Attr = ] dfeefiOq.ini -> %SystemRoot%\System32\dfeefiOq.ini -> [Ver = | Size = 198110 bytes | Modified Date = 12/05/2008 01:01:58 | Attr = HS] dfeefiOq.ini2 -> %SystemRoot%\System32\dfeefiOq.ini2 -> [Ver = | Size = 198110 bytes | Modified Date = 12/05/2008 00:59:06 | Attr = HS] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 10/06/2008 08:22:02 | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 09/06/2008 21:16:25 | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 08/06/2008 16:20:57 | Attr = ] dwdxycbi.ini -> %SystemRoot%\System32\dwdxycbi.ini -> [Ver = | Size = 1604260 bytes | Modified Date = 18/05/2008 09:39:14 | Attr = HS] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 290888 bytes | Modified Date = 10/06/2008 08:29:31 | Attr = ] fnwumdav.ini -> %SystemRoot%\System32\fnwumdav.ini -> [Ver = | Size = 1604647 bytes | Modified Date = 18/05/2008 20:47:46 | Attr = HS] lqyuxovi.ini -> %SystemRoot%\System32\lqyuxovi.ini -> [Ver = | Size = 1505163 bytes | Modified Date = 12/05/2008 10:29:55 | Attr = HS] mBL -> %SystemRoot%\System32\mBL -> [Folder | Modified Date = 18/05/2008 12:10:09 | Attr = ] OorYJRqr.ini -> %SystemRoot%\System32\OorYJRqr.ini -> [Ver = | Size = 412451 bytes | Modified Date = 13/05/2008 06:25:16 | Attr = HS] OorYJRqr.ini2 -> %SystemRoot%\System32\OorYJRqr.ini2 -> [Ver = | Size = 412451 bytes | Modified Date = 13/05/2008 06:22:30 | Attr = HS] oYGjmnmp.ini -> %SystemRoot%\System32\oYGjmnmp.ini -> [Ver = | Size = 290 bytes | Modified Date = 18/05/2008 13:25:05 | Attr = HS] oYGjmnmp.ini2 -> %SystemRoot%\System32\oYGjmnmp.ini2 -> [Ver = | Size = 705284 bytes | Modified Date = 18/05/2008 13:24:34 | Attr = HS] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 46252 bytes | Modified Date = 09/06/2008 17:55:33 | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 366638 bytes | Modified Date = 09/06/2008 17:55:34 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 418662 bytes | Modified Date = 09/06/2008 17:55:32 | Attr = ] PreInstall -> %SystemRoot%\System32\PreInstall -> [Folder | Modified Date = 08/06/2008 16:27:46 | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 08/06/2008 16:17:59 | Attr = ] sikrjmrr.ini -> %SystemRoot%\System32\sikrjmrr.ini -> [Ver = | Size = 1990628 bytes | Modified Date = 20/05/2008 19:08:34 | Attr = HS] SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution -> [Folder | Modified Date = 08/06/2008 16:06:40 | Attr = ] sX1 -> %SystemRoot%\System32\sX1 -> [Folder | Modified Date = 11/05/2008 19:18:01 | Attr = ] SYGhOXyb.ini -> %SystemRoot%\System32\SYGhOXyb.ini -> [Ver = | Size = 352379 bytes | Modified Date = 08/06/2008 14:37:36 | Attr = HS] SYGhOXyb.ini2 -> %SystemRoot%\System32\SYGhOXyb.ini2 -> [Ver = | Size = 352379 bytes | Modified Date = 08/06/2008 14:35:17 | Attr = HS] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 09/06/2008 16:57:21 | Attr = ] YIlVwGgh.ini -> %SystemRoot%\System32\YIlVwGgh.ini -> [Ver = | Size = 199229 bytes | Modified Date = 12/05/2008 14:26:40 | Attr = HS] YIlVwGgh.ini2 -> %SystemRoot%\System32\YIlVwGgh.ini2 -> [Ver = | Size = 199229 bytes | Modified Date = 12/05/2008 14:26:01 | Attr = HS] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 09/06/2008 17:33:55 | Attr = H ] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 08/06/2008 17:16:30 | Attr = R S] BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 18/05/2008 11:35:27 | Attr = ] BMab83a148.xml -> %SystemRoot%\BMab83a148.xml -> [Ver = | Size = 109807 bytes | Modified Date = 20/05/2008 19:07:58 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 10/06/2008 18:13:17 | Attr = S] cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 219 bytes | Modified Date = 18/05/2008 10:48:40 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 18/05/2008 13:36:46 | Attr = S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 08/06/2008 16:07:27 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 10/06/2008 08:21:43 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 10/06/2008 08:22:15 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 09/06/2008 21:16:32 | Attr = HS] msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 10/06/2008 08:19:12 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 10/06/2008 18:33:19 | Attr = ] pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Modified Date = 20/05/2008 19:10:14 | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 10/06/2008 18:14:39 | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 08/06/2008 16:07:30 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 10/06/2008 08:29:07 | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 10/06/2008 18:33:10 | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Modified Date = 18/05/2008 13:31:26 | Attr = R ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 798 bytes | Modified Date = 12/05/2008 00:52:29 | Attr = ] wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 383 bytes | Modified Date = 18/05/2008 13:18:20 | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 09/06/2008 17:20:49 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 10/06/2008 18:13:30 | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs -> [Folder | Modified Date = 10/06/2008 18:13:50 | Attr = ] eHomeLog-0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-0.dat -> [Ver = | Size = 268 bytes | Modified Date = 18/05/2008 20:32:53 | Attr = H ] eHomeLog-1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-1.dat -> [Ver = | Size = 268 bytes | Modified Date = 18/05/2008 20:48:34 | Attr = H ] eHomeLog-10.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-10.dat -> [Ver = | Size = 268 bytes | Modified Date = 08/06/2008 15:37:16 | Attr = H ] eHomeLog-11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-11.dat -> [Ver = | Size = 268 bytes | Modified Date = 08/06/2008 15:59:55 | Attr = H ] eHomeLog-12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-12.dat -> [Ver = | Size = 268 bytes | Modified Date = 08/06/2008 16:00:18 | Attr = H ] eHomeLog-13.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-13.dat -> [Ver = | Size = 268 bytes | Modified Date = 08/06/2008 16:23:58 | Attr = H ] eHomeLog-14.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-14.dat -> [Ver = | Size = 268 bytes | Modified Date = 08/06/2008 16:25:40 | Attr = H ] eHomeLog-15.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-15.dat -> [Ver = | Size = 268 bytes | Modified Date = 09/06/2008 18:27:54 | Attr = H ] eHomeLog-16.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-16.dat -> [Ver = | Size = 0 bytes | Modified Date = 09/06/2008 18:33:03 | Attr = H ] eHomeLog-17.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-17.dat -> [Ver = | Size = 268 bytes | Modified Date = 09/06/2008 18:45:57 | Attr = H ] eHomeLog-18.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-18.dat -> [Ver = | Size = 268 bytes | Modified Date = 09/06/2008 20:09:14 | Attr = H ] eHomeLog-19.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-19.dat -> [Ver = | Size = 268 bytes | Modified Date = 10/06/2008 08:10:59 | Attr = H ] eHomeLog-2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-2.dat -> [Ver = | Size = 268 bytes | Modified Date = 20/05/2008 19:58:18 | Attr = H ] eHomeLog-20.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-20.dat -> [Ver = | Size = 268 bytes | Modified Date = 10/06/2008 08:12:41 | Attr = H ] eHomeLog-21.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-21.dat -> [Ver = | Size = 268 bytes | Modified Date = 10/06/2008 08:30:20 | Attr = H ] eHomeLog-22.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-22.dat -> [Ver = | Size = 268 bytes | Modified Date = 10/06/2008 08:31:45 | Attr = H ] eHomeLog-23.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-23.dat -> [Ver = | Size = 268 bytes | Modified Date = 10/06/2008 18:14:53 | Attr = H ] eHomeLog-24.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-24.dat -> [Ver = | Size = 268 bytes | Modified Date = 10/06/2008 18:16:33 | Attr = H ] eHomeLog-25.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-25.dat -> [Ver = | Size = 268 bytes | Modified Date = 27/04/2008 21:10:19 | Attr = H ] eHomeLog-26.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-26.dat -> [Ver = | Size = 268 bytes | Modified Date = 28/04/2008 18:48:23 | Attr = H ] eHomeLog-27.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-27.dat -> [Ver = | Size = 268 bytes | Modified Date = 28/04/2008 21:02:19 | Attr = H ] eHomeLog-28.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-28.dat -> [Ver = | Size = 268 bytes | Modified Date = 28/04/2008 21:03:02 | Attr = H ] eHomeLog-29.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-29.dat -> [Ver = | Size = 268 bytes | Modified Date = 30/04/2008 21:16:07 | Attr = H ] eHomeLog-3.