Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan-dropper.win32.agent.dgo


  • This topic is locked This topic is locked
36 replies to this topic

#1 dawn4eleven

dawn4eleven

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 17 January 2008 - 04:43 PM

Well I've had this problem for 4 days now, since my last post:
The main problems are

1. When I activate Kaspersky now, it keeps detecting viruses or malawares asking me to remove: MSN messenger, Spybot, Adaware, and other win32 reports.
2. I get alot of pop ups, up till 63 pop ups every time I open the Internet Explorer window ( so imagine how annoying that is closing them 1 by 1).
3. I close Kaspersky everytime I start my pc now, because it'll go scan and detect errors and keeps on restarting on and on.
4. I try not to go on Internet Explorer now! But the errors have effected some other programs on my pc from working properly ( Adobe for example: I can't save any creations anymore, Windows updater doesn't open neither : file is missing)

So hopefully I'll get some instructions around here to free me from a possible crash ( I really hope my pc doesn't crash, I got too much creations I'm going to loose :thumbsup: )

I did all the steps in the Guide except the one of Windows update, cause like I said in 4. the file is missing, here's my HIJACKTHIS LOG:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:28:56, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe"
O4 - HKLM\..\Run: [a06d0853] rundll32.exe "C:\WINDOWS\system32\qpbdfihw.dll",b
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares .exe" -h
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3ebc6772dae54fd09dc9c2e282d60621
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3ebc6772dae54fd09dc9c2e282d60621
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/...erInstaller.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 5800 bytes

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:15 AM

Posted 23 January 2008 - 03:20 PM

Hello dawn4eleven and welcome to the BC HijackThis forum. Let's get a little more information.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - Desktop Components
      Reg - Session Manager Settings
      Reg - Software Policy Settings
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 dawn4eleven

dawn4eleven
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 23 January 2008 - 05:54 PM

Firstly thanks for the help and time you take to solve my problems :thumbsup:

Here's the log: Split up





WinPFind35 logfile created on: 24/01/2008 19:07:08
WinPFind35U Version Beta34 Folder = C:\Documents and Settings\KASMO\Bureau\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)

447,48 Mb Total Physical Memory | 194,83 Mb Available Physical Memory | 43,54% Memory free
1,03 Gb Paging File | 0,62 Gb Available in Paging File | 60,44% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 43,11 Gb Total Space | 25,54 Gb Free Space | 59,25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: KASMO
Current User Name: KASMO
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
stylexpservice.exe -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPService.exe -> [Ver = 0, 20, 0, 3000 | Size = 372736 bytes | Modified Date = 24/05/2006 15:31:06 | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 16/01/2008 11:04:51 | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 31/10/2007 14:09:16 | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 12:42:38 | Attr = ]
bieksylq.exe -> %System32%\bieksylq.exe -> [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 21/01/2008 23:21:56 | Attr = ]
vttimer.exe -> %System32%\VTTimer.exe -> S3 Graphics, Inc. [Ver = 1.04.06-1020 | Size = 53248 bytes | Modified Date = 01/04/2006 02:33:16 | Attr = R ]
agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 29/06/2004 09:06:38 | Attr = ]
richvideo.exe -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 07/08/2005 09:54:00 | Attr = ]
windows -> %System32%\windows -> [Ver = | Size = 7168 bytes | Modified Date = 24/01/2008 15:14:47 | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307200 bytes | Modified Date = 23/01/2008 12:59:16 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 16/01/2008 11:04:51 | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 31/10/2007 14:09:16 | Attr = ]
(avp ) avp [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 576000 bytes | Modified Date = 24/01/2008 11:26:55 | Attr = ]
(avp ) avp [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 227856 bytes | Modified Date = 24/01/2008 11:15:39 | Attr = ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 12:42:38 | Attr = ]
(dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 05/08/2004 09:00:00 | Attr = ]
(DomainService) DomainService [Win32_Own | Auto | Running] -> %System32%\bieksylq.exe -> [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 21/01/2008 23:21:56 | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 27/10/2007 22:01:01 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 27/10/2007 17:18:25 | Attr = ]
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 7, 3, 1 | Size = 774144 bytes | Modified Date = 05/01/2007 13:41:10 | Attr = ]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 5, 13, 0 | Size = 262144 bytes | Modified Date = 23/12/2006 17:54:04 | Attr = ]
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 07/08/2005 09:54:00 | Attr = ]
(StyleXPService) StyleXPService [Win32_Own | Auto | Running] -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPService.exe -> [Ver = 0, 20, 0, 3000 | Size = 372736 bytes | Modified Date = 24/05/2006 15:31:06 | Attr = ]
(MSControlService) Microsoft cache control [Win32_Own | On_Demand | Running] -> %System32%\windows -> [Ver = | Size = 7168 bytes | Modified Date = 24/01/2008 15:14:47 | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:07:15 | Size = 1268204 bytes | Modified Date = 29/06/2004 09:07:18 | Attr = ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800256 bytes | Modified Date = 05/08/2004 09:00:00 | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 154496 bytes | Modified Date = 05/08/2004 09:00:00 | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 05/08/2004 09:00:00 | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(FETNDIS) Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet [Kernel | On_Demand | Running] -> %System32%\drivers\fetnd5.sys -> VIA Technologies, Inc. [Ver = 2.66 | Size = 27165 bytes | Modified Date = 17/08/2001 17:13:08 | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found
(kl1) kl1 [Kernel | Boot | Running] -> %System32%\drivers\kl1.sys -> Kaspersky Lab [Ver = 6.1.26.0 | Size = 110096 bytes | Modified Date = 31/10/2007 13:41:16 | Attr = ]
(klif) klif [Kernel | System | Running] -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.375 | Size = 194832 bytes | Modified Date = 19/12/2007 14:49:38 | Attr = ]
(klim5) Kaspersky Anti-Virus NDIS Filter [Kernel | On_Demand | Running] -> %System32%\drivers\klim5.sys -> Kaspersky Lab [Ver = 6.1.26.0 | Size = 24592 bytes | Modified Date = 13/12/2007 13:28:40 | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PCIIde) PCIIde [Kernel | Disabled | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(Ptilink) Pilote de liaison parallèle directe [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 05/08/2004 09:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 11/12/2007 16:46:00 | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 07:25:54 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(SoC PC-Camera Service) SoC PC-Camera [Kernel | On_Demand | Running] -> %System32%\drivers\PFC027.sys -> [Ver = 0.0.1.8 | Size = 123276 bytes | Modified Date = 08/12/2003 17:33:20 | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(StyleXPHelper) StyleXPHelper [Kernel | System | Running] -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPHelper.exe -> Windows ® 2000 DDK provider [Ver = 5.1.2600.1106 built by: WinDDK | Size = 10880 bytes | Modified Date = 31/10/2005 18:44:39 | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(viagfx) viagfx [Kernel | On_Demand | Running] -> %System32%\drivers\vtmini.sys -> Copyright © VIA/S3 Graphics Co, Ltd. [Ver = 6.14.10.0210-16.94.42.14 | Size = 172416 bytes | Modified Date = 01/04/2006 02:33:34 | Attr = R ]
(VIAudio) Vinyl AC'97 Audio Controller (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\vinyl97.sys -> VIA Technologies, Inc. [Ver = 6.14.01.4080 built by: WinDDK | Size = 163712 bytes | Modified Date = 01/04/2006 02:33:32 | Attr = R ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
a06d0853 -> %System32%\oovvrphx.dll -> [Ver = | Size = 89664 bytes | Modified Date = 23/01/2008 22:23:28 | Attr = ]
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 29/06/2004 09:06:38 | Attr = ]
AVP -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 227856 bytes | Modified Date = 24/01/2008 11:15:39 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask .exe -> File not found
VTTimer -> %System32%\VTTimer.exe -> S3 Graphics, Inc. [Ver = 1.04.06-1020 | Size = 53248 bytes | Modified Date = 01/04/2006 02:33:16 | Attr = R ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ares -> %ProgramFiles%\Ares\Ares .exe -> File not found
DLD.EXE -> %ProgramFiles%\Download Direct\DLD.exe -> File not found
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage ->
%AllUsersStartup%\Photags AutoDetect.lnk -> %ProgramFiles%\PhoTags Express\Photags AutoDetect.exe -> [Ver = 1, 0, 0, 1 | Size = 364544 bytes | Modified Date = 01/03/2005 05:17:55 | Attr = ]
< KASMO Startup Folder > -> C:\Documents and Settings\KASMO\Menu Démarrer\Programmes\Démarrage ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 84496 bytes | Modified Date = 18/12/2007 00:44:42 | Attr = ]
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{FC1B64D9-3499-4791-82D5-AABAC3FAEA45} [HKEY_LOCAL_MACHINE] -> %System32%\tuvuvts.dll [] -> [Ver = | Size = 39424 bytes | Modified Date = 14/01/2008 20:46:21 | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
klogon -> %System32%\klogon.dll -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 219664 bytes | Modified Date = 18/12/2007 00:44:54 | Attr = ]
otfutbbn -> %System32%\otfutbbn.dll -> [Ver = | Size = 163904 bytes | Modified Date = 18/01/2008 00:26:16 | Attr = ]
tuvuvts -> %System32%\tuvuvts.dll -> [Ver = | Size = 39424 bytes | Modified Date = 14/01/2008 20:46:21 | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
< HOSTS File > (790 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msn.com/?wl=true ->
HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[msn] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 23:08:42 | Attr = ]
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.0.336 | Size = 296312 bytes | Modified Date = 27/10/2007 23:29:52 | Attr = ]
{31244462-A1FD-49DF-BA90-8194335B2408} [HKEY_LOCAL_MACHINE] -> %System32%\awvvw.dll [Reg Error: Value does not exist or could not be read.] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 16:46:14 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:33 | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{82230f5d-1d3e-47fe-8ec0-42150235aed2} [HKEY_LOCAL_MACHINE] -> %System32%\vbudmqdt.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 76352 bytes | Modified Date = 23/01/2008 22:20:26 | Attr = ]
{A95B2816-1D7E-4561-A202-68C0DE02353A} [HKEY_LOCAL_MACHINE] -> %System32%\otfutbbn.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 163904 bytes | Modified Date = 18/01/2008 00:26:16 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 27/10/2007 17:18:24 | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 29/10/2007 17:14:17 | Attr = ]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [Windows Live Toolbar Helper] -> File not found
{F5813FBB-8741-43DB-94BA-311781234F9C} [HKEY_LOCAL_MACHINE] -> %System32%\ssttu.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 334848 bytes | Modified Date = 16/01/2008 12:22:39 | Attr = ]
{FC1B64D9-3499-4791-82D5-AABAC3FAEA45} [HKEY_LOCAL_MACHINE] -> %System32%\tuvuvts.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 39424 bytes | Modified Date = 14/01/2008 20:46:21 | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 27/10/2007 17:18:24 | Attr = R ]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [Windows Live Toolbar] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 27/10/2007 17:18:24 | Attr = R ]
ShellBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [Windows Live Toolbar] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 27/10/2007 17:18:24 | Attr = R ]
WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [Windows Live Toolbar] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:33 | Attr = ]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Web Anti-Virus statistics] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 16:46:14 | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] -> [Web Anti-Virus statistics] -> File not found
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 16:46:14 | Attr = ]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Windows Live Search -> %ProgramFiles%\Windows Live Toolbar\msntb.dll\search.htm -> File not found
Add to Windows &Live Favorites -> http:\favorites.live.com\quickadd.asp -> File not found
E&xport to Microsoft Excel -> -> File not found
Ouvrir dans un nouvel onglet d'arrière-plan -> -> File not found
Ouvrir dans un nouvel onglet de premier plan -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Bibliothèque de contrôles ActiveX Microsoft ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{6428A460-2CDA-4C27-AA49-7F293FA3A862} -> (ADI USB Remote NDIS Network Device) ->
{93BE5773-DC3E-45FB-B499-D4A0A927EEC8} -> (Carte Fast Ethernet compatible VIA) ->
{DF3DBA9E-CEB1-4750-B637-B351FE62231F} -> () ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 28/02/2006 12:42:30 | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab[MSN Photo Upload Tool] ->
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://download.divx.com/webplayer/stage6/...erInstaller.cab[DivXBrowserPlugin Object] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 05/08/2004 09:00:00 | Attr = ]
C:\WINDOWS\system32\ssttu -> %System32%\ssttu.exe -> [Ver = | Size = 338432 bytes | Modified Date = 24/01/2008 18:32:09 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 14:50:31 | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 05/08/2004 09:00:00 | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 11:22:35 | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 05/08/2004 09:00:00 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1260 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 186368 bytes | Modified Date = 05/08/2004 09:00:00 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 119808 bytes | Modified Date = 05/08/2004 09:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http:\www.passport.com [http://www.passport.com] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Pare-feu Windows / Partage de connexion Internet ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 05/08/2004 09:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 2238 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 332800 bytes | Modified Date = 05/08/2004 09:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142336 bytes | Modified Date = 05/08/2004 09:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 24/01/2008 11:27:04 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 02/10/2007 17:18:24 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142336 bytes | Modified Date = 05/08/2004 09:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ares\Ares.exe -> C:\Program Files\Ares\Ares.exe [C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 12:42:38 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\Program Files\Internet Explorer\IEXPLORE.EXE [C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 05/08/2004 09:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Real\RealPlayer\realplay.exe -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer] -> RealNetworks, Inc. [Ver = 11.0.0.183 | Size = 214560 bytes | Modified Date = 27/10/2007 23:29:15 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 08/01/2008 19:04:53 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 18/01/2008 11:24:28 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ares\Ares .exe -> C:\Program Files\Ares\Ares .exe [C:\Program Files\Ares\Ares .exe:*:Enabled:Ares p2p for windows] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\rlvknlg .exe -> C:\WINDOWS\system32\rlvknlg .exe [C:\WINDOWS\system32\rlvknlg .exe:*:Enabled:RelevantKnowledge] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.321\English\setup.exe -> C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.321\English\setup.exe [C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.321\English\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup] -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 72280 bytes | Modified Date = 20/12/2007 16:26:52 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 24/01/2008 11:27:04 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 02/10/2007 17:18:24 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\uobndihj.exe -> C:\WINDOWS\system32\uob ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 18/01/2008 16:19:55 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 19/01/2008 12:34:55 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 20/01/2008 10:16:12 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 20/01/2008 15:15:26 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 22/01/2008 13:14:49 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\bieksylq.exe -> C:\WINDOWS\system32\bie ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 23/01/2008 10:15:08 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 24/01/2008 11:15:34 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 05/08/2004 09:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Mises à jour automatiques ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Active le téléchargement et l'installation des mises à jour Windows. Si ce service est désactivé, cet ordinateur ne pourra pas utiliser la fonctionnalité des mises à jour automatiques ou le site Windows Update. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 05/08/2004 09:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = Ma page d'accueil ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ->
BootExecute -> autocheck autochk *;lsdelete; ->
ExcludeFromKnownDlls -> ->
< Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment ->
ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 400896 bytes | Modified Date = 05/08/2004 09:00:00 | Attr = ]
TEMP -> %SystemRoot%\TEMP ->
TMP -> %SystemRoot%\TEMP ->
windir -> %SystemRoot% ->
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path ->
%SystemRoot%\system32 -> %System32% -> [Folder | Modified Date = 24/01/2008 18:32:09 | Attr = ]
%SystemRoot% -> %SystemRoot% -> [Folder | Modified Date = 24/01/2008 14:42:03 | Attr = ]
%SystemRoot%\System32\Wbem -> %System32%\wbem -> [Folder | Modified Date = 27/10/2007 11:51:19 | Attr = ]
C:\Program Files\QuickTime\QTSystem\ -> %ProgramFiles%\QuickTime\QTSystem -> [Folder | Modified Date = 15/12/2007 19:55:15 | Attr = ]
*MultiFile Done* -> ->
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT ->
.COM -> .COM -> File not found
.EXE -> .EXE -> File not found
.BAT -> .BAT -> File not found
.CMD -> .CMD -> File not found
.VBS -> .VBS -> File not found
.VBE -> .VBE -> File not found
.JS -> .JS -> File not found
.JSE -> .JSE -> File not found
.WSF -> .WSF -> File not found
.WSH -> .WSH -> File not found
*MultiFile Done* -> ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\\tWhiteList -> Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreen|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideToolbarEditing|ShowHideToolbarCommenting|ShowHideToolbarEdit|ShowHideToolbarFile|ShowHideToolbarFind|ShowHideToolbarForms|ShowHideToolbarMeasuring|ShowHideToolbarData|ShowHideToolbarPageDisplay|ShowHideToolbarNavigation|ShowHideToolbarPrintProduction|ShowHideToolbarRedaction|ShowHideToolbarBasicTools|ShowHideToolbarTasks|ShowHideToolbarTypewriter|PropertyToolbar|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForwardDoc|HelpUserGuide|HelpReader ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\\tBuiltInPermList -> version:1|.ade [version:1|.ade:3|.adp:3|.app:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\\tSchemePerms -> version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\DisableServerCheck -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\LegacyPresence -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\CertificatePolicy\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\PortRange\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontSearchWindowsUpdate -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontPromptForWindowsUpdate -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
*ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes ->
ADE -> -> File not found
ADP -> -> File not found
BAS -> -> File not found
BAT -> -> File not found
CHM -> -> File not found
CMD -> %System32%\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 400896 bytes | Modified Date = 05/08/2004 09:00:00 | Attr = ]
COM -> -> File not found
CPL -> -> File not found
CRT -> -> File not found
EXE -> -> File not found
HLP -> -> File not found
HTA -> -> File not found
INF -> -> File not found
INS -> -> File not found
ISP -> -> File not found
LNK -> -> File not found
MDB -> -> File not found
MDE -> -> File not found
MSC -> -> File not found
MSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 18/04/2007 13:14:18 | Attr = ]
MSP -> -> File not found
MST -> -> File not found
OCX -> -> File not found
PCD -> -> File not found
PIF -> -> File not found
REG -> %System32%\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 53248 bytes | Modified Date = 05/08/2004 09:00:00 | Attr = ]
SCR -> -> File not found
SHS -> -> File not found
URL -> %System32%\url.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 37888 bytes | Modified Date = 05/08/2004 09:00:00 | Attr = ]
VB -> -> File not found
WSC -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize ->
̋ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize ->
ȅ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize ->
Ζ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize ->
å -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize ->
Ų -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\Microsoft\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\Microsoft\Conferencing\ -> ->


