Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Rapport HijackThis

Bluemonday

Par Bluemonday
dans Analyses et éradication malwares

 Partager

Messages recommandés

Bluemonday Power Member

Bluemonday

Posté(e)
  • Auteur
Posté(e)

bonsoir !

 

voici le rapport chef ;)

 

 

OTL logfile created on: 21/04/2011 21:12:41 - Run 2

OTL by OldTimer - Version 3.2.22.3 Folder = c:\Users\Pascale\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 287,92 Gb Total Space | 208,81 Gb Free Space | 72,52% Space Free | Partition Type: NTFS

Drive D: | 10,00 Gb Total Space | 5,60 Gb Free Space | 56,03% Space Free | Partition Type: NTFS

 

Computer Name: PURPLE | User Name: Pascale | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - c:\Users\Pascale\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Pidgin\pidgin.exe (The Pidgin developer community)

PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)

PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)

PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)

PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

PRC - C:\Program Files\DellTPad\HidFind.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\Apntex.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\stacsv.exe (IDT, Inc.)

PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe (Andrea Electronics Corporation)

PRC - C:\Program Files\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)

PRC - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)

PRC - C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)

PRC - C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe (Orbiscom Ltd. All rights reserved.)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)

PRC - C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe (Dell)

PRC - C:\Program Files\Dell\MFP_DELL\deMntrService.exe (Dell)

PRC - C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)

 

 

========== Modules (SafeList) ==========

 

MOD - c:\Users\Pascale\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)

SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)

SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)

SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\stacsv.exe (IDT, Inc.)

SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe (Andrea Electronics Corporation)

SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)

SRV - (deMntrService) -- C:\Program Files\Dell\MFP_DELL\deMntrService.exe (Dell)

SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)

DRV - (WacomVTHid) -- C:\Windows\System32\drivers\WacomVTHid.sys (Wacom Technology)

DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )

DRV - (k57nd60x) Broadcom NetLink -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)

DRV - (OA001Ufd) -- C:\Windows\System32\drivers\OA001Ufd.sys (Creative Technology Ltd.)

DRV - (OA001Vid) -- C:\Windows\System32\drivers\OA001Vid.sys (Creative Technology Ltd.)

DRV - (e1express) Pilote de la connexion réseau Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)

DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)

DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)

DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)

DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)

DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)

DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)

DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)

DRV - (toshidpt) -- C:\Windows\System32\drivers\Toshidpt.sys (TOSHIBA Corporation.)

DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Telecharger.com et 01net : Téléchargement gratuit de logiciels, drivers à télécharger

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.01net.com/http://www.01men.com/ [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.01net.com/http://www.01men.com/ [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Telecharger.com et 01net : Téléchargement gratuit de logiciels, drivers à télécharger

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Telecharger.com et 01net : Téléchargement gratuit de logiciels, drivers à télécharger

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="'>http://www.bing.com/search?FORM=IEFM1&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.fr"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220

FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 21:02:02 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 21:02:02 | 000,000,000 | ---D | M]

 

[2008/09/14 14:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascale\AppData\Roaming\mozilla\Extensions

[2011/04/21 13:57:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascale\AppData\Roaming\mozilla\Firefox\Profiles\fg0kbf0o.default\extensions

[2010/04/27 15:06:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pascale\AppData\Roaming\mozilla\Firefox\Profiles\fg0kbf0o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/12/20 17:50:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Pascale\AppData\Roaming\mozilla\Firefox\Profiles\fg0kbf0o.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2009/12/13 18:03:58 | 000,002,163 | ---- | M] () -- C:\Users\Pascale\AppData\Roaming\Mozilla\Firefox\Profiles\fg0kbf0o.default\searchplugins\bing.xml

[2010/12/20 17:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2010/12/20 17:49:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2010/12/20 17:49:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/09/23 09:47:54 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml

[2010/09/23 09:47:54 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/09/23 09:47:54 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml

[2008/10/06 14:04:00 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml

[2010/09/23 09:47:54 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml

[2010/09/23 09:47:55 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

 

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [DeStatusMon] C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe (Dell)

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )

O4 - HKLM..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)

O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKCU..\Run: [sightSpeed] C:\Program Files\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)

O4 - Startup: C:\Users\Pascale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab (Module de délivrance de certificat MINEFI)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Users\Pascale\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg

O24 - Desktop BackupWallPaper: C:\Users\Pascale\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg

O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/04/21 13:03:02 | 000,000,000 | ---D | C] -- C:\Users\Pascale\AppData\Local\{2D4B3F03-1026-4D45-A4BD-5DC66EBD2DE5}

[2011/04/20 00:36:14 | 000,000,000 | ---D | C] -- C:\Users\Pascale\Documents\gegl-0.0

[2011/04/19 21:55:56 | 000,000,000 | ---D | C] -- C:\Users\Pascale\AppData\Local\{624AF124-2B39-4E17-9EC1-0725EEA2C050}

[2011/04/19 20:08:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2011/04/19 20:05:10 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/04/19 09:55:12 | 000,000,000 | ---D | C] -- C:\Users\Pascale\AppData\Local\{085E85E6-0A9E-46BE-B98D-1E119151788A}

[2011/04/18 19:52:27 | 000,000,000 | ---D | C] -- C:\Users\Pascale\Documents\sécurité

[2011/04/18 15:38:37 | 000,000,000 | ---D | C] -- C:\Users\Pascale\AppData\Local\{B57E628F-9F82-465F-BDCA-93CC7650249A}

[2011/04/18 14:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2011/04/18 14:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2011/04/18 14:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2011/04/18 14:44:59 | 000,000,000 | ---D | C] -- C:\Users\Pascale\AppData\Local\{2D16865C-2B41-4185-8E57-335B12851672}

[2011/04/17 22:58:11 | 000,000,000 | ---D | C] -- C:\Users\Pascale\AppData\Roaming\Malwarebytes

[2011/04/17 22:58:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/04/17 22:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/04/17 22:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/04/17 22:58:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/04/17 22:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/04/17 22:26:55 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Pascale\Documents\Desktop\HiJackThis.exe

[2011/04/17 22:24:28 | 000,000,000 | ---D | C] -- C:\Users\Pascale\AppData\Local\{9EB7BE55-735D-423F-8ECA-9E9A2213BD0A}

[2011/04/16 07:16:18 | 000,000,000 | ---D | C] -- C:\Users\Pascale\AppData\Local\{A213E090-9202-44C9-9F70-C3BB598DF122}

[2011/04/15 09:09:02 | 000,000,000 | ---D | C] -- C:\Users\Pascale\AppData\Local\{28BAA3D3-8231-4455-A2B9-BB9F7D6C03A3}

[2011/04/14 11:53:29 | 000,000,000 | ---D | C] -- C:\Users\Pascale\Documents\Desktop\Maryse

[2011/04/14 03:05:45 | 000,000,000 | ---D | C] -- C:\Users\Pascale\AppData\Local\{D8006852-8AFB-44B3-949D-A2410EE91EF1}

[2011/04/13 14:55:01 | 000,000,000 | ---D | C] -- C:\Users\Pascale\AppData\Local\{8259D826-B1F7-4447-BE9C-2307547DEF85}

[2011/04/13 14:09:05 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2011/04/13 14:09:05 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2011/04/13 14:09:02 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll

[2011/04/13 14:09:02 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll

[2011/04/13 14:08:59 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe

[2011/04/13 14:08:55 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2011/04/13 14:08:55 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011/04/13 14:08:54 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011/04/13 14:08:54 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011/04/13 14:08:54 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll

[2011/04/13 14:08:53 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2011/04/13 14:08:49 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2011/04/13 14:08:49 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2011/04/13 14:08:47 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011/04/13 12:45:32 | 000,000,000 | ---D | C] -- C:\Users\Pascale\AppData\Local\{29501F20-A270-4090-8B72-D7D2C25C7272}

[2011/04/12 22:58:19 | 000,000,000 | ---D | C] -- C:\Users\Pascale\AppData\Local\{15554AFD-32B7-4C86-96F2-48ADEDFF5CBA}

