Analyse rapports HijackThis, Eradication malwares

[tripack1]

Bonsoir tripack1 !

 

Ton rapport hijackthis à l'air Ok !

 

On va quand même enlever les actives X

 

Lancer HijackThis, (scan only ou scanner seulement) cocher les lignes suivantes si présentes:

 

O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Sha...t//DexiaIIA.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138264477718

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.be/net/import/ImageUploader3.cab

 

Fermer tous les programmes et navigateur, et Cliquer sur Fix Checked

 

Pas grave pour panda essai celui là

 

-Faire un scan antivirus en ligne à titre de vérification

http://housecall65.trendmicro.com/ (fire fox ou IE)

Eventuellement faire celui-ci

http://www.trendmicro.com/spyware-scan/ (IE avec active x seulement)

 

A la fin du scan, sauvegarder le rapport sur le Bureau.(cliquer sur l'onglet Résultats/ puis cliquer sur Edition/tout sélectionner/copier puis ouvrir un fichier texte et coller la sélection dedans)

 

-Poster le(s) rapport(s) trendmicro

 

A plus !

 

Le rapport trendmicro est négatif seulement une ligne "pas de virus..."

 

par contre j' ai toujours des redirections sur IE via google ou plus exactement

google.com/search?hlct......

 

j'ignore pourquoi et j'ai désinstallé la toolbar de google...!

[Mark]

Coucou Regis , et bonjour tripack1 ;

 

Il te reste une saleté à virer, alors voici la suite :

===============================

 

Télécharge FixWareout de l'un de ces deux liens :

http://downloads.subratam.org/Fixwareout.exe

http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

 

Sauvegarde-le sur ton Bureau, puis lance-le.

Clique Next, puis Install, et assure-toi que "Run fixit" soit coché, puis clique Finish.

Suis les directives à l'écran.

L'outil va te demander de redémarrer ton PC; fais-le s'il te plaît.

Le redémarrage risque de prendre un peu plus de temps; ceci est normal.

Lorsque redémarré, un fichier texte apparaîtra (report.txt); copie/colle ce rapport dans ta prochaine réponse, avec un nouveau rapport HijackThis! également.

 

@+

[Thanos]

salut tripack1,salut les zamis QC001 et regis56

 

Non seulement ce vilain Wareout squatte ton pc tripack, mais il va aussi penser à désinstaller ce pseudo antispyware!!! =>SpywareBeGone!!

C'est ce qu'on apelle un rogue, autrement dit un faux utilitaire de sécurité qui est plus inutile qu'autre chose(voire dangereux!!).Celui ci est connu pour trouver des faux positifs(fichiers détectés comme malwares alors qu'ils sont sains!) et envoyer des pubs à gogo!!

Donc en plus de la procédure de QC001 , il faudra mettre cette daube à la porte!!

Présent sur ton rapport hijackthis à la ligne=>

O4 - HKCU\..\Run: [spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan

 

Je laisse mes camarades bosser, moi je vais dormir

EDIT: attends un conseiller pour t'aider à le virer ce SpywareBeGone! (ca peut peut être interresser S!RI??)

@+

Modifié le 18 avril 2006 par charles ingals

[tripack1]

salut tripack1,salut les zamis QC001 et regis56

 

Non seulement ce vilain Wareout squatte ton pc tripack, mais il va aussi penser à désinstaller ce pseudo antispyware!!! =>SpywareBeGone!!

C'est ce qu'on apelle un rogue, autrement dit un faux utilitaire de sécurité qui est plus inutile qu'autre chose(voire dangereux!!).Celui ci est connu pour trouver des faux positifs(fichiers détectés comme malwares alors qu'ils sont sains!) et envoyer des pubs à gogo!!

Donc en plus de la procédure de QC001 , il faudra mettre cette daube à la porte!!

Présent sur ton rapport hijackthis à la ligne=>

O4 - HKCU\..\Run: [spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan

 

Je laisse mes camarades bosser, moi je vais dormir

EDIT: attends un conseiller pour t'aider à le virer ce SpywareBeGone! (ca peut peut être interresser S!RI??)

@+

 

 

désolé mais aprés FixWareout qui s'est déroulé correctement me semble t-il, au redémarage je n'ai pas eu de fichier rapport.txt!

 

Voici le résultat du HijackThis en vous remerciant encore tous pour votre disponibilité.

 

Logfile of HijackThis v1.99.1

Scan saved at 0:44:12, on 20/04/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\GEARSec.exe

D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\system32\rundll32.exe

D:\Program Files\SuperCopier\SuperCopier.exe

C:\spywarebegone\SpywareBeGone.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe

d:\PROGRA~1\Webshots\webshots.scr

C:\WINDOWS\system32\LVComsX.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://misc.skynet.be/index.html?new_lang=fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://misc.skynet.be/index.html?new_lang=fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://misc.skynet.be/index.html?new_lang=fr

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr-be\msntb.dll (file missing)

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKCU\..\Run: [superCopier.exe] D:\Program Files\SuperCopier\SuperCopier.exe

O4 - HKCU\..\Run: [spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan

O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe

O8 - Extra context menu item: Chercher avec Copernic Agent - res://D:\Program Files\Copernic Agent Basic\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROProj.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O17 - HKLM\System\CCS\Services\Tcpip\..\{5E69987B-0F75-4E8B-A156-6F006EF67172}: NameServer = 85.255.114.73 85.255.112.227

O17 - HKLM\System\CCS\Services\Tcpip\..\{628E116D-CB0B-4B5F-B158-DE7B64934373}: NameServer = 85.255.114.73,85.255.112.227

O17 - HKLM\System\CCS\Services\Tcpip\..\{771D948E-AB89-42F9-92DA-567C7FF16A21}: NameServer = 85.255.114.73,85.255.112.227

O17 - HKLM\System\CCS\Services\Tcpip\..\{D1CA928B-AC90-4318-9347-62F5F12FDAF8}: NameServer = 85.255.114.73,85.255.112.227

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF76869C-99C0-43D8-93C8-634754A6DB02}: NameServer = 85.255.114.73,85.255.112.227

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

O23 - Service: License Management Service ESD - element5 - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe

O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

 

 

Enfin, je suis étonné et perturbé, spywarebegone m'a été recommandé et installé par les services informatiques pourtant réputé et qui m'ont vendu le PC !

@+

[Thanos]

salut tripack1

 

Enfin, je suis étonné et perturbé, spywarebegone m'a été recommandé et installé par les services informatiques pourtant réputé et qui m'ont vendu le PC !

Ils ne doivent pas avoir les bonnes infos... jette un oeil sur cette liste de "faux" utilitaires que l'on nomme "rogues"=> http://www.spywarewarrior.com/rogue_anti-spyware.htm

aggressive advertising (1); false positives work as goad to purchase; free scanner uses out of date ref database; same company as Spyware Vanisher [A: 6-26-04 / U: 11-10-04]

base de données complêtement dépassée, produit des faux positifs...etc...autrement dit tous les logiciels que tu peux voir dans cette liste sont à fuir d'urgence!!!Une question: est ce que tu as acheté ce logiciel?

Il y a d'autres logiciels gratos et qui eux, font leur boulot(spybot et son teatimer par ex!)!!

Pour te convaincre enfin qu'il s'agit d'une daube, pose toi la question: ton pc est infecté, et spywarebegone n'a pas vu grand chose...

 

Bon Fixwareout ne semble pas avoir fonctionné... l'adresse que tu vois en ligne 017 est mauvaise!!c'est celle d'un serveur planqué en Ukraine!

 

* Cherche stp le rapport de fixwareout à cet endroit ,et poste le contenu stp=> C:\fixwareout\report.txt

 

* Vas dans Demarrer > Connections > clic droit sur ta connection > Propriétés > onglet Gestion de réseau

Mets en surbrillance Protocole internet (tcp/ip) puis clic sur le bouton Propriétés.

Dans les options (serveur DNS préféré et serveur DNS auxiliaire) tu trouveras une de ces adresses présentes dans ton rapport hijackthis en ligne 017 =>(85.255.114.73 85.255.112.227 etc...)

 

Pour les éliminer, coche : "Obtenir les adresses des serveurs DNS automatiquement" puis clique 2 fois sur"Ok" et redémarre le PC.

 

* On va faire quelques recherches avec Blacklight=>

 

Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau.

 

Double-clique blbeta.exe et accepte la licence; laisse [X]scan through Windows Explorer activé; clique Scan puis Next

 

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

 

Copie et colle le contenu de ce rapport dans ta prochaine réponse. NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe

 

* Poste un nouveau rapport hijackthis stp

@+ tard

[tripack1]

salut tripack1

Ils ne doivent pas avoir les bonnes infos... jette un oeil sur cette liste de "faux" utilitaires que l'on nomme "rogues"=> http://www.spywarewarrior.com/rogue_anti-spyware.htm

 

base de données complêtement dépassée, produit des faux positifs...etc...autrement dit tous les logiciels que tu peux voir dans cette liste sont à fuir d'urgence!!!Une question: est ce que tu as acheté ce logiciel?

Il y a d'autres logiciels gratos et qui eux, font leur boulot(spybot et son teatimer par ex!)!!

Pour te convaincre enfin qu'il s'agit d'une daube, pose toi la question: ton pc est infecté, et spywarebegone n'a pas vu grand chose...

 

Bon Fixwareout ne semble pas avoir fonctionné... l'adresse que tu vois en ligne 017 est mauvaise!!c'est celle d'un serveur planqué en Ukraine!

 

* Cherche stp le rapport de fixwareout à cet endroit ,et poste le contenu stp=> C:\fixwareout\report.txt

 

* Vas dans Demarrer > Connections > clic droit sur ta connection > Propriétés > onglet Gestion de réseau

Mets en surbrillance Protocole internet (tcp/ip) puis clic sur le bouton Propriétés.

Dans les options (serveur DNS préféré et serveur DNS auxiliaire) tu trouveras une de ces adresses présentes dans ton rapport hijackthis en ligne 017 =>(85.255.114.73 85.255.112.227 etc...)

