Aller au contenu

Utilisateur existant ? Connexion
Connexion

Se souvenir de moi Non recommandé sur les ordinateurs partagés

Mot de passe oublié ?
S’inscrire

Analyses et éradication malwares

Pas encore inscrit ?

Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs !

Se connecter

ou

S’inscrire

détournement du bureau

Nols

Par Nols
le 9 juin 2008 dans Analyses et éradication malwares

Partager

https://forum.zebulon.fr/topic/146041-d%C3%A9tournement-du-bureau/

Messages recommandés

Nols

Junior Member

Nols

Posté(e) le 9 juin 2008

- Signaler

Posté(e) le 9 juin 2008

Bonjour,

J'ai un problème à vous soumettre j'ai une fenetre publicitaire impossible à enlever sur le bureau et le message d'erreur suivant au démarrage :

"erreur chargement de C:\WINDOWS\SYSTEM32\jcxqfpki.dll Le module spécifié est introuvable"

voici rapport antivir + HijackThis d'avance je vous remercie

Avira AntiVir Personal

Report file date: lundi 9 juin 2008 21:19

Scanning for 1320174 virus strains and unwanted

programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: NOL

Version information:

BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008

16:24:00

AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008

09:02:56

AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008

08:43:37

LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008

08:41:23

LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008

08:28:40

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007

10:33:34

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008

13:08:58

ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008

15:43:07

ANTIVIR3.VDF : 7.0.4.165 237568 Bytes 09/06/2008

15:43:09

Engineversion : 8.1.0.55

AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008

09:58:21

AESCRIPT.DLL : 8.1.0.40 266618 Bytes 09/06/2008

15:43:21

AESCN.DLL : 8.1.0.21 119156 Bytes 09/06/2008

15:43:20

AERDL.DLL : 8.1.0.20 418165 Bytes 09/06/2008

15:43:19

AEPACK.DLL : 8.1.1.5 364918 Bytes 09/06/2008

15:43:18

AEOFFICE.DLL : 8.1.0.18 192890 Bytes 09/06/2008

15:43:17

AEHEUR.DLL : 8.1.0.30 1253750 Bytes 09/06/2008

15:43:16

AEHELP.DLL : 8.1.0.15 115063 Bytes 09/06/2008

15:43:13

AEGEN.DLL : 8.1.0.28 307572 Bytes 09/06/2008

15:43:13

AEEMU.DLL : 8.1.0.6 430451 Bytes 09/06/2008

15:43:12

AECORE.DLL : 8.1.0.31 168310 Bytes 09/06/2008

15:43:10

AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008

17:07:53

AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008

10:37:50

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007

13:26:47

AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008

17:07:49

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008

08:29:23

AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008

08:31:31

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008

17:28:02

SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008

17:08:39

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008

12:05:10

RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008

14:37:25

RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008

12:02:11

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program

files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Start of the scan: lundi 9 juin 2008 21:19

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been

scanned

Scan process 'explorer.exe' - '1' Module(s) have been

scanned

Scan process 'msiexec.exe' - '1' Module(s) have been

scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been

scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'dllhost.exe' - '1' Module(s) have been

scanned

Scan process 'ehmsas.exe' - '1' Module(s) have been

scanned

Scan process 'ashWebSv.exe' - '1' Module(s) have been

scanned

Scan process 'avcenter.exe' - '1' Module(s) have been

scanned

Scan process 'ashMaiSv.exe' - '1' Module(s) have been

scanned

Scan process 'ehSched.exe' - '1' Module(s) have been

scanned

Scan process 'ehRecvr.exe' - '1' Module(s) have been

scanned

Scan process 'avguard.exe' - '1' Module(s) have been

scanned

Scan process 'sched.exe' - '1' Module(s) have been

scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been

scanned

Scan process 'TeaTimer.exe' - '1' Module(s) have been

scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s)

have been scanned

Scan process 'NMBgMonitor.exe' - '1' Module(s) have been

scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been

scanned

Scan process 'avgnt.exe' - '1' Module(s) have been

scanned

Scan process 'WkUFind.exe' - '1' Module(s) have been

scanned

Scan process 'soundman.exe' - '1' Module(s) have been

scanned

Scan process 'WFWIZ.exe' - '1' Module(s) have been

scanned

Scan process 'ashDisp.exe' - '1' Module(s) have been

scanned

Scan process 'ehtray.exe' - '1' Module(s) have been

scanned

Scan process 'ashServ.exe' - '1' Module(s) have been

scanned

Scan process 'aswUpdSv.exe' - '1' Module(s) have been

scanned

Scan process 'svchost.exe' - '1' Module(s) have been

scanned

Scan process 'svchost.exe' - '1' Module(s) have been

scanned

Scan process 'svchost.exe' - '1' Module(s) have been

scanned

Scan process 'svchost.exe' - '1' Module(s) have been

scanned

Scan process 'svchost.exe' - '1' Module(s) have been

scanned

Scan process 'lsass.exe' - '1' Module(s) have been

scanned

Scan process 'services.exe' - '1' Module(s) have been

scanned

Scan process 'winlogon.exe' - '1' Module(s) have been

scanned

Scan process 'csrss.exe' - '1' Module(s) have been

scanned

Scan process 'smss.exe' - '1' Module(s) have been

scanned

37 processes with 37 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan the registry.

C:\WINDOWS\system32\awTmNgdc.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[WARNING] An error has occurred and the file was

not deleted. ErrorID: 26003

[WARNING]

The registry was scanned ( '32' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\System Volume

Information\_restore{7E906DA1-186B-4E09-8E7B-5ACE5554A6F

A}\RP157\A0021081.exe

[DETECTION] Is the Trojan horse TR/Dldr.VB.edw.1

[NOTE] The file was moved to '487d8c48.qua'!

C:\System Volume

Information\_restore{7E906DA1-186B-4E09-8E7B-5ACE5554A6F

A}\RP157\A0021082.exe

[DETECTION] Contains detection pattern of the

dropper DR/Nsis.StartPage.C.17

[NOTE] The file was moved to '49fdcf19.qua'!

C:\WINDOWS\system32\awTmNgdc.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[WARNING] An error has occurred and the file was

not deleted. ErrorID: 26003

[WARNING]

C:\WINDOWS\system32\byxxuRKb.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '48c58f91.qua'!

C:\WINDOWS\system32\qomklMDu.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '48ba8fba.qua'!

End of the scan: lundi 9 juin 2008 22:17

Used time: 58:17 min

The scan has been done completely.

4403 Scanning directories

171252 Files were scanned

6 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

4 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

171246 Files not concerned

1519 Archives were scanned

4 Warnings

4 Notes

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:28:15, on 09/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\ehome\ehtray.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\COMMON~1\EACCEL~1\INSTAL~1\eaccelsetup.exe

C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe

C:\PROGRA~1\COMMON~1\EACCEL~1\INSTAL~1\eaccelsetup.exe

C:\Documents and Settings\Nolwenn\Local Settings\Temporary Internet Files\Content.IE5\1JX6D3GL\HiJackThis[1].exe

C:\PROGRA~1\COMMON~1\EACCEL~1\INSTAL~1\eaccelsetup.exe

C:\WINDOWS\SoftwareDistribution\Download\ec4eaabcd12e69f3a00a5aee112d61fd\update\update.exe

C:\Program Files\eAcceleration\Station\station_bk.exe

C:\PROGRA~1\COMMON~1\EACCEL~1\Installer\scanner_install.exe

C:\Program Files\Common Files\eAcceleration\eAnthComponents\cnr_setup.exe

C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe

C:\DOCUME~1\Nolwenn\LOCALS~1\Temp\EAC1257292938_00000000\setup.exe

C:\DOCUME~1\Nolwenn\LOCALS~1\Temp\EAC1287292938_00000000\setup.exe

C:\PROGRA~1\COMMON~1\EACCEL~1\INSTAL~1\eac_framework_install.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {2166923B-DC40-4FDD-B8D5-56D16C2BAF3E} - C:\WINDOWS\system32\qOifeefd.dll (file missing)

O2 - BHO: (no name) - {3DAEA73C-010A-4580-B8A4-2512DC5E6770} - (no file)

O2 - BHO: (no name) - {43772ae3-ea6e-42c6-9adb-10527b90cfd7} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {76489CEC-C772-49E4-94F2-2272D2008678} - C:\WINDOWS\system32\hgGwVlIY.dll (file missing)

O2 - BHO: (no name) - {7E200256-73B9-44A0-859F-C60E90CD58BD} - (no file)

O2 - BHO: (no name) - {A585C407-ADDA-4F25-872B-2174E507CFA2} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {c1a48912-69af-459e-b2cd-7e16c2be70b9} - (no file)

O2 - BHO: (no name) - {E2AD6BDE-E3E5-4905-A79B-36BFF8CEF6AE} - C:\WINDOWS\system32\pmnmjGYo.dll (file missing)

O2 - BHO: (no name) - {E8A26038-AAB8-4080-B64E-9F46C84EE2E7} - C:\WINDOWS\system32\byXOhGYS.dll (file missing)

O2 - BHO: (no name) - {F0F34798-63D1-4BFD-9E2C-9324ABA97D35} - C:\WINDOWS\system32\rqRJYroO.dll (file missing)

O2 - BHO: (no name) - {F8F9FEDB-B70C-4420-9E06-3A4AED22CA83} - (no file)

O2 - BHO: (no name) - {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} - C:\WINDOWS\system32\awTmNgdc.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"

O4 - HKLM\..\Run: [bMab83a148] Rundll32.exe "C:\WINDOWS\system32\jcxqfpki.dll",s

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Eac_Installer] C:\PROGRA~1\COMMON~1\EACCEL~1\INSTAL~1\eaccelsetup.exe -AskToResumeDL

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background

O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O20 - Winlogon Notify: awTmNgdc - C:\WINDOWS\SYSTEM32\awTmNgdc.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe

O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 9092 bytes

Citer

HaTe-LoVe-AnGer

Member

HaTe-LoVe-AnGer

Posté(e) le 10 juin 2008

- Signaler

Posté(e) le 10 juin 2008

Bonjour,

Télécharge ATF Cleaner sur le Bureau.

Fais un double clic sur ATF-Cleaner.exe pour lancer le programme.
Clique sur Select All situé en bas de la liste.
Clique sur le bouton Empty Selected.

Si tu utilises le navigateur Firefox, fais aussi ceci :
Clique sur Firefox en haut et choisis Select All dans la liste.
Clique sur le bouton Empty Selected.
Note : Si tu désires conserver tes mots de passe enregistrés, clique sur No dans le message d'avertissement.

Si tu utilises le navigateur Opera, fais aussi ceci :
Clique sur Opera en haut et choisis Select All dans la liste.
Ferme tous les navigateurs Internet (très important).
Clique sur le bouton Empty Selected.
Note : Si tu désires conserver tes mots de passe enregistrés, clique sur No dans le message d'avertissement.

Clique sur Exit dans le menu principal pour fermer le programme.

************************************************

Télécharge OTScanIt.exe sur le Bureau, et fais un double clic dessus pour extraire les fichiers. Ceci va créer un dossier nommé OTScanIt sur le Bureau.

Note : Si pendant le téléchargement et/ou l’installation tu reçois une alerte de ton antivirus, ignore-là. Certains composants de OTscanIT peuvent être détectés comme un virus par certains antivirus. Pense aussi à désactiver tes protections résidentes durant la procédure.

Note : Tu dois avoir ouvert une session avec un compte ayant les droits Administrateur pour exécuter ce programme.

Ferme tous les autres programmes.
Ouvre le dossier OTScanIt et fais un double clic sur OTScanIt.exe pour lancer le programme
Note : Si tu es sous Windows Vista, fais un clic droit sur le programme et choisis Exécuter en tant qu'Administrateur.

Dans la section Drivers clique sur Non-Microsoft.
Sous Additional Scans coche la case située devant les éléments suivants afin de les sélectionner:

Reg - BotCheck

File - Additional Folder Scans

Ne modifie aucun autre paramètre.
Ensuite, clique sur le bouton Run Scan dans la barre d'outils.
Laisse le programme tourner sans intervenir.
Lorsque l'analyse est terminée le Bloc-notes va s'ouvrir pour afficher le fichier rapport.
Clique sur le menu Format et vérifie que Retour automatique à la ligne n'est pas coché. S'il l'est, clique dessus afin de le décocher.
Utilise le bouton Répondre et fais un copier/coller de ces informations ici. Je les examinerai dès leur arrivée. Vérifie que la première ligne est code entouré de crochets [] et que la dernière ligne est /code entouré de crochets [].