[2011/04/12 10:57:56 | 000,000,000 | ---D | C] -- C:\Users\Pascale\AppData\Local\{3E6D97BC-0F12-4FF7-A0EE-A7158936DD36}

[2011/04/10 18:32:39 | 000,000,000 | ---D | C] -- C:\Users\Pascale\AppData\Local\{CB2C9EB2-B6CA-44E9-8F44-FA36EB94B56F}

[2011/04/08 14:55:46 | 000,000,000 | ---D | C] -- C:\Users\Pascale\AppData\Local\{BDB3B9E7-DE8F-45FC-BFC7-D9481E24E52E}

[2011/04/07 21:21:23 | 000,000,000 | ---D | C] -- C:\Users\Pascale\AppData\Local\{7C611DAE-A4E5-46EF-9C86-E71383E80235}

[2011/04/06 11:49:02 | 000,000,000 | ---D | C] -- C:\Users\Pascale\AppData\Local\{8DC87AEC-D9F9-41C0-AC79-727F51485390}

[2011/04/04 12:58:08 | 000,000,000 | ---D | C] -- C:\Users\Pascale\AppData\Local\{4B06C804-5A68-46FD-A26F-0C58A23FA248}

[2011/04/04 00:27:04 | 000,000,000 | ---D | C] -- C:\Users\Pascale\AppData\Local\{C9D8EC4C-4071-4D5C-9194-548FC0EC880B}

[2011/04/04 00:18:48 | 000,000,000 | ---D | C] -- C:\Users\Pascale\Documents\Mes fichiers reçus

[2011/04/03 12:26:28 | 000,000,000 | ---D | C] -- C:\Users\Pascale\AppData\Local\{3ABC1BB7-51DB-4906-BA7F-7CA61CD5C800}

[2011/04/01 09:31:06 | 000,000,000 | ---D | C] -- C:\Users\Pascale\AppData\Local\{2B001411-A5C9-49A9-B7A1-49C2B51A0237}

[2011/03/26 12:17:37 | 000,000,000 | R--D | C] -- C:\Users\Pascale\Documents\Desktop

[2011/03/25 16:06:45 | 000,000,000 | ---D | C] -- C:\Users\Pascale\Documents\invit papymamie

[2011/03/23 16:04:37 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2011/03/23 16:04:37 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

 

========== Files - Modified Within 30 Days ==========

 

[2011/04/21 21:11:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/04/21 20:35:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/04/21 20:01:20 | 000,474,674 | ---- | M] () -- C:\Users\Pascale\Documents\planchepiaf.pdf

[2011/04/21 20:01:11 | 000,398,874 | ---- | M] () -- C:\Users\Pascale\Documents\logo arbre.pdf

[2011/04/21 20:00:28 | 000,319,430 | ---- | M] () -- C:\Users\Pascale\Documents\logos2104.pdf

[2011/04/21 19:25:07 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/04/21 19:25:07 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/04/21 15:25:25 | 000,001,000 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2011/04/21 13:25:54 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2011/04/21 13:25:54 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/04/21 13:25:54 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2011/04/21 13:25:54 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/04/21 13:02:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/04/21 13:01:46 | 3219,103,744 | -HS- | M] () -- C:\hiberfil.sys

[2011/04/20 14:24:59 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job

[2011/04/20 00:48:38 | 000,054,338 | ---- | M] () -- C:\Users\Pascale\Documents\Desktop\mb.jpg

[2011/04/20 00:48:38 | 000,000,843 | ---- | M] () -- C:\Users\Pascale\.recently-used.xbel

[2011/04/19 20:08:36 | 299,617,395 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/04/18 16:22:12 | 004,993,024 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb

[2011/04/18 16:22:11 | 002,826,240 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb

[2011/04/18 14:48:55 | 000,001,081 | ---- | M] () -- C:\Users\Pascale\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2011/04/17 22:26:56 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Pascale\Documents\Desktop\HiJackThis.exe

[2011/04/15 14:52:01 | 000,024,576 | ---- | M] () -- C:\Users\Pascale\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/04/14 03:02:57 | 000,281,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/04/13 20:14:22 | 000,000,000 | ---- | M] () -- C:\Windows\System32\null