[Files/Folders - Created Within 30 days]
pos1.tmp -> %SystemDrive%\pos1.tmp -> [Ver = | Size = 7033 bytes | Created Date = 23/01/2008 10:15:02 | Attr = ]
pos10.tmp -> %SystemDrive%\pos10.tmp -> [Ver = | Size = 5033 bytes | Created Date = 18/01/2008 11:24:25 | Attr = ]
pos100.tmp -> %SystemDrive%\pos100.tmp -> [Ver = | Size = 11033 bytes | Created Date = 18/01/2008 00:26:41 | Attr = ]
pos1000.tmp -> %SystemDrive%\pos1000.tmp -> [Ver = | Size = 8033 bytes | Created Date = 20/01/2008 10:16:17 | Attr = ]
pos1001.tmp -> %SystemDrive%\pos1001.tmp -> [Ver = | Size = 12033 bytes | Created Date = 20/01/2008 10:16:17 | Attr = ]
pos1002.tmp -> %SystemDrive%\pos1002.tmp -> [Ver = | Size = 8033 bytes | Created Date = 20/01/2008 10:16:18 | Attr = ]
pos1003.tmp -> %SystemDrive%\pos1003.tmp -> [Ver = | Size = 6033 bytes | Created Date = 20/01/2008 10:16:18 | Attr = ]

Edited by OldTimer, 23 January 2008 - 07:05 PM.


#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:15 AM

Posted 23 January 2008 - 07:07 PM

Hi dawn4eleven. This one is a bad one so let's hit it hard. I took out all of the posts and your post with your file link just to save space. If the next WinPFind35 lo shows all of the .tmp files again then just delete those out before posting and let me know.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page. For each step, save the output logs to a place you can find them later so they can be posted back here at the end. If any of the steps error out and cannot be performed then just go on to the next step. Because the machine is so heavily infected, give each scanner time to run. Even if it doesn't appear to be doing anything it could still be processing. I recently had a similar infection with another user where it took ComboFix a couple of hours to run (even though it did not appear to be doing anything).

Step #1

Please download SDFix by AndyManchesta and save it to your desktop.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Double click SDFix.exe and it will extract the files to %systemdrive%
  • (this is the drive that contains the Windows Directory, typically C:\SDFix).
  • DO NOT use it just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Copy and paste the contents of the results file Report.txt in your next replyalong with a new HijackThis log.
-- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."
Please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press Ok and then run SDFix again.

-- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\FixPath.exe /Q
Reboot and then run SDFix again.

-- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.
%SystemRoot%\system32\cmd.exe


Step #2

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Step #3

Go here Kapersky SOS and follow the directions to download, update, and run a Kapersky SOS scan.