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-3.dat -> [Ver = | Size = 268 bytes | Modified Date = 26/05/2008 11:00:56 | Attr = H ] eHomeLog-30.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-30.dat -> [Ver = | Size = 268 bytes | Modified Date = 01/05/2008 10:44:06 | Attr = H ] eHomeLog-31.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-31.dat -> [Ver = | Size = 268 bytes | Modified Date = 02/05/2008 16:12:39 | Attr = H ] eHomeLog-32.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-32.dat -> [Ver = | Size = 268 bytes | Modified Date = 03/05/2008 09:41:32 | Attr = H ] eHomeLog-33.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-33.dat -> [Ver = | Size = 268 bytes | Modified Date = 04/05/2008 18:46:14 | Attr = H ] eHomeLog-34.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-34.dat -> [Ver = | Size = 268 bytes | Modified Date = 04/05/2008 21:29:38 | Attr = H ] eHomeLog-35.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-35.dat -> [Ver = | Size = 268 bytes | Modified Date = 11/05/2008 18:49:35 | Attr = H ] eHomeLog-36.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-36.dat -> [Ver = | Size = 268 bytes | Modified Date = 11/05/2008 19:29:15 | Attr = H ] eHomeLog-37.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-37.dat -> [Ver = | Size = 268 bytes | Modified Date = 11/05/2008 22:45:48 | Attr = H ] eHomeLog-38.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-38.dat -> [Ver = | Size = 268 bytes | Modified Date = 11/05/2008 22:46:56 | Attr = H ] eHomeLog-39.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-39.dat -> [Ver = | Size = 268 bytes | Modified Date = 12/05/2008 09:01:33 | Attr = H ] eHomeLog-4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-4.dat -> [Ver = | Size = 268 bytes | Modified Date = 26/05/2008 11:01:34 | Attr = H ] eHomeLog-40.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-40.dat -> [Ver = | Size = 268 bytes | Modified Date = 12/05/2008 16:47:34 | Attr = H ] eHomeLog-41.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-41.dat -> [Ver = | Size = 268 bytes | Modified Date = 12/05/2008 17:54:08 | Attr = H ] eHomeLog-42.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-42.dat -> [Ver = | Size = 268 bytes | Modified Date = 16/05/2008 17:44:04 | Attr = H ] eHomeLog-43.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-43.dat -> [Ver = | Size = 268 bytes | Modified Date = 16/05/2008 18:28:58 | Attr = H ] eHomeLog-44.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-44.dat -> [Ver = | Size = 268 bytes | Modified Date = 16/05/2008 18:41:33 | Attr = H ] eHomeLog-45.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-45.dat -> [Ver = | Size = 268 bytes | Modified Date = 18/05/2008 12:16:31 | Attr = H ] eHomeLog-46.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-46.dat -> [Ver = | Size = 268 bytes | Modified Date = 18/05/2008 13:21:33 | Attr = H ] eHomeLog-47.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-47.dat -> [Ver = | Size = 268 bytes | Modified Date = 18/05/2008 20:23:45 | Attr = H ] eHomeLog-5.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-5.dat -> [Ver = | Size = 268 bytes | Modified Date = 08/06/2008 10:26:18 | Attr = H ] eHomeLog-6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-6.dat -> [Ver = | Size = 268 bytes | Modified Date = 08/06/2008 10:34:28 | Attr = H ] eHomeLog-7.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-7.dat -> [Ver = | Size = 268 bytes | Modified Date = 08/06/2008 13:01:08 | Attr = H ] eHomeLog-8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-8.dat -> [Ver = | Size = 268 bytes | Modified Date = 08/06/2008 14:00:04 | Attr = H ] eHomeLog-9.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-9.dat -> [Ver = | Size = 268 bytes | Modified Date = 08/06/2008 15:23:17 | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [Folder | Modified Date = 05/09/2007 14:52:10 | Attr = ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 1345 bytes | Modified Date = 05/09/2007 14:52:10 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 08/06/2008 16:13:39 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5484 bytes | Modified Date = 10/06/2008 18:15:04 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5484 bytes | Modified Date = 10/06/2008 18:15:04 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 11/09/2007 21:08:22 | Attr = ] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 11/09/2007 21:08:22 | Attr = ] C:\Documents and Settings\Nolwenn\Local Settings\Temp\ -> C:\Documents and Settings\Nolwenn\Local Settings\Temp -> [Folder | Modified Date = 10/06/2008 18:29:27 | Attr = ] ose00000.exe -> C:\Documents and Settings\Nolwenn\Local Settings\Temp\ose00000.exe -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 145184 bytes | Modified Date = 28/10/2006 02:58:26 | Attr = R ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 10/06/2008 18:33:10 | Attr = ] alcrmv.exe -> C:\WINDOWS\Temp\alcrmv.exe -> Realtek Semiconductor Corp. [Ver = 2, 0, 0, 4 | Size = 217088 bytes | Modified Date = 31/07/2006 11:27:30 | Attr = R ] alcupd.exe -> C:\WINDOWS\Temp\alcupd.exe -> Realtek Semiconductor Corp. [Ver = 2, 2, 0, 3 | Size = 315392 bytes | Modified Date = 31/07/2006 11:19:24 | Attr = R ] ChCfg.exe -> C:\WINDOWS\Temp\ChCfg.exe -> [Ver = | Size = 49152 bytes | Modified Date = 01/08/2006 15:02:32 | Attr = R ] RTLCPL.exe -> C:\WINDOWS\Temp\RTLCPL.exe -> Realtek Semiconductor Corp. [Ver = 1.0.1.66 | Size = 10528768 bytes | Modified Date = 08/12/2006 15:20:14 | Attr = R ] soundman.exe -> C:\WINDOWS\Temp\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 58 | Size = 577536 bytes | Modified Date = 17/11/2006 05:42:52 | Attr = R ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 10/06/2008 18:33:10 | Attr = ] RtlCPAPI.dll -> C:\WINDOWS\Temp\RtlCPAPI.dll -> [Ver = 1, 0, 1, 4 | Size = 147456 bytes | Modified Date = 18/10/2006 02:53:26 | Attr = R ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 10/06/2008 18:33:10 | Attr = ] Perflib_Perfdata_5d8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5d8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/06/2008 16:23:16 | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Avira -> %AllUsersProfile%\Application Data\Avira -> [Folder | Modified Date = 09/06/2008 17:40:30 | Attr = ] Kodak -> %AllUsersProfile%\Application Data\Kodak -> [Folder | Modified Date = 08/06/2008 13:00:25 | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Modified Date = 18/05/2008 11:44:17 | Attr = ] Sony Ericsson -> %AllUsersProfile%\Application Data\Sony Ericsson -> [Folder | Modified Date = 08/06/2008 17:09:49 | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 12/05/2008 00:48:47 | Attr = ] Teleca -> %AllUsersProfile%\Application Data\Teleca -> [Folder | Modified Date = 08/06/2008 17:09:13 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 80888 bytes | Modified Date = 18/05/2008 13:37:53 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4322572 bytes | Modified Date = 10/06/2008 08:52:10 | Attr = H ] AntiVir PE Classic.lnk -> %AllUsersProfile%\Desktop\AntiVir PE Classic.lnk -> [Ver = | Size = 1851 bytes | Modified Date = 09/06/2008 17:41:17 | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 10/06/2008 18:26:17 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier install_Avira AntiVir Personal_.exe -> %UserProfile%\Desktop\install_Avira AntiVir Personal_.exe -> [Ver = | Size = 99383 bytes | Modified Date = 09/06/2008 17:07:14 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\install_Avira AntiVir Personal_.exe:Zone.Identifier Lavasoft_Adaware2007_fr.exe -> %UserProfile%\Desktop\Lavasoft_Adaware2007_fr.exe -> [Ver = | Size = 21364592 bytes | Modified Date = 18/05/2008 11:40:18 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Lavasoft_Adaware2007_fr.exe:Zone.I dentifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 10/06/2008 18:28:10 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568544 bytes | Modified Date = 10/06/2008 18:26:57 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Procédure_de.doc -> %UserProfile%\Desktop\Procédure_de.doc -> [Ver = | Size = 33812 bytes | Modified Date = 09/06/2008 17:37:45 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Procédure_de.doc:Zone.Identifier Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 963 bytes | Modified Date = 18/05/2008 20:37:09 | Attr = ] Sony Ericsson Shared -> %CommonProgramFiles%\Sony Ericsson Shared -> [Folder | Modified Date = 08/06/2008 17:10:22 | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 09/06/2008 17:15:45 | Attr = ] Teleca Shared -> %CommonProgramFiles%\Teleca Shared -> [Folder | Modified Date = 08/06/2008 17:10:28 | Attr = ] < End of report >
- le 10 juin 2008
- 23 réponses
détournement du bureau