[2011/04/12 23:03:11 | 000,179,677 | ---- | M] () -- C:\Users\Pascale\Documents\Unidialog_5215304j_1302642114865.pdf

[2011/03/25 20:51:48 | 000,033,264 | ---- | M] () -- C:\Users\Pascale\AppData\Roaming\wklnhst.dat

 

========== Files Created - No Company Name ==========

 

[2011/04/21 19:58:13 | 000,398,874 | ---- | C] () -- C:\Users\Pascale\Documents\logo arbre.pdf

[2011/04/21 19:58:07 | 000,474,674 | ---- | C] () -- C:\Users\Pascale\Documents\planchepiaf.pdf

[2011/04/21 19:58:02 | 000,319,430 | ---- | C] () -- C:\Users\Pascale\Documents\logos2104.pdf

[2011/04/20 00:48:38 | 000,000,843 | ---- | C] () -- C:\Users\Pascale\.recently-used.xbel

[2011/04/20 00:43:25 | 000,054,338 | ---- | C] () -- C:\Users\Pascale\Documents\Desktop\mb.jpg

[2011/04/19 20:08:36 | 299,617,395 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011/04/18 14:48:55 | 000,001,081 | ---- | C] () -- C:\Users\Pascale\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2011/04/12 23:03:11 | 000,179,677 | ---- | C] () -- C:\Users\Pascale\Documents\Unidialog_5215304j_1302642114865.pdf

[2010/08/01 15:58:31 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat

[2010/08/01 15:58:31 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat

[2010/08/01 15:58:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat

[2010/08/01 15:58:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat

[2010/08/01 15:58:31 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat

[2010/08/01 15:58:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat

[2010/08/01 15:58:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat

[2010/08/01 15:58:31 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat

[2010/08/01 15:58:31 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat

[2010/08/01 15:58:31 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat

[2010/08/01 15:58:31 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini

[2010/08/01 15:58:30 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat

[2010/08/01 15:58:30 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat

[2010/08/01 15:58:30 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat

[2010/08/01 15:58:30 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat

[2010/08/01 15:58:30 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat

[2010/08/01 15:58:30 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat

[2010/08/01 15:58:30 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat

[2010/08/01 15:58:30 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat

[2009/10/21 14:32:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/10/21 14:32:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/01/31 21:24:31 | 000,009,060 | ---- | C] () -- C:\Users\Pascale\AppData\Local\fr.ini

[2008/11/01 16:09:34 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2008/11/01 16:09:33 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2008/11/01 16:09:32 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2008/11/01 16:09:32 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2008/11/01 16:09:31 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008/11/01 16:09:30 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2008/10/05 17:24:26 | 000,007,052 | ---- | C] () -- C:\Users\Pascale\AppData\Local\d3d9caps.dat

[2008/09/14 14:24:09 | 000,033,264 | ---- | C] () -- C:\Users\Pascale\AppData\Roaming\wklnhst.dat

[2008/09/14 14:05:54 | 000,024,576 | ---- | C] () -- C:\Users\Pascale\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/09/08 20:52:05 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/09/04 05:19:35 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2008/09/04 05:19:35 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2008/09/04 05:19:35 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2008/09/04 05:19:35 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe

[2008/09/03 21:25:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2008/09/03 19:55:11 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin

[2008/09/03 19:49:47 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll

[2008/09/03 19:49:47 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE

[2008/09/03 19:42:54 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI

[2008/01/21 10:40:50 | 000,679,042 | ---- | C] () -- C:\Windows\System32\perfh00C.dat

[2008/01/21 10:40:50 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat

[2008/01/21 10:40:50 | 000,126,626 | ---- | C] () -- C:\Windows\System32\perfc00C.dat

[2008/01/21 10:40:50 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat

[2006/12/05 14:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll

[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 14:47:37 | 000,281,680 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

 

========== Custom Scans ==========

 

 

< hklm\|null /RS >

HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6000.16386_none_a72f2b811e11f9f3\\identity: [binary data over 100 bytes]

HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6000.16386_none_a72f2b811e11f9f3\\c!windowsfoundation_31bf3856ad364e35_6.0.6000.16386_0103187793aeac37: [binary data over 100 bytes]

HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6000.16386_none_a72f2b811e11f9f3\\FilesRemovedBySuperScavenging: [binary data over 100 bytes]

HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6001.18000_none_a965ed7d1afd0ac7\\identity: [binary data over 100 bytes]

HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6001.18000_none_a965ed7d1afd0ac7\\S256H: 3C 87 D1 AC 9F 18 51 9F 8A 5F D6 30 D6 E3 FF F4 6C D8 6A A8 F2 4A B3 43 AF 77 FE E2 9D 07 91 62 [binary data]

HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6001.18000_none_a965ed7d1afd0ac7\\c!7f1261eb1ee..a78985ab554_b03f5f7f11d50a3a_6.0.6001.18000_b985bfcc6c331637: [binary data over 100 bytes]

HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6001.18000_none_a965ed7d1afd0ac7\\f!null.sys: null.sys [binary data]

HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-null_31bf3856ad364e35_none_71dd21ed13d9b8db\\SomeUnparsedVersionsExist: [binary data]

HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_microsoft-windows-null_31bf3856ad364e35_none_71dd21ed13d9b8db\\: 6.0

HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_microsoft-windows-null_31bf3856ad364e35_none_71dd21ed13d9b8db\6.0\\6.0.6000.16386: 01 [binary data]

HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_microsoft-windows-null_31bf3856ad364e35_none_71dd21ed13d9b8db\6.0\\: 6.0.6001.18000

HKEY_LOCAL_MACHINE\COMPONENTS\Winners\x86_microsoft-windows-null_31bf3856ad364e35_none_71dd21ed13d9b8db\6.0\\6.0.6001.18000: 01 [binary data]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bmp\ShellNew\\NullFile:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\\NullFile:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.txt\ShellNew\\NullFile:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wps\ShellNew\\: NullFile

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wpt\ShellNew\\: NullFile

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{C1F400A4-3F08-11D3-9F0B-006008039E37}\\FriendlyName: Null Renderer [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E882F102-F626-49E9-BD68-CE2BE7E59EC0}\\FriendlyName: SoundRecorder Null Renderer [2008/01/21 04:23:30 | 000,127,488 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{098f2470-bae0-11cd-b579-08002b30bfeb}\\: Null persistent handler [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD1F243-9BC4-305D-9B1C-0D10C80329FC}\\: System.ArgumentNullException

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD1F243-9BC4-305D-9B1C-0D10C80329FC}\InprocServer32\\Class: System.ArgumentNullException

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD1F243-9BC4-305D-9B1C-0D10C80329FC}\InprocServer32\2.0.0.0\\Class: System.ArgumentNullException

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD1F243-9BC4-305D-9B1C-0D10C80329FC}\InprocServer32\4.0.0.0\\Class: System.ArgumentNullException

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD1F243-9BC4-305D-9B1C-0D10C80329FC}\ProgId\\: System.ArgumentNullException

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{455F24E9-7396-4A16-9715-7C0FDBE3EFE3}\\: SpNullPhoneConverter Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{455F24E9-7396-4A16-9715-7C0FDBE3EFE3}\ProgID\\: SAPI.SpNullPhoneConverter.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{455F24E9-7396-4A16-9715-7C0FDBE3EFE3}\VersionIndependentProgID\\: SAPI.SpNullPhoneConverter

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78fe669a-186e-4108-96e9-77b586c1332f}\\: Content Index Null Stemmer

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F71DB2D-1EA0-3CAE-8087-26095F5215E6}\\: System.NullReferenceException

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F71DB2D-1EA0-3CAE-8087-26095F5215E6}\InprocServer32\\Class: System.NullReferenceException

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F71DB2D-1EA0-3CAE-8087-26095F5215E6}\InprocServer32\2.0.0.0\\Class: System.NullReferenceException

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F71DB2D-1EA0-3CAE-8087-26095F5215E6}\InprocServer32\4.0.0.0\\Class: System.NullReferenceException