Step #4

Download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Step #5

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> bieksylq.exe -> %System32%\bieksylq.exe
YN -> windows -> %System32%\windows
[Win32 Services - Non-Microsoft Only]
YY -> (DomainService) DomainService [Win32_Own | Auto | Running] -> %System32%\bieksylq.exe
YY -> (MSControlService) Microsoft cache control [Win32_Own | On_Demand | Running] -> %System32%\windows
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> a06d0853 -> %System32%\oovvrphx.dll
YY -> AVP -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
YY -> QuickTime Task -> %ProgramFiles%\QuickTime\qttask .exe
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> ares -> %ProgramFiles%\Ares\Ares .exe
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} [HKEY_LOCAL_MACHINE] -> %System32%\tuvuvts.dll []
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> otfutbbn -> %System32%\otfutbbn.dll
YY -> tuvuvts -> %System32%\tuvuvts.dll
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {31244462-A1FD-49DF-BA90-8194335B2408} [HKEY_LOCAL_MACHINE] -> %System32%\awvvw.dll [Reg Error: Value does not exist or could not be read.]
YY -> {82230f5d-1d3e-47fe-8ec0-42150235aed2} [HKEY_LOCAL_MACHINE] -> %System32%\vbudmqdt.dll [Reg Error: Value does not exist or could not be read.]
YY -> {A95B2816-1D7E-4561-A202-68C0DE02353A} [HKEY_LOCAL_MACHINE] -> %System32%\otfutbbn.dll [Reg Error: Value does not exist or could not be read.]
YY -> {F5813FBB-8741-43DB-94BA-311781234F9C} [HKEY_LOCAL_MACHINE] -> %System32%\ssttu.dll [Reg Error: Value does not exist or could not be read.]
YY -> {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} [HKEY_LOCAL_MACHINE] -> %System32%\tuvuvts.dll [Reg Error: Value does not exist or could not be read.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\ssttu -> %System32%\ssttu.exe
< BotCheck > -> 
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ares\Ares.exe -> C:\Program Files\Ares\Ares.exe [C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ares\Ares .exe -> C:\Program Files\Ares\Ares .exe [C:\Program Files\Ares\Ares .exe:*:Enabled:Ares p2p for windows]
YY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\rlvknlg .exe -> C:\WINDOWS\system32\rlvknlg .exe [C:\WINDOWS\system32\rlvknlg .exe:*:Enabled:RelevantKnowledge]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\uobndihj.exe -> C:\WINDOWS\system32\uob
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\bieksylq.exe -> C:\WINDOWS\system32\bie
[Extra Files]
c:\*.tmp
%User Profile%\My Documents\*.tmp
[Empty Temp Folders]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind35u scan.

Step #6

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Step #7

Post all the logs back here:
SDFix
VundoFix
ComboFix
WinPFind35u Fix
New WinPFind35u scan

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:15 AM

Posted 23 January 2008 - 11:04 PM

Hi dawn4eleven. Before you run the new WinPFind35 scan delete your current version (the file you downloaded and the folder it created) and download teh latest version. I just updated it to simply tally all of the pos###.tmp files instead of listing them all out. That was a nightmare lol. Here's the link again:

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.


Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 dawn4eleven

dawn4eleven
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 24 January 2008 - 02:16 PM

Hey OT there is something up with the combofix, I've let it run and scan, In the beginning it was fine until it had to delete all the pos.tmp files it took more than 6 hours even though I've already deleted those files manually. So I stopped it because it was very late in the morning and I don't want to leave my pc on without knowing what actually is happening. So is it bad if I skip the combofix?

I've already done the 1st step I'm doing the last ones now, so I'll post them when It'll be finished. Thanks again

#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:15 AM

Posted 24 January 2008 - 03:05 PM

Hi dawn4eleven. Let's delete them with WinPFind35 first and then run ComboFix again.

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Extra Files]
%SystemDrive%\*.tmp
%UserProfile%\My Documents\*.tmp

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

After that, run ComboFix again immediately before they can repopulate and let's see what happens.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 dawn4eleven

dawn4eleven
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 24 January 2008 - 04:57 PM

Finally after several hours I got to finish all the steps except the one of Kaspersky #3, I deleted the program too because it kept sending me those ''reports detected''


SDFix: Version 1.131

Run by Administrateur on 24/01/2008 at 22:16

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\17PHolmes1188.exe - Deleted





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\explorer.exe
No streams found.

C:\WINDOWS\system32
:spoolsv.exe 1097501
Total size: 1097501 bytes.

system32: deleted 1097501 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-24 22:25:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 357


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe"="C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Ares\\Ares .exe"="C:\\Program Files\\Ares\\Ares .exe:*:Enabled:Ares p2p for windows"
"C:\\WINDOWS\\system32\\rlvknlg .exe"="C:\\WINDOWS\\system32\\rlvknlg .exe:*:Enabled:RelevantKnowledge"
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\English\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\English\\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\uobndihj.exe"="C:\\WINDOWS\\system32\\uob"
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe"="C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe"="C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe"="C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe"="C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe"="C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe:*:Enabled:Windows Live Messenger"
"C:\\WINDOWS\\system32\\bieksylq.exe"="C:\\WINDOWS\\system32\\bie"
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe"="C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe"="C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe"="C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe"="C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe"="C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr .Exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 13 Dec 2005 141,312 ..SHR --- "C:\Program Files\PhoTags Express\Setup.exe"
Wed 9 Mar 2005 39,936 A.SHR --- "C:\Program Files\PhoTags Express\_Setupx.dll"
Thu 24 Jan 2008 25,592 ..SH. --- "C:\WINDOWS\system32\otfutbbn.dllbox"
Fri 16 Nov 2007 0 A..H. --- "C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\twâ.tmp"
Fri 16 Nov 2007 0 A..H. --- "C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\twâ£Z.tmp"
Tue 30 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 14 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b04031f0b83ee952189dd8beb4ee929a\BIT2.tmp"

Finished!

#9 dawn4eleven

dawn4eleven
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 24 January 2008 - 04:58 PM