Note : Si, après avoir envoyé ton message, la dernière ligne n'est pas <End of Report> cela signifie que le rapport est trop long pour tenir dans un seul message. Dans ce cas découpe le en plusieurs messages, ou mets le sur Mediafire.

@+

Citer

Nols

Junior Member

Nols

Posté(e) le 10 juin 2008

Auteur

- Signaler

Posté(e) le 10 juin 2008

voici le rapport OTscan

et merci d'avance

OTScanIt logfile created on: 10/06/2008 18:34:28
OTScanIt by OldTimer - Version 1.0.15.12     Folder = 

C:\Documents and Settings\Nolwenn\Desktop\OTScanIt
Windows XP Media Center Edition Service Pack 2 (Version 

= 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | 

Date Format: dd/MM/yyyy

511,48 Mb Total Physical Memory | 261,74 Mb Available 

Physical Memory | 51,17% Memory free
1,22 Gb Paging File | 0,87 Gb Available in Paging File | 

71,71% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | 

%ProgramFiles% = C:\Program Files
Drive C: | 76,32 Gb Total Space | 12,40 Gb Free Space | 

16,24% Space Free | Partition Type: NTFS
Drive D: | 1002,05 Mb Total Space | 0,00 Mb Free Space | 

0,00% Space Free | Partition Type: UDF
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOL
Current User Name: Nolwenn
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
aswupdsv.exe -> %ProgramFiles%\Alwil 

Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 

8, 1201, 0 | Size = 17272 bytes | Modified Date = 

16/05/2008 01:06:57 | Attr =    ]
ashserv.exe -> %ProgramFiles%\Alwil 

Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 

8, 1201, 0 | Size = 144760 bytes | Modified Date = 

16/05/2008 01:19:24 | Attr =    ]
sched.exe -> %ProgramFiles%\Avira\AntiVir 

PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 

8.00.00.12 | Size = 68865 bytes | Modified Date = 

07/03/2008 12:00:08 | Attr =    ]
ashdisp.exe -> %ProgramFiles%\Alwil 

Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 

8, 1201, 0 | Size = 79224 bytes | Modified Date = 

16/05/2008 01:19:31 | Attr =    ]
wfwiz.exe -> %ProgramFiles%\WinFast\WFTVFM\WFWIZ.exe -> 

Leadtek Research Inc. [Ver = 5.13.01.2003-1.67 | Size = 

159744 bytes | Modified Date = 25/02/2004 10:23:28 | 

Attr =    ]
soundman.exe -> %SystemRoot%\soundman.exe -> Realtek 

Semiconductor Corp. [Ver = 5, 1, 0, 58 | Size = 577536 

bytes | Modified Date = 17/11/2006 05:42:52 | Attr = R  

]
wkufind.exe -> %CommonProgramFiles%\Microsoft 

Shared\Works Shared\WkUFind.exe -> Microsoft® 

Corporation [Ver = 7.00.0724.0 | Size = 28672 bytes | 

Modified Date = 24/07/2002 21:20:02 | Attr =    ]
avgnt.exe -> %ProgramFiles%\Avira\AntiVir 

PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 

8.00.00.07 | Size = 262401 bytes | Modified Date = 

12/02/2008 10:06:50 | Attr =    ]
nmbgmonitor.exe -> 

%CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero 

AG [Ver = 1, 2, 0, 6 | Size = 94208 bytes | Modified 

Date = 21/04/2006 17:03:34 | Attr =    ]
googletoolbarnotifier.exe -> 

%ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolba

rNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | 

Size = 68856 bytes | Modified Date = 21/09/2007 18:11:33 

| Attr =    ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & 

Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 

1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 

28/01/2008 11:43:40 | Attr = RHS]
magicdisc.exe -> %ProgramFiles%\MagicDisc\MagicDisc.exe 

->  [Ver =  | Size = 534016 bytes | Modified Date = 

26/09/2006 09:59:14 | Attr =    ]
avguard.exe -> %ProgramFiles%\Avira\AntiVir 

PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 

8.00.01.18 | Size = 147201 bytes | Modified Date = 

10/06/2008 18:17:51 | Attr =    ]
otscanit.exe -> 

%UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer 

Tools [Ver = 1.0.15.12 | Size = 397312 bytes | Modified 

Date = 07/06/2008 11:09:00 | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(AntiVirScheduler) Avira AntiVir Personal – Free 

Antivirus Scheduler [Win32_Own | Auto | Running] -> 

%ProgramFiles%\Avira\AntiVir PersonalEdition 

Classic\sched.exe -> Avira GmbH [Ver = 8.00.00.12 | Size 

= 68865 bytes | Modified Date = 07/03/2008 12:00:08 | 

Attr =    ]
(AntiVirService) Avira AntiVir Personal – Free Antivirus 

Guard [Win32_Own | Auto | Running] -> 

%ProgramFiles%\Avira\AntiVir PersonalEdition 

Classic\avguard.exe -> Avira GmbH [Ver = 8.00.01.18 | 

Size = 147201 bytes | Modified Date = 10/06/2008 

18:17:51 | Attr =    ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | 

Auto | Running] -> %ProgramFiles%\Alwil 

Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 

8, 1201, 0 | Size = 17272 bytes | Modified Date = 

16/05/2008 01:06:57 | Attr =    ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | 

Running] -> %ProgramFiles%\Alwil 

Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 

8, 1201, 0 | Size = 144760 bytes | Modified Date = 

16/05/2008 01:19:24 | Attr =    ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | 

On_Demand | Stopped] -> %ProgramFiles%\Alwil 

Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 

8, 1201, 0 | Size = 247160 bytes | Modified Date = 

16/05/2008 01:19:00 | Attr =    ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | 

On_Demand | Stopped] -> %ProgramFiles%\Alwil 

Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 

8, 1201, 0 | Size = 349560 bytes | Modified Date = 

16/05/2008 01:16:59 | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service 

[Win32_Shared | On_Demand | Stopped] -> 

%SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., 

Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 

bytes | Modified Date = 02/12/2004 11:00:00 | Attr =    

]
(gusvc) Google Updater Service [Win32_Own | On_Demand | 

Stopped] -> %ProgramFiles%\Google\Common\Google 

Updater\GoogleUpdaterService.exe -> Google [Ver = 

2.0.734.29932.beta | Size = 138168 bytes | Modified Date 

= 17/09/2007 20:58:17 | Attr =    ]
(IDriverT) InstallDriver Table Manager [Win32_Own | 

On_Demand | Stopped] -> 

%CommonProgramFiles%\InstallShield\Driver\1150\Intel 

32\IDriverT.exe -> Macrovision Corporation [Ver = 

11.50.42618 | Size = 69632 bytes | Modified Date = 

14/11/2005 01:06:04 | Attr =    ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto 

| Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> 

NVIDIA Corporation [Ver = 6.14.10.5306 | Size = 77824 

bytes | Modified Date = 11/12/2003 13:10:00 | Attr =    

]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\Run -> 
avast! -> %ProgramFiles%\Alwil 

Software\Avast4\ashDisp.exe 

[C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL 

Software [Ver = 4, 8, 1201, 0 | Size = 79224 bytes | 

Modified Date = 16/05/2008 01:19:31 | Attr =    ]
avgnt -> %ProgramFiles%\Avira\AntiVir PersonalEdition 

Classic\avgnt.exe ["C:\Program Files\Avira\AntiVir 

PersonalEdition Classic\avgnt.exe" /min] -> Avira GmbH 

[Ver = 8.00.00.07 | Size = 262401 bytes | Modified Date 

= 12/02/2008 10:06:50 | Attr =    ]
BMab83a148 -> %SystemRoot%\system32\jcxqfpki.DLL 

[Rundll32.exe "C:\WINDOWS\system32\jcxqfpki.dll",s] -> 

File not found
Microsoft Works Update Detection -> 

%CommonProgramFiles%\Microsoft Shared\Works 

Shared\WkUFind.exe [C:\Program Files\Common 

Files\Microsoft Shared\Works Shared\WkUFind.exe] -> 

Microsoft® Corporation [Ver = 7.00.0724.0 | Size = 28672 

bytes | Modified Date = 24/07/2002 21:20:02 | Attr =    

]
NeroFilterCheck -> 

%CommonProgramFiles%\Ahead\Lib\NeroCheck.exe [C:\Program 

Files\Common Files\Ahead\Lib\NeroCheck.exe] -> Nero AG 

[Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date 

= 12/01/2006 16:40:44 | Attr =    ]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll 

[RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] 

-> NVIDIA Corporation [Ver = 6.14.10.5306 | Size = 

3022848 bytes | Modified Date = 11/12/2003 13:10:00 | 

Attr =    ]
nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe 

/install] -> NVIDIA Corporation [Ver = 6.14.10.5306 | 

Size = 753664 bytes | Modified Date = 11/12/2003 

13:10:00 | Attr =    ]
PinnacleDriverCheck -> 

%SystemRoot%\system32\PSDrvCheck.exe 

[C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg] ->  [Ver 

= 1.0.0.63 | Size = 406016 bytes | Modified Date = 

10/03/2004 15:26:10 | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe 

["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> 

Apple Computer, Inc. [Ver = 6.4 | Size = 77824 bytes | 

Modified Date = 27/08/2007 16:25:49 | Attr =    ]
Sony Ericsson PC Suite -> %ProgramFiles%\Sony 

Ericsson\Mobile2\Application Launcher\Application 

Launcher.exe ["C:\Program Files\Sony 

Ericsson\Mobile2\Application Launcher\Application 

Launcher.exe" /startoptions] ->  [Ver = 2.0.10.129 | 

Size = 593920 bytes | Modified Date = 28/03/2007 

01:07:42 | Attr = R  ]
SoundMan -> %SystemRoot%\soundman.exe [SOUNDMAN.EXE] -> 

Realtek Semiconductor Corp. [Ver = 5, 1, 0, 58 | Size = 

577536 bytes | Modified Date = 17/11/2006 05:42:52 | 

Attr = R  ]
SpybotSnD -> %ProgramFiles%\Spybot - Search & 

Destroy\SpybotSD.exe ["C:\Program Files\Spybot - Search 

& Destroy\SpybotSD.exe"] -> Safer Networking Limited 

[Ver = 1, 5, 2, 20 | Size = 5146448 bytes | Modified 

Date = 28/01/2008 11:43:36 | Attr = RHS]
WinFast Schedule -> 

%ProgramFiles%\WinFast\WFTVFM\WFWIZ.exe [C:\Program 

Files\WinFast\WFTVFM\WFWIZ.exe] -> Leadtek Research Inc. 

[Ver = 5.13.01.2003-1.67 | Size = 159744 bytes | 

Modified Date = 25/02/2004 10:23:28 | Attr =    ]
< RunOnceEx [HKEY_LOCAL_MACHINE\] > -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\RunOnceEx -> 
Flag ->  [] -> File not found
< Run [HKEY_CURRENT_USER\] > -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers

ion\Run -> 
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> 

%CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe 

["C:\Program Files\Common 

Files\Ahead\Lib\NMBgMonitor.exe"] -> Nero AG [Ver = 1, 

2, 0, 6 | Size = 94208 bytes | Modified Date = 

21/04/2006 17:03:34 | Attr =    ]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll 

[RUNDLL32.EXE 

C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit] -> 

NVIDIA Corporation [Ver = 6.14.10.5306 | Size = 49152 

bytes | Modified Date = 11/12/2003 13:10:00 | Attr =    

]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & 

Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & 

Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 

1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 

28/01/2008 11:43:40 | Attr = RHS]
swg -> 

%ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolba

rNotifier.exe [C:\Program 

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier

.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 

68856 bytes | Modified Date = 21/09/2007 18:11:33 | Attr 

=    ]
WebSUpdater -> %ProgramFiles%\winvi\wupda.exe 

["C:\Program Files\winvi\wupda.exe" /background] -> File 

not found
WinUpdater -> %ProgramFiles%\winvi\update.exe 

["C:\Program Files\winvi\update.exe" /background] -> 

File not found
< All Users Startup Folder > -> C:\Documents and 

Settings\All Users\Start Menu\Programs\Startup -> 
< Nolwenn Startup Folder > -> C:\Documents and 

Settings\Nolwenn\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\MagicDisc.lnk 

-> %ProgramFiles%\MagicDisc\MagicDisc.exe ->  [Ver =  | 

Size = 534016 bytes | Modified Date = 26/09/2006 

09:59:14 | Attr =    ]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\Explorer\ShellExecuteHooks -> 
{F9DF827A-8FA7-48A3-B268-CA4DB563EA40} 