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F71DB2D-1EA0-3CAE-8087-26095F5215E6}\ProgId\\: System.NullReferenceException

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{820825FD-1358-4705-8FEB-56B5CEE8BFD5}\\: NULL SSID INFO PAGE [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E175BA8-F52A-11D8-B9A5-505054503030}\\: Search Null Word Breaker

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E175BA8-F52A-11D8-B9A5-505054503030}\ProgID\\: Search.NullWB.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E175BA8-F52A-11D8-B9A5-505054503030}\VersionIndependentProgID\\: Search.NullWB

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1F400A4-3F08-11D3-9F0B-006008039E37}\\: Null Renderer [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3278e90-bea7-11cd-b579-08002b30bfeb}\\: Null filter [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E882F102-F626-49E9-BD68-CE2BE7E59EC0}\\: SoundRecorder Null Renderer [2008/01/21 04:23:30 | 000,127,488 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0D9F1B65-6D27-3E9F-BAF3-0597837E0F33}\\: _DBNull

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{84E7AC09-795A-3EA9-A36A-5B81EBAB0558}\\: _Nullable

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C991949B-E623-3F24-885C-BBB01FF43564}\\: _ArgumentNullException

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ECBE2313-CF41-34B4-9FD0-B6CD602B023F}\\: _NullReferenceException

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SAPI.SpNullPhoneConverter\\: SpNullPhoneConverter Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SAPI.SpNullPhoneConverter\CLSID\\: {455F24E9-7396-4A16-9715-7C0FDBE3EFE3}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SAPI.SpNullPhoneConverter\CurVer\\: SAPI.SpNullPhoneConverter.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SAPI.SpNullPhoneConverter.1\\: SpNullPhoneConverter Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SAPI.SpNullPhoneConverter.1\CLSID\\: {455F24E9-7396-4A16-9715-7C0FDBE3EFE3}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.NullWB\\: Search Null Word Breaker

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.NullWB\CLSID\\: {9E175BA8-F52A-11D8-B9A5-505054503030}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.NullWB\CurVer\\: Search.NullWB.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.NullWB.1\\: Search Null Word Breaker

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.NullWB.1\CLSID\\: {9E175BA8-F52A-11D8-B9A5-505054503030}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.ArgumentNullException\\: System.ArgumentNullException

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.ArgumentNullException\CLSID\\: {3BD1F243-9BC4-305D-9B1C-0D10C80329FC}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.NullReferenceException\\: System.NullReferenceException

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.NullReferenceException\CLSID\\: {7F71DB2D-1EA0-3CAE-8087-26095F5215E6}

HKEY_LOCAL_MACHINE\SOFTWARE\CyberLink\Common\MCESetting\\NullRenderer_Guid: {C1F400A4-3F08-11D3-9F0B-006008039E37}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Account Manager\Preconfigured\Active Directory GC\\LDAP Server: NULL [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Account Manager\Preconfigured\Active Directory GC\\LDAP User Name: NULL [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Account Manager\Preconfigured\Active Directory GC\\LDAP Search Base: NULL [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Account Manager\Preconfigured\VeriSign\\LDAP Search Base: NULL [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Terminal Server Client\IME Mapping Table\JPN\\imejp98.ime: null [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Terminal Server Client\IME Mapping Table\JPN\\imejp.ime: null [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Terminal Server Client\IME Mapping Table\JPN\\imjp81.ime: null [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Terminal Server Client\IME Mapping Table\JPN\\imjp8.ime: null [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Terminal Server Client\IME Mapping Table\JPN\\msime95.ime: null [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Terminal Server Client\IME Mapping Table\JPN\\msime97.ime: null [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Terminal Server Client\IME Mapping Table\KOR\\imekr61.ime: null [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Terminal Server Client\IME Mapping Table\KOR\\Imekr70.ime: null [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Terminal Server Client\IME Mapping Table\KOR\\imekr98u.ime: null [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Terminal Server Client\IME Mapping Table\KOR\\imekr.ime: null [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Terminal Server Client\IME Mapping Table\KOR\\Imkr12.ime: null [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Terminal Server Client\IME Mapping Table\KOR\\Imkr80.ime: null [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Terminal Server Client\IME Mapping Table\KOR\\msime95k.ime: null [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Terminal Server Client\IME Mapping Table\KOR\\msime95.ime: null [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Terminal Server Client\IME Mapping Table\KOR\\msuni95k.ime: null [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_microsoft-windows-null_31bf3856ad364e35_0.0.0.0_none_cd3fe32a632746fd\\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.936330-187_neutral_GDR: 6.0.6001.18000@16