WinPFind35 logfile created on: 2008-01-25 16:25:26WinPFind35U Version Beta36     Folder = C:\Documents and Settings\KASMO\Bureau\WinPFind35uWindows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180) 447.48 Mb Total Physical Memory | 109.32 Mb Available Physical Memory | 24.43% Memory free1.03 Gb Paging File | 0.81 Gb Available in Paging File | 78.36% Paging File freePaging file location(s): C:\pagefile.sys 672 1344; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 43.11 Gb Total Space | 31.08 Gb Free Space | 72.09% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedComputer Name: KASMOCurrent User Name: KASMOLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current user[Processes - Non-Microsoft Only]stylexpservice.exe -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPService.exe ->  [Ver = 0, 20, 0, 3000 | Size = 372736 bytes | Modified Date = 2006-05-24 15:31:06 | Attr =    ]aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-16 11:04:51 | Attr =    ]applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2007-10-31 14:09:16 | Attr =    ]vttimer.exe -> %System32%\VTTimer.exe -> S3 Graphics, Inc. [Ver = 1.04.06-1020 | Size = 53248 bytes | Modified Date = 2006-04-01 02:33:16 | Attr = R  ]agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 2004-06-29 09:06:38 | Attr =    ]photags autodetect.exe -> %ProgramFiles%\PhoTags Express\Photags AutoDetect.exe ->  [Ver = 1, 0, 0, 1 | Size = 364544 bytes | Modified Date = 2005-03-01 05:17:55 | Attr =    ]mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2006-02-28 12:42:38 | Attr =    ]richvideo.exe -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe ->  [Ver = 1.1.0808   | Size = 167936 bytes | Modified Date = 2005-08-07 09:54:00 | Attr =    ]firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 2007-12-02 11:09:19 | Attr =    ]winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 306688 bytes | Modified Date = 2008-01-24 12:47:38 | Attr =    ][Win32 Services - Non-Microsoft Only](aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-16 11:04:51 | Attr =    ](Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2007-10-31 14:09:16 | Attr =    ](avp ) avp  [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 576000 bytes | Modified Date = 2008-01-25 11:07:13 | Attr =    ](avp  ) avp   [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp  .exe -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 227856 bytes | Modified Date = 2008-01-25 16:13:58 | Attr =    ](Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2006-02-28 12:42:38 | Attr =    ](dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =    ](FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 2007-10-27 22:01:01 | Attr =    ](gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2007-10-27 17:18:25 | Attr =    ](MSControlService) Microsoft cache control [Win32_Own | On_Demand | Stopped] -> %System32%\windows ->  [Ver =  | Size = 7168 bytes | Modified Date = 2008-01-25 13:04:33 | Attr =    ](NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 7, 3, 1 | Size = 774144 bytes | Modified Date = 2007-01-05 13:41:10 | Attr =    ](NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 5, 13, 0 | Size = 262144 bytes | Modified Date = 2006-12-23 17:54:04 | Attr =    ](RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe ->  [Ver = 1.1.0808   | Size = 167936 bytes | Modified Date = 2005-08-07 09:54:00 | Attr =    ](StyleXPService) StyleXPService [Win32_Own | Auto | Running] -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPService.exe ->  [Ver = 0, 20, 0, 3000 | Size = 372736 bytes | Modified Date = 2006-05-24 15:31:06 | Attr =    ][Driver Services - Non-Microsoft Only](Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:07:15 | Size = 1268204 bytes | Modified Date = 2004-06-29 09:07:18 | Attr =    ](Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\KASMO\LOCALS~1\Temp\catchme.sys -> File not found(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found(Changer) Changer [Kernel | System | Stopped] ->  -> File not found(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800256 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =    ](dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 154496 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =    ](dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =    ](dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found(FETNDIS) Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet [Kernel | On_Demand | Running] -> %System32%\drivers\fetnd5.sys -> VIA Technologies, Inc.               [Ver = 2.66 | Size = 27165 bytes | Modified Date = 2001-08-17 17:13:08 | Attr =    ](hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found(kl1) kl1 [Kernel | Boot | Running] -> %System32%\drivers\kl1.sys -> Kaspersky Lab [Ver = 6.1.26.0 | Size = 110096 bytes | Modified Date = 2007-10-31 13:41:16 | Attr =    ](klif) klif [Kernel | System | Running] -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.375 | Size = 194832 bytes | Modified Date = 2007-12-19 14:49:38 | Attr =    ](klim5) Kaspersky Anti-Virus NDIS Filter [Kernel | On_Demand | Running] -> %System32%\drivers\klim5.sys -> Kaspersky Lab [Ver = 6.1.26.0 | Size = 24592 bytes | Modified Date = 2007-12-13 13:28:40 | Attr =    ](lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found(PCIIde) PCIIde [Kernel | Disabled | Stopped] ->  -> File not found(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found(Ptilink) Pilote de liaison parallèle directe [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =    ](PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 2007-12-11 16:46:00 | Attr =    ](ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 2007-11-13 07:25:54 | Attr =    ](Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found(SoC PC-Camera Service) SoC PC-Camera [Kernel | On_Demand | Running] -> %System32%\drivers\PFC027.sys ->  [Ver = 0.0.1.8 | Size = 123276 bytes | Modified Date = 2003-12-08 17:33:20 | Attr =    ](Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found(StyleXPHelper) StyleXPHelper [Kernel | System | Running] -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPHelper.exe -> Windows ® 2000 DDK provider [Ver = 5.1.2600.1106 built by: WinDDK | Size = 10880 bytes | Modified Date = 2005-10-31 18:44:39 | Attr =    ](symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found(viagfx) viagfx [Kernel | On_Demand | Running] -> %System32%\drivers\vtmini.sys -> Copyright © VIA/S3 Graphics Co, Ltd. [Ver = 6.14.10.0210-16.94.42.14 | Size = 172416 bytes | Modified Date = 2006-04-01 02:33:34 | Attr = R  ](VIAudio) Vinyl AC'97 Audio Controller (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\vinyl97.sys -> VIA Technologies, Inc. [Ver = 6.14.01.4080 built by: WinDDK | Size = 163712 bytes | Modified Date = 2006-04-01 02:33:32 | Attr = R  ](WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found[Registry - Non-Microsoft Only]< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> a06d0853 -> %System32%\oovvrphx.dll ->  [Ver =  | Size = 89664 bytes | Modified Date = 2008-01-23 22:23:28 | Attr =    ]AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 2004-06-29 09:06:38 | Attr =    ]AVP -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp  .exe -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 227856 bytes | Modified Date = 2008-01-25 16:13:58 | Attr =    ]QuickTime Task -> %ProgramFiles%\QuickTime\qttask        .exe -> File not foundVTTimer -> %System32%\VTTimer.exe -> S3 Graphics, Inc. [Ver = 1.04.06-1020 | Size = 53248 bytes | Modified Date = 2006-04-01 02:33:16 | Attr = R  ]< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ares -> %ProgramFiles%\Ares\Ares        .exe -> File not foundDLD.EXE -> %ProgramFiles%\Download Direct\DLD.exe -> File not foundSpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> File not found< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage -> %AllUsersStartup%\Photags AutoDetect.lnk -> %ProgramFiles%\PhoTags Express\Photags AutoDetect.exe ->  [Ver = 1, 0, 0, 1 | Size = 364544 bytes | Modified Date = 2005-03-01 05:17:55 | Attr =    ]< KASMO Startup Folder > -> C:\Documents and Settings\KASMO\Menu Démarrer\Programmes\Démarrage -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 84496 bytes | Modified Date = 2007-12-18 00:44:42 | Attr =    ]*MultiFile Done* -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} [HKEY_LOCAL_MACHINE] -> %System32%\tuvuvts.dll [] ->  [Ver =  | Size = 39424 bytes | Modified Date = 2008-01-14 20:46:21 | Attr =    ]< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> klogon -> %System32%\klogon.dll -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 219664 bytes | Modified Date = 2007-12-18 00:44:54 | Attr =    ]otfutbbn -> %System32%\otfutbbn.dll ->  [Ver =  | Size = 163904 bytes | Modified Date = 2008-01-18 00:26:16 | Attr =    ]tuvuvts -> %System32%\tuvuvts.dll ->  [Ver =  | Size = 39424 bytes | Modified Date = 2008-01-14 20:46:21 | Attr =    ]< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> [url="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"]http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome[/url] -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> [url="http://www.google.com/ie"]http://www.google.com/ie[/url] -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> [url="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"]http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch[/url] -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> [url="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"]http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home[/url] -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> [url="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"]http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm[/url] -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> [url="http://www.google.com/ie"]http://www.google.com/ie[/url] -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> [url="http://www.google.com/ie"]http://www.google.com/ie[/url] -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> [url="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"]http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch[/url] -> HKEY_CURRENT_USER\: Main\\Start Page -> [url="http://www.msn.com/?wl=true"]http://www.msn.com/?wl=true[/url] -> HKEY_CURRENT_USER\: Search\\CustomizeSearch -> [url="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"]http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm[/url] -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> [url="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"]http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm[/url] -> HKEY_CURRENT_USER\: SearchURL\\ -> [url="http://home.microsoft.com/access/autosearch.asp?p=%s"]http://home.microsoft.com/access/autosearch.asp?p=%s[/url][msn] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> *.local -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone.< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-22 23:08:42 | Attr =    ]{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.0.336 | Size = 296312 bytes | Modified Date = 2007-10-27 23:29:52 | Attr =    ]{31244462-A1FD-49DF-BA90-8194335B2408} [HKEY_LOCAL_MACHINE] -> %System32%\awvvw.dll [Reg Error: Value  does not exist or could not be read.] -> File not found{40DD15C9-FF03-4542-B23B-2F67F3DAF348} [HKEY_LOCAL_MACHINE] -> %System32%\ssttu.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 334848 bytes | Modified Date = 2008-01-16 12:22:39 | Attr =    ]{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 2007-08-31 16:46:14 | Attr =    ]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 2007-09-25 01:11:33 | Attr =    ]{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found{82230f5d-1d3e-47fe-8ec0-42150235aed2} [HKEY_LOCAL_MACHINE] -> %System32%\vbudmqdt.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 76352 bytes | Modified Date = 2008-01-23 22:20:26 | Attr =    ]{A95B2816-1D7E-4561-A202-68C0DE02353A} [HKEY_LOCAL_MACHINE] -> %System32%\otfutbbn.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 163904 bytes | Modified Date = 2008-01-18 00:26:16 | Attr =    ]{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 2007-10-27 17:18:24 | Attr = R  ]{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 2007-10-29 17:14:17 | Attr =    ]{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [Windows Live Toolbar Helper] -> File not found{FC1B64D9-3499-4791-82D5-AABAC3FAEA45} [HKEY_LOCAL_MACHINE] -> %System32%\tuvuvts.