[HKEY_LOCAL_MACHINE] -> 

%SystemRoot%\system32\awTmNgdc.dll [] ->  [Ver =  | Size 

= 52736 bytes | Modified Date = 11/05/2008 19:17:45 | 

Attr =    ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secu

rityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows 

NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows 

NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows 

NT\CurrentVersion\Winlogon\Notify\ -> 
awTmNgdc -> %SystemRoot%\system32\awTmNgdc.dll ->  [Ver 

=  | Size = 52736 bytes | Modified Date = 11/05/2008 

19:17:45 | Attr =    ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > 

-> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\policies\ActiveDesktop\\NoAddingComponents -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\policies\ActiveDesktop\\NoDeletingComponents -> 0 

-> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\policies\ActiveDesktop\\NoEditingComponents -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\policies\ActiveDesktop\\NoChangingWallpaper -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\policies\ActiveDesktop\\NoActiveDesktopChanges -> 1 

-> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90A

B50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8E

F6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728

E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\policies\system\\InstallVisualStyle -> 

%SystemRoot%\Resources\Themes\Royale\Royale.mss 

[C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> 

File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\policies\system\\InstallTheme -> 

%SystemRoot%\Resources\Themes\Royale.the 

[C:\WINDOWS\Resources\Themes\Royale.theme] -> File not 

found
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > 

-> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers

ion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers

ion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers

ion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers

ion\policies\ActiveDesktop\\NoAddingComponents -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers

ion\policies\ActiveDesktop\\NoEditingComponents -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers

ion\policies\ActiveDesktop\\NoChangingWallpaper -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers

ion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers

ion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers

ion\policies\Explorer\\ForceActiveDesktopOn -> 0 -> 
< CDROM Autorun Settings > 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cd

rom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr

om\ -> ->
*DependOnGroup* -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr

om\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr

om\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr

om\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr

om\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr

om\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr

om\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr

om\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr

om\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys 

[system32\DRIVERS\cdrom.sys] -> Microsoft Corporation 

[Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 

49536 bytes | Modified Date = 02/12/2004 11:00:00 | Attr 

=    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr

om\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr

om\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr

om\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr

om\Enum\\0 -> 

IDE\CdRom_NEC_DVD_RW_ND-2510A____________________2.15___

_\5&1ba9decb&0&0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr

om\Enum\\Count -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr

om\Enum\\NextInstance -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr

om\Enum\\1 -> 

IDE\CdRomSAMSUNG_CD-ROM_SC-152G__________________C401___

_\5&1ba9decb&0&0.1.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdr

om\Enum\\2 -> 

SCSI\CdRom&Ven_MagicISO&Prod_Virtual_DVD-ROM&Rev_1.0A\1&

2afd7d61&0&0000 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] 

->  [Ver =  | Size = 0 bytes | Modified Date = 

19/08/2007 00:29:33 | Attr =    ]
< HOSTS File > (238945 bytes) -> 

C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 

-> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> 

http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&a

r=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> 

http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> 

%SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> 

http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesea

rch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> 

http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&c

lcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> 

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust

.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> 

http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> 

http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 

-> 
HKEY_CURRENT_USER\: Main\\Local Page -> 

C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> 

http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> 

http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> 

http://www.google.fr/ -> 
HKEY_CURRENT_USER\: Search\\SearchAssistant -> 

http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\ -> 

http://www.google.com/search?q=%s[gogl] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\Internet Settings\ZoneMap\Domains\ -> [Key] 4423 

domain(s) found. -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 

range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers

ion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers

ion\Internet Settings\ZoneMap\Domains\ -> [Key] 4422 

domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers

ion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVers

ion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 

range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVer

sion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} 

[HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 

5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj 

Class] ->  [Ver = 1, 0, 0, 1 | Size = 37808 bytes | 

Modified Date = 02/03/2001 12:02:04 | Attr =    ]
{2166923B-DC40-4FDD-B8D5-56D16C2BAF3E} 

[HKEY_LOCAL_MACHINE] -> 

%SystemRoot%\system32\qOifeefd.dll [Reg Error: Value  

does not exist or could not be read.] -> File not found
{3DAEA73C-010A-4580-B8A4-2512DC5E6770} 

[HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or 

could not be opened. [Reg Error: Key does not exist or 

could not be opened.] -> File not found
{43772ae3-ea6e-42c6-9adb-10527b90cfd7} 

[HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or 

could not be opened. [Reg Error: Key does not exist or 

could not be opened.] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} 

[HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & 

Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer 

Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 

bytes | Modified Date = 28/01/2008 11:43:28 | Attr =    

]
{76489CEC-C772-49E4-94F2-2272D2008678} 

[HKEY_LOCAL_MACHINE] -> 

%SystemRoot%\system32\hgGwVlIY.dll [Reg Error: Value  

does not exist or could not be read.] -> File not found
{7E200256-73B9-44A0-859F-C60E90CD58BD} 

[HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or 

could not be opened. [Reg Error: Key does not exist or 

could not be opened.] -> File not found
{A585C407-ADDA-4F25-872B-2174E507CFA2} 

[HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or 

could not be opened. [Reg Error: Key does not exist or 

could not be opened.] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} 

[HKEY_LOCAL_MACHINE] -> 

%ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar 

Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 

2436160 bytes | Modified Date = 17/09/2007 20:58:16 | 

Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} 

[HKEY_LOCAL_MACHINE] -> 

%ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164

\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. 

[Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified 

Date = 21/09/2007 18:11:32 | Attr =    ]
{c1a48912-69af-459e-b2cd-7e16c2be70b9} 

[HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or 

could not be opened. [Reg Error: Key does not exist or 

could not be opened.] -> File not found
{E2AD6BDE-E3E5-4905-A79B-36BFF8CEF6AE} 

[HKEY_LOCAL_MACHINE] -> 

%SystemRoot%\system32\pmnmjGYo.dll [Reg Error: Value  

does not exist or could not be read.] -> File not found
{E8A26038-AAB8-4080-B64E-9F46C84EE2E7} 

[HKEY_LOCAL_MACHINE] -> 

%SystemRoot%\system32\byXOhGYS.dll [Reg Error: Value  

does not exist or could not be read.] -> File not found
{F0F34798-63D1-4BFD-9E2C-9324ABA97D35} 

[HKEY_LOCAL_MACHINE] -> 

%SystemRoot%\system32\rqRJYroO.dll [Reg Error: Value  

does not exist or could not be read.] -> File not found
{F8F9FEDB-B70C-4420-9E06-3A4AED22CA83} 

[HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or 

could not be opened. [Reg Error: Key does not exist or 

could not be opened.] -> File not found
{F9DF827A-8FA7-48A3-B268-CA4DB563EA40} 

[HKEY_LOCAL_MACHINE] -> 

%SystemRoot%\system32\awTmNgdc.dll [Reg Error: Value  

does not exist or could not be read.] ->  [Ver =  | Size 

= 52736 bytes | Modified Date = 11/05/2008 19:17:45 | 

Attr =    ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet 

Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} 

[HKEY_LOCAL_MACHINE] -> 

%ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> 

Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 

bytes | Modified Date = 17/09/2007 20:58:16 | Attr = R  

]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> 

HKEY_CURRENT_USER\Software\Microsoft\Internet 

Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} 

[HKEY_LOCAL_MACHINE] -> 

%ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> 

Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 

bytes | Modified Date = 17/09/2007 20:58:16 | Attr = R  

]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet 

Explorer\Extensions\ -> 
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> 

%SystemRoot%\bdoscandel.exe [Uninstall BitDefender 

Online Scanner v8] ->  [Ver =  | Size = 53248 bytes | 

Modified Date = 25/05/2006 01:22:06 | Attr =    ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D

53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> 

%ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll 

[Spybot - Search & Destroy Configuration] -> Safer 

Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 

bytes | Modified Date = 28/01/2008 11:43:28 | Attr =    

]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> 

HKEY_CURRENT_USER\Software\Microsoft\Internet 

Explorer\Extensions\ -> 
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} 

[HKEY_LOCAL_MACHINE] -> %SystemRoot%\bdoscandel.exe 

[Uninstall BitDefender Online Scanner v8] ->  [Ver =  | 

Size = 53248 bytes | Modified Date = 25/05/2006 01:22:06 

| Attr =    ]
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} 

[HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & 

Destroy\SDHelper.dll [Spybot - Search & Destroy 

Configuration] -> Safer Networking Limited [Ver = 1, 5, 

0, 11 | Size = 1554256 bytes | Modified Date = 

28/01/2008 11:43:28 | Attr =    ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet 

Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> 

http://activex.microsoft.com/controls/find.asp?ext=%s&mi

me=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\Internet Settings\User Agent\Post Platform -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcp

ip\Parameters\Adapters\ -> 
{3C7F8D70-5ECF-4187-B1BB-C5F6375ABC13} ->    (VIA 

Compatable Fast Ethernet Adapter) -> 
{81021D37-AF9F-4DDD-9218-0E130A5FEE0C} ->    () -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ 

-> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store 

Database\Distribution Units\ -> 
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHIN

E] -> [Reg Error: Key does not exist or could not be 

opened.] -> 
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHIN

E] -> 

http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab[BDSCA

NONLINE Control] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHIN

E] -> 

http://download.macromedia.com/pub/shockwave/cabs/flash/

swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/bdoscandel.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/bdoscandel.exe\\.Owner -> 

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/bdoscandel.exe\\{5D86DDB5-BD

F9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/bdoscandellang.ini\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/bdoscandellang.ini\\.Owner 

-> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/bdoscandellang.ini\\{5D86DDB

5-BDF9-441B-9E9E-D4730F4EE499} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/bdcore.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/bdcore.dll\\.Owner -> 

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/bdcore.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} 

->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/bdupd.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/bdupd.dll\\.Owner -> 

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/bdupd.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} 

->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/ipsupd.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/ipsupd.dll\\.Owner -> 

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/ipsupd.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} 

->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/lang.ini\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/lang.ini\\.Owner -> 

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/lang.ini\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} 

->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/libfn.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/libfn.dll\\.Owner -> 

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/libfn.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} 

->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/live.ini\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/live.ini\\.Owner -> 

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/live.ini\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} 

->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/oscan8.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/oscan8.ocx\\.Owner -> 

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/oscan8.ocx\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} 

->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/scanoptions.tsi\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/scanoptions.tsi\\.Owner -> 

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer

sion\ModuleUsage\C:/WINDOWS/Downloaded Program 

Files/scanoptions.tsi\\{5D86DDB5-BDF9-441B-9E9E-D4730F4E

E499} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunch

Permission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunch

Restriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccess

Restriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> 

Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> 

-> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\Acti

vationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\Acti

vationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7

A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\Acti

vationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-96

29-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\Acti

vationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9D

E0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\Acti

vationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B9

9C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> 

-> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\Sys

tem.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ 

-> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 

Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\W

indowsUpdate\ not found. -> -> 
Reg Error: Key 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFi

rewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ 

-> ->
*Authentication Packages* -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft 

Corporation [Ver = 5.1.2600.2180 

(xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | 

Modified Date = 02/12/2004 11:00:00 | Attr =    ]
C:\WINDOWS\system32\byXOhGYS ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

\Bounds -> 0  [binary data] -> 
*Security Packages* -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> 

Microsoft Corporation [Ver = 5.1.2600.2698 

(xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | 

Modified Date = 15/06/2005 19:49:30 | Attr =    ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft 

Corporation [Ver = 5.1.2600.2180 

(xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | 

Modified Date = 02/12/2004 11:00:00 | Attr =    ]
schannel -> %SystemRoot%\system32\schannel.dll -> 

Microsoft Corporation [Ver = 5.1.2600.3126 

(xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | 

Modified Date = 25/04/2007 16:21:15 | Attr =    ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> 

Microsoft Corporation [Ver = 5.1.2600.2180 

(xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | 

Modified Date = 02/12/2004 11:00:00 | Attr =    ]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

\LsaPid -> 704 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

\restrictanonymoussam -> 1 -> 
*Notification Packages* -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft 

Corporation [Ver = 5.1.2600.2180 

(xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | 

Modified Date = 02/12/2004 11:00:00 | Attr =    ]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

AccessProviders\ -> -> 
*ProviderOrder* -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