Nols a posté un sujet dans Analyses et éradication malwares

Bonjour, J'ai un problème à vous soumettre j'ai une fenetre publicitaire impossible à enlever sur le bureau et le message d'erreur suivant au démarrage : "erreur chargement de C:\WINDOWS\SYSTEM32\jcxqfpki.dll Le module spécifié est introuvable" voici rapport antivir + HijackThis d'avance je vous remercie Avira AntiVir Personal Report file date: lundi 9 juin 2008 21:19 Scanning for 1320174 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: NOL Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58 ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 15:43:07 ANTIVIR3.VDF : 7.0.4.165 237568 Bytes 09/06/2008 15:43:09 Engineversion : 8.1.0.55 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.40 266618 Bytes 09/06/2008 15:43:21 AESCN.DLL : 8.1.0.21 119156 Bytes 09/06/2008 15:43:20 AERDL.DLL : 8.1.0.20 418165 Bytes 09/06/2008 15:43:19 AEPACK.DLL : 8.1.1.5 364918 Bytes 09/06/2008 15:43:18 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 09/06/2008 15:43:17 AEHEUR.DLL : 8.1.0.30 1253750 Bytes 09/06/2008 15:43:16 AEHELP.DLL : 8.1.0.15 115063 Bytes 09/06/2008 15:43:13 AEGEN.DLL : 8.1.0.28 307572 Bytes 09/06/2008 15:43:13 AEEMU.DLL : 8.1.0.6 430451 Bytes 09/06/2008 15:43:12 AECORE.DLL : 8.1.0.31 168310 Bytes 09/06/2008 15:43:10 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 9 juin 2008 21:19 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'msiexec.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'dllhost.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned Scan process 'ehSched.exe' - '1' Module(s) have been scanned Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'WkUFind.exe' - '1' Module(s) have been scanned Scan process 'soundman.exe' - '1' Module(s) have been scanned Scan process 'WFWIZ.exe' - '1' Module(s) have been scanned Scan process 'ashDisp.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'ashServ.exe' - '1' Module(s) have been scanned Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 37 processes with 37 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. C:\WINDOWS\system32\awTmNgdc.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003 [WARNING] The registry was scanned ( '32' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\System Volume Information\_restore{7E906DA1-186B-4E09-8E7B-5ACE5554A6F A}\RP157\A0021081.exe [DETECTION] Is the Trojan horse TR/Dldr.VB.edw.1 [NOTE] The file was moved to '487d8c48.qua'! C:\System Volume Information\_restore{7E906DA1-186B-4E09-8E7B-5ACE5554A6F A}\RP157\A0021082.exe [DETECTION] Contains detection pattern of the dropper DR/Nsis.StartPage.C.17 [NOTE] The file was moved to '49fdcf19.qua'! C:\WINDOWS\system32\awTmNgdc.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003 [WARNING] C:\WINDOWS\system32\byxxuRKb.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48c58f91.qua'! C:\WINDOWS\system32\qomklMDu.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48ba8fba.qua'! End of the scan: lundi 9 juin 2008 22:17 Used time: 58:17 min The scan has been done completely. 