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\XWizards\Components\{820825FD-1358-4705-8FEB-56B5CEE8BFD5}\\: NullSSID Page

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6000.16386_none_a72f2b811e11f9f3\\identity: [binary data over 100 bytes]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6000.16386_none_a72f2b811e11f9f3\\c!windowsfoundation_31bf3856ad364e35_6.0.6000.16386_0103187793aeac37: [binary data over 100 bytes]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6000.16386_none_a72f2b811e11f9f3\\FilesRemovedBySuperScavenging: [binary data over 100 bytes]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6001.18000_none_a965ed7d1afd0ac7\\identity: [binary data over 100 bytes]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6001.18000_none_a965ed7d1afd0ac7\\S256H: 3C 87 D1 AC 9F 18 51 9F 8A 5F D6 30 D6 E3 FF F4 6C D8 6A A8 F2 4A B3 43 AF 77 FE E2 9D 07 91 62 [binary data]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6001.18000_none_a965ed7d1afd0ac7\\c!7f1261eb1ee..a78985ab554_b03f5f7f11d50a3a_6.0.6001.18000_b985bfcc6c331637: [binary data over 100 bytes]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6001.18000_none_a965ed7d1afd0ac7\\f!null.sys: null.sys [binary data]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_001c11ba\ComponentFamilies\x86_microsoft-windows-null_31bf3856ad364e35_none_71dd21ed13d9b8db\\SomeUnparsedVersionsExist: [binary data]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-null_31bf3856ad364e35_none_71dd21ed13d9b8db\\: 6.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-null_31bf3856ad364e35_none_71dd21ed13d9b8db\6.0\\6.0.6000.16386: 01 [binary data]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-null_31bf3856ad364e35_none_71dd21ed13d9b8db\6.0\\: 6.0.6001.18000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-null_31bf3856ad364e35_none_71dd21ed13d9b8db\6.0\\6.0.6001.18000: 01 [binary data]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/NullSessionPipes\\ValueType: 7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/NullSessionPipes\\DisplayType: 4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/NullSessionPipes\\DisplayName: @wsecedit.dll,-59051

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/NullSessionShares\\ValueType: 7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/NullSessionShares\\DisplayType: 4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/NullSessionShares\\DisplayName: @wsecedit.dll,-59052

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/RestrictNullSessAccess\\ValueType: 4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/RestrictNullSessAccess\\DisplayType: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/RestrictNullSessAccess\\DisplayName: @wsecedit.dll,-59050

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cryptography\Configuration\Local\Default\00010002\TLS_RSA_WITH_NULL_MD5\\Flags: 0

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cryptography\Configuration\Local\Default\00010002\TLS_RSA_WITH_NULL_MD5\\Providers: Microsoft SSL Protocol Provider [binary data] [2006/11/02 14:47:46 | 000,000,000 | --SD | M]

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cryptography\Configuration\Local\Default\00010002\TLS_RSA_WITH_NULL_SHA\\Flags: 0

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cryptography\Configuration\Local\Default\00010002\TLS_RSA_WITH_NULL_SHA\\Providers: Microsoft SSL Protocol Provider [binary data] [2006/11/02 14:47:46 | 000,000,000 | --SD | M]

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\DOS Devices\\NUL: \Device\Null

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NULL\\NextInstance: 1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NULL\0000\\Service: Null [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NULL\0000\\Legacy: 1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NULL\0000\\ConfigFlags: 1024

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NULL\0000\\Class: LegacyDriver

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NULL\0000\\ClassGUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NULL\0000\\DeviceDesc: Null [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NULL\0000\\Capabilities: 0