AccessProviders\Windows NT Access Provider\\ProviderPath 

-> %SystemRoot%\system32\ntmarta.dll 

[%SystemRoot%\system32\ntmarta.dll] -> Microsoft 

Corporation [Ver = 5.1.2600.2180 

(xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | 

Modified Date = 02/12/2004 11:00:00 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

Data\\Pattern -> F4 F8 05 0B B5 C6 F4 A9 E8 E4 C3 F7 17 

47 50 6C 32 61 61 38 65 35 37 39 00 FD 07 00 5D CD 00 00 

34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 

00 0C 74 4D 6B 38 0C A8 0A 25 FA 51 2A  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

GBG\\GrafBlumGroup -> 68 C1 00 3B 8E E1 C6 10 B4  

[binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

JD\\Lookup -> 0F 28 D1 7F 0F 6C  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll 

[IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 

(xpclient.010817-1148) | Size = 9216 bytes | Modified 

Date = 02/12/2004 11:00:00 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

Skew1\\SkewMatrix -> 86 97 86 4E C0 AF 43 52 81 4B 16 86 

DC FD 95 51  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\\Time -> 28 53 31 71 F2 E4 C7 01  [binary 

data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\digest.dll\\Comment -> Digest SSPI 

Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\digest.dll\\Time -> 00 A8 A5 4D 4D D8 C4 01  

[binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\msapsspc.dll\\Comment -> DPA Security Package 

-> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\msapsspc.dll\\Time -> 00 A8 A5 4D 4D D8 C4 01  

[binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\msnsspc.dll\\Comment -> MSN Security Package 

-> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\msnsspc.dll\\Time -> 00 A8 A5 4D 4D D8 C4 01  

[binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\

SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\\Description -> Provides network address 

translation, addressing, name resolution and/or 

intrusion prevention services for a home or small office 

network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\\DisplayName -> Windows Firewall/Internet 

Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\\ImagePath -> 

%SystemRoot%\system32\svchost.exe 

[%SystemRoot%\system32\svchost.exe -k netsvcs] -> 

Microsoft Corporation [Ver = 5.1.2600.2180 

(xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | 

Modified Date = 02/12/2004 11:00:00 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Epoch\\Epoch -> 1753 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\\ServiceDll -> 

%SystemRoot%\system32\ipnathlp.dll 

[%SystemRoot%\System32\ipnathlp.dll] -> Microsoft 

Corporation [Ver = 5.1.2600.2180 

(xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | 

Modified Date = 02/12/2004 11:00:00 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\DomainProfile\Author

izedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\DomainProfile\Author

izedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\DomainProfile\Author

izedApplications\List\\%windir%\system32\sessmgr.exe -> 

%SystemRoot%\system32\sessmgr.exe 

[%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-

22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 

(xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | 

Modified Date = 02/12/2004 11:00:00 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\DomainProfile\Author

izedApplications\List\\C:\Program Files\MSN 

Messenger\msnmsgr.exe -> %ProgramFiles%\MSN 

Messenger\msnmsgr.exe [C:\Program Files\MSN 

Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 

8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size 

= 5674352 bytes | Modified Date = 19/01/2007 12:55:02 | 

Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\DomainProfile\Author

izedApplications\List\\C:\Program Files\MSN 

Messenger\livecall.exe -> %ProgramFiles%\MSN 

Messenger\livecall.exe [C:\Program Files\MSN 

Messenger\livecall.exe:*:Enabled:Windows Live Messenger 

8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | 

Size = 297752 bytes | Modified Date = 04/01/2007 

16:10:02 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\ -> 

-> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\\Ena

bleFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\\DoN

otAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\\Dis

ableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Auth

orizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Auth

orizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Auth

orizedApplications\List\\%windir%\system32\sessmgr.exe 

-> %SystemRoot%\system32\sessmgr.exe 

[%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-

22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 

(xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | 

Modified Date = 02/12/2004 11:00:00 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Auth

orizedApplications\List\\C:\Program Files\Microsoft 

Office\Office12\OUTLOOK.EXE -> %ProgramFiles%\Microsoft 

Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft 

Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office 

Outlook] -> Microsoft Corporation [Ver = 12.0.4518.1014 

| Size = 12813096 bytes | Modified Date = 27/10/2006 

15:16:48 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Auth

orizedApplications\List\\C:\Program Files\Kodak\KODAK 

Software Updater\7288971\Program\Kodak Software 

Updater.exe -> %ProgramFiles%\Kodak\KODAK Software 

Updater\7288971\Program\Kodak Software Updater.exe 

[C:\Program Files\Kodak\KODAK Software 

Updater\7288971\Program\Kodak Software 

Updater.exe:*:Enabled:Kodak Software Updater] -> File 

not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Auth

orizedApplications\List\\C:\Program Files\Kodak 

EasyShare software\bin\EasyShare.exe -> 

%ProgramFiles%\Kodak EasyShare 

software\bin\EasyShare.exe [C:\Program Files\Kodak 

EasyShare 

software\bin\EasyShare.exe:*:Enabled:EasyShare] -> File 

not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Auth

orizedApplications\List\\C:\Program 

Files\Freeplayer\vlc\vlc.exe -> 

%ProgramFiles%\Freeplayer\vlc\vlc.exe [C:\Program 

Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player] 

->  [Ver =  | Size = 6415360 bytes | Modified Date = 

02/09/2005 21:24:01 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Auth

orizedApplications\List\\C:\Program Files\Nero\Nero 

7\Nero ShowTime\ShowTime.exe -> %ProgramFiles%\Nero\Nero 

7\Nero ShowTime\ShowTime.exe [C:\Program Files\Nero\Nero 

7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime] -> 

Nero AG [Ver = 3, 0, 0, 1 | Size = 3739648 bytes | 

Modified Date = 23/03/2006 16:44:06 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Auth

orizedApplications\List\\C:\Program 

Files\uTorrent\uTorrent.exe -> 

%ProgramFiles%\uTorrent\uTorrent.exe [C:\Program 

Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] ->  [Ver 

=  | Size = 219952 bytes | Modified Date = 23/02/2008 

10:38:21 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Auth

orizedApplications\List\\C:\Program Files\Nokia\Nokia 

Software Updater\nsu_ui_client.exe -> 

%ProgramFiles%\Nokia\Nokia Software 

Updater\nsu_ui_client.exe [C:\Program Files\Nokia\Nokia 

Software Updater\nsu_ui_client.exe:*:Enabled:Nokia 

Software Updater] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Auth

orizedApplications\List\\C:\Program Files\Common 

Files\Nokia\Service Layer\A\nsl_host_process.exe -> 

%CommonProgramFiles%\Nokia\Service 

Layer\A\nsl_host_process.exe [C:\Program Files\Common 

Files\Nokia\Service 

Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service 

Layer Host Process ] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Auth

orizedApplications\List\\C:\Program 

Files\eMule\emule.exe -> %ProgramFiles%\eMule\emule.exe 

[C:\Program Files\eMule\emule.exe:*:Disabled:eMule] -> 

File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Auth

orizedApplications\List\\C:\Program Files\MSN 

Messenger\msnmsgr.exe -> %ProgramFiles%\MSN 

Messenger\msnmsgr.exe [C:\Program Files\MSN 

Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger 

8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size 

= 5674352 bytes | Modified Date = 19/01/2007 12:55:02 | 

Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Auth

orizedApplications\List\\C:\Program Files\MSN 

Messenger\livecall.exe -> %ProgramFiles%\MSN 

Messenger\livecall.exe [C:\Program Files\MSN 

Messenger\livecall.exe:*:Disabled:Windows Live Messenger 

8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | 

Size = 297752 bytes | Modified Date = 04/01/2007 

16:10:02 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Auth

orizedApplications\List\\C:\Program 

Files\Messenger\msmsgs.exe -> 

%ProgramFiles%\Messenger\msmsgs.exe [C:\Program 

Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] 

-> Microsoft Corporation [Ver = 4.7.3001 | Size = 

1694208 bytes | Modified Date = 13/10/2004 18:24:37 | 

Attr =  HS]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Glob

allyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Glob

allyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Glob

allyOpenPorts\List\\1900:UDP -> 

1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Glob

allyOpenPorts\List\\2869:TCP -> 

2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Glob

allyOpenPorts\List\\3389:TCP -> 

3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Glob

allyOpenPorts\List\\139:TCP -> 

139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Glob

allyOpenPorts\List\\445:TCP -> 

445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Glob

allyOpenPorts\List\\137:UDP -> 

137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Parameters\FirewallPolicy\StandardProfile\Glob

allyOpenPorts\List\\138:UDP -> 

138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 

-> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sha

redAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua

userv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua

userv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua

userv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua

userv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua

userv\\ImagePath -> %SystemRoot%\system32\svchost.exe 

[%systemroot%\system32\svchost.exe -k netsvcs] -> 

Microsoft Corporation [Ver = 5.1.2600.2180 

(xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | 

Modified Date = 02/12/2004 11:00:00 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua

userv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua

userv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua

userv\\Description -> Enables the download and 

installation of Windows updates. If this service is 

disabled, this computer will not be able to use the 

Automatic Updates feature or the Windows Update Web 

site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua

userv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua

userv\Parameters\\ServiceDll -> 

%SystemRoot%\system32\wuauserv.dll 

[C:\WINDOWS\system32\wuauserv.dll] -> Microsoft 

Corporation [Ver = 5.4.3790.2180 

(xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | 

Modified Date = 02/12/2004 11:00:00 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua

userv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua

userv\Security\\Security -> [Binary data over 100 bytes] 

-> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua

userv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua

userv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua

userv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wua

userv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem

oteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem

oteRegistry\\Description -> Enables remote users to 

modify registry settings on this computer. If this 

service is stopped, the registry can be modified only by 

users on this computer. If this service is disabled, any 

services that explicitly depend on it will fail to 

start. -> 
*DependOnService* -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem

oteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft 

Corporation [Ver = 5.1.2600.2726 

(xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | 

Modified Date = 26/07/2005 06:39:49 | Attr =    ]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem

oteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem

oteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem

oteRegistry\\ImagePath -> 

%SystemRoot%\system32\svchost.exe 

[%SystemRoot%\system32\svchost.exe -k LocalService] -> 

Microsoft Corporation [Ver = 5.1.2600.2180 

(xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | 

Modified Date = 02/12/2004 11:00:00 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem

oteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem

oteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem

oteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem

oteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem

oteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 

00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 

00  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem

oteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem

oteRegistry\Parameters\\ServiceDll -> 

%SystemRoot%\system32\regsvc.dll 

[%SystemRoot%\system32\regsvc.dll] -> Microsoft 

Corporation [Ver = 5.1.2600.2180 

(xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | 

Modified Date = 02/12/2004 11:00:00 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem

oteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem

oteRegistry\Security\\Security -> [Binary data over 100 

bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem

oteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem

oteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 

-> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem

oteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rem

oteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln

tSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln

tSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln

tSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln

tSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln

tSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe 

[C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft 

Corporation [Ver = 5.1.2600.2180 

(xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | 

Modified Date = 02/12/2004 11:00:00 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln

tSvr\\DisplayName -> Telnet -> 
*DependOnService* -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln

tSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft 

Corporation [Ver = 5.1.2600.2726 

(xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | 

Modified Date = 26/07/2005 06:39:49 | Attr =    ]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln

tSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln

tSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln

tSvr\\Description -> Enables a remote user to log on to 

this computer and run programs, and supports various 

TCP/IP Telnet clients, including UNIX-based and 

Windows-based computers. If this service is stopped, 

remote user access to programs might be unavailable. If 

this service is disabled, any services that explicitly 

depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln

tSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tln

tSvr\Security\\Security -> [Binary data over 100 bytes] 

-> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware 

Profiles\Current\Software\Microsoft\windows\CurrentVersi

on\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware 

Profiles\Current\Software\Microsoft\windows\CurrentVersi

on\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | 

Size = 536399872 bytes | Created Date = 10/06/2008 

08:09:52 | Attr =  HS]
sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm ->  [Ver =  

| Size = 232 bytes | Created Date = 20/05/2008 21:17:43 

| Attr =  H ]
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm ->  [Ver =  

| Size = 232 bytes | Created Date = 20/05/2008 21:19:43 

| Attr =  H ]
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm ->  [Ver =  

| Size = 232 bytes | Created Date = 20/05/2008 21:24:05 

| Attr =  H ]
sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm ->  [Ver 

=  | Size = 244 bytes | Created Date = 20/05/2008 

21:17:42 | Attr =  H ]
sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm ->  [Ver 