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 39424 bytes | Modified Date = 2008-01-14 20:46:21 | Attr =    ]< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 2007-10-27 17:18:24 | Attr = R  ]{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [Windows Live Toolbar] -> File not found< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 2007-10-27 17:18:24 | Attr = R  ]ShellBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [Windows Live Toolbar] -> File not foundWebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 2007-10-27 17:18:24 | Attr = R  ]WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [Windows Live Toolbar] -> File not found< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr =    ]{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 2007-09-25 01:11:33 | Attr =    ]{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}:BandCLSID -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 223760 bytes | Modified Date = 2007-12-18 00:45:00 | Attr =    ]{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 2007-08-31 16:46:14 | Attr =    ]< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr =    ]CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 223760 bytes | Modified Date = 2007-12-18 00:45:00 | Attr =    ]CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not foundCmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 2007-08-31 16:46:14 | Attr =    ]CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Windows Live Search -> %ProgramFiles%\Windows Live Toolbar\msntb.dll -> File not foundAdd to Windows &Live Favorites ->  -> File not foundOuvrir dans un nouvel onglet d'arrière-plan -> %ProgramFiles%\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui -> File not foundOuvrir dans un nouvel onglet de premier plan -> %ProgramFiles%\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui -> File not found< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Bibliothèque de contrôles ActiveX Microsoft -> PluginsPage -> [url="http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s"]http://activex.microsoft.com/controls/find...=%s&mime=%s[/url] -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 ->  -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {6428A460-2CDA-4C27-AA49-7F293FA3A862} ->    (ADI USB Remote NDIS Network Device) -> {93BE5773-DC3E-45FB-B499-D4A0A927EEC8} ->    (Carte Fast Ethernet compatible VIA) -> {DF3DBA9E-CEB1-4750-B637-B351FE62231F} ->    () -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2006-02-28 12:42:30 | Attr =    ]< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not foundmsdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> [url="http://www.apple.com/qtactivex/qtplugin.cab"]http://www.apple.com/qtactivex/qtplugin.cab[/url][QuickTime Object] -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> [url="http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab"]http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab[/url][MSN Photo Upload Tool] -> {67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> [url="http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab"]http://download.divx.com/webplayer/stage6/...erInstaller.cab[/url][DivXBrowserPlugin Object] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url][Java Plug-in 1.6.0_03] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> [url="http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab"]http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[/url][Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url][Java Plug-in 1.6.0_03] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url][Java Plug-in 1.6.0_03] -> [Registry - Additional Scans - Non-Microsoft Only]< BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ ->  -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =    ]C:\WINDOWS\system32\ssttu -> %System32%\ssttu.exe ->  [Ver =  | Size = 338432 bytes | Modified Date = 2008-01-25 16:13:46 | Attr =    ]*MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 2005-06-15 14:50:31 | Attr =    ]msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =    ]schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 2007-04-25 11:22:35 | Attr =    ]wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =    ]*MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1260 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 186368 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =    ]*MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider ->  -> File not found*MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 119808 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> [url="http://www.passport.com"]http://www.passport.com[/url] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Pare-feu Windows / Partage de connexion Internet -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 2284 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 332800 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142336 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-25 11:07:23 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2007-10-02 17:18:24 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142336 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ares\Ares.exe -> C:\Program Files\Ares\Ares.exe [C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows] -> File not foundHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2006-02-28 12:42:38 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\Program Files\Internet Explorer\IEXPLORE.EXE [C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Real\RealPlayer\realplay.exe -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer] -> RealNetworks, Inc. [Ver = 11.0.0.183 | Size = 214560 bytes | Modified Date = 2007-10-27 23:29:15 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> File not foundHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 2008-01-08 19:04:53 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-18 11:24:28 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ares\Ares .exe -> C:\Program Files\Ares\Ares .exe [C:\Program Files\Ares\Ares .exe:*:Enabled:Ares p2p for windows] -> File not foundHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\rlvknlg .exe -> C:\WINDOWS\system32\rlvknlg .exe [C:\WINDOWS\system32\rlvknlg .exe:*:Enabled:RelevantKnowledge] -> File not foundHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.321\English\setup.exe -> C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.321\English\setup.exe [C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.321\English\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup] -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 72280 bytes | Modified Date = 2007-12-20 16:26:52 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-25 11:07:23 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2007-10-02 17:18:24 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\uobndihj.exe -> C:\WINDOWS\system32\uob -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr   .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr   .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr   .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-18 16:19:55 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr     .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr     .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr     .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-19 12:34:55 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr      .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr      .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr      .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-20 10:16:12 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr       .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr       .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr       .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-20 15:15:26 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr          .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr          .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr          .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-22 13:14:49 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\bieksylq.exe -> C:\WINDOWS\system32\bie -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr           .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr           .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr           .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-23 10:15:08 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr            .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr            .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr            .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-24 11:15:34 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr              .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr              .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr              .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-24 21:50:04 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr               .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr               .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr               .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-24 22:07:29 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr                .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr                .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr                .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-24 22:27:14 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr                 .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr                 .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr                 .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-25 09:17:08 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr                    .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr                    .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr                    .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-25 16:13:46 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr                     .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr                     .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr                     .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 2008-01-25 16:14:16 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Mises à jour automatiques -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Active le téléchargement et l'installation des mises à jour Windows. Si ce service est désactivé, cet ordinateur ne pourra pas utiliser la fonctionnalité des mises à jour automatiques ou le site Windows Update. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =    ]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = Ma page d'accueil -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> < Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> BootExecute -> autocheck autochk *;lsdelete; -> ExcludeFromKnownDlls ->  -> < Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment -> ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 400896 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =    ]TEMP -> %SystemRoot%\TEMP -> TMP -> %SystemRoot%\TEMP -> windir -> %SystemRoot% -> *Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> %systemroot%\system32 -> %System32% ->  [Folder | Modified Date = 2008-01-25 16:14:26 | Attr =    ]%systemroot% -> %SystemRoot% ->  [Folder | Modified Date = 2008-01-24 22:36:52 | Attr =    ]%systemroot%\system32\wbem -> %System32%\wbem ->  [Folder | Modified Date = 2007-10-27 11:51:19 | Attr =    ]C:\Program Files\QuickTime\QTSystem" -> %ProgramFiles%\QuickTime\QTSystem" ->  [Folder | Modified Date = 2007-12-15 19:55:15 | Attr =    ]*MultiFile Done* -> -> *PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT -> .COM -> .COM -> File not found.EXE -> .EXE -> File not found.BAT -> .BAT -> File not found.CMD -> .CMD -> File not found.VBS -> .VBS -> File not found.VBE -> .VBE -> File not found.JS -> .JS -> File not found.JSE -> .JSE -> File not found.WSF -> .WSF -> File not found.WSH -> .WSH -> File not found*MultiFile Done* -> -> < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\\tWhiteList -> Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreen|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideToolbarEditing|ShowHideToolbarCommenting|ShowHideToolbarEdit|ShowHideToolbarFile|ShowHideToolbarFind|ShowHideToolbarForms|ShowHideToolbarMeasuring|ShowHideToolbarData|ShowHideToolbarPageDisplay|ShowHideToolbarNavigation|ShowHideToolbarPrintProduction|ShowHideToolbarRedaction|ShowHideToolbarBasicTools|ShowHideToolbarTasks|ShowHideToolbarTypewriter|PropertyToolbar|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForwardDoc|HelpUserGuide|HelpReader -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\\tBuiltInPermList -> version:1|.ade [version:1|.ade:3|.adp:3|.app:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2] -> File not foundHKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\\tSchemePerms -> version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\DisableServerCheck -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\LegacyPresence -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\CertificatePolicy\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\PortRange\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontSearchWindowsUpdate -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontPromptForWindowsUpdate -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> *ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE ->  -> File not foundADP ->  -> File not foundBAS ->  -> File not foundBAT ->  -> File not foundCHM ->  -> File not foundCMD -> %System32%\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 400896 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =    ]COM ->  -> File not foundCPL ->  -> File not foundCRT ->  -> File not foundEXE ->  -> File not foundHLP ->  -> File not foundHTA ->  -> File not foundINF ->  -> File not foundINS ->  -> File not foundISP ->  -> File not foundLNK ->  -> File not foundMDB ->  -> File not foundMDE ->  -> File not foundMSC ->  -> File not foundMSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 2007-04-18 13:14:18 | Attr =    ]MSP ->  -> File not foundMST ->  -> File not foundOCX ->  -> File not foundPCD ->  -> File not foundPIF ->  -> File not foundREG -> %System32%\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 53248 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =    ]SCR ->  -> File not foundSHS ->  -> File not foundURL -> %System32%\url.