 

Pour les éliminer, coche : "Obtenir les adresses des serveurs DNS automatiquement" puis clique 2 fois sur"Ok" et redémarre le PC.

 

* On va faire quelques recherches avec Blacklight=>

 

Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau.

 

Double-clique blbeta.exe et accepte la licence; laisse [X]scan through Windows Explorer activé; clique Scan puis Next

 

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

 

Copie et colle le contenu de ce rapport dans ta prochaine réponse. NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe

 

* Poste un nouveau rapport hijackthis stp

@+ tard

 

Voici le résultat de tes demandes :

 

1)

 

Fixwareout ver 1.003

Last edited 04/09/2006

Post this report in the forums please

 

Reg Entries that were deleted

...

 

Microsoft ® Windows Script Host Version 5.6

Random Runs removed from HKLM

...

 

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

Example ipsec6.exe is lagitamate

 

»»»»» Search by size and names...

* csr.exe C:\WINDOWS\System32\CSENH.EXE

 

»»»»» Misc files

 

»»»»» Checking for older varients covered by the Rem3 tool

 

2)

 

 

04/20/06 17:55:54 [info]: BlackLight Engine 1.0.35 initialized

04/20/06 17:55:54 [info]: OS: 5.1 build 2600 (Service Pack 2)

04/20/06 17:55:54 [Note]: 7019 4

04/20/06 17:55:54 [Note]: 7005 0

04/20/06 17:55:55 [Note]: 7006 0

04/20/06 17:55:55 [Note]: 7011 1652

04/20/06 17:55:56 [Note]: 7026 0

04/20/06 17:55:56 [Note]: 7026 0

04/20/06 17:55:56 [Note]: 7015 1844

04/20/06 17:55:56 [Note]: 7015 5

04/20/06 17:55:56 [Note]: 7015 1952

04/20/06 17:55:56 [Note]: 7015 5

04/20/06 17:55:56 [Note]: FSRAW library version 1.7.1015

04/20/06 17:59:21 [Note]: 7007 0

 

 

3)

 

Logfile of HijackThis v1.99.1

Scan saved at 17:59:50, on 20/04/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\system32\rundll32.exe

D:\Program Files\SuperCopier\SuperCopier.exe

C:\spywarebegone\SpywareBeGone.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe

d:\PROGRA~1\Webshots\webshots.scr

D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\HijackThis\HijackThis.exe

 

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr-be\msntb.dll (file missing)

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKCU\..\Run: [superCopier.exe] D:\Program Files\SuperCopier\SuperCopier.exe

O4 - HKCU\..\Run: [spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan

O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe

O8 - Extra context menu item: Chercher avec Copernic Agent - res://D:\Program Files\Copernic Agent Basic\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROProj.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O17 - HKLM\System\CCS\Services\Tcpip\..\{628E116D-CB0B-4B5F-B158-DE7B64934373}: NameServer = 85.255.114.73,85.255.112.227

O17 - HKLM\System\CCS\Services\Tcpip\..\{771D948E-AB89-42F9-92DA-567C7FF16A21}: NameServer = 85.255.114.73,85.255.112.227

O17 - HKLM\System\CCS\Services\Tcpip\..\{D1CA928B-AC90-4318-9347-62F5F12FDAF8}: NameServer = 85.255.114.73,85.255.112.227

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF76869C-99C0-43D8-93C8-634754A6DB02}: NameServer = 85.255.114.73,85.255.112.227

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

O23 - Service: License Management Service ESD - element5 - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe

O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

J'espère avoir bien suivit les instructions,

Merci,

@+

Tripack

[Thanos]

salut tripack1

 

Juste une petite question : est ce que tu as bien été regarder dans les options de ta connexion et mis les serveur DNS préféré et serveur DNS auxiliaire en automatique??As tu trouvé une des adresses présentes dans les lignes 017 de ton rapport hijackthis dans les champs DNS??

Je repasse ce soir te donner un coup de main si personne ne l'a fait d'ici là

 

une petite recherche à faire comme ceci stp:

 

- Télécharge RegSearch.exe (Registry Search de Bobbi Flekman) -> http://www.bleepingcomputer.com/files/regsearch.php

- dézippe dans un répertoire dédié tel que C:\Program Files

- double clique sur RegSearch.exe

- copie colle les entrées en bleu dans les lignes de la zone de recherche:

{628E116D-CB0B-4B5F-B158-DE7B64934373}

{771D948E-AB89-42F9-92DA-567C7FF16A21}

{D1CA928B-AC90-4318-9347-62F5F12FDAF8}

{DF76869C-99C0-43D8-93C8-634754A6DB02}

- rien dans la ligne "Enter string to exclude from results"

- clique sur OK

- après recherche, le bloc-notes ouvre une fenêtre "RegSearch.txt" avec toutes les instances trouvées

- le fichier est en outre sauvegardé dans le même répertoire que celui de RegSearch

- copie-colle le contenu de la fenêtre dans un post, ici

- ferme le bloc-notes

- ferme RegSearch par Cancel

-Si la manipulation ne marche pas, entre les éléments un par un.

[tripack1]

salut tripack1

 

Juste une petite question : est ce que tu as bien été regarder dans les options de ta connexion et mis les serveur DNS préféré et serveur DNS auxiliaire en automatique??As tu trouvé une des adresses présentes dans les lignes 017 de ton rapport hijackthis dans les champs DNS??

Je repasse ce soir te donner un coup de main si personne ne l'a fait d'ici là

 

une petite recherche à faire comme ceci stp:

 

- Télécharge RegSearch.exe (Registry Search de Bobbi Flekman) -> http://www.bleepingcomputer.com/files/regsearch.php

- dézippe dans un répertoire dédié tel que C:\Program Files

- double clique sur RegSearch.exe

- copie colle les entrées en bleu dans les lignes de la zone de recherche:

{628E116D-CB0B-4B5F-B158-DE7B64934373}

{771D948E-AB89-42F9-92DA-567C7FF16A21}

{D1CA928B-AC90-4318-9347-62F5F12FDAF8}

{DF76869C-99C0-43D8-93C8-634754A6DB02}

- rien dans la ligne "Enter string to exclude from results"

- clique sur OK

- après recherche, le bloc-notes ouvre une fenêtre "RegSearch.txt" avec toutes les instances trouvées

- le fichier est en outre sauvegardé dans le même répertoire que celui de RegSearch

- copie-colle le contenu de la fenêtre dans un post, ici

- ferme le bloc-notes

- ferme RegSearch par Cancel

-Si la manipulation ne marche pas, entre les éléments un par un.

 

Par acquit de conscience j'ai recommencé les vérifications des options de ma connexion et mis les serveur DNS préféré, serveur DNS auxiliaire en automatique et relancé le PC. J'avais bien trouvé les adresses présentes dans les lignes 017 de mon rapport hijackthis dans les champs DNS. Maintenant elles n'ysont plus!

 

1)

 

REGEDIT4

 

; Registry Search 2.0 by Bobbi Flekman © 2005

; Version: 2.0.0.1

 

; Results at 20/04/2006 21:43:37 for strings:

; '{628e116d-cb0b-4b5f-b158-de7b64934373}'

; '{771d948e-ab89-42f9-92da-567c7ff16a21}'

; '{d1ca928b-ac90-4318-9347-62f5f12fdaf8}

{d1ca928b-ac90-4318-9347-62f5f12fdaf8}

{d1ca928b-ac90-4318-9347-62f5f12fdaf8}'

; '{df76869c-99c0-43d8-93c8-634754a6db02}'

; Strings excluded from search:

; (None)

; Search in:

; Registry Keys Registry Values Registry Data

; HKEY_LOCAL_MACHINE HKEY_USERS

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\9]

"ServiceName"="{771D948E-AB89-42F9-92DA-567C7FF16A21}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0008]

"NetCfgInstanceId"="{771D948E-AB89-42F9-92DA-567C7FF16A21}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0008\Linkage]

; Contents of value:

; {771D948E-AB89-42F9-92DA-567C7FF16A21}

;

"RootDevice"=hex(7):7b,37,37,31,44,39,34,38,45,2d,41,42,38,39,2d,34,32,46,39,\

2d,39,32,44,41,2d,35,36,37,43,37,46,46,31,36,41,32,31,7d,00,00

; Contents of value:

; \Device\{771D948E-AB89-42F9-92DA-567C7FF16A21}

;

"Export"=hex(7):5c,44,65,76,69,63,65,5c,7b,37,37,31,44,39,34,38,45,2d,41,42,38,\

39,2d,34,32,46,39,2d,39,32,44,41,2d,35,36,37,43,37,46,46,31,36,41,32,31,7d,\

00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0009\Linkage]

; Contents of value:

; {0031AA71-D29B-45A6-BB35-DB64F885DB20}

; {771D948E-AB89-42F9-92DA-567C7FF16A21}

;

"RootDevice"=hex(7):7b,30,30,33,31,41,41,37,31,2d,44,32,39,42,2d,34,35,41,36,\

2d,42,42,33,35,2d,44,42,36,34,46,38,38,35,44,42,32,30,7d,00,7b,37,37,31,44,\

39,34,38,45,2d,41,42,38,39,2d,34,32,46,39,2d,39,32,44,41,2d,35,36,37,43,37,\

46,46,31,36,41,32,31,7d,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012]

"NetCfgInstanceId"="{DF76869C-99C0-43D8-93C8-634754A6DB02}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Linkage]

; Contents of value:

; {DF76869C-99C0-43D8-93C8-634754A6DB02}

;

"RootDevice"=hex(7):7b,44,46,37,36,38,36,39,43,2d,39,39,43,30,2d,34,33,44,38,\

2d,39,33,43,38,2d,36,33,34,37,35,34,41,36,44,42,30,32,7d,00,00

; Contents of value:

; \Device\{DF76869C-99C0-43D8-93C8-634754A6DB02}

;