=  | Size = 244 bytes | Created Date = 20/05/2008 

21:19:43 | Attr =  H ]
sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm ->  [Ver 

=  | Size = 244 bytes | Created Date = 20/05/2008 

21:24:05 | Attr =  H ]
Temp -> %SystemDrive%\Temp ->  [Folder | Created Date = 

11/05/2008 19:17:44 | Attr =    ]
aswFsBlk.sys -> 

%SystemRoot%\System32\drivers\aswFsBlk.sys -> ALWIL 

Software [Ver = 4.8.1201.0 | Size = 20560 bytes | 

Created Date = 11/05/2008 21:14:55 | Attr =    ]
aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> 

ALWIL Software [Ver = 4.8.1201.0 | Size = 78416 bytes | 

Created Date = 11/05/2008 21:14:55 | Attr =    ]
avgntdd.sys -> %SystemRoot%\System32\drivers\avgntdd.sys 

-> Avira GmbH [Ver = 6.39.00.30 | Size = 41792 bytes | 

Created Date = 09/06/2008 17:40:43 | Attr =    ]
avgntmgr.sys -> 

%SystemRoot%\System32\drivers\avgntmgr.sys -> Avira GmbH 

[Ver = 6.37.01.02 | Size = 22336 bytes | Created Date = 

09/06/2008 17:40:43 | Attr =    ]
avipbb.sys -> %SystemRoot%\System32\drivers\avipbb.sys 

-> Avira GmbH [Ver = 1.00.02.22 | Size = 79424 bytes | 

Created Date = 09/06/2008 17:40:40 | Attr =    ]
ssmdrv.sys -> %SystemRoot%\System32\drivers\ssmdrv.sys 

-> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | 

Created Date = 09/06/2008 17:40:43 | Attr =    ]
20467 -> %SystemRoot%\System32\20467 ->  [Folder | 

Created Date = 11/05/2008 19:18:02 | Attr =    ]
3 C:\WINDOWS\System32\*.tmp files -> 

C:\WINDOWS\System32\*.tmp -> 
appmgmt -> %SystemRoot%\System32\appmgmt ->  [Folder | 

Created Date = 18/05/2008 13:35:51 | Attr =    ]
awTmNgdc.dll -> %SystemRoot%\System32\awTmNgdc.dll ->  

[Ver =  | Size = 52736 bytes | Created Date = 11/05/2008 

19:17:45 | Attr =    ]
bkEur01 -> %SystemRoot%\System32\bkEur01 ->  [Folder | 

Created Date = 11/05/2008 19:17:46 | Attr =    ]
dfeefiOq.ini -> %SystemRoot%\System32\dfeefiOq.ini ->  

[Ver =  | Size = 198110 bytes | Created Date = 

11/05/2008 19:23:15 | Attr =  HS]
dfeefiOq.ini2 -> %SystemRoot%\System32\dfeefiOq.ini2 ->  

[Ver =  | Size = 198110 bytes | Created Date = 

11/05/2008 19:23:15 | Attr =  HS]
dwdxycbi.ini -> %SystemRoot%\System32\dwdxycbi.ini ->  

[Ver =  | Size = 1604260 bytes | Created Date = 

12/05/2008 10:35:53 | Attr =  HS]
fnwumdav.ini -> %SystemRoot%\System32\fnwumdav.ini ->  

[Ver =  | Size = 1604647 bytes | Created Date = 

18/05/2008 09:42:15 | Attr =  HS]
lqyuxovi.ini -> %SystemRoot%\System32\lqyuxovi.ini ->  

[Ver =  | Size = 1505163 bytes | Created Date = 

11/05/2008 19:29:48 | Attr =  HS]
mBL -> %SystemRoot%\System32\mBL ->  [Folder | Created 

Date = 11/05/2008 19:18:07 | Attr =    ]
OorYJRqr.ini -> %SystemRoot%\System32\OorYJRqr.ini ->  

[Ver =  | Size = 412451 bytes | Created Date = 

12/05/2008 16:51:54 | Attr =  HS]
OorYJRqr.ini2 -> %SystemRoot%\System32\OorYJRqr.ini2 ->  

[Ver =  | Size = 412451 bytes | Created Date = 

12/05/2008 16:51:56 | Attr =  HS]
oYGjmnmp.ini -> %SystemRoot%\System32\oYGjmnmp.ini ->  

[Ver =  | Size = 290 bytes | Created Date = 16/05/2008 

17:48:13 | Attr =  HS]
oYGjmnmp.ini2 -> %SystemRoot%\System32\oYGjmnmp.ini2 ->  

[Ver =  | Size = 705284 bytes | Created Date = 

16/05/2008 17:48:14 | Attr =  HS]
PreInstall -> %SystemRoot%\System32\PreInstall ->  

[Folder | Created Date = 08/06/2008 16:27:46 | Attr =    

]
sikrjmrr.ini -> %SystemRoot%\System32\sikrjmrr.ini ->  

[Ver =  | Size = 1990628 bytes | Created Date = 

18/05/2008 20:58:14 | Attr =  HS]
SoftwareDistribution -> 

%SystemRoot%\System32\SoftwareDistribution ->  [Folder | 

Created Date = 08/06/2008 16:06:40 | Attr =    ]
sX1 -> %SystemRoot%\System32\sX1 ->  [Folder | Created 

Date = 11/05/2008 19:17:56 | Attr =    ]
SYGhOXyb.ini -> %SystemRoot%\System32\SYGhOXyb.ini ->  

[Ver =  | Size = 352379 bytes | Created Date = 

18/05/2008 20:52:12 | Attr =  HS]
SYGhOXyb.ini2 -> %SystemRoot%\System32\SYGhOXyb.ini2 ->  

[Ver =  | Size = 352379 bytes | Created Date = 

18/05/2008 20:52:12 | Attr =  HS]
YIlVwGgh.ini -> %SystemRoot%\System32\YIlVwGgh.ini ->  

[Ver =  | Size = 199229 bytes | Created Date = 

12/05/2008 09:05:50 | Attr =  HS]
YIlVwGgh.ini2 -> %SystemRoot%\System32\YIlVwGgh.ini2 ->  

[Ver =  | Size = 199229 bytes | Created Date = 

12/05/2008 09:05:50 | Attr =  HS]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Created 

Date = 08/06/2008 16:27:42 | Attr =  H ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Created 

Date = 18/05/2008 10:50:20 | Attr =    ]
BMab83a148.xml -> %SystemRoot%\BMab83a148.xml ->  [Ver = 

| Size = 109807 bytes | Created Date = 11/05/2008 

19:25:20 | Attr =    ]
cookies.ini -> %SystemRoot%\cookies.ini ->  [Ver =  | 

Size = 219 bytes | Created Date = 18/05/2008 10:48:34 | 

Attr =    ]
pskt.ini -> %SystemRoot%\pskt.ini ->  [Ver =  | Size = 

22 bytes | Created Date = 11/05/2008 19:25:20 | Attr =   

]
[Files Created - Additional Folder Scans - Non-Microsoft 

Only]
Avira -> %AllUsersProfile%\Application Data\Avira ->  

[Folder | Created Date = 09/06/2008 17:40:30 | Attr =    

]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft 

->  [Folder | Created Date = 18/05/2008 11:41:52 | Attr 

=    ]
Sony Ericsson -> %AllUsersProfile%\Application Data\Sony 

Ericsson ->  [Folder | Created Date = 08/06/2008 

17:09:31 | Attr =    ]
Spybot - Search & Destroy -> 

%AllUsersProfile%\Application Data\Spybot - Search & 

Destroy ->  [Folder | Created Date = 11/05/2008 19:37:15 

| Attr =    ]
AntiVir PE Classic.lnk -> 

%AllUsersProfile%\Desktop\AntiVir PE Classic.lnk ->  

[Ver =  | Size = 1851 bytes | Created Date = 09/06/2008 

17:41:15 | Attr =    ]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe 

-> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | 

Created Date = 10/06/2008 18:26:13 | Attr =    ]
@Alternate Data Stream - 26 bytes -> 

%UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
install_Avira AntiVir Personal_.exe -> 

%UserProfile%\Desktop\install_Avira AntiVir 

Personal_.exe ->  [Ver =  | Size = 99383 bytes | Created 

Date = 09/06/2008 17:06:45 | Attr =    ]
@Alternate Data Stream - 26 bytes -> 

%UserProfile%\Desktop\install_Avira AntiVir 

Personal_.exe:Zone.Identifier
Lavasoft_Adaware2007_fr.exe -> 

%UserProfile%\Desktop\Lavasoft_Adaware2007_fr.exe ->  

[Ver =  | Size = 21364592 bytes | Created Date = 

18/05/2008 11:39:59 | Attr =    ]
@Alternate Data Stream - 26 bytes -> 

%UserProfile%\Desktop\Lavasoft_Adaware2007_fr.exe:Zone.I

dentifier
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | 

Created Date = 10/06/2008 18:28:09 | Attr =    ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  

[Ver =  | Size = 568544 bytes | Created Date = 

10/06/2008 18:26:56 | Attr =    ]
@Alternate Data Stream - 26 bytes -> 

%UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
Procédure_de.doc -> 

%UserProfile%\Desktop\Procédure_de.doc ->  [Ver =  | 

Size = 33812 bytes | Created Date = 09/06/2008 17:37:44 

| Attr =    ]
@Alternate Data Stream - 26 bytes -> 

%UserProfile%\Desktop\Procédure_de.doc:Zone.Identifier
Spybot - Search & Destroy.lnk -> 

%UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  

[Ver =  | Size = 963 bytes | Created Date = 11/05/2008 

19:37:24 | Attr =    ]
Sony Ericsson Shared -> %CommonProgramFiles%\Sony 

Ericsson Shared ->  [Folder | Created Date = 08/06/2008 

17:10:18 | Attr =    ]
AntiSpywareMaster -> %ProgramFiles%\AntiSpywareMaster -> 

[Folder | Created Date = 11/05/2008 19:23:00 | Attr =   

]
Avira -> %ProgramFiles%\Avira ->  [Folder | Created Date 

= 09/06/2008 17:40:30 | Attr =    ]
Lavasoft -> %ProgramFiles%\Lavasoft ->  [Folder | 

Created Date = 18/05/2008 11:41:56 | Attr =    ]
MSXML 4.0 -> %ProgramFiles%\MSXML 4.0 ->  [Folder | 

Created Date = 08/06/2008 17:11:17 | Attr =    ]
Spybot - Search & Destroy -> %ProgramFiles%\Spybot - 

Search & Destroy ->  [Folder | Created Date = 11/05/2008 

19:37:15 | Attr =    ]
winvi -> %ProgramFiles%\winvi ->  [Folder | Created Date 

= 11/05/2008 19:18:08 | Attr =    ]

[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | 

Size = 536399872 bytes | Modified Date = 10/06/2008 

18:13:16 | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified 

Date = 09/06/2008 21:01:39 | Attr = R  ]
sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm ->  [Ver =  

| Size = 232 bytes | Modified Date = 20/05/2008 21:17:43 

| Attr =  H ]
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm ->  [Ver =  

| Size = 232 bytes | Modified Date = 20/05/2008 21:19:43 

| Attr =  H ]
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm ->  [Ver =  

| Size = 232 bytes | Modified Date = 20/05/2008 21:24:05 

| Attr =  H ]
sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm ->  [Ver 

=  | Size = 244 bytes | Modified Date = 20/05/2008 

21:17:42 | Attr =  H ]
sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm ->  [Ver 

=  | Size = 244 bytes | Modified Date = 20/05/2008 

21:19:43 | Attr =  H ]
sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm ->  [Ver 

=  | Size = 244 bytes | Modified Date = 20/05/2008 

21:24:05 | Attr =  H ]
Temp -> %SystemDrive%\Temp ->  [Folder | Modified Date = 

18/05/2008 11:07:45 | Attr =    ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 

10/06/2008 18:20:42 | Attr =    ]
aavmker4.sys -> 

%SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL 

Software [Ver = 4.8.1201.0 | Size = 26944 bytes | 

Modified Date = 16/05/2008 01:13:26 | Attr =    ]
aswFsBlk.sys -> 

%SystemRoot%\System32\drivers\aswFsBlk.sys -> ALWIL 

Software [Ver = 4.8.1201.0 | Size = 20560 bytes | 

Modified Date = 16/05/2008 01:16:06 | Attr =    ]
aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys 

-> ALWIL Software [Ver = 4.8.1201.0 | Size = 94416 bytes 

| Modified Date = 16/05/2008 01:18:33 | Attr =    ]
aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys 