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 37888 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =    ]VB ->  -> File not foundWSC ->  -> File not found*MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not foundHKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified ->  -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ̋ ->  -> File not found*MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not foundHKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified ->  -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ȅ ->  -> File not found*MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not foundHKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified ->  -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> Ζ ->  -> File not found*MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not foundHKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified ->  -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å ->  -> File not found*MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not foundHKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified ->  -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> Ų ->  -> File not found*MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description ->  -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified ->  -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> -> < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ -> HKEY_CURRENT_USER\Software\Policies\ -> ->HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\Microsoft\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\Microsoft\Conferencing\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> -> [Files/Folders - Created Within 30 days]ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 2008-01-24 22:35:16 | Attr =    ]1500 C:\*.tmp files -> C:\*.tmp -> QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 2008-01-24 22:35:53 | Attr =    ]SDFix -> %SystemDrive%\SDFix ->  [Folder | Created Date = 2008-01-24 21:58:38 | Attr =    ]fidbox.dat -> %System32%\drivers\fidbox.dat ->  [Ver =  | Size = 8076576 bytes | Created Date = 2008-01-14 23:46:52 | Attr =  HS]fidbox.idx -> %System32%\drivers\fidbox.idx ->  [Ver =  | Size = 110996 bytes | Created Date = 2008-01-14 23:46:52 | Attr =  HS]fidbox2.dat -> %System32%\drivers\fidbox2.dat ->  [Ver =  | Size = 787744 bytes | Created Date = 2008-01-14 23:46:52 | Attr =  HS]fidbox2.idx -> %System32%\drivers\fidbox2.idx ->  [Ver =  | Size = 75776 bytes | Created Date = 2008-01-14 23:46:52 | Attr =  HS]klick.dat -> %System32%\drivers\klick.dat ->  [Ver =  | Size = 85860 bytes | Created Date = 2008-01-14 23:48:45 | Attr =    ]klin.dat -> %System32%\drivers\klin.dat ->  [Ver =  | Size = 91492 bytes | Created Date = 2008-01-14 23:48:45 | Attr =    ]bieksylq.exe -> %System32%\bieksylq.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Created Date = 2008-01-21 23:21:55 | Attr =    ]bsxuqfks.ini -> %System32%\bsxuqfks.ini ->  [Ver =  | Size = 1090671 bytes | Created Date = 2008-01-21 23:28:07 | Attr =  HS]kwqsfpjx.dll -> %System32%\kwqsfpjx.dll ->  [Ver =  | Size = 76352 bytes | Created Date = 2008-01-21 23:24:55 | Attr =    ]mpnkmsqt.dll -> %System32%\mpnkmsqt.dll ->  [Ver =  | Size = 76352 bytes | Created Date = 2008-01-18 00:24:28 | Attr =    ]oovvrphx.dll -> %System32%\oovvrphx.dll ->  [Ver =  | Size = 89664 bytes | Created Date = 2008-01-23 22:23:27 | Attr =    ]otfutbbn.dll -> %System32%\otfutbbn.dll ->  [Ver =  | Size = 163904 bytes | Created Date = 2008-01-18 00:26:19 | Attr =    ]otfutbbn.dllbox -> %System32%\otfutbbn.dllbox ->  [Ver =  | Size = 19836 bytes | Created Date = 2008-01-25 09:17:19 | Attr =  HS]qpbdfihw.dll -> %System32%\qpbdfihw.dll ->  [Ver =  | Size = 86592 bytes | Created Date = 2008-01-18 00:30:24 | Attr =    ]skfquxsb.dll -> %System32%\skfquxsb.dll ->  [Ver =  | Size = 85568 bytes | Created Date = 2008-01-21 23:27:55 | Attr =    ]ssttu.dll -> %System32%\ssttu.dll ->  [Ver =  | Size = 334848 bytes | Created Date = 2008-01-16 12:22:35 | Attr =    ]ssttu.exe -> %System32%\ssttu.exe ->  [Ver =  | Size = 338432 bytes | Created Date = 2008-01-16 23:23:27 | Attr =    ]swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Created Date = 2008-01-24 22:35:42 | Attr =    ]swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 2008-01-24 22:35:42 | Attr =    ]swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2008-01-24 22:35:42 | Attr =    ]tuvuvts.dll -> %System32%\tuvuvts.dll ->  [Ver =  | Size = 39424 bytes | Created Date = 2008-01-14 20:46:21 | Attr =    ]uttss.ini -> %System32%\uttss.ini ->  [Ver =  | Size = 18362 bytes | Created Date = 2008-01-16 12:22:42 | Attr =  HS]uttss.ini2 -> %System32%\uttss.ini2 ->  [Ver =  | Size = 17299 bytes | Created Date = 2008-01-16 12:22:42 | Attr =  HS]vbudmqdt.dll -> %System32%\vbudmqdt.dll ->  [Ver =  | Size = 76352 bytes | Created Date = 2008-01-23 22:20:26 | Attr =    ]vbzip10.dll -> %System32%\vbzip10.dll -> Info-ZIP [Ver = 2.3 | Size = 147456 bytes | Created Date = 2008-01-14 20:50:06 | Attr =    ]VFind.exe -> %System32%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 2008-01-24 22:35:42 | Attr =    ]whifdbpq.ini -> %System32%\whifdbpq.ini ->  [Ver =  | Size = 1076355 bytes | Created Date = 2008-01-18 00:30:37 | Attr =  HS]windows -> %System32%\windows ->  [Ver =  | Size = 7168 bytes | Created Date = 2008-01-23 11:18:07 | Attr =    ]wmblpdmb.exe -> %System32%\wmblpdmb.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Created Date = 2008-01-23 22:17:28 | Attr =    ]wvuutqq.dll -> %System32%\wvuutqq.dll ->  [Ver =  | Size = 39424 bytes | Created Date = 2008-01-15 00:04:42 | Attr =    ]wvvwa.ini -> %System32%\wvvwa.ini ->  [Ver =  | Size = 8502 bytes | Created Date = 2008-01-14 20:51:42 | Attr =  HS]wvvwa.ini2 -> %System32%\wvvwa.ini2 ->  [Ver =  | Size = 8502 bytes | Created Date = 2008-01-14 20:51:42 | Attr =  HS]xhprvvoo.ini -> %System32%\xhprvvoo.ini ->  [Ver =  | Size = 1117974 bytes | Created Date = 2008-01-23 22:23:39 | Attr =  HS]yieklnrc.dll -> %System32%\yieklnrc.dll ->  [Ver =  | Size = 163904 bytes | Created Date = 2008-01-18 00:25:10 | Attr =    ]assembly -> %SystemRoot%\assembly ->  [Folder | Created Date = 2008-01-16 14:13:12 | Attr = R S]3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 2008-01-24 22:36:52 | Attr =    ]ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Created Date = 2008-01-24 22:14:06 | Attr =    ]ftpcache -> %SystemRoot%\ftpcache ->  [Folder | Created Date = 2008-01-14 14:44:19 | Attr =  HS]Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Created Date = 2008-01-16 14:08:55 | Attr =    ]Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 2008-01-24 22:35:42 | Attr =    ]PTWebCam.INI -> %SystemRoot%\PTWebCam.INI ->  [Ver =  | Size = 0 bytes | Created Date = 2008-01-07 11:29:26 | Attr =    ]Thumbs.db -> %SystemRoot%\Thumbs.db ->  [Ver =  | Size = 8192 bytes | Created Date = 2008-01-24 21:30:21 | Attr =  HS]@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptablewininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 92 bytes | Created Date = 2008-01-16 12:11:37 | Attr =    ][Files Created - Additional Folder Scans - Non-Microsoft Only]Kaspersky Lab Setup Files -> %AllUsersAppData%\Kaspersky Lab Setup Files ->  [Folder | Created Date = 2008-01-07 10:03:05 | Attr =    ]Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Created Date = 2008-01-16 11:01:17 | Attr =    ]Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Created Date = 2008-01-16 11:39:51 | Attr =    ]TEMP -> %AllUsersAppData%\TEMP ->  [Folder | Created Date = 2008-01-14 20:45:02 | Attr =    ]@Alternate Data Stream - 117 bytes -> %AllUsersAppData%\TEMP:2615E8F1LimeWire -> %UserAppData%\LimeWire ->  [Folder | Created Date = 2008-01-13 15:24:06 | Attr =    ]Installer3676 -> %LocalAppData%\Installer3676 ->  [Folder | Created Date = 2008-01-07 18:12:52 | Attr =    ]Installer484 -> %LocalAppData%\Installer484 ->  [Folder | Created Date = 2008-01-07 18:28:52 | Attr =    ]Installer948 -> %LocalAppData%\Installer948 ->  [Folder | Created Date = 2008-01-17 14:04:24 | Attr =    ]PCHealth -> %LocalAppData%\PCHealth ->  [Folder | Created Date = 2008-01-16 13:28:16 | Attr =    ]CyberLink -> %UserDocuments%\CyberLink ->  [Folder | Created Date = 2008-01-17 14:13:57 | Attr =    ]20338 C:\Documents and Settings\KASMO\Mes documents\*.tmp files -> C:\Documents and Settings\KASMO\Mes documents\*.tmp -> Janet_Jackson-Feedback-XviD-2008-DYNASTY.dld -> %UserDocuments%\Janet_Jackson-Feedback-XviD-2008-DYNASTY.dld ->  [Ver =  | Size = 7555 bytes | Created Date = 2008-01-12 17:57:57 | Attr =    ]LimeWire -> %UserDocuments%\LimeWire ->  [Folder | Created Date = 2008-01-13 15:24:17 | Attr =    ]My Received Files -> %UserDocuments%\My Received Files ->  [Folder | Created Date = 2008-01-15 22:50:44 | Attr =    ]My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk ->  [Ver =  | Size = 583 bytes | Created Date = 2008-01-16 21:34:10 | Attr =    ]My Stationery -> %UserDocuments%\My Stationery ->  [Folder | Created Date = 2008-01-16 14:25:30 | Attr = R S]Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 2008-01-16 11:01:26 | Attr =    ]Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 2008-01-16 11:01:25 | Attr =    ]Adobe Reader 8.lnk -> %AllUsersDesktop%\Adobe Reader 8.lnk ->  [Ver =  | Size = 1729 bytes | Created Date = 2008-01-07 14:14:29 | Attr =    ]PhoTags Express .lnk -> %AllUsersDesktop%\PhoTags Express .lnk ->  [Ver =  | Size = 1602 bytes | Created Date = 2008-01-07 11:24:02 | Attr =    ]WebCam Express.lnk -> %AllUsersDesktop%\WebCam Express.lnk ->  [Ver =  | Size = 1611 bytes | Created Date = 2008-01-07 11:24:02 | Attr =    ]ComboFix.exe -> %UserDesktop%\ComboFix.exe ->  [Ver =  | Size = 1551017 bytes | Created Date = 2008-01-24 22:34:29 | Attr =    ]@Alternate Data Stream - 26 bytes -> %UserDesktop%\ComboFix.exe:Zone.IdentifierHelp and Support Center.lnk -> %UserDesktop%\Help and Support Center.lnk ->  [Ver =  | Size = 1272 bytes | Created Date = 2008-01-18 00:26:41 | Attr =    ]Hi dawn4eleven.doc -> %UserDesktop%\Hi dawn4eleven.doc ->  [Ver =  | Size = 37888 bytes | Created Date = 2008-01-24 21:14:40 | Attr =    ]HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 2008-01-18 16:48:40 | Attr =    ]LimeWire PRO 4.16.1.lnk -> %UserDesktop%\LimeWire PRO 4.16.1.lnk ->  [Ver =  | Size = 1588 bytes | Created Date = 2008-01-13 15:23:51 | Attr =    ]SDFix.exe -> %UserDesktop%\SDFix.exe ->  [Ver =  | Size = 1212961 bytes | Created Date = 2008-01-24 21:58:14 | Attr =    ]@Alternate Data Stream - 26 bytes -> %UserDesktop%\SDFix.exe:Zone.IdentifierWindows Update.lnk -> %UserDesktop%\Windows Update.lnk ->  [Ver =  | Size = 1270 bytes | Created Date = 2008-01-18 00:26:43 | Attr =    ]WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 2008-01-25 16:24:16 | Attr =    ]WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 477895 bytes | Created Date = 2008-01-25 16:23:55 | Attr =    ]Photags AutoDetect.lnk -> %AllUsersStartup%\Photags AutoDetect.lnk ->  [Ver =  | Size = 1711 bytes | Created Date = 2008-01-07 11:24:02 | Attr =    ]PC Camera -> %CommonProgramFiles%\PC Camera ->  [Folder | Created Date = 2008-01-07 11:26:07 | Attr =    ]Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 2008-01-16 11:00:31 | Attr =    ][Files/Folders - Modified Within 30 days]ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 2008-01-24 22:45:05 | Attr =    ]1500 C:\*.tmp files -> C:\*.tmp -> Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 2008-01-24 21:45:48 | Attr =    ]Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2008-01-18 16:48:40 | Attr = R  ]QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 2008-01-24 22:38:28 | Attr =    ]SDFix -> %SystemDrive%\SDFix ->  [Folder | Modified Date = 2008-01-24 22:31:39 | Attr =    ]System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 2008-01-18 13:42:13 | Attr =  HS]WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2008-01-24 22:36:52 | Attr =    ]etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 2008-01-24 22:19:53 | Attr =    ]HOSTS -> %System32%\drivers\etc\HOSTS ->  [Ver =  | Size = 686 bytes | Modified Date = 2008-01-24 22:19:53 | Attr =    ]fidbox.dat -> %System32%\drivers\fidbox.dat ->  [Ver =  | Size = 8076576 bytes | Modified Date = 2008-01-25 16:22:29 | Attr =  HS]fidbox.idx -> %System32%\drivers\fidbox.idx ->  [Ver =  | Size = 110996 bytes | Modified Date = 2008-01-25 16:12:11 | Attr =  HS]fidbox2.dat -> %System32%\drivers\fidbox2.dat ->  [Ver =  | Size = 787744 bytes | Modified Date = 2008-01-25 16:12:11 | Attr =  HS]fidbox2.idx -> %System32%\drivers\fidbox2.idx ->  [Ver =  | Size = 75776 bytes | Modified Date = 2008-01-25 16:12:11 | Attr =  HS]klick.dat -> %System32%\drivers\klick.dat ->  [Ver =  | Size = 85860 bytes | Modified Date = 2008-01-14 23:48:45 | Attr =    ]klin.dat -> %System32%\drivers\klin.dat ->  [Ver =  | Size = 91492 bytes | Modified Date = 2008-01-14 23:48:45 | Attr =    ]bieksylq.exe -> %System32%\bieksylq.