"Export"=hex(7):5c,44,65,76,69,63,65,5c,7b,44,46,37,36,38,36,39,43,2d,39,39,43,\

30,2d,34,33,44,38,2d,39,33,43,38,2d,36,33,34,37,35,34,41,36,44,42,30,32,7d,\

00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]

"NetCfgInstanceId"="{628E116D-CB0B-4B5F-B158-DE7B64934373}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\Linkage]

; Contents of value:

; {628E116D-CB0B-4B5F-B158-DE7B64934373}

;

"RootDevice"=hex(7):7b,36,32,38,45,31,31,36,44,2d,43,42,30,42,2d,34,42,35,46,\

2d,42,31,35,38,2d,44,45,37,42,36,34,39,33,34,33,37,33,7d,00,00

; Contents of value:

; \Device\{628E116D-CB0B-4B5F-B158-DE7B64934373}

;

"Export"=hex(7):5c,44,65,76,69,63,65,5c,7b,36,32,38,45,31,31,36,44,2d,43,42,30,\

42,2d,34,42,35,46,2d,42,31,35,38,2d,44,45,37,42,36,34,39,33,34,33,37,33,7d,\

00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#BTH#MS_BTHPAN#6&4bb2e79&0&2#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{628E116D-CB0B-4B5F-B158-DE7B64934373}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#BTH#MS_BTHPAN#6&4bb2e79&0&2#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{628E116D-CB0B-4B5F-B158-DE7B64934373}]

"SymbolicLink"="\\\\?\\BTH#MS_BTHPAN#6&4bb2e79&0&2#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{628E116D-CB0B-4B5F-B158-DE7B64934373}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_1106&DEV_3065&SUBSYS_14001186&REV_43#4&2e98101c&0&08F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{771D948E-AB89-42F9-92DA-567C7FF16A21}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_1106&DEV_3065&SUBSYS_14001186&REV_43#4&2e98101c&0&08F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{771D948E-AB89-42F9-92DA-567C7FF16A21}]

"SymbolicLink"="\\\\?\\PCI#VEN_1106&DEV_3065&SUBSYS_14001186&REV_43#4&2e98101c&0&08F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{771D948E-AB89-42F9-92DA-567C7FF16A21}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#SW#{48926476-2cae-4ded-a86e-73ddebed6779}#NDISIP#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{DF76869C-99C0-43D8-93C8-634754A6DB02}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#SW#{48926476-2cae-4ded-a86e-73ddebed6779}#NDISIP#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{DF76869C-99C0-43D8-93C8-634754A6DB02}]

"SymbolicLink"="\\\\?\\SW#{48926476-2cae-4ded-a86e-73ddebed6779}#NDISIP#{ad498944-762f-11d0-8dcb-00c04fc3358c}\\{DF76869C-99C0-43D8-93C8-634754A6DB02}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{628E116D-CB0B-4B5F-B158-DE7B64934373}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{628E116D-CB0B-4B5F-B158-DE7B64934373}\Connection]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{771D948E-AB89-42F9-92DA-567C7FF16A21}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{771D948E-AB89-42F9-92DA-567C7FF16A21}\Connection]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{DF76869C-99C0-43D8-93C8-634754A6DB02}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{DF76869C-99C0-43D8-93C8-634754A6DB02}\Connection]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters]

"{771D948E-AB89-42F9-92DA-567C7FF16A21}"=hex:06,00,00,00,00,00,00,00,08,00,00,\

00,00,00,00,00,de,ae,e0,43,c3,ee,02,15,c0,a8,0a,fa,03,00,00,00,00,00,00,00,\

04,00,00,00,00,00,00,00,de,ae,e0,43,c0,a8,0a,fa,0f,00,00,00,00,00,00,00,0a,\

00,00,00,00,00,00,00,de,ae,e0,43,62,69,67,2e,6c,6f,63,61,6c,00,00,00,51,00,\

00,00,00,00,00,00,03,00,00,00,00,00,00,00,de,ae,e0,43,00,ff,00,00,01,00,00,\

00,00,00,00,00,04,00,00,00,00,00,00,00,de,ae,e0,43,ff,ff,ff,00,36,00,00,00,\

00,00,00,00,04,00,00,00,00,00,00,00,de,ae,e0,43,c0,a8,0a,fe,33,00,00,00,00,\

00,00,00,04,00,00,00,00,00,00,00,de,ae,e0,43,00,01,51,80,3b,00,00,00,00,00,\

00,00,04,00,00,00,00,00,00,00,de,ae,e0,43,00,01,27,50,3a,00,00,00,00,00,00,\

00,04,00,00,00,00,00,00,00,de,ae,e0,43,00,00,a8,c0,35,00,00,00,00,00,00,00,\

01,00,00,00,00,00,00,00,de,ae,e0,43,05,00,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\Linkage]

; Contents of value:

; \Device\NetbiosSmb

; \Device\NetBT_Tcpip_{628E116D-CB0B-4B5F-B158-DE7B64934373} \Device\NetBT_Tcpip

; \Device\NetBT_Tcpip_{DF76869C-99C0-43D8-93C8-634754A6DB02} \Device\NetBT_Tcpip_{D1CA928B-AC90-4318-9347-62F5F12FDAF8} \Device\NetBT_Tcpip

; \Device\NetBT_Tcpip_{D1CA928B-AC90-4318-9347-62F5F12FDAF8} \Device\NetBT_Tcpip_{771D948E-AB89-42F9-92DA-567C7FF16A21} \Device\NetBT_Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4} \Device\NetBT_Tcpip

; \Device\NetBT_Tcpip_{771D948E-AB89-42F9-92DA-567C7FF16A21} \Device\NetBT_Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4} \Device\NetBT_Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\NetBT_Tcpip

; \Device\NetBT_Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4} \Device\NetBT_Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\NetBT_Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

;

"Bind"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,\

65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,36,32,38,45,31,31,\

36,44,2d,43,42,30,42,2d,34,42,35,46,2d,42,31,35,38,2d,44,45,37,42,36,34,39,\

33,34,33,37,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,\

70,5f,7b,44,46,37,36,38,36,39,43,2d,39,39,43,30,2d,34,33,44,38,2d,39,33,43,\

38,2d,36,33,34,37,35,34,41,36,44,42,30,32,7d,00,5c,44,65,76,69,63,65,5c,4e,\

65,74,42,54,5f,54,63,70,69,70,5f,7b,44,31,43,41,39,32,38,42,2d,41,43,39,30,\

2d,34,33,31,38,2d,39,33,34,37,2d,36,32,46,35,46,31,32,46,44,41,46,38,7d,00,\

5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,37,37,31,44,\

39,34,38,45,2d,41,42,38,39,2d,34,32,46,39,2d,39,32,44,41,2d,35,36,37,43,37,\

46,46,31,36,41,32,31,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,\

70,69,70,5f,7b,34,37,31,38,35,35,38,39,2d,34,46,31,45,2d,34,41,42,36,2d,41,\

31,36,45,2d,35,38,42,37,36,44,43,35,30,30,42,34,7d,00,5c,44,65,76,69,63,65,\

5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,34,31,39,45,34,46,43,37,2d,38,44,\

36,32,2d,34,46,30,43,2d,39,31,32,32,2d,43,39,39,32,30,30,38,44,35,43,35,34,\

7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,37,35,\

32,42,33,34,41,34,2d,30,38,41,41,2d,34,30,31,46,2d,41,35,38,31,2d,39,35,45,\

43,43,32,36,36,36,33,31,37,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,\

54,63,70,69,70,5f,7b,35,45,36,39,39,38,37,42,2d,30,46,37,35,2d,34,45,38,42,\

2d,41,31,35,36,2d,36,46,30,30,36,45,46,36,37,31,37,32,7d,00,00

; Contents of value:

; "NetbiosSmb"

; "NetBT" "Tcpip" "{628E116D-CB0B-4B5F-B158-DE7B64934373}" "NetBT" "Tcpi

; "NetBT" "Tcpip" "{DF76869C-99C0-43D8-93C8-634754A6DB02}" "NetBT" "Tcpip" "{D1CA928B-AC90-4318-9347-62F5F12FDAF8}" "NetBT" "Tcpi

; "NetBT" "Tcpip" "{D1CA928B-AC90-4318-9347-62F5F12FDAF8}" "NetBT" "Tcpip" "{771D948E-AB89-42F9-92DA-567C7FF16A21}" "NetBT" "Tcpip" "NdisWanIp"

; "NetBT" "Tcpip" "{771D948E-AB89-42F9-92DA-567C7FF16A21}" "NetBT" "Tcpip" "NdisWanIp"

; "NetBT" "Tcpip" "NdisWanIp"

;

"Route"=hex(7):22,4e,65,74,62,69,6f,73,53,6d,62,22,00,22,4e,65,74,42,54,22,20,\

22,54,63,70,69,70,22,20,22,7b,36,32,38,45,31,31,36,44,2d,43,42,30,42,2d,34,\

42,35,46,2d,42,31,35,38,2d,44,45,37,42,36,34,39,33,34,33,37,33,7d,22,00,22,\

4e,65,74,42,54,22,20,22,54,63,70,69,70,22,20,22,7b,44,46,37,36,38,36,39,43,\

2d,39,39,43,30,2d,34,33,44,38,2d,39,33,43,38,2d,36,33,34,37,35,34,41,36,44,\

42,30,32,7d,22,00,22,4e,65,74,42,54,22,20,22,54,63,70,69,70,22,20,22,7b,44,\

31,43,41,39,32,38,42,2d,41,43,39,30,2d,34,33,31,38,2d,39,33,34,37,2d,36,32,\

46,35,46,31,32,46,44,41,46,38,7d,22,00,22,4e,65,74,42,54,22,20,22,54,63,70,\

69,70,22,20,22,7b,37,37,31,44,39,34,38,45,2d,41,42,38,39,2d,34,32,46,39,2d,\

39,32,44,41,2d,35,36,37,43,37,46,46,31,36,41,32,31,7d,22,00,22,4e,65,74,42,\

54,22,20,22,54,63,70,69,70,22,20,22,4e,64,69,73,57,61,6e,49,70,22,00,00

; Contents of value:

; \Device\LanmanServer_NetbiosSmb

; \Device\LanmanServer_NetBT_Tcpip_{628E116D-CB0B-4B5F-B158-DE7B64934373} \Device\LanmanServer_NetBT_Tcpip

; \Device\LanmanServer_NetBT_Tcpip_{DF76869C-99C0-43D8-93C8-634754A6DB02} \Device\LanmanServer_NetBT_Tcpip_{D1CA928B-AC90-4318-9347-62F5F12FDAF8} \Device\LanmanServer_NetBT_Tcpip

; \Device\LanmanServer_NetBT_Tcpip_{D1CA928B-AC90-4318-9347-62F5F12FDAF8} \Device\LanmanServer_NetBT_Tcpip_{771D948E-AB89-42F9-92DA-567C7FF16A21} \Device\LanmanServer_NetBT_Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4} \Device\LanmanServer_NetBT_Tcpip

; \Device\LanmanServer_NetBT_Tcpip_{771D948E-AB89-42F9-92DA-567C7FF16A21} \Device\LanmanServer_NetBT_Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4} \Device\LanmanServer_NetBT_Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\LanmanServer_NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\LanmanServer_NetBT_Tcpip

; \Device\LanmanServer_NetBT_Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4} \Device\LanmanServer_NetBT_Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\LanmanServer_NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\LanmanServer_NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\LanmanServer_NetBT_Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\LanmanServer_NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\LanmanServer_NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\LanmanServer_NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\LanmanServer_NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\LanmanServer_NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

;

"Export"=hex(7):5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,5f,\

4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,\

53,65,72,76,65,72,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,36,32,38,45,31,\

31,36,44,2d,43,42,30,42,2d,34,42,35,46,2d,42,31,35,38,2d,44,45,37,42,36,34,\

39,33,34,33,37,33,7d,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,\

76,65,72,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,44,46,37,36,38,36,39,43,\

2d,39,39,43,30,2d,34,33,44,38,2d,39,33,43,38,2d,36,33,34,37,35,34,41,36,44,\

42,30,32,7d,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,\

5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,44,31,43,41,39,32,38,42,2d,41,43,\

39,30,2d,34,33,31,38,2d,39,33,34,37,2d,36,32,46,35,46,31,32,46,44,41,46,38,\

7d,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,5f,4e,65,\

74,42,54,5f,54,63,70,69,70,5f,7b,37,37,31,44,39,34,38,45,2d,41,42,38,39,2d,\

34,32,46,39,2d,39,32,44,41,2d,35,36,37,43,37,46,46,31,36,41,32,31,7d,00,5c,\

44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,5f,4e,65,74,42,54,\

5f,54,63,70,69,70,5f,7b,34,37,31,38,35,35,38,39,2d,34,46,31,45,2d,34,41,42,\

36,2d,41,31,36,45,2d,35,38,42,37,36,44,43,35,30,30,42,34,7d,00,5c,44,65,76,\

69,63,65,5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,5f,4e,65,74,42,54,5f,54,63,\

70,69,70,5f,7b,34,31,39,45,34,46,43,37,2d,38,44,36,32,2d,34,46,30,43,2d,39,\

31,32,32,2d,43,39,39,32,30,30,38,44,35,43,35,34,7d,00,5c,44,65,76,69,63,65,\

5c,4c,61,6e,6d,61,6e,53,65,72,76,65,72,5f,4e,65,74,42,54,5f,54,63,70,69,70,\

5f,7b,37,35,32,42,33,34,41,34,2d,30,38,41,41,2d,34,30,31,46,2d,41,35,38,31,\

2d,39,35,45,43,43,32,36,36,36,33,31,37,7d,00,5c,44,65,76,69,63,65,5c,4c,61,\

6e,6d,61,6e,53,65,72,76,65,72,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,35,\

45,36,39,39,38,37,42,2d,30,46,37,35,2d,34,45,38,42,2d,41,31,35,36,2d,36,46,\

30,30,36,45,46,36,37,31,37,32,7d,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Linkage]

; Contents of value:

; \Device\NetbiosSmb

; \Device\NetBT_Tcpip_{628E116D-CB0B-4B5F-B158-DE7B64934373} \Device\NetBT_Tcpip

; \Device\NetBT_Tcpip_{DF76869C-99C0-43D8-93C8-634754A6DB02} \Device\NetBT_Tcpip_{D1CA928B-AC90-4318-9347-62F5F12FDAF8} \Device\NetBT_Tcpip

; \Device\NetBT_Tcpip_{D1CA928B-AC90-4318-9347-62F5F12FDAF8} \Device\NetBT_Tcpip_{771D948E-AB89-42F9-92DA-567C7FF16A21} \Device\NetBT_Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4} \Device\NetBT_Tcpip

; \Device\NetBT_Tcpip_{771D948E-AB89-42F9-92DA-567C7FF16A21} \Device\NetBT_Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4} \Device\NetBT_Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\NetBT_Tcpip

; \Device\NetBT_Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4} \Device\NetBT_Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\NetBT_Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

;

"Bind"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,\

65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,36,32,38,45,31,31,\

36,44,2d,43,42,30,42,2d,34,42,35,46,2d,42,31,35,38,2d,44,45,37,42,36,34,39,\

33,34,33,37,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,\

70,5f,7b,44,46,37,36,38,36,39,43,2d,39,39,43,30,2d,34,33,44,38,2d,39,33,43,\

38,2d,36,33,34,37,35,34,41,36,44,42,30,32,7d,00,5c,44,65,76,69,63,65,5c,4e,\

65,74,42,54,5f,54,63,70,69,70,5f,7b,44,31,43,41,39,32,38,42,2d,41,43,39,30,\

2d,34,33,31,38,2d,39,33,34,37,2d,36,32,46,35,46,31,32,46,44,41,46,38,7d,00,\

5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,37,37,31,44,\

39,34,38,45,2d,41,42,38,39,2d,34,32,46,39,2d,39,32,44,41,2d,35,36,37,43,37,\

46,46,31,36,41,32,31,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,\

70,69,70,5f,7b,34,37,31,38,35,35,38,39,2d,34,46,31,45,2d,34,41,42,36,2d,41,\

31,36,45,2d,35,38,42,37,36,44,43,35,30,30,42,34,7d,00,5c,44,65,76,69,63,65,\

5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,34,31,39,45,34,46,43,37,2d,38,44,\

36,32,2d,34,46,30,43,2d,39,31,32,32,2d,43,39,39,32,30,30,38,44,35,43,35,34,\

7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,37,35,\

32,42,33,34,41,34,2d,30,38,41,41,2d,34,30,31,46,2d,41,35,38,31,2d,39,35,45,\

43,43,32,36,36,36,33,31,37,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,\

54,63,70,69,70,5f,7b,35,45,36,39,39,38,37,42,2d,30,46,37,35,2d,34,45,38,42,\

2d,41,31,35,36,2d,36,46,30,30,36,45,46,36,37,31,37,32,7d,00,00

; Contents of value:

; "NetbiosSmb"

; "NetBT" "Tcpip" "{628E116D-CB0B-4B5F-B158-DE7B64934373}" "NetBT" "Tcpi

; "NetBT" "Tcpip" "{DF76869C-99C0-43D8-93C8-634754A6DB02}" "NetBT" "Tcpip" "{D1CA928B-AC90-4318-9347-62F5F12FDAF8}" "NetBT" "Tcpi

; "NetBT" "Tcpip" "{D1CA928B-AC90-4318-9347-62F5F12FDAF8}" "NetBT" "Tcpip" "{771D948E-AB89-42F9-92DA-567C7FF16A21}" "NetBT" "Tcpip" "NdisWanIp"

; "NetBT" "Tcpip" "{771D948E-AB89-42F9-92DA-567C7FF16A21}" "NetBT" "Tcpip" "NdisWanIp"

; "NetBT" "Tcpip" "NdisWanIp"

;

"Route"=hex(7):22,4e,65,74,62,69,6f,73,53,6d,62,22,00,22,4e,65,74,42,54,22,20,\

22,54,63,70,69,70,22,20,22,7b,36,32,38,45,31,31,36,44,2d,43,42,30,42,2d,34,\

42,35,46,2d,42,31,35,38,2d,44,45,37,42,36,34,39,33,34,33,37,33,7d,22,00,22,\

4e,65,74,42,54,22,20,22,54,63,70,69,70,22,20,22,7b,44,46,37,36,38,36,39,43,\

2d,39,39,43,30,2d,34,33,44,38,2d,39,33,43,38,2d,36,33,34,37,35,34,41,36,44,\

42,30,32,7d,22,00,22,4e,65,74,42,54,22,20,22,54,63,70,69,70,22,20,22,7b,44,\

31,43,41,39,32,38,42,2d,41,43,39,30,2d,34,33,31,38,2d,39,33,34,37,2d,36,32,\

46,35,46,31,32,46,44,41,46,38,7d,22,00,22,4e,65,74,42,54,22,20,22,54,63,70,\

69,70,22,20,22,7b,37,37,31,44,39,34,38,45,2d,41,42,38,39,2d,34,32,46,39,2d,\

39,32,44,41,2d,35,36,37,43,37,46,46,31,36,41,32,31,7d,22,00,22,4e,65,74,42,\

54,22,20,22,54,63,70,69,70,22,20,22,4e,64,69,73,57,61,6e,49,70,22,00,00

; Contents of value:

; \Device\LanmanWorkstation_NetbiosSmb

; \Device\LanmanWorkstation_NetBT_Tcpip_{628E116D-CB0B-4B5F-B158-DE7B64934373} \Device\LanmanWorkstation_NetBT_Tcpip

; \Device\LanmanWorkstation_NetBT_Tcpip_{DF76869C-99C0-43D8-93C8-634754A6DB02} \Device\LanmanWorkstation_NetBT_Tcpip_{D1CA928B-AC90-4318-9347-62F5F12FDAF8} \Device\LanmanWorkstation_NetBT_Tcpip