-> ALWIL Software [Ver = 4.8.1201.0 | Size = 23152 bytes 

| Modified Date = 16/05/2008 01:15:29 | Attr =    ]
aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> 

ALWIL Software [Ver = 4.8.1201.0 | Size = 78416 bytes | 

Modified Date = 16/05/2008 01:20:32 | Attr =    ]
aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys 

-> ALWIL Software [Ver = 4.8.1201.0 | Size = 42912 bytes 

| Modified Date = 16/05/2008 01:14:11 | Attr =    ]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | 

Modified Date = 08/06/2008 12:43:45 | Attr =    ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  

[Ver =  | Size = 238945 bytes | Modified Date = 

08/06/2008 12:43:45 | Attr = R  ]
hosts.20080608-124345.backup -> 

%SystemRoot%\System32\drivers\etc\hosts.20080608-124345.

backup ->  [Ver =  | Size = 238945 bytes | Modified Date 

= 12/05/2008 17:21:59 | Attr = R  ]
hosts.ics -> %SystemRoot%\System32\drivers\etc\hosts.ics 

->  [Ver =  | Size = 431 bytes | Modified Date = 

18/05/2008 20:40:37 | Attr =    ]
20467 -> %SystemRoot%\System32\20467 ->  [Folder | 

Modified Date = 11/05/2008 19:18:07 | Attr =    ]
3 C:\WINDOWS\System32\*.tmp files -> 

C:\WINDOWS\System32\*.tmp -> 
appmgmt -> %SystemRoot%\System32\appmgmt ->  [Folder | 

Modified Date = 18/05/2008 13:35:51 | Attr =    ]
aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> 

ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 1152888 

bytes | Modified Date = 16/05/2008 01:24:43 | Attr =    

]
AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> 

ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 95608 bytes 

| Modified Date = 16/05/2008 01:12:36 | Attr =    ]
awTmNgdc.dll -> %SystemRoot%\System32\awTmNgdc.dll ->  

[Ver =  | Size = 52736 bytes | Modified Date = 

11/05/2008 19:17:45 | Attr =    ]
bkEur01 -> %SystemRoot%\System32\bkEur01 ->  [Folder | 

Modified Date = 18/05/2008 12:10:09 | Attr =    ]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | 

Modified Date = 08/06/2008 17:01:55 | Attr =    ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | 

Modified Date = 10/06/2008 18:14:42 | Attr =    ]
color -> %SystemRoot%\System32\color ->  [Folder | 

Modified Date = 08/06/2008 12:53:56 | Attr =    ]
Com -> %SystemRoot%\System32\Com ->  [Folder | Modified 

Date = 09/06/2008 17:14:23 | Attr =    ]
CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT ->  [Ver =  

| Size = 2626 bytes | Modified Date = 08/06/2008 

16:07:34 | Attr =    ]
dfeefiOq.ini -> %SystemRoot%\System32\dfeefiOq.ini ->  

[Ver =  | Size = 198110 bytes | Modified Date = 

12/05/2008 01:01:58 | Attr =  HS]
dfeefiOq.ini2 -> %SystemRoot%\System32\dfeefiOq.ini2 ->  

[Ver =  | Size = 198110 bytes | Modified Date = 

12/05/2008 00:59:06 | Attr =  HS]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | 

Modified Date = 10/06/2008 08:22:02 | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | 

Modified Date = 09/06/2008 21:16:25 | Attr =    ]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | 

Modified Date = 08/06/2008 16:20:57 | Attr =    ]
dwdxycbi.ini -> %SystemRoot%\System32\dwdxycbi.ini ->  

[Ver =  | Size = 1604260 bytes | Modified Date = 

18/05/2008 09:39:14 | Attr =  HS]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  

[Ver =  | Size = 290888 bytes | Modified Date = 

10/06/2008 08:29:31 | Attr =    ]
fnwumdav.ini -> %SystemRoot%\System32\fnwumdav.ini ->  

[Ver =  | Size = 1604647 bytes | Modified Date = 

18/05/2008 20:47:46 | Attr =  HS]
lqyuxovi.ini -> %SystemRoot%\System32\lqyuxovi.ini ->  

[Ver =  | Size = 1505163 bytes | Modified Date = 

12/05/2008 10:29:55 | Attr =  HS]
mBL -> %SystemRoot%\System32\mBL ->  [Folder | Modified 

Date = 18/05/2008 12:10:09 | Attr =    ]
OorYJRqr.ini -> %SystemRoot%\System32\OorYJRqr.ini ->  

[Ver =  | Size = 412451 bytes | Modified Date = 

13/05/2008 06:25:16 | Attr =  HS]
OorYJRqr.ini2 -> %SystemRoot%\System32\OorYJRqr.ini2 ->  

[Ver =  | Size = 412451 bytes | Modified Date = 

13/05/2008 06:22:30 | Attr =  HS]
oYGjmnmp.ini -> %SystemRoot%\System32\oYGjmnmp.ini ->  

[Ver =  | Size = 290 bytes | Modified Date = 18/05/2008 

13:25:05 | Attr =  HS]
oYGjmnmp.ini2 -> %SystemRoot%\System32\oYGjmnmp.ini2 ->  

[Ver =  | Size = 705284 bytes | Modified Date = 

18/05/2008 13:24:34 | Attr =  HS]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  

[Ver =  | Size = 46252 bytes | Modified Date = 

09/06/2008 17:55:33 | Attr =    ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  

[Ver =  | Size = 366638 bytes | Modified Date = 

09/06/2008 17:55:34 | Attr =    ]
PerfStringBackup.INI -> 

%SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | 

Size = 418662 bytes | Modified Date = 09/06/2008 

17:55:32 | Attr =    ]
PreInstall -> %SystemRoot%\System32\PreInstall ->  

[Folder | Modified Date = 08/06/2008 16:27:46 | Attr =   

]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | 

Modified Date = 08/06/2008 16:17:59 | Attr =    ]
sikrjmrr.ini -> %SystemRoot%\System32\sikrjmrr.ini ->  

[Ver =  | Size = 1990628 bytes | Modified Date = 

20/05/2008 19:08:34 | Attr =  HS]
SoftwareDistribution -> 

%SystemRoot%\System32\SoftwareDistribution ->  [Folder | 

Modified Date = 08/06/2008 16:06:40 | Attr =    ]
sX1 -> %SystemRoot%\System32\sX1 ->  [Folder | Modified 

Date = 11/05/2008 19:18:01 | Attr =    ]
SYGhOXyb.ini -> %SystemRoot%\System32\SYGhOXyb.ini ->  

[Ver =  | Size = 352379 bytes | Modified Date = 

08/06/2008 14:37:36 | Attr =  HS]
SYGhOXyb.ini2 -> %SystemRoot%\System32\SYGhOXyb.ini2 ->  

[Ver =  | Size = 352379 bytes | Modified Date = 

08/06/2008 14:35:17 | Attr =  HS]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | 

Size = 2206 bytes | Modified Date = 09/06/2008 16:57:21 

| Attr =    ]
YIlVwGgh.ini -> %SystemRoot%\System32\YIlVwGgh.ini ->  

[Ver =  | Size = 199229 bytes | Modified Date = 

12/05/2008 14:26:40 | Attr =  HS]
YIlVwGgh.ini2 -> %SystemRoot%\System32\YIlVwGgh.ini2 ->  

[Ver =  | Size = 199229 bytes | Modified Date = 

12/05/2008 14:26:01 | Attr =  HS]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified 

Date = 09/06/2008 17:33:55 | Attr =  H ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
assembly -> %SystemRoot%\assembly ->  [Folder | Modified 

Date = 08/06/2008 17:16:30 | Attr = R S]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Modified 

Date = 18/05/2008 11:35:27 | Attr =    ]
BMab83a148.xml -> %SystemRoot%\BMab83a148.xml ->  [Ver = 

| Size = 109807 bytes | Modified Date = 20/05/2008 

19:07:58 | Attr =    ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | 

Size = 2048 bytes | Modified Date = 10/06/2008 18:13:17 

| Attr =   S]
cookies.ini -> %SystemRoot%\cookies.ini ->  [Ver =  | 

Size = 219 bytes | Modified Date = 18/05/2008 10:48:40 | 

Attr =    ]
Downloaded Program Files -> %SystemRoot%\Downloaded 

Program Files ->  [Folder | Modified Date = 18/05/2008 

13:36:46 | Attr =   S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 

08/06/2008 16:07:27 | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size 

= 1374 bytes | Modified Date = 10/06/2008 08:21:43 | 

Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 

10/06/2008 08:22:15 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | 

Modified Date = 09/06/2008 21:16:32 | Attr =  HS]
msagent -> %SystemRoot%\msagent ->  [Folder | Modified 

Date = 10/06/2008 08:19:12 | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified 

Date = 10/06/2008 18:33:19 | Attr =    ]
pskt.ini -> %SystemRoot%\pskt.ini ->  [Ver =  | Size = 

22 bytes | Modified Date = 20/05/2008 19:10:14 | Attr =  

  ]
Registration -> %SystemRoot%\Registration ->  [Folder | 

Modified Date = 10/06/2008 18:14:39 | Attr =    ]
SoftwareDistribution -> 

%SystemRoot%\SoftwareDistribution ->  [Folder | Modified 

Date = 08/06/2008 16:07:30 | Attr =    ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified 

Date = 10/06/2008 08:29:07 | Attr =    ]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 

10/06/2008 18:33:10 | Attr =    ]
Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 

18/05/2008 13:31:26 | Attr = R  ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 798 

bytes | Modified Date = 12/05/2008 00:52:29 | Attr =    

]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | 

Size = 383 bytes | Modified Date = 18/05/2008 13:18:20 | 

Attr =    ]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified 

Date = 09/06/2008 17:20:49 | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 

6 bytes | Modified Date = 10/06/2008 18:13:30 | Attr =  

H ]
C:\Documents and Settings\All Users\Application 

Data\Microsoft\eHome\logs\ -> C:\Documents and 

Settings\All Users\Application Data\Microsoft\eHome\logs 

->  [Folder | Modified Date = 10/06/2008 18:13:50 | Attr 

=    ]
eHomeLog-0.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-0.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 18/05/2008 20:32:53 | 

Attr =  H ]
eHomeLog-1.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-1.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 18/05/2008 20:48:34 | 

Attr =  H ]
eHomeLog-10.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-10.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 08/06/2008 15:37:16 | 

Attr =  H ]
eHomeLog-11.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-11.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 08/06/2008 15:59:55 | 

Attr =  H ]
eHomeLog-12.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-12.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 08/06/2008 16:00:18 | 

Attr =  H ]
eHomeLog-13.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-13.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 08/06/2008 16:23:58 | 

Attr =  H ]
eHomeLog-14.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-14.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 08/06/2008 16:25:40 | 

Attr =  H ]
eHomeLog-15.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-15.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 09/06/2008 18:27:54 | 

Attr =  H ]
eHomeLog-16.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-16.dat ->  [Ver =  | 

Size = 0 bytes | Modified Date = 09/06/2008 18:33:03 | 

Attr =  H ]
eHomeLog-17.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-17.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 09/06/2008 18:45:57 | 

Attr =  H ]
eHomeLog-18.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-18.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 09/06/2008 20:09:14 | 

Attr =  H ]
eHomeLog-19.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-19.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 10/06/2008 08:10:59 | 

Attr =  H ]
eHomeLog-2.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-2.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 20/05/2008 19:58:18 | 

Attr =  H ]
eHomeLog-20.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-20.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 10/06/2008 08:12:41 | 

Attr =  H ]
eHomeLog-21.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-21.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 10/06/2008 08:30:20 | 

Attr =  H ]
eHomeLog-22.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-22.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 10/06/2008 08:31:45 | 

Attr =  H ]
eHomeLog-23.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-23.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 10/06/2008 18:14:53 | 

Attr =  H ]
eHomeLog-24.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-24.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 10/06/2008 18:16:33 | 

Attr =  H ]
eHomeLog-25.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-25.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 27/04/2008 21:10:19 | 

Attr =  H ]
eHomeLog-26.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-26.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 28/04/2008 18:48:23 | 

Attr =  H ]
eHomeLog-27.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-27.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 28/04/2008 21:02:19 | 

Attr =  H ]
eHomeLog-28.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-28.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 28/04/2008 21:03:02 | 

Attr =  H ]
eHomeLog-29.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-29.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 30/04/2008 21:16:07 | 