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NULL\0000\Control\\ActiveService: Null [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters\\NullSessionPipes: netlogonlsarpcsamrbrowser [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters\\restrictnullsessaccess: 1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters\\AdjustedNullSessionPipes: 2

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null\\ErrorControl: 1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null\\Group: Base

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null\\Start: 1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null\\Tag: 1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null\\Type: 1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null\Enum\\0: Root\LEGACY_NULL\0000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null\Enum\\Count: 1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null\Enum\\NextInstance: 1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Cryptography\Configuration\Local\Default\00010002\TLS_RSA_WITH_NULL_MD5\\Flags: 0

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Cryptography\Configuration\Local\Default\00010002\TLS_RSA_WITH_NULL_MD5\\Providers: Microsoft SSL Protocol Provider [binary data] [2006/11/02 14:47:46 | 000,000,000 | --SD | M]

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Cryptography\Configuration\Local\Default\00010002\TLS_RSA_WITH_NULL_SHA\\Flags: 0

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Cryptography\Configuration\Local\Default\00010002\TLS_RSA_WITH_NULL_SHA\\Providers: Microsoft SSL Protocol Provider [binary data] [2006/11/02 14:47:46 | 000,000,000 | --SD | M]

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\DOS Devices\\NUL: \Device\Null

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NULL\\NextInstance: 1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NULL\0000\\Service: Null [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NULL\0000\\Legacy: 1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NULL\0000\\ConfigFlags: 1024

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NULL\0000\\Class: LegacyDriver

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NULL\0000\\ClassGUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NULL\0000\\DeviceDesc: Null [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NULL\0000\\Capabilities: 0

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\LanmanServer\Parameters\\NullSessionPipes: netlogonlsarpcsamrbrowser [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\LanmanServer\Parameters\\restrictnullsessaccess: 1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\LanmanServer\Parameters\\AdjustedNullSessionPipes: 2

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Null\\ErrorControl: 1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Null\\Group: Base

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Null\\Start: 1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Null\\Tag: 1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Null\\Type: 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\Default\00010002\TLS_RSA_WITH_NULL_MD5\\Flags: 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\Default\00010002\TLS_RSA_WITH_NULL_MD5\\Providers: Microsoft SSL Protocol Provider [binary data] [2006/11/02 14:47:46 | 000,000,000 | --SD | M]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\Default\00010002\TLS_RSA_WITH_NULL_SHA\\Flags: 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\Default\00010002\TLS_RSA_WITH_NULL_SHA\\Providers: Microsoft SSL Protocol Provider [binary data] [2006/11/02 14:47:46 | 000,000,000 | --SD | M]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices\\NUL: \Device\Null

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NULL\\NextInstance: 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NULL\0000\\Service: Null [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NULL\0000\\Legacy: 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NULL\0000\\ConfigFlags: 1024

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NULL\0000\\Class: LegacyDriver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NULL\0000\\ClassGUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NULL\0000\\DeviceDesc: Null [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NULL\0000\\Capabilities: 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NULL\0000\Control\\ActiveService: Null [2011/04/13 20:14:22 | 000,000,000 | ---- | M] ()

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\\NullSessionPipes: netlogonlsarpcsamrbrowser [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\\restrictnullsessaccess: 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\\AdjustedNullSessionPipes: 2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Null\\ErrorControl: 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Null\\Group: Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Null\\Start: 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Null\\Tag: 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Null\\Type: 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Null\Enum\\0: Root\LEGACY_NULL\0000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Null\Enum\\Count: 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Null\Enum\\NextInstance: 1

 

< hklm\|bcmwlrmt /RS >

 

< %systemdrive%\null /s /md5 >

[2011/04/13 20:14:22 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Windows\System32\null

 

< %systemdrive%\bcmwlrmt.dll /s /md5 >

[2008/03/12 07:37:52 | 000,055,808 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 64 bytes -> C:\Users\Pascale\Documents\100_0539.mov:TOC.WMV

@Alternate Data Stream - 64 bytes -> C:\Users\Pascale\Documents\100_0407.mov:TOC.WMV

 

< End of report >

 

 

Merci :D

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...