; \Device\LanmanWorkstation_NetBT_Tcpip_{D1CA928B-AC90-4318-9347-62F5F12FDAF8} \Device\LanmanWorkstation_NetBT_Tcpip_{771D948E-AB89-42F9-92DA-567C7FF16A21} \Device\LanmanWorkstation_NetBT_Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4} \Device\LanmanWorkstation_NetBT_Tcpip

; \Device\LanmanWorkstation_NetBT_Tcpip_{771D948E-AB89-42F9-92DA-567C7FF16A21} \Device\LanmanWorkstation_NetBT_Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4} \Device\LanmanWorkstation_NetBT_Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\LanmanWorkstation_NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\LanmanWorkstation_NetBT_Tcpip

; \Device\LanmanWorkstation_NetBT_Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4} \Device\LanmanWorkstation_NetBT_Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\LanmanWorkstation_NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\LanmanWorkstation_NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\LanmanWorkstation_NetBT_Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\LanmanWorkstation_NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\LanmanWorkstation_NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\LanmanWorkstation_NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\LanmanWorkstation_NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\LanmanWorkstation_NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

;

"Export"=hex(7):5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,\

74,69,6f,6e,5f,4e,65,74,62,69,6f,73,53,6d,62,00,5c,44,65,76,69,63,65,5c,4c,\

61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,74,42,54,5f,54,63,\

70,69,70,5f,7b,36,32,38,45,31,31,36,44,2d,43,42,30,42,2d,34,42,35,46,2d,42,\

31,35,38,2d,44,45,37,42,36,34,39,33,34,33,37,33,7d,00,5c,44,65,76,69,63,65,\

5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,74,42,54,5f,\

54,63,70,69,70,5f,7b,44,46,37,36,38,36,39,43,2d,39,39,43,30,2d,34,33,44,38,\

2d,39,33,43,38,2d,36,33,34,37,35,34,41,36,44,42,30,32,7d,00,5c,44,65,76,69,\

63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,74,42,\

54,5f,54,63,70,69,70,5f,7b,44,31,43,41,39,32,38,42,2d,41,43,39,30,2d,34,33,\

31,38,2d,39,33,34,37,2d,36,32,46,35,46,31,32,46,44,41,46,38,7d,00,5c,44,65,\

76,69,63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,4e,65,\

74,42,54,5f,54,63,70,69,70,5f,7b,37,37,31,44,39,34,38,45,2d,41,42,38,39,2d,\

34,32,46,39,2d,39,32,44,41,2d,35,36,37,43,37,46,46,31,36,41,32,31,7d,00,5c,\

44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,5f,\

4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,34,37,31,38,35,35,38,39,2d,34,46,31,\

45,2d,34,41,42,36,2d,41,31,36,45,2d,35,38,42,37,36,44,43,35,30,30,42,34,7d,\

00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,\

6e,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,34,31,39,45,34,46,43,37,2d,38,\

44,36,32,2d,34,46,30,43,2d,39,31,32,32,2d,43,39,39,32,30,30,38,44,35,43,35,\

34,7d,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,\

69,6f,6e,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,37,35,32,42,33,34,41,34,\

2d,30,38,41,41,2d,34,30,31,46,2d,41,35,38,31,2d,39,35,45,43,43,32,36,36,36,\

33,31,37,7d,00,5c,44,65,76,69,63,65,5c,4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,\

61,74,69,6f,6e,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,35,45,36,39,39,38,\

37,42,2d,30,46,37,35,2d,34,45,38,42,2d,41,31,35,36,2d,36,46,30,30,36,45,46,\

36,37,31,37,32,7d,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndisuio\Linkage]

; Contents of value:

; \Device\{628E116D-CB0B-4B5F-B158-DE7B64934373}

; \Device\{DF76869C-99C0-43D8-93C8-634754A6DB02} \Device\{771D948E-AB89-42F9-92DA-567C7FF16A21}

; \Device\{771D948E-AB89-42F9-92DA-567C7FF16A21}

;

"Bind"=hex(7):5c,44,65,76,69,63,65,5c,7b,36,32,38,45,31,31,36,44,2d,43,42,30,\

42,2d,34,42,35,46,2d,42,31,35,38,2d,44,45,37,42,36,34,39,33,34,33,37,33,7d,\

00,5c,44,65,76,69,63,65,5c,7b,44,46,37,36,38,36,39,43,2d,39,39,43,30,2d,34,\

33,44,38,2d,39,33,43,38,2d,36,33,34,37,35,34,41,36,44,42,30,32,7d,00,5c,44,\

65,76,69,63,65,5c,7b,37,37,31,44,39,34,38,45,2d,41,42,38,39,2d,34,32,46,39,\

2d,39,32,44,41,2d,35,36,37,43,37,46,46,31,36,41,32,31,7d,00,00

; Contents of value:

; "{628E116D-CB0B-4B5F-B158-DE7B64934373}"

; "{DF76869C-99C0-43D8-93C8-634754A6DB02}" "{771D948E-AB89-42F9-92DA-567C7FF16A21}"

; "{771D948E-AB89-42F9-92DA-567C7FF16A21}"

;

"Route"=hex(7):22,7b,36,32,38,45,31,31,36,44,2d,43,42,30,42,2d,34,42,35,46,2d,\

42,31,35,38,2d,44,45,37,42,36,34,39,33,34,33,37,33,7d,22,00,22,7b,44,46,37,\

36,38,36,39,43,2d,39,39,43,30,2d,34,33,44,38,2d,39,33,43,38,2d,36,33,34,37,\

35,34,41,36,44,42,30,32,7d,22,00,22,7b,37,37,31,44,39,34,38,45,2d,41,42,38,\

39,2d,34,32,46,39,2d,39,32,44,41,2d,35,36,37,43,37,46,46,31,36,41,32,31,7d,\

22,00,00

; Contents of value:

; \Device\Ndisuio_{628E116D-CB0B-4B5F-B158-DE7B64934373}

; \Device\Ndisuio_{DF76869C-99C0-43D8-93C8-634754A6DB02} \Device\Ndisuio_{771D948E-AB89-42F9-92DA-567C7FF16A21}

; \Device\Ndisuio_{771D948E-AB89-42F9-92DA-567C7FF16A21}

;

"Export"=hex(7):5c,44,65,76,69,63,65,5c,4e,64,69,73,75,69,6f,5f,7b,36,32,38,45,\

31,31,36,44,2d,43,42,30,42,2d,34,42,35,46,2d,42,31,35,38,2d,44,45,37,42,36,\

34,39,33,34,33,37,33,7d,00,5c,44,65,76,69,63,65,5c,4e,64,69,73,75,69,6f,5f,\

7b,44,46,37,36,38,36,39,43,2d,39,39,43,30,2d,34,33,44,38,2d,39,33,43,38,2d,\

36,33,34,37,35,34,41,36,44,42,30,32,7d,00,5c,44,65,76,69,63,65,5c,4e,64,69,\

73,75,69,6f,5f,7b,37,37,31,44,39,34,38,45,2d,41,42,38,39,2d,34,32,46,39,2d,\

39,32,44,41,2d,35,36,37,43,37,46,46,31,36,41,32,31,7d,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBIOS\Linkage]

; Contents of value:

; \Device\NetBT_Tcpip_{628E116D-CB0B-4B5F-B158-DE7B64934373}

; \Device\NetBT_Tcpip_{DF76869C-99C0-43D8-93C8-634754A6DB02} \Device\NetBT_Tcpip_{D1CA928B-AC90-4318-9347-62F5F12FDAF8}

; \Device\NetBT_Tcpip_{D1CA928B-AC90-4318-9347-62F5F12FDAF8} \Device\NetBT_Tcpip_{771D948E-AB89-42F9-92DA-567C7FF16A21} \Device\NetBT_Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4}

; \Device\NetBT_Tcpip_{771D948E-AB89-42F9-92DA-567C7FF16A21} \Device\NetBT_Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4} \Device\NetBT_Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317}

; \Device\NetBT_Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4} \Device\NetBT_Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\NetBT_Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

;

"Bind"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,\

36,32,38,45,31,31,36,44,2d,43,42,30,42,2d,34,42,35,46,2d,42,31,35,38,2d,44,\

45,37,42,36,34,39,33,34,33,37,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,\

54,5f,54,63,70,69,70,5f,7b,44,46,37,36,38,36,39,43,2d,39,39,43,30,2d,34,33,\

44,38,2d,39,33,43,38,2d,36,33,34,37,35,34,41,36,44,42,30,32,7d,00,5c,44,65,\

76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,44,31,43,41,39,32,38,\

42,2d,41,43,39,30,2d,34,33,31,38,2d,39,33,34,37,2d,36,32,46,35,46,31,32,46,\

44,41,46,38,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,\

5f,7b,37,37,31,44,39,34,38,45,2d,41,42,38,39,2d,34,32,46,39,2d,39,32,44,41,\

2d,35,36,37,43,37,46,46,31,36,41,32,31,7d,00,5c,44,65,76,69,63,65,5c,4e,65,\

74,42,54,5f,54,63,70,69,70,5f,7b,34,37,31,38,35,35,38,39,2d,34,46,31,45,2d,\

34,41,42,36,2d,41,31,36,45,2d,35,38,42,37,36,44,43,35,30,30,42,34,7d,00,5c,\

44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,34,31,39,45,34,\

46,43,37,2d,38,44,36,32,2d,34,46,30,43,2d,39,31,32,32,2d,43,39,39,32,30,30,\

38,44,35,43,35,34,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,\

69,70,5f,7b,37,35,32,42,33,34,41,34,2d,30,38,41,41,2d,34,30,31,46,2d,41,35,\

38,31,2d,39,35,45,43,43,32,36,36,36,33,31,37,7d,00,5c,44,65,76,69,63,65,5c,\

4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,35,45,36,39,39,38,37,42,2d,30,46,37,\

35,2d,34,45,38,42,2d,41,31,35,36,2d,36,46,30,30,36,45,46,36,37,31,37,32,7d,\

00,00

; Contents of value:

; "NetBT" "Tcpip" "{628E116D-CB0B-4B5F-B158-DE7B64934373}"

; "NetBT" "Tcpip" "{DF76869C-99C0-43D8-93C8-634754A6DB02}" "NetBT" "Tcpip" "{D1CA928B-AC90-4318-9347-62F5F12FDAF8}"

; "NetBT" "Tcpip" "{D1CA928B-AC90-4318-9347-62F5F12FDAF8}" "NetBT" "Tcpip" "{771D948E-AB89-42F9-92DA-567C7FF16A21}" "NetBT" "Tcpip" "NdisWanIp"

; "NetBT" "Tcpip" "{771D948E-AB89-42F9-92DA-567C7FF16A21}" "NetBT" "Tcpip" "NdisWanIp"

; "NetBT" "Tcpip" "NdisWanIp"

;

"Route"=hex(7):22,4e,65,74,42,54,22,20,22,54,63,70,69,70,22,20,22,7b,36,32,38,\

45,31,31,36,44,2d,43,42,30,42,2d,34,42,35,46,2d,42,31,35,38,2d,44,45,37,42,\

36,34,39,33,34,33,37,33,7d,22,00,22,4e,65,74,42,54,22,20,22,54,63,70,69,70,\

22,20,22,7b,44,46,37,36,38,36,39,43,2d,39,39,43,30,2d,34,33,44,38,2d,39,33,\

43,38,2d,36,33,34,37,35,34,41,36,44,42,30,32,7d,22,00,22,4e,65,74,42,54,22,\

20,22,54,63,70,69,70,22,20,22,7b,44,31,43,41,39,32,38,42,2d,41,43,39,30,2d,\

34,33,31,38,2d,39,33,34,37,2d,36,32,46,35,46,31,32,46,44,41,46,38,7d,22,00,\

22,4e,65,74,42,54,22,20,22,54,63,70,69,70,22,20,22,7b,37,37,31,44,39,34,38,\

45,2d,41,42,38,39,2d,34,32,46,39,2d,39,32,44,41,2d,35,36,37,43,37,46,46,31,\

36,41,32,31,7d,22,00,22,4e,65,74,42,54,22,20,22,54,63,70,69,70,22,20,22,4e,\

64,69,73,57,61,6e,49,70,22,00,00

; Contents of value:

; \Device\NetBIOS_NetBT_Tcpip_{628E116D-CB0B-4B5F-B158-DE7B64934373}

; \Device\NetBIOS_NetBT_Tcpip_{DF76869C-99C0-43D8-93C8-634754A6DB02} \Device\NetBIOS_NetBT_Tcpip_{D1CA928B-AC90-4318-9347-62F5F12FDAF8}

; \Device\NetBIOS_NetBT_Tcpip_{D1CA928B-AC90-4318-9347-62F5F12FDAF8} \Device\NetBIOS_NetBT_Tcpip_{771D948E-AB89-42F9-92DA-567C7FF16A21} \Device\NetBIOS_NetBT_Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4}

; \Device\NetBIOS_NetBT_Tcpip_{771D948E-AB89-42F9-92DA-567C7FF16A21} \Device\NetBIOS_NetBT_Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4} \Device\NetBIOS_NetBT_Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\NetBIOS_NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317}

; \Device\NetBIOS_NetBT_Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4} \Device\NetBIOS_NetBT_Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\NetBIOS_NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\NetBIOS_NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\NetBIOS_NetBT_Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\NetBIOS_NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\NetBIOS_NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\NetBIOS_NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\NetBIOS_NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\NetBIOS_NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

;

"Export"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,42,54,\

5f,54,63,70,69,70,5f,7b,36,32,38,45,31,31,36,44,2d,43,42,30,42,2d,34,42,35,\

46,2d,42,31,35,38,2d,44,45,37,42,36,34,39,33,34,33,37,33,7d,00,5c,44,65,76,\

69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,\

44,46,37,36,38,36,39,43,2d,39,39,43,30,2d,34,33,44,38,2d,39,33,43,38,2d,36,\

33,34,37,35,34,41,36,44,42,30,32,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,\

49,4f,53,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,44,31,43,41,39,32,38,42,\

2d,41,43,39,30,2d,34,33,31,38,2d,39,33,34,37,2d,36,32,46,35,46,31,32,46,44,\

41,46,38,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,42,\

54,5f,54,63,70,69,70,5f,7b,37,37,31,44,39,34,38,45,2d,41,42,38,39,2d,34,32,\

46,39,2d,39,32,44,41,2d,35,36,37,43,37,46,46,31,36,41,32,31,7d,00,5c,44,65,\

76,69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,\

7b,34,37,31,38,35,35,38,39,2d,34,46,31,45,2d,34,41,42,36,2d,41,31,36,45,2d,\

35,38,42,37,36,44,43,35,30,30,42,34,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,\

42,49,4f,53,5f,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,34,31,39,45,34,46,43,\

37,2d,38,44,36,32,2d,34,46,30,43,2d,39,31,32,32,2d,43,39,39,32,30,30,38,44,\

35,43,35,34,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,\

42,54,5f,54,63,70,69,70,5f,7b,37,35,32,42,33,34,41,34,2d,30,38,41,41,2d,34,\

30,31,46,2d,41,35,38,31,2d,39,35,45,43,43,32,36,36,36,33,31,37,7d,00,5c,44,\

65,76,69,63,65,5c,4e,65,74,42,49,4f,53,5f,4e,65,74,42,54,5f,54,63,70,69,70,\

5f,7b,35,45,36,39,39,38,37,42,2d,30,46,37,35,2d,34,45,38,42,2d,41,31,35,36,\

2d,36,46,30,30,36,45,46,36,37,31,37,32,7d,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Linkage]

; Contents of value:

; \Device\Tcpip_{628E116D-CB0B-4B5F-B158-DE7B64934373}

; \Device\Tcpip_{DF76869C-99C0-43D8-93C8-634754A6DB02} \Device\Tcpip_{D1CA928B-AC90-4318-9347-62F5F12FDAF8}

; \Device\Tcpip_{D1CA928B-AC90-4318-9347-62F5F12FDAF8} \Device\Tcpip_{771D948E-AB89-42F9-92DA-567C7FF16A21} \Device\Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4}

; \Device\Tcpip_{771D948E-AB89-42F9-92DA-567C7FF16A21} \Device\Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4} \Device\Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317}

; \Device\Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4} \Device\Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

;

"Bind"=hex(7):5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,36,32,38,45,31,31,\

36,44,2d,43,42,30,42,2d,34,42,35,46,2d,42,31,35,38,2d,44,45,37,42,36,34,39,\

33,34,33,37,33,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,44,46,37,\

36,38,36,39,43,2d,39,39,43,30,2d,34,33,44,38,2d,39,33,43,38,2d,36,33,34,37,\

35,34,41,36,44,42,30,32,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,\

44,31,43,41,39,32,38,42,2d,41,43,39,30,2d,34,33,31,38,2d,39,33,34,37,2d,36,\

32,46,35,46,31,32,46,44,41,46,38,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,\

70,5f,7b,37,37,31,44,39,34,38,45,2d,41,42,38,39,2d,34,32,46,39,2d,39,32,44,\

41,2d,35,36,37,43,37,46,46,31,36,41,32,31,7d,00,5c,44,65,76,69,63,65,5c,54,\

63,70,69,70,5f,7b,34,37,31,38,35,35,38,39,2d,34,46,31,45,2d,34,41,42,36,2d,\

41,31,36,45,2d,35,38,42,37,36,44,43,35,30,30,42,34,7d,00,5c,44,65,76,69,63,\

65,5c,54,63,70,69,70,5f,7b,34,31,39,45,34,46,43,37,2d,38,44,36,32,2d,34,46,\

30,43,2d,39,31,32,32,2d,43,39,39,32,30,30,38,44,35,43,35,34,7d,00,5c,44,65,\

76,69,63,65,5c,54,63,70,69,70,5f,7b,37,35,32,42,33,34,41,34,2d,30,38,41,41,\

2d,34,30,31,46,2d,41,35,38,31,2d,39,35,45,43,43,32,36,36,36,33,31,37,7d,00,\

5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,35,45,36,39,39,38,37,42,2d,30,\

46,37,35,2d,34,45,38,42,2d,41,31,35,36,2d,36,46,30,30,36,45,46,36,37,31,37,\

32,7d,00,00

; Contents of value:

; "Tcpip" "{628E116D-CB0B-4B5F-B158-DE7B64934373}"

; "Tcpip" "{DF76869C-99C0-43D8-93C8-634754A6DB02}" "Tcpip" "{D1CA928B-AC90-4318-9347-62F5F12FDAF8}"

; "Tcpip" "{D1CA928B-AC90-4318-9347-62F5F12FDAF8}" "Tcpip" "{771D948E-AB89-42F9-92DA-567C7FF16A21}" "Tcpip" "NdisWanIp"

; "Tcpip" "{771D948E-AB89-42F9-92DA-567C7FF16A21}" "Tcpip" "NdisWanIp"

; "Tcpip" "NdisWanIp"

;

"Route"=hex(7):22,54,63,70,69,70,22,20,22,7b,36,32,38,45,31,31,36,44,2d,43,42,\

30,42,2d,34,42,35,46,2d,42,31,35,38,2d,44,45,37,42,36,34,39,33,34,33,37,33,\

7d,22,00,22,54,63,70,69,70,22,20,22,7b,44,46,37,36,38,36,39,43,2d,39,39,43,\

30,2d,34,33,44,38,2d,39,33,43,38,2d,36,33,34,37,35,34,41,36,44,42,30,32,7d,\

22,00,22,54,63,70,69,70,22,20,22,7b,44,31,43,41,39,32,38,42,2d,41,43,39,30,\

2d,34,33,31,38,2d,39,33,34,37,2d,36,32,46,35,46,31,32,46,44,41,46,38,7d,22,\

00,22,54,63,70,69,70,22,20,22,7b,37,37,31,44,39,34,38,45,2d,41,42,38,39,2d,\

34,32,46,39,2d,39,32,44,41,2d,35,36,37,43,37,46,46,31,36,41,32,31,7d,22,00,\

22,54,63,70,69,70,22,20,22,4e,64,69,73,57,61,6e,49,70,22,00,00

; Contents of value:

; \Device\NetBT_Tcpip_{628E116D-CB0B-4B5F-B158-DE7B64934373}

; \Device\NetBT_Tcpip_{DF76869C-99C0-43D8-93C8-634754A6DB02} \Device\NetBT_Tcpip_{D1CA928B-AC90-4318-9347-62F5F12FDAF8}

; \Device\NetBT_Tcpip_{D1CA928B-AC90-4318-9347-62F5F12FDAF8} \Device\NetBT_Tcpip_{771D948E-AB89-42F9-92DA-567C7FF16A21} \Device\NetBT_Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4}

; \Device\NetBT_Tcpip_{771D948E-AB89-42F9-92DA-567C7FF16A21} \Device\NetBT_Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4} \Device\NetBT_Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317}

; \Device\NetBT_Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4} \Device\NetBT_Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\NetBT_Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\NetBT_Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\NetBT_Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

;

"Export"=hex(7):5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,\

36,32,38,45,31,31,36,44,2d,43,42,30,42,2d,34,42,35,46,2d,42,31,35,38,2d,44,\

45,37,42,36,34,39,33,34,33,37,33,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,\

54,5f,54,63,70,69,70,5f,7b,44,46,37,36,38,36,39,43,2d,39,39,43,30,2d,34,33,\

44,38,2d,39,33,43,38,2d,36,33,34,37,35,34,41,36,44,42,30,32,7d,00,5c,44,65,\

76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,44,31,43,41,39,32,38,\

42,2d,41,43,39,30,2d,34,33,31,38,2d,39,33,34,37,2d,36,32,46,35,46,31,32,46,\

44,41,46,38,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,\

5f,7b,37,37,31,44,39,34,38,45,2d,41,42,38,39,2d,34,32,46,39,2d,39,32,44,41,\

2d,35,36,37,43,37,46,46,31,36,41,32,31,7d,00,5c,44,65,76,69,63,65,5c,4e,65,\

74,42,54,5f,54,63,70,69,70,5f,7b,34,37,31,38,35,35,38,39,2d,34,46,31,45,2d,\

34,41,42,36,2d,41,31,36,45,2d,35,38,42,37,36,44,43,35,30,30,42,34,7d,00,5c,\

44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,34,31,39,45,34,\

46,43,37,2d,38,44,36,32,2d,34,46,30,43,2d,39,31,32,32,2d,43,39,39,32,30,30,\

38,44,35,43,35,34,7d,00,5c,44,65,76,69,63,65,5c,4e,65,74,42,54,5f,54,63,70,\

69,70,5f,7b,37,35,32,42,33,34,41,34,2d,30,38,41,41,2d,34,30,31,46,2d,41,35,\

38,31,2d,39,35,45,43,43,32,36,36,36,33,31,37,7d,00,5c,44,65,76,69,63,65,5c,\

4e,65,74,42,54,5f,54,63,70,69,70,5f,7b,35,45,36,39,39,38,37,42,2d,30,46,37,\

35,2d,34,45,38,42,2d,41,31,35,36,2d,36,46,30,30,36,45,46,36,37,31,37,32,7d,\

00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{628E116D-CB0B-4B5F-B158-DE7B64934373}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{771D948E-AB89-42F9-92DA-567C7FF16A21}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{DF76869C-99C0-43D8-93C8-634754A6DB02}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched\Parameters\Adapters\{771D948E-AB89-42F9-92DA-567C7FF16A21}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasPppoe\Linkage]

; Contents of value:

; \Device\{628E116D-CB0B-4B5F-B158-DE7B64934373}

; \Device\{DF76869C-99C0-43D8-93C8-634754A6DB02} \Device\{771D948E-AB89-42F9-92DA-567C7FF16A21}

; \Device\{771D948E-AB89-42F9-92DA-567C7FF16A21}

;

"Bind"=hex(7):5c,44,65,76,69,63,65,5c,7b,36,32,38,45,31,31,36,44,2d,43,42,30,\

42,2d,34,42,35,46,2d,42,31,35,38,2d,44,45,37,42,36,34,39,33,34,33,37,33,7d,\

00,5c,44,65,76,69,63,65,5c,7b,44,46,37,36,38,36,39,43,2d,39,39,43,30,2d,34,\

33,44,38,2d,39,33,43,38,2d,36,33,34,37,35,34,41,36,44,42,30,32,7d,00,5c,44,\

65,76,69,63,65,5c,7b,37,37,31,44,39,34,38,45,2d,41,42,38,39,2d,34,32,46,39,\

2d,39,32,44,41,2d,35,36,37,43,37,46,46,31,36,41,32,31,7d,00,00

; Contents of value:

; "{628E116D-CB0B-4B5F-B158-DE7B64934373}"

; "{DF76869C-99C0-43D8-93C8-634754A6DB02}" "{771D948E-AB89-42F9-92DA-567C7FF16A21}"

; "{771D948E-AB89-42F9-92DA-567C7FF16A21}"

;

"Route"=hex(7):22,7b,36,32,38,45,31,31,36,44,2d,43,42,30,42,2d,34,42,35,46,2d,\

42,31,35,38,2d,44,45,37,42,36,34,39,33,34,33,37,33,7d,22,00,22,7b,44,46,37,\

36,38,36,39,43,2d,39,39,43,30,2d,34,33,44,38,2d,39,33,43,38,2d,36,33,34,37,\

35,34,41,36,44,42,30,32,7d,22,00,22,7b,37,37,31,44,39,34,38,45,2d,41,42,38,\

39,2d,34,32,46,39,2d,39,32,44,41,2d,35,36,37,43,37,46,46,31,36,41,32,31,7d,\

22,00,00

; Contents of value:

; \Device\RasPppoe_{628E116D-CB0B-4B5F-B158-DE7B64934373}

; \Device\RasPppoe_{DF76869C-99C0-43D8-93C8-634754A6DB02} \Device\RasPppoe_{771D948E-AB89-42F9-92DA-567C7FF16A21}

; \Device\RasPppoe_{771D948E-AB89-42F9-92DA-567C7FF16A21}

;

"Export"=hex(7):5c,44,65,76,69,63,65,5c,52,61,73,50,70,70,6f,65,5f,7b,36,32,38,\

45,31,31,36,44,2d,43,42,30,42,2d,34,42,35,46,2d,42,31,35,38,2d,44,45,37,42,\

36,34,39,33,34,33,37,33,7d,00,5c,44,65,76,69,63,65,5c,52,61,73,50,70,70,6f,\

65,5f,7b,44,46,37,36,38,36,39,43,2d,39,39,43,30,2d,34,33,44,38,2d,39,33,43,\

38,2d,36,33,34,37,35,34,41,36,44,42,30,32,7d,00,5c,44,65,76,69,63,65,5c,52,\

61,73,50,70,70,6f,65,5f,7b,37,37,31,44,39,34,38,45,2d,41,42,38,39,2d,34,32,\

46,39,2d,39,32,44,41,2d,35,36,37,43,37,46,46,31,36,41,32,31,7d,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Interfaces\2]

"InterfaceName"="{771D948E-AB89-42F9-92DA-567C7FF16A21}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Linkage]

; Contents of value:

; \Device\{628E116D-CB0B-4B5F-B158-DE7B64934373}

; \Device\{DF76869C-99C0-43D8-93C8-634754A6DB02} \Device\{D1CA928B-AC90-4318-9347-62F5F12FDAF8}

; \Device\{D1CA928B-AC90-4318-9347-62F5F12FDAF8} \Device\{771D948E-AB89-42F9-92DA-567C7FF16A21} \Device\NdisWanIp

; \Device\{771D948E-AB89-42F9-92DA-567C7FF16A21} \Device\NdisWanIp

; \Device\NdisWanIp

;

"Bind"=hex(7):5c,44,65,76,69,63,65,5c,7b,36,32,38,45,31,31,36,44,2d,43,42,30,\

42,2d,34,42,35,46,2d,42,31,35,38,2d,44,45,37,42,36,34,39,33,34,33,37,33,7d,\

00,5c,44,65,76,69,63,65,5c,7b,44,46,37,36,38,36,39,43,2d,39,39,43,30,2d,34,\

33,44,38,2d,39,33,43,38,2d,36,33,34,37,35,34,41,36,44,42,30,32,7d,00,5c,44,\

65,76,69,63,65,5c,7b,44,31,43,41,39,32,38,42,2d,41,43,39,30,2d,34,33,31,38,\

2d,39,33,34,37,2d,36,32,46,35,46,31,32,46,44,41,46,38,7d,00,5c,44,65,76,69,\

63,65,5c,7b,37,37,31,44,39,34,38,45,2d,41,42,38,39,2d,34,32,46,39,2d,39,32,\

44,41,2d,35,36,37,43,37,46,46,31,36,41,32,31,7d,00,5c,44,65,76,69,63,65,5c,\

4e,64,69,73,57,61,6e,49,70,00,00

; Contents of value:

; "{628E116D-CB0B-4B5F-B158-DE7B64934373}"

; "{DF76869C-99C0-43D8-93C8-634754A6DB02}" "{D1CA928B-AC90-4318-9347-62F5F12FDAF8}"

; "{D1CA928B-AC90-4318-9347-62F5F12FDAF8}" "{771D948E-AB89-42F9-92DA-567C7FF16A21}" "NdisWanIp"

; "{771D948E-AB89-42F9-92DA-567C7FF16A21}" "NdisWanIp"

; "NdisWanIp"

;