Attr =  H ]
eHomeLog-3.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-3.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 26/05/2008 11:00:56 | 

Attr =  H ]
eHomeLog-30.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-30.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 01/05/2008 10:44:06 | 

Attr =  H ]
eHomeLog-31.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-31.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 02/05/2008 16:12:39 | 

Attr =  H ]
eHomeLog-32.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-32.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 03/05/2008 09:41:32 | 

Attr =  H ]
eHomeLog-33.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-33.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 04/05/2008 18:46:14 | 

Attr =  H ]
eHomeLog-34.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-34.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 04/05/2008 21:29:38 | 

Attr =  H ]
eHomeLog-35.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-35.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 11/05/2008 18:49:35 | 

Attr =  H ]
eHomeLog-36.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-36.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 11/05/2008 19:29:15 | 

Attr =  H ]
eHomeLog-37.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-37.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 11/05/2008 22:45:48 | 

Attr =  H ]
eHomeLog-38.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-38.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 11/05/2008 22:46:56 | 

Attr =  H ]
eHomeLog-39.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-39.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 12/05/2008 09:01:33 | 

Attr =  H ]
eHomeLog-4.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-4.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 26/05/2008 11:01:34 | 

Attr =  H ]
eHomeLog-40.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-40.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 12/05/2008 16:47:34 | 

Attr =  H ]
eHomeLog-41.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-41.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 12/05/2008 17:54:08 | 

Attr =  H ]
eHomeLog-42.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-42.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 16/05/2008 17:44:04 | 

Attr =  H ]
eHomeLog-43.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-43.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 16/05/2008 18:28:58 | 

Attr =  H ]
eHomeLog-44.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-44.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 16/05/2008 18:41:33 | 

Attr =  H ]
eHomeLog-45.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-45.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 18/05/2008 12:16:31 | 

Attr =  H ]
eHomeLog-46.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-46.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 18/05/2008 13:21:33 | 

Attr =  H ]
eHomeLog-47.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-47.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 18/05/2008 20:23:45 | 

Attr =  H ]
eHomeLog-5.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-5.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 08/06/2008 10:26:18 | 

Attr =  H ]
eHomeLog-6.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-6.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 08/06/2008 10:34:28 | 

Attr =  H ]
eHomeLog-7.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-7.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 08/06/2008 13:01:08 | 

Attr =  H ]
eHomeLog-8.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-8.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 08/06/2008 14:00:04 | 

Attr =  H ]
eHomeLog-9.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\eHome\logs\eHomeLog-9.dat ->  [Ver =  | 

Size = 268 bytes | Modified Date = 08/06/2008 15:23:17 | 

Attr =  H ]
C:\Documents and Settings\All Users\Application 

Data\Microsoft\HTML Help\ -> C:\Documents and 

Settings\All Users\Application Data\Microsoft\HTML Help 

->  [Folder | Modified Date = 05/09/2007 14:52:10 | Attr 

=    ]
hhcolreg.dat -> C:\Documents and Settings\All 

Users\Application Data\Microsoft\HTML Help\hhcolreg.dat 

->  [Ver =  | Size = 1345 bytes | Modified Date = 

05/09/2007 14:52:10 | Attr =    ]
C:\Documents and Settings\All Users\Application 

Data\Microsoft\Network\Downloader\ -> C:\Documents and 

Settings\All Users\Application 

Data\Microsoft\Network\Downloader ->  [Folder | Modified 

Date = 08/06/2008 16:13:39 | Attr =    ]
qmgr0.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  

| Size = 5484 bytes | Modified Date = 10/06/2008 

18:15:04 | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All 

Users\Application 

Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  

| Size = 5484 bytes | Modified Date = 10/06/2008 

18:15:04 | Attr =    ]
C:\Documents and Settings\All Users\Application 

Data\Microsoft\OFFICE\DATA\ -> C:\Documents and 

Settings\All Users\Application 

Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 

11/09/2007 21:08:22 | Attr =    ]
opa12.dat -> C:\Documents and Settings\All 

Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat 

->  [Ver =  | Size = 8206 bytes | Modified Date = 

11/09/2007 21:08:22 | Attr =    ]
C:\Documents and Settings\Nolwenn\Local Settings\Temp\ 

-> C:\Documents and Settings\Nolwenn\Local Settings\Temp 

->  [Folder | Modified Date = 10/06/2008 18:29:27 | Attr 

=    ]
ose00000.exe -> C:\Documents and Settings\Nolwenn\Local 

Settings\Temp\ose00000.exe -> Microsoft Corporation [Ver 

= 12.0.4518.1014 | Size = 145184 bytes | Modified Date = 

28/10/2006 02:58:26 | Attr = R  ]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | 

Modified Date = 10/06/2008 18:33:10 | Attr =    ]
alcrmv.exe -> C:\WINDOWS\Temp\alcrmv.exe -> Realtek 

Semiconductor Corp. [Ver = 2, 0, 0, 4 | Size = 217088 

bytes | Modified Date = 31/07/2006 11:27:30 | Attr = R  

]
alcupd.exe -> C:\WINDOWS\Temp\alcupd.exe -> Realtek 

Semiconductor Corp. [Ver = 2, 2, 0, 3 | Size = 315392 

bytes | Modified Date = 31/07/2006 11:19:24 | Attr = R  

]
ChCfg.exe -> C:\WINDOWS\Temp\ChCfg.exe ->  [Ver =  | 

Size = 49152 bytes | Modified Date = 01/08/2006 15:02:32 

| Attr = R  ]
RTLCPL.exe -> C:\WINDOWS\Temp\RTLCPL.exe -> Realtek 

Semiconductor Corp. [Ver = 1.0.1.66 | Size = 10528768 

bytes | Modified Date = 08/12/2006 15:20:14 | Attr = R  

]
soundman.exe -> C:\WINDOWS\Temp\soundman.exe -> Realtek 

Semiconductor Corp. [Ver = 5, 1, 0, 58 | Size = 577536 

bytes | Modified Date = 17/11/2006 05:42:52 | Attr = R  

]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | 

Modified Date = 10/06/2008 18:33:10 | Attr =    ]
RtlCPAPI.dll -> C:\WINDOWS\Temp\RtlCPAPI.dll ->  [Ver = 

1, 0, 1, 4 | Size = 147456 bytes | Modified Date = 

18/10/2006 02:53:26 | Attr = R  ]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | 

Modified Date = 10/06/2008 18:33:10 | Attr =    ]
Perflib_Perfdata_5d8.dat -> 

C:\WINDOWS\Temp\Perflib_Perfdata_5d8.dat ->  [Ver =  | 

Size = 16384 bytes | Modified Date = 08/06/2008 16:23:16 

| Attr =    ]
[Files Modified - Additional Folder Scans - 

Non-Microsoft Only]
Avira -> %AllUsersProfile%\Application Data\Avira ->  

[Folder | Modified Date = 09/06/2008 17:40:30 | Attr =   

]
Kodak -> %AllUsersProfile%\Application Data\Kodak ->  

[Folder | Modified Date = 08/06/2008 13:00:25 | Attr =   

]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft 

->  [Folder | Modified Date = 18/05/2008 11:44:17 | Attr 

=    ]
Sony Ericsson -> %AllUsersProfile%\Application Data\Sony 

Ericsson ->  [Folder | Modified Date = 08/06/2008 

17:09:49 | Attr =    ]
Spybot - Search & Destroy -> 

%AllUsersProfile%\Application Data\Spybot - Search & 

Destroy ->  [Folder | Modified Date = 12/05/2008 

00:48:47 | Attr =    ]
Teleca -> %AllUsersProfile%\Application Data\Teleca ->  

[Folder | Modified Date = 08/06/2008 17:09:13 | Attr =   

]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local 

Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver = 

| Size = 80888 bytes | Modified Date = 18/05/2008 

13:37:53 | Attr =    ]
IconCache.db -> %UserProfile%\Local Settings\Application 

Data\IconCache.db ->  [Ver =  | Size = 4322572 bytes | 

Modified Date = 10/06/2008 08:52:10 | Attr =  H ]
AntiVir PE Classic.lnk -> 

%AllUsersProfile%\Desktop\AntiVir PE Classic.lnk ->  

[Ver =  | Size = 1851 bytes | Modified Date = 09/06/2008 

17:41:17 | Attr =    ]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe 

-> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | 

Modified Date = 10/06/2008 18:26:17 | Attr =    ]
@Alternate Data Stream - 26 bytes -> 

%UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
install_Avira AntiVir Personal_.exe -> 

%UserProfile%\Desktop\install_Avira AntiVir 

Personal_.exe ->  [Ver =  | Size = 99383 bytes | 

Modified Date = 09/06/2008 17:07:14 | Attr =    ]
@Alternate Data Stream - 26 bytes -> 

%UserProfile%\Desktop\install_Avira AntiVir 

Personal_.exe:Zone.Identifier
Lavasoft_Adaware2007_fr.exe -> 

%UserProfile%\Desktop\Lavasoft_Adaware2007_fr.exe ->  

[Ver =  | Size = 21364592 bytes | Modified Date = 

18/05/2008 11:40:18 | Attr =    ]
@Alternate Data Stream - 26 bytes -> 

%UserProfile%\Desktop\Lavasoft_Adaware2007_fr.exe:Zone.I

dentifier
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | 

Modified Date = 10/06/2008 18:28:10 | Attr =    ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  

[Ver =  | Size = 568544 bytes | Modified Date = 

10/06/2008 18:26:57 | Attr =    ]
@Alternate Data Stream - 26 bytes -> 

%UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
Procédure_de.doc -> 

%UserProfile%\Desktop\Procédure_de.doc ->  [Ver =  | 

Size = 33812 bytes | Modified Date = 09/06/2008 17:37:45 

| Attr =    ]
@Alternate Data Stream - 26 bytes -> 

%UserProfile%\Desktop\Procédure_de.doc:Zone.Identifier
Spybot - Search & Destroy.lnk -> 

%UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  

[Ver =  | Size = 963 bytes | Modified Date = 18/05/2008 

20:37:09 | Attr =    ]
Sony Ericsson Shared -> %CommonProgramFiles%\Sony 

Ericsson Shared ->  [Folder | Modified Date = 08/06/2008 

17:10:22 | Attr =    ]
System -> %CommonProgramFiles%\System ->  [Folder | 

Modified Date = 09/06/2008 17:15:45 | Attr =    ]
Teleca Shared -> %CommonProgramFiles%\Teleca Shared ->  

[Folder | Modified Date = 08/06/2008 17:10:28 | Attr =   

]

< End of report >

Citer

HaTe-LoVe-AnGer

Member

HaTe-LoVe-AnGer

Posté(e) le 10 juin 2008

- Signaler

Posté(e) le 10 juin 2008

Bonsoir,

Joins moi le fichier txt de OTScanIt via mediafire stp.