4403 Scanning directories 171252 Files were scanned 6 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 4 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 171246 Files not concerned 1519 Archives were scanned 4 Warnings 4 Notes Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:28:15, on 09/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\ehome\ehtray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\COMMON~1\EACCEL~1\INSTAL~1\eaccelsetup.exe C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe C:\PROGRA~1\COMMON~1\EACCEL~1\INSTAL~1\eaccelsetup.exe C:\Documents and Settings\Nolwenn\Local Settings\Temporary Internet Files\Content.IE5\1JX6D3GL\HiJackThis[1].exe C:\PROGRA~1\COMMON~1\EACCEL~1\INSTAL~1\eaccelsetup.exe C:\WINDOWS\SoftwareDistribution\Download\ec4eaabcd12e69f3a00a5aee112d61fd\update\update.exe C:\Program Files\eAcceleration\Station\station_bk.exe C:\PROGRA~1\COMMON~1\EACCEL~1\Installer\scanner_install.exe C:\Program Files\Common Files\eAcceleration\eAnthComponents\cnr_setup.exe C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe C:\DOCUME~1\Nolwenn\LOCALS~1\Temp\EAC1257292938_00000000\setup.exe C:\DOCUME~1\Nolwenn\LOCALS~1\Temp\EAC1287292938_00000000\setup.exe C:\PROGRA~1\COMMON~1\EACCEL~1\INSTAL~1\eac_framework_install.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {2166923B-DC40-4FDD-B8D5-56D16C2BAF3E} - C:\WINDOWS\system32\qOifeefd.dll (file missing) O2 - BHO: (no name) - {3DAEA73C-010A-4580-B8A4-2512DC5E6770} - (no file) O2 - BHO: (no name) - {43772ae3-ea6e-42c6-9adb-10527b90cfd7} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {76489CEC-C772-49E4-94F2-2272D2008678} - C:\WINDOWS\system32\hgGwVlIY.dll (file missing) O2 - BHO: (no name) - {7E200256-73B9-44A0-859F-C60E90CD58BD} - (no file) O2 - BHO: (no name) - {A585C407-ADDA-4F25-872B-2174E507CFA2} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {c1a48912-69af-459e-b2cd-7e16c2be70b9} - (no file) O2 - BHO: (no name) - {E2AD6BDE-E3E5-4905-A79B-36BFF8CEF6AE} - C:\WINDOWS\system32\pmnmjGYo.dll (file missing) O2 - BHO: (no name) - {E8A26038-AAB8-4080-B64E-9F46C84EE2E7} - C:\WINDOWS\system32\byXOhGYS.dll (file missing) O2 - BHO: (no name) - {F0F34798-63D1-4BFD-9E2C-9324ABA97D35} - C:\WINDOWS\system32\rqRJYroO.dll (file missing) O2 - BHO: (no name) - {F8F9FEDB-B70C-4420-9E06-3A4AED22CA83} - (no file) O2 - BHO: (no name) - {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} - C:\WINDOWS\system32\awTmNgdc.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" O4 - HKLM\..\Run: [bMab83a148] Rundll32.exe "C:\WINDOWS\system32\jcxqfpki.dll",s O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Eac_Installer] C:\PROGRA~1\COMMON~1\EACCEL~1\INSTAL~1\eaccelsetup.exe -AskToResumeDL O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O20 - Winlogon Notify: awTmNgdc - C:\WINDOWS\SYSTEM32\awTmNgdc.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9092 bytes
- le 9 juin 2008
- 23 réponses

Connexion

Nols

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par Nols

détournement du bureau

détournement du bureau

détournement du bureau

détournement du bureau

détournement du bureau

détournement du bureau

détournement du bureau

détournement du bureau

détournement du bureau

détournement du bureau

détournement du bureau

détournement du bureau

détournement du bureau

Zebulon

Outils en ligne

Naviguer