"Route"=hex(7):22,7b,36,32,38,45,31,31,36,44,2d,43,42,30,42,2d,34,42,35,46,2d,\

42,31,35,38,2d,44,45,37,42,36,34,39,33,34,33,37,33,7d,22,00,22,7b,44,46,37,\

36,38,36,39,43,2d,39,39,43,30,2d,34,33,44,38,2d,39,33,43,38,2d,36,33,34,37,\

35,34,41,36,44,42,30,32,7d,22,00,22,7b,44,31,43,41,39,32,38,42,2d,41,43,39,\

30,2d,34,33,31,38,2d,39,33,34,37,2d,36,32,46,35,46,31,32,46,44,41,46,38,7d,\

22,00,22,7b,37,37,31,44,39,34,38,45,2d,41,42,38,39,2d,34,32,46,39,2d,39,32,\

44,41,2d,35,36,37,43,37,46,46,31,36,41,32,31,7d,22,00,22,4e,64,69,73,57,61,\

6e,49,70,22,00,00

; Contents of value:

; \Device\Tcpip_{628E116D-CB0B-4B5F-B158-DE7B64934373}

; \Device\Tcpip_{DF76869C-99C0-43D8-93C8-634754A6DB02} \Device\Tcpip_{D1CA928B-AC90-4318-9347-62F5F12FDAF8}

; \Device\Tcpip_{D1CA928B-AC90-4318-9347-62F5F12FDAF8} \Device\Tcpip_{771D948E-AB89-42F9-92DA-567C7FF16A21} \Device\Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4}

; \Device\Tcpip_{771D948E-AB89-42F9-92DA-567C7FF16A21} \Device\Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4} \Device\Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317}

; \Device\Tcpip_{47185589-4F1E-4AB6-A16E-58B76DC500B4} \Device\Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\Tcpip_{419E4FC7-8D62-4F0C-9122-C992008D5C54} \Device\Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\Tcpip_{752B34A4-08AA-401F-A581-95ECC2666317} \Device\Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

; \Device\Tcpip_{5E69987B-0F75-4E8B-A156-6F006EF67172}

;

"Export"=hex(7):5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,36,32,38,45,31,31,\

36,44,2d,43,42,30,42,2d,34,42,35,46,2d,42,31,35,38,2d,44,45,37,42,36,34,39,\

33,34,33,37,33,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,44,46,37,\

36,38,36,39,43,2d,39,39,43,30,2d,34,33,44,38,2d,39,33,43,38,2d,36,33,34,37,\

35,34,41,36,44,42,30,32,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,\

44,31,43,41,39,32,38,42,2d,41,43,39,30,2d,34,33,31,38,2d,39,33,34,37,2d,36,\

32,46,35,46,31,32,46,44,41,46,38,7d,00,5c,44,65,76,69,63,65,5c,54,63,70,69,\

70,5f,7b,37,37,31,44,39,34,38,45,2d,41,42,38,39,2d,34,32,46,39,2d,39,32,44,\

41,2d,35,36,37,43,37,46,46,31,36,41,32,31,7d,00,5c,44,65,76,69,63,65,5c,54,\

63,70,69,70,5f,7b,34,37,31,38,35,35,38,39,2d,34,46,31,45,2d,34,41,42,36,2d,\

41,31,36,45,2d,35,38,42,37,36,44,43,35,30,30,42,34,7d,00,5c,44,65,76,69,63,\

65,5c,54,63,70,69,70,5f,7b,34,31,39,45,34,46,43,37,2d,38,44,36,32,2d,34,46,\

30,43,2d,39,31,32,32,2d,43,39,39,32,30,30,38,44,35,43,35,34,7d,00,5c,44,65,\

76,69,63,65,5c,54,63,70,69,70,5f,7b,37,35,32,42,33,34,41,34,2d,30,38,41,41,\

2d,34,30,31,46,2d,41,35,38,31,2d,39,35,45,43,43,32,36,36,36,33,31,37,7d,00,\

5c,44,65,76,69,63,65,5c,54,63,70,69,70,5f,7b,35,45,36,39,39,38,37,42,2d,30,\

46,37,35,2d,34,45,38,42,2d,41,31,35,36,2d,36,46,30,30,36,45,46,36,37,31,37,\

32,7d,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{628E116D-CB0B-4B5F-B158-DE7B64934373}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{628E116D-CB0B-4B5F-B158-DE7B64934373}]

; Contents of value:

; Tcpip\Parameters\Interfaces\{628E116D-CB0B-4B5F-B158-DE7B64934373}

;

"IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,\

65,72,66,61,63,65,73,5c,7b,36,32,38,45,31,31,36,44,2d,43,42,30,42,2d,34,42,\

35,46,2d,42,31,35,38,2d,44,45,37,42,36,34,39,33,34,33,37,33,7d,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{771D948E-AB89-42F9-92DA-567C7FF16A21}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{771D948E-AB89-42F9-92DA-567C7FF16A21}]

; Contents of value:

; Tcpip\Parameters\Interfaces\{771D948E-AB89-42F9-92DA-567C7FF16A21}

;

"IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,\

65,72,66,61,63,65,73,5c,7b,37,37,31,44,39,34,38,45,2d,41,42,38,39,2d,34,32,\

46,39,2d,39,32,44,41,2d,35,36,37,43,37,46,46,31,36,41,32,31,7d,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{DF76869C-99C0-43D8-93C8-634754A6DB02}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{DF76869C-99C0-43D8-93C8-634754A6DB02}]

; Contents of value:

; Tcpip\Parameters\Interfaces\{DF76869C-99C0-43D8-93C8-634754A6DB02}

;

"IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,\

65,72,66,61,63,65,73,5c,7b,44,46,37,36,38,36,39,43,2d,39,39,43,30,2d,34,33,\

44,38,2d,39,33,43,38,2d,36,33,34,37,35,34,41,36,44,42,30,32,7d,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{628E116D-CB0B-4B5F-B158-DE7B64934373}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{771D948E-AB89-42F9-92DA-567C7FF16A21}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DF76869C-99C0-43D8-93C8-634754A6DB02}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{628E116D-CB0B-4B5F-B158-DE7B64934373}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{628E116D-CB0B-4B5F-B158-DE7B64934373}\Parameters]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{628E116D-CB0B-4B5F-B158-DE7B64934373}\Parameters\Tcpip]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{771D948E-AB89-42F9-92DA-567C7FF16A21}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{771D948E-AB89-42F9-92DA-567C7FF16A21}\Parameters]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{771D948E-AB89-42F9-92DA-567C7FF16A21}\Parameters\Tcpip]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{DF76869C-99C0-43D8-93C8-634754A6DB02}]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{DF76869C-99C0-43D8-93C8-634754A6DB02}\Parameters]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{DF76869C-99C0-43D8-93C8-634754A6DB02}\Parameters\Tcpip]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0008]

"NetCfgInstanceId"="{771D948E-AB89-42F9-92DA-567C7FF16A21}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0008\Linkage]

; Contents of value:

; {771D948E-AB89-42F9-92DA-567C7FF16A21}

;

"RootDevice"=hex(7):7b,37,37,31,44,39,34,38,45,2d,41,42,38,39,2d,34,32,46,39,\

2d,39,32,44,41,2d,35,36,37,43,37,46,46,31,36,41,32,31,7d,00,00

; Contents of value:

; \Device\{771D948E-AB89-42F9-92DA-567C7FF16A21}

;

"Export"=hex(7):5c,44,65,76,69,63,65,5c,7b,37,37,31,44,39,34,38,45,2d,41,42,38,\

39,2d,34,32,46,39,2d,39,32,44,41,2d,35,36,37,43,37,46,46,31,36,41,32,31,7d,\

00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0009\Linkage]

; Contents of value:

; {0031AA71-D29B-45A6-BB35-DB64F885DB20}

; {771D948E-AB89-42F9-92DA-567C7FF16A21}

;

"RootDevice"=hex(7):7b,30,30,33,31,41,41,37,31,2d,44,32,39,42,2d,34,35,41,36,\

2d,42,42,33,35,2d,44,42,36,34,46,38,38,35,44,42,32,30,7d,00,7b,37,37,31,44,\

39,34,38,45,2d,41,42,38,39,2d,34,32,46,39,2d,39,32,44,41,2d,35,36,37,43,37,\

46,46,31,36,41,32,31,7d,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012]

"NetCfgInstanceId"="{DF76869C-99C0-43D8-93C8-634754A6DB02}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Linkage]

; Contents of value:

; {DF76869C-99C0-43D8-93C8-634754A6DB02}

;

"RootDevice"=hex(7):7b,44,46,37,36,38,36,39,43,2d,39,39,43,30,2d,34,33,44,38,\

2d,39,33,43,38,2d,36,33,34,37,35,34,41,36,44,42,30,32,7d,00,00

; Contents of value:

; \Device\{DF76869C-99C0-43D8-93C8-634754A6DB02}

;

"Export"=hex(7):5c,44,65,76,69,63,65,5c,7b,44,46,37,36,38,36,39,43,2d,39,39,43,\

30,2d,34,33,44,38,2d,39,33,43,38,2d,36,33,34,37,35,34,41,36,44,42,30,32,7d,\

00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]

"NetCfgInstanceId"="{628E116D-CB0B-4B5F-B158-DE7B64934373}"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\Linkage]

; Contents of value:

; {628E116D-CB0B-4B5F-B158-DE7B64934373}

;

"RootDevice"=hex(7):7b,36,32,38,45,31,31,36,44,2d,43,42,30,42,2d,34,42,35,46,\

2d,42,31,35,38,2d,44,45,37,42,36,34,39,33,34,33,37,33,7d,00,00

; Contents o

[Thanos]

salut tripack1

 

Par acquit de conscience j'ai recommencé les vérifications des options de ma connexion et mis les serveur DNS préféré, serveur DNS auxiliaire en automatique et relancé le PC. J'avais bien trouvé les adresses présentes dans les lignes 017 de mon rapport hijackthis dans les champs DNS. Maintenant elles n'ysont plus!

Ok merci pour ce rapport: peux tu poster un nouveau rapport hijackthis à présent , ainsi que le rapport de scan fait ici ?=>

 

-Faire un scan en ligne ici et coller le rapport.

Panda si tu n'y arrive pas : tutorial

 

@+