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 2008-01-21 23:21:56 | Attr =    ]bsxuqfks.ini -> %System32%\bsxuqfks.ini ->  [Ver =  | Size = 1090671 bytes | Modified Date = 2008-01-23 10:16:36 | Attr =  HS]CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 2008-01-23 18:45:42 | Attr =    ]5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> config -> %System32%\config ->  [Folder | Modified Date = 2008-01-07 17:31:43 | Attr =    ]CONFIG.NT -> %System32%\CONFIG.NT ->  [Ver =  | Size = 3072 bytes | Modified Date = 2008-01-14 23:40:56 | Attr =    ]dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 2008-01-15 22:41:48 | Attr = RHS]drivers -> %System32%\drivers ->  [Folder | Modified Date = 2008-01-24 22:39:07 | Attr =    ]FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 1455104 bytes | Modified Date = 2008-01-13 19:41:50 | Attr =    ]kwqsfpjx.dll -> %System32%\kwqsfpjx.dll ->  [Ver =  | Size = 76352 bytes | Modified Date = 2008-01-21 23:24:56 | Attr =    ]lsdelete.exe -> %System32%\lsdelete.exe ->  [Ver =  | Size = 12632 bytes | Modified Date = 2008-01-16 11:07:38 | Attr =    ]mpnkmsqt.dll -> %System32%\mpnkmsqt.dll ->  [Ver =  | Size = 76352 bytes | Modified Date = 2008-01-18 00:25:01 | Attr =    ]mui -> %System32%\mui ->  [Folder | Modified Date = 2008-01-24 11:21:38 | Attr =    ]oovvrphx.dll -> %System32%\oovvrphx.dll ->  [Ver =  | Size = 89664 bytes | Modified Date = 2008-01-23 22:23:28 | Attr =    ]otfutbbn.dll -> %System32%\otfutbbn.dll ->  [Ver =  | Size = 163904 bytes | Modified Date = 2008-01-18 00:26:16 | Attr =    ]otfutbbn.dllbox -> %System32%\otfutbbn.dllbox ->  [Ver =  | Size = 20780 bytes | Modified Date = 2008-01-25 16:25:47 | Attr =  HS]perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 59780 bytes | Modified Date = 2008-01-24 11:23:59 | Attr =    ]perfc00C.dat -> %System32%\perfc00C.dat ->  [Ver =  | Size = 73020 bytes | Modified Date = 2008-01-24 11:23:59 | Attr =    ]perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 397560 bytes | Modified Date = 2008-01-24 11:23:59 | Attr =    ]perfh00C.dat -> %System32%\perfh00C.dat ->  [Ver =  | Size = 464474 bytes | Modified Date = 2008-01-24 11:23:59 | Attr =    ]PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 960616 bytes | Modified Date = 2008-01-24 11:23:59 | Attr =    ]qpbdfihw.dll -> %System32%\qpbdfihw.dll ->  [Ver =  | Size = 86592 bytes | Modified Date = 2008-01-18 00:30:25 | Attr =    ]skfquxsb.dll -> %System32%\skfquxsb.dll ->  [Ver =  | Size = 85568 bytes | Modified Date = 2008-01-21 23:27:57 | Attr =    ]ssttu.dll -> %System32%\ssttu.dll ->  [Ver =  | Size = 334848 bytes | Modified Date = 2008-01-16 12:22:39 | Attr =    ]ssttu.exe -> %System32%\ssttu.exe ->  [Ver =  | Size = 338432 bytes | Modified Date = 2008-01-25 16:13:46 | Attr =    ]tuvuvts.dll -> %System32%\tuvuvts.dll ->  [Ver =  | Size = 39424 bytes | Modified Date = 2008-01-14 20:46:21 | Attr =    ]uttss.ini -> %System32%\uttss.ini ->  [Ver =  | Size = 18378 bytes | Modified Date = 2008-01-25 16:25:50 | Attr =  HS]uttss.ini2 -> %System32%\uttss.ini2 ->  [Ver =  | Size = 18475 bytes | Modified Date = 2008-01-25 16:25:50 | Attr =  HS]vbudmqdt.dll -> %System32%\vbudmqdt.dll ->  [Ver =  | Size = 76352 bytes | Modified Date = 2008-01-23 22:20:26 | Attr =    ]vbzip10.dll -> %System32%\vbzip10.dll -> Info-ZIP [Ver = 2.3 | Size = 147456 bytes | Modified Date = 2008-01-14 20:50:06 | Attr =    ]whifdbpq.ini -> %System32%\whifdbpq.ini ->  [Ver =  | Size = 1076355 bytes | Modified Date = 2008-01-21 10:29:34 | Attr =  HS]windows -> %System32%\windows ->  [Ver =  | Size = 7168 bytes | Modified Date = 2008-01-25 13:04:33 | Attr =    ]wmblpdmb.exe -> %System32%\wmblpdmb.exe ->   [Ver = 1, 0, 0, 1 | Size = 74304 bytes | Modified Date = 2008-01-23 22:17:28 | Attr =    ]wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 13646 bytes | Modified Date = 2008-01-24 11:15:09 | Attr =    ]wvuutqq.dll -> %System32%\wvuutqq.dll ->  [Ver =  | Size = 39424 bytes | Modified Date = 2008-01-15 00:04:42 | Attr =    ]wvvwa.ini -> %System32%\wvvwa.ini ->  [Ver =  | Size = 8502 bytes | Modified Date = 2008-01-16 12:12:04 | Attr =  HS]wvvwa.ini2 -> %System32%\wvvwa.ini2 ->  [Ver =  | Size = 8502 bytes | Modified Date = 2008-01-16 12:11:15 | Attr =  HS]xhprvvoo.ini -> %System32%\xhprvvoo.ini ->  [Ver =  | Size = 1117974 bytes | Modified Date = 2008-01-25 16:14:26 | Attr =  HS]yieklnrc.dll -> %System32%\yieklnrc.dll ->  [Ver =  | Size = 163904 bytes | Modified Date = 2008-01-18 00:26:16 | Attr =    ]$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2008-01-09 15:10:26 | Attr =  H ]3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 2008-01-24 12:17:19 | Attr = R S]bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2008-01-25 16:13:11 | Attr =   S]erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 2008-01-24 22:36:52 | Attr =    ]ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Modified Date = 2008-01-24 22:14:17 | Attr =    ]Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 2008-01-16 14:20:57 | Attr = R S]ftpcache -> %SystemRoot%\ftpcache ->  [Folder | Modified Date = 2008-01-14 14:44:19 | Attr =  HS]imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2008-01-16 14:24:52 | Attr =    ]inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2008-01-16 14:23:55 | Attr =  H ]Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2008-01-24 11:26:11 | Attr =  HS]Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 2008-01-24 12:17:27 | Attr =    ]NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 2008-01-24 22:01:59 | Attr =    ]Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2008-01-25 16:24:33 | Attr =    ]PTWebCam.INI -> %SystemRoot%\PTWebCam.INI ->  [Ver =  | Size = 0 bytes | Modified Date = 2008-01-07 11:29:26 | Attr =    ]Resources -> %SystemRoot%\Resources ->  [Folder | Modified Date = 2008-01-14 20:51:07 | Attr =    ]security -> %SystemRoot%\security ->  [Folder | Modified Date = 2008-01-15 23:17:27 | Attr =    ]system32 -> %System32% ->  [Folder | Modified Date = 2008-01-25 16:14:26 | Attr =    ]Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2008-01-25 16:14:54 | Attr =    ]Thumbs.db -> %SystemRoot%\Thumbs.db ->  [Ver =  | Size = 8192 bytes | Modified Date = 2008-01-24 21:30:21 | Attr =  HS]@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptabletwain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 2008-01-07 11:27:07 | Attr =    ]win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 877 bytes | Modified Date = 2008-01-14 14:46:44 | Attr =    ]wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 92 bytes | Modified Date = 2008-01-16 12:11:37 | Attr =    ]WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 2008-01-24 11:23:37 | Attr =    ]AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2008-01-19 19:36:51 | Attr =    ]SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2008-01-25 16:13:48 | Attr =  H ]Vérifier les mises à jour de Windows Live Toolbar.job -> %SystemRoot%\tasks\Vérifier les mises à jour de Windows Live Toolbar.job ->  [Ver =  | Size = 256 bytes | Modified Date = 2008-01-25 16:21:00 | Attr =    ][Files Modified - Additional Folder Scans - Non-Microsoft Only]Adobe -> %AllUsersAppData%\Adobe ->  [Folder | Modified Date = 2008-01-07 14:15:05 | Attr =    ]Apple Computer -> %AllUsersAppData%\Apple Computer ->  [Folder | Modified Date = 2008-01-15 21:20:49 | Attr =    ]Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab ->  [Folder | Modified Date = 2008-01-25 16:14:59 | Attr =    ]Kaspersky Lab Setup Files -> %AllUsersAppData%\Kaspersky Lab Setup Files ->  [Folder | Modified Date = 2008-01-14 23:43:56 | Attr =    ]Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Modified Date = 2008-01-16 11:09:30 | Attr =    ]Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Modified Date = 2008-01-16 12:15:48 | Attr =    ]TEMP -> %AllUsersAppData%\TEMP ->  [Folder | Modified Date = 2008-01-15 00:03:52 | Attr =    ]@Alternate Data Stream - 117 bytes -> %AllUsersAppData%\TEMP:2615E8F1WLInstaller -> %AllUsersAppData%\WLInstaller ->  [Folder | Modified Date = 2008-01-16 21:53:26 | Attr =    ]Adobe -> %UserAppData%\Adobe ->  [Folder | Modified Date = 2008-01-24 14:49:48 | Attr =    ]CyberLink -> %UserAppData%\CyberLink ->  [Folder | Modified Date = 2008-01-17 14:14:02 | Attr =    ]LimeWire -> %UserAppData%\LimeWire ->  [Folder | Modified Date = 2008-01-21 12:27:33 | Attr =    ]Microsoft -> %UserAppData%\Microsoft ->  [Folder | Modified Date = 2008-01-08 18:34:16 | Attr =   S]Adobe -> %LocalAppData%\Adobe ->  [Folder | Modified Date = 2008-01-07 17:34:17 | Attr =    ]DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 57856 bytes | Modified Date = 2008-01-24 22:01:58 | Attr =    ]GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 37360 bytes | Modified Date = 2008-01-14 20:14:58 | Attr =    ]Installer3676 -> %LocalAppData%\Installer3676 ->  [Folder | Modified Date = 2008-01-07 18:12:56 | Attr =    ]Installer484 -> %LocalAppData%\Installer484 ->  [Folder | Modified Date = 2008-01-07 18:28:55 | Attr =    ]Installer948 -> %LocalAppData%\Installer948 ->  [Folder | Modified Date = 2008-01-17 14:04:27 | Attr =    ]Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Modified Date = 2008-01-23 10:46:37 | Attr =    ]PCHealth -> %LocalAppData%\PCHealth ->  [Folder | Modified Date = 2008-01-16 13:28:16 | Attr =    ]CyberLink -> %UserDocuments%\CyberLink ->  [Folder | Modified Date = 2008-01-17 14:13:57 | Attr =    ]20338 C:\Documents and Settings\KASMO\Mes documents\*.tmp files -> C:\Documents and Settings\KASMO\Mes documents\*.tmp -> Janet_Jackson-Feedback-XviD-2008-DYNASTY.dld -> %UserDocuments%\Janet_Jackson-Feedback-XviD-2008-DYNASTY.dld ->  [Ver =  | Size = 7555 bytes | Modified Date = 2008-01-12 18:04:09 | Attr =    ]LimeWire -> %UserDocuments%\LimeWire ->  [Folder | Modified Date = 2008-01-13 15:24:35 | Attr =    ]Mes dossiers de partage.lnk -> %UserDocuments%\Mes dossiers de partage.lnk ->  [Ver =  | Size = 899 bytes | Modified Date = 2008-01-15 22:48:36 | Attr =    ]Mes fichiers reçus -> %UserDocuments%\Mes fichiers reçus ->  [Folder | Modified Date = 2008-01-12 19:17:15 | Attr =    ]Mes images -> %UserDocuments%\Mes images ->  [Folder | Modified Date = 2008-01-20 22:17:15 | Attr = R  ]Mes vidéos -> %UserDocuments%\Mes vidéos ->  [Folder | Modified Date = 2008-01-14 14:29:19 | Attr = R  ]My Received Files -> %UserDocuments%\My Received Files ->  [Folder | Modified Date = 2008-01-25 12:10:55 | Attr =    ]My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk ->  [Ver =  | Size = 583 bytes | Modified Date = 2008-01-25 11:08:03 | Attr =    ]My Stationery -> %UserDocuments%\My Stationery ->  [Folder | Modified Date = 2008-01-16 14:25:31 | Attr = R S]Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 2008-01-16 11:01:26 | Attr =    ]Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 2008-01-16 11:01:25 | Attr =    ]Adobe Reader 8.lnk -> %AllUsersDesktop%\Adobe Reader 8.lnk ->  [Ver =  | Size = 1729 bytes | Modified Date = 2008-01-07 14:14:29 | Attr =    ]PhoTags Express .lnk -> %AllUsersDesktop%\PhoTags Express .lnk ->  [Ver =  | Size = 1602 bytes | Modified Date = 2008-01-07 11:24:02 | Attr =    ]WebCam Express.lnk -> %AllUsersDesktop%\WebCam Express.lnk ->  [Ver =  | Size = 1611 bytes | Modified Date = 2008-01-07 11:24:02 | Attr =    ]ComboFix.exe -> %UserDesktop%\ComboFix.exe ->  [Ver =  | Size = 1551017 bytes | Modified Date = 2008-01-24 22:34:43 | Attr =    ]@Alternate Data Stream - 26 bytes -> %UserDesktop%\ComboFix.exe:Zone.IdentifierHelp and Support Center.lnk -> %UserDesktop%\Help and Support Center.lnk ->  [Ver =  | Size = 1272 bytes | Modified Date = 2008-01-25 16:21:34 | Attr =    ]Hi dawn4eleven.doc -> %UserDesktop%\Hi dawn4eleven.doc ->  [Ver =  | Size = 37888 bytes | Modified Date = 2008-01-24 21:14:41 | Attr =    ]HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 2008-01-18 16:48:40 | Attr =    ]LimeWire PRO 4.16.1.lnk -> %UserDesktop%\LimeWire PRO 4.16.1.lnk ->  [Ver =  | Size = 1588 bytes | Modified Date = 2008-01-13 15:23:51 | Attr =    ]Raccourcis Bureau non utilisés -> %UserDesktop%\Raccourcis Bureau non utilisés ->  [Folder | Modified Date = 2008-01-15 21:33:16 | Attr =    ]SDFix.exe -> %UserDesktop%\SDFix.exe ->  [Ver =  | Size = 1212961 bytes | Modified Date = 2008-01-24 21:58:14 | Attr =    ]@Alternate Data Stream - 26 bytes -> %UserDesktop%\SDFix.exe:Zone.IdentifierTPE.rar -> %UserDesktop%\TPE.rar ->  [Ver =  | Size = 3533545 bytes | Modified Date = 2008-01-10 14:43:31 | Attr =    ]Windows Update.lnk -> %UserDesktop%\Windows Update.lnk ->  [Ver =  | Size = 1270 bytes | Modified Date = 2008-01-25 16:21:36 | Attr =    ]WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 2008-01-25 16:24:16 | Attr =    ]WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 477895 bytes | Modified Date = 2008-01-25 16:23:56 | Attr =    ]Photags AutoDetect.lnk -> %AllUsersStartup%\Photags AutoDetect.lnk ->  [Ver =  | Size = 1711 bytes | Modified Date = 2008-01-07 11:24:02 | Attr =    ]Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Modified Date = 2008-01-07 14:14:26 | Attr =    ]InstallShield -> %CommonProgramFiles%\InstallShield ->  [Folder | Modified Date = 2008-01-07 11:24:30 | Attr =    ]Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 2008-01-13 18:00:27 | Attr =    ]PC Camera -> %CommonProgramFiles%\PC Camera ->  [Folder | Modified Date = 2008-01-07 11:26:07 | Attr =    ]Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2008-01-16 11:00:31 | Attr =    ]qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5434 bytes | Modified Date = 2008-01-25 16:15:31 | Attr =    ]qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5434 bytes | Modified Date = 2008-01-25 16:15:31 | Attr =    ]data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1372 bytes | Modified Date = 2007-11-06 23:41:57 | Attr =    ]< End of report >