Citer

Nols

Junior Member

Nols

Posté(e) le 10 juin 2008

Auteur

- Signaler

Posté(e) le 10 juin 2008

Je ne connaissais pas Mediafire alors j espere que c bien ca

http://www.mediafire.com/?venmceiuc1p

Citer

HaTe-LoVe-AnGer

Member

HaTe-LoVe-AnGer

Posté(e) le 10 juin 2008

- Signaler

Posté(e) le 10 juin 2008 (modifié)

Bonsoir,

Lance OTScanIt. Copie/Colle le script dans l'encadré ci dessus dans la zone appelé Paste fix here puis clique sur le bouton Run Fix.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> BMab83a148 -> %SystemRoot%\system32\jcxqfpki.DLL [Rundll32.exe "C:\WINDOWS\system32\jcxqfpki.dll",s]
< RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
YN -> Flag -> []
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> WebSUpdater -> %ProgramFiles%\winvi\wupda.exe ["C:\Program Files\winvi\wupda.exe" /background]
YN -> WinUpdater -> %ProgramFiles%\winvi\update.exe ["C:\Program Files\winvi\update.exe" /background]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\awTmNgdc.dll []
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> awTmNgdc -> %SystemRoot%\system32\awTmNgdc.dll
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {2166923B-DC40-4FDD-B8D5-56D16C2BAF3E} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\qOifeefd.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {3DAEA73C-010A-4580-B8A4-2512DC5E6770} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {43772ae3-ea6e-42c6-9adb-10527b90cfd7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {76489CEC-C772-49E4-94F2-2272D2008678} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\hgGwVlIY.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {7E200256-73B9-44A0-859F-C60E90CD58BD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {A585C407-ADDA-4F25-872B-2174E507CFA2} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {c1a48912-69af-459e-b2cd-7e16c2be70b9} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {E2AD6BDE-E3E5-4905-A79B-36BFF8CEF6AE} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\pmnmjGYo.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {E8A26038-AAB8-4080-B64E-9F46C84EE2E7} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\byXOhGYS.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {F0F34798-63D1-4BFD-9E2C-9324ABA97D35} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\rqRJYroO.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {F8F9FEDB-B70C-4420-9E06-3A4AED22CA83} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YY -> {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\awTmNgdc.dll [Reg Error: Value  does not exist or could not be read.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\byXOhGYS -> 
< BotCheck > -> 
[Files/Folders - Created Within 30 days]
NY -> 20467 -> %SystemRoot%\System32\20467
NY -> appmgmt -> %SystemRoot%\System32\appmgmt
NY -> awTmNgdc.dll -> %SystemRoot%\System32\awTmNgdc.dll
NY -> bkEur01 -> %SystemRoot%\System32\bkEur01
NY -> dfeefiOq.ini -> %SystemRoot%\System32\dfeefiOq.ini
NY -> dfeefiOq.ini2 -> %SystemRoot%\System32\dfeefiOq.ini2
NY -> dwdxycbi.ini -> %SystemRoot%\System32\dwdxycbi.ini
NY -> fnwumdav.ini -> %SystemRoot%\System32\fnwumdav.ini
NY -> lqyuxovi.ini -> %SystemRoot%\System32\lqyuxovi.ini
NY -> mBL -> %SystemRoot%\System32\mBL
NY -> OorYJRqr.ini -> %SystemRoot%\System32\OorYJRqr.ini
NY -> OorYJRqr.ini2 -> %SystemRoot%\System32\OorYJRqr.ini2
NY -> oYGjmnmp.ini -> %SystemRoot%\System32\oYGjmnmp.ini
NY -> oYGjmnmp.ini2 -> %SystemRoot%\System32\oYGjmnmp.ini2
NY -> sikrjmrr.ini -> %SystemRoot%\System32\sikrjmrr.ini
NY -> sX1 -> %SystemRoot%\System32\sX1
NY -> SYGhOXyb.ini -> %SystemRoot%\System32\SYGhOXyb.ini
NY -> SYGhOXyb.ini2 -> %SystemRoot%\System32\SYGhOXyb.ini2
NY -> YIlVwGgh.ini -> %SystemRoot%\System32\YIlVwGgh.ini
NY -> YIlVwGgh.ini2 -> %SystemRoot%\System32\YIlVwGgh.ini2
NY -> BMab83a148.xml -> %SystemRoot%\BMab83a148.xml
NY -> cookies.ini -> %SystemRoot%\cookies.ini
NY -> pskt.ini -> %SystemRoot%\pskt.ini
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> AntiSpywareMaster -> %ProgramFiles%\AntiSpywareMaster
NY -> winvi -> %ProgramFiles%\winvi
[Files/Folders - Modified Within 30 days]
NY -> 20467 -> %SystemRoot%\System32\20467
NY -> appmgmt -> %SystemRoot%\System32\appmgmt
NY -> awTmNgdc.dll -> %SystemRoot%\System32\awTmNgdc.dll
NY -> bkEur01 -> %SystemRoot%\System32\bkEur01
NY -> dfeefiOq.ini -> %SystemRoot%\System32\dfeefiOq.ini
NY -> dfeefiOq.ini2 -> %SystemRoot%\System32\dfeefiOq.ini2
NY -> dwdxycbi.ini -> %SystemRoot%\System32\dwdxycbi.ini
NY -> fnwumdav.ini -> %SystemRoot%\System32\fnwumdav.ini
NY -> lqyuxovi.ini -> %SystemRoot%\System32\lqyuxovi.ini
NY -> mBL -> %SystemRoot%\System32\mBL
NY -> OorYJRqr.ini -> %SystemRoot%\System32\OorYJRqr.ini
NY -> OorYJRqr.ini2 -> %SystemRoot%\System32\OorYJRqr.ini2
NY -> oYGjmnmp.ini -> %SystemRoot%\System32\oYGjmnmp.ini
NY -> oYGjmnmp.ini2 -> %SystemRoot%\System32\oYGjmnmp.ini2
NY -> sikrjmrr.ini -> %SystemRoot%\System32\sikrjmrr.ini
NY -> sX1 -> %SystemRoot%\System32\sX1
NY -> SYGhOXyb.ini -> %SystemRoot%\System32\SYGhOXyb.ini
NY -> SYGhOXyb.ini2 -> %SystemRoot%\System32\SYGhOXyb.ini2
NY -> YIlVwGgh.ini -> %SystemRoot%\System32\YIlVwGgh.ini
NY -> YIlVwGgh.ini2 -> %SystemRoot%\System32\YIlVwGgh.ini2
NY -> BMab83a148.xml -> %SystemRoot%\BMab83a148.xml
NY -> cookies.ini -> %SystemRoot%\cookies.ini
NY -> wininit.ini -> %SystemRoot%\wininit.ini
[Empty Temp Folders]
[Start Explorer]

L'exécution devrait être très rapide. Lorsque la correction est terminée,

1/ Soit un message apparaitra annonçant que c'est fini (finished)

2/ Soit tu seras invité à faire redémarrer le PC pour terminer l'exécution.

1/ Si c'est fini, clique sur le bouton OK et le Bloc-notes va s'ouvrir pour afficher un rapport de toutes les actions réalisées. Envoie ce rapport dans ta prochaine réponse.

2/ Si un redémarrage est nécessaire, clique sur le bouton Yes pour faire redémarrer la machine. Après ce redémarrage, OTScanIt va finir de déplacer les fichiers qui ne pouvaient pas l'être précédemment, puis le Bloc-notes va s'ouvrir et afficher à ce moment-là les résultats finales. Envoie ce rapport dans ta prochaine réponse.

************************************************

Fais un scan en ligne Kaspersky avec Internet Explorer :
Clique sur
Clique maintenant sur J'accepte.
Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
Patiente pendant l'installation des Mises à jour.
Choisis par la suite l'analyse du Poste de travail
Sauvegarde puis colle le rapport généré en fin d'analyse.

AIDE : Tuto sur le scan en ligne

Note : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

************************************************

Tu vas devoir lancer une nouvelle analyse avec OTScanIt.

Note : Tu dois avoir ouvert une session avec un compte ayant les droits Administrateur pour exécuter ce programme.

Ferme tous les autres programmes.
Ouvre le dossier OTScanIt et fais un double clic sur OTScanIt.exe pour lancer le programme

Note : Si tu es sous Windows Vista, fais un clic droit sur le programme et choisis Exécuter en tant qu'Administrateur.

Sous Additional Scans coche la case située devant les éléments suivants afin de les sélectionner:

File - Additional Folder Scans
Reg - Desktop Components

Ne modifie aucun autre paramètre.
Ensuite, clique sur le bouton Run Scan dans la barre d'outils.
Laisse le programme tourner sans intervenir.
Lorsque l'analyse est terminée le Bloc-notes va s'ouvrir pour afficher le fichier rapport.
Clique sur le menu Format et vérifie que Retour automatique à la ligne n'est pas coché. S'il l'est, clique dessus afin de le décocher.
Poste le dernier rapport d'analyse de OTScanIt via mediafire.

@+

Modifié le 10 juin 2008 par HaTe-LoVe-AnGer

Citer

Nols

Junior Member

Nols

Posté(e) le 12 juin 2008

Auteur

- Signaler

Posté(e) le 12 juin 2008

Bonjour,

Voici les fichiers de rapport

- Rapport OTscanIt avant analyse Kaspersky http://www.mediafire.com/?bjg224enh9e

- Rapport Kaspersky :

- Rapport OTscanIt après Kaspersky http://www.mediafire.com/?zty2mmmu1xd

merci @+

KASPERSKY ON-LINE SCANNER REPORT

Thursday, June 12, 2008 8:39:24 AM

Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky On-line Scanner version : 5.0.83.0

Dernière mise à jour de la base antivirus Kaspersky : 11/06/2008

Enregistrements dans la base antivirus Kaspersky : 759113

Paramètres d'analyse

Analyser avec la base antivirus suivante standard

Analyser les archives vrai

Analyser les bases de messagerie vrai

Cible de l'analyse Poste de travail

A:\

C:\

D:\

E:\

F:\

Statistiques de l'analyse

Total d'objets analysés 66834

Nombre de virus trouvés 2

Nombre d'objets infectés 4 / 0

Nombre d'objets suspects 0

Durée de l'analyse 01:23:36

Nom de l'objet infecté Nom du virus Dernière action

C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré

C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré

C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\Nolwenn\Cookies\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Nolwenn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Nolwenn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

C:\Documents and Settings\Nolwenn\Local Settings\History\History.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Nolwenn\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

C:\Documents and Settings\Nolwenn\NTUSER.DAT L'objet est verrouillé ignoré

C:\Documents and Settings\Nolwenn\NTUSER.DAT.LOG L'objet est verrouillé ignoré

C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

C:\System Volume Information\_restore{7E906DA1-186B-4E09-8E7B-5ACE5554A6FA}\RP164\A0025290.dll Infecté : Trojan.Win32.Monder.gen ignoré

C:\System Volume Information\_restore{7E906DA1-186B-4E09-8E7B-5ACE5554A6FA}\RP186\A0027908.dll Infecté : Trojan-Downloader.Win32.ConHook.aek ignoré

C:\System Volume Information\_restore{7E906DA1-186B-4E09-8E7B-5ACE5554A6FA}\RP186\A0027909.dll Infecté : Trojan-Downloader.Win32.ConHook.aek ignoré

C:\System Volume Information\_restore{7E906DA1-186B-4E09-8E7B-5ACE5554A6FA}\RP187\change.log L'objet est verrouillé ignoré

C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{5D63C383-80AC-4A69-8684-262D45E01AD4}.crmlog L'objet est verrouillé ignoré

C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré

C:\WINDOWS\system32\awTmNgdc.dll Infecté : Trojan-Downloader.Win32.ConHook.aek ignoré

C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré

C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\Media Ce.evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré

Analyse terminée.

Citer

HaTe-LoVe-AnGer

Member

HaTe-LoVe-AnGer

Posté(e) le 12 juin 2008

- Signaler

Posté(e) le 12 juin 2008

Bonjour,

Télécharge Combofix (by sUbs)

NOTE : Sauvegarde-le sur le bureau - pas ailleurs / Désactive tes protections résidentes durant son utilisation / Déconnecte toi de Internet.

- Redémarre en MSE <=> Aide : Comment redémarrer en Mode sans Echec

-> Ne jamais redémarrer via msconfig.

Double Clic sur Combofix.
Quand une question te sera posée, réponds par la touche 1 et valide par Entrée.
Laisse toi guider et ne touche à rien, sinon le PC risque de freezer.
Lorsque l'analyse est terminée, un rapport sera créé.
Redémarre en mode normal et poste-le (C:\Combofix.txt).

Aide : Un guide et un tutoriel sur l'utilisation de ComboFix

@+

Citer

Nols

Junior Member

Nols

Posté(e) le 12 juin 2008

Auteur

- Signaler

Posté(e) le 12 juin 2008

Bonsoir,

J'ai suivi tes explications et suivi tous les tutos mais au moment de passer en mode sans echec pour démarrer COmbofix

sur le mode sans echec (safe mode sur mon pc) je n ai plus accès au bureau ce qui me semble bizarre car lors d'un analyse j ai utilisé ce mode et n'ai eu aucun soucis!

Que Faire?

Merci pour ta patience

@+

Citer

HaTe-LoVe-AnGer

Member

HaTe-LoVe-AnGer

Posté(e) le 12 juin 2008

- Signaler

Posté(e) le 12 juin 2008

Si tu n'as plus accès au bureau durant l'utilisation de Combofix c'est normal. Ne touche à rien tant que l'analyse n'est pas terminée.

Citer

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité

Répondre à ce sujet…

× Collé en tant que texte enrichi. Coller en tant que texte brut à la place

Seulement 75 émoticônes maximum sont autorisées.

× Votre lien a été automatiquement intégré. Afficher plutôt comme un lien

× Votre contenu précédent a été rétabli. Vider l’éditeur

× Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

Insérer une image depuis une URL

×

https://forum.zebulon.fr/topic/146041-d%C3%A9tournement-du-bureau/

Aller sur la liste des sujets

En ligne récemment 0 membre est en ligne
- Aucun utilisateur enregistré regarde cette page.

×

×

Créer...