#10 dawn4eleven

dawn4eleven
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 24 January 2008 - 05:00 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:08, on 2008-01-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [a06d0853] rundll32.exe "C:\WINDOWS\system32\oovvrphx.dll",b
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares .exe" -h
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3ebc6772dae54fd09dc9c2e282d60621
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3ebc6772dae54fd09dc9c2e282d60621
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/...erInstaller.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 5499 bytes


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:57, on 2008-01-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3ebc6772dae54fd09dc9c2e282d60621
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3ebc6772dae54fd09dc9c2e282d60621
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/...erInstaller.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avp - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe (file missing)
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 6246 bytes

#11 dawn4eleven

dawn4eleven
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 24 January 2008 - 05:01 PM

WinPFind35 logfile created on: 2008-01-25 17:35:55

WinPFind35U Version Beta36	 Folder = C:\Documents and Settings\KASMO\Bureau\WinPFind35u

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

 

447.48 Mb Total Physical Memory | 204.45 Mb Available Physical Memory | 45.69% Memory free

1.03 Gb Paging File | 0.83 Gb Available in Paging File | 80.41% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 43.11 Gb Total Space | 31.18 Gb Free Space | 72.31% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded



Computer Name: KASMO

Current User Name: KASMO

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user





[Processes - Non-Microsoft Only]

stylexpservice.exe -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPService.exe ->  [Ver = 0, 20, 0, 3000 | Size = 372736 bytes | Modified Date = 2006-05-24 15:31:06 | Attr =	]

aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-16 11:04:51 | Attr =	]

vttimer.exe -> %System32%\VTTimer.exe -> S3 Graphics, Inc. [Ver = 1.04.06-1020 | Size = 53248 bytes | Modified Date = 2006-04-01 02:33:16 | Attr = R  ]

agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 2004-06-29 09:06:38 | Attr =	]

photags autodetect.exe -> %ProgramFiles%\PhoTags Express\Photags AutoDetect.exe ->  [Ver = 1, 0, 0, 1 | Size = 364544 bytes | Modified Date = 2005-03-01 05:17:55 | Attr =	]

applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2007-10-31 14:09:16 | Attr =	]

mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2006-02-28 12:42:38 | Attr =	]

richvideo.exe -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe ->  [Ver = 1.1.0808   | Size = 167936 bytes | Modified Date = 2005-08-07 09:54:00 | Attr =	]

winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 306688 bytes | Modified Date = 2008-01-24 12:47:38 | Attr =	]



[Win32 Services - Non-Microsoft Only]

(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-16 11:04:51 | Attr =	]

(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2007-10-31 14:09:16 | Attr =	]

(avp ) avp  [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe -> File not found

(avp  ) avp   [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 7.0\avp  .exe -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 227856 bytes | Modified Date = 2008-01-25 17:05:03 | Attr =	]

(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2006-02-28 12:42:38 | Attr =	]

(dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =	]

(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 2007-10-27 22:01:01 | Attr =	]

(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2007-10-27 17:18:25 | Attr =	]

(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 7, 3, 1 | Size = 774144 bytes | Modified Date = 2007-01-05 13:41:10 | Attr =	]

(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 5, 13, 0 | Size = 262144 bytes | Modified Date = 2006-12-23 17:54:04 | Attr =	]

(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe ->  [Ver = 1.1.0808   | Size = 167936 bytes | Modified Date = 2005-08-07 09:54:00 | Attr =	]

(StyleXPService) StyleXPService [Win32_Own | Auto | Running] -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPService.exe ->  [Ver = 0, 20, 0, 3000 | Size = 372736 bytes | Modified Date = 2006-05-24 15:31:06 | Attr =	]



[Driver Services - Non-Microsoft Only]

(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found

(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found

(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found

(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:07:15 | Size = 1268204 bytes | Modified Date = 2004-06-29 09:07:18 | Attr =	]

(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found

(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found

(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found

(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found

(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found

(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found

(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found

(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found

(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found

(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\KASMO\LOCALS~1\Temp\catchme.sys -> File not found

(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found

(Changer) Changer [Kernel | System | Stopped] ->  -> File not found

(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found

(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found

(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found

(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800256 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =	]

(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 154496 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =	]

(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =	]

(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found

(FETNDIS) Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet [Kernel | On_Demand | Running] -> %System32%\drivers\fetnd5.sys -> VIA Technologies, Inc.			   [Ver = 2.66 | Size = 27165 bytes | Modified Date = 2001-08-17 17:13:08 | Attr =	]

(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found

(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found

(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found

(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found

(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found

(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found

(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found

(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found

(PCIIde) PCIIde [Kernel | Disabled | Stopped] ->  -> File not found

(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found

(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found

(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found

(Ptilink) Pilote de liaison parallèle directe [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =	]

(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 2007-12-11 16:46:00 | Attr =	]

(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found

(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found

(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found

(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found

(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found

(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 2007-11-13 07:25:54 | Attr =	]

(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found

(SoC PC-Camera Service) SoC PC-Camera [Kernel | On_Demand | Running] -> %System32%\drivers\PFC027.sys ->  [Ver = 0.0.1.8 | Size = 123276 bytes | Modified Date = 2003-12-08 17:33:20 | Attr =	]

(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found

(StyleXPHelper) StyleXPHelper [Kernel | System | Running] -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPHelper.exe -> Windows ® 2000 DDK provider [Ver = 5.1.2600.1106 built by: WinDDK | Size = 10880 bytes | Modified Date = 2005-10-31 18:44:39 | Attr =	]

(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found

(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found

(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found

(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found

(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found

(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found

(viagfx) viagfx [Kernel | On_Demand | Running] -> %System32%\drivers\vtmini.sys -> Copyright © VIA/S3 Graphics Co, Ltd. [Ver = 6.14.10.0210-16.94.42.14 | Size = 172416 bytes | Modified Date = 2006-04-01 02:33:34 | Attr = R  ]

(VIAudio) Vinyl AC'97 Audio Controller (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\vinyl97.sys -> VIA Technologies, Inc. [Ver = 6.14.01.4080 built by: WinDDK | Size = 163712 bytes | Modified Date = 2006-04-01 02:33:32 | Attr = R  ]

(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 2004-06-29 09:06:38 | Attr =	]

VTTimer -> %System32%\VTTimer.exe -> S3 Graphics, Inc. [Ver = 1.04.06-1020 | Size = 53248 bytes | Modified Date = 2006-04-01 02:33:16 | Attr = R  ]

< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 

IMAIL-> Installed = 1 -> 

MAPI-> Installed = 1 -> 

MSFS-> Installed = 1 -> 

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

DLD.EXE -> %ProgramFiles%\Download Direct\DLD.exe -> File not found

SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> File not found

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage -> 

%AllUsersStartup%\Photags AutoDetect.lnk -> %ProgramFiles%\PhoTags Express\Photags AutoDetect.exe ->  [Ver = 1, 0, 0, 1 | Size = 364544 bytes | Modified Date = 2005-03-01 05:17:55 | Attr =	]

< KASMO Startup Folder > -> C:\Documents and Settings\KASMO\Menu Démarrer\Programmes\Démarrage -> 

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 

< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> [url=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome]http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome[/url] -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> [url=http://www.google.com/ie]http://www.google.com/ie[/url] -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> [url=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch]http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch[/url] -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> [url=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home]http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home[/url] -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> [url=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm]http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm[/url] -> 

HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> [url=http://www.google.com/ie]http://www.google.com/ie[/url] -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> [url=http://www.google.com/ie]http://www.google.com/ie[/url] -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Page -> [url=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch]http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch[/url] -> 

HKEY_CURRENT_USER\: Main\\Start Page -> [url=http://www.msn.com/?wl=true]http://www.msn.com/?wl=true[/url] -> 

HKEY_CURRENT_USER\: Search\\CustomizeSearch -> [url=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm]http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm[/url] -> 

HKEY_CURRENT_USER\: Search\\SearchAssistant -> [url=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm]http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm[/url] -> 

HKEY_CURRENT_USER\: SearchURL\\ -> [url=http://home.microsoft.com/access/autosearch.asp?p=%s]http://home.microsoft.com/access/autosearch.asp?p=%s[/url][msn] -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 

1 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-22 23:08:42 | Attr =	]

{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.0.336 | Size = 296312 bytes | Modified Date = 2007-10-27 23:29:52 | Attr =	]

{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 2007-08-31 16:46:14 | Attr =	]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 2007-09-25 01:11:33 | Attr =	]

{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

{89099B4F-FE88-4AC5-9326-BCF9AC7EE49B} [HKEY_LOCAL_MACHINE] -> %System32%\ssttu.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 334848 bytes | Modified Date = 2008-01-25 17:02:40 | Attr =	]

{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 2007-10-27 17:18:24 | Attr = R  ]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 2007-10-29 17:14:17 | Attr =	]

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [Windows Live Toolbar Helper] -> File not found

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 2007-10-27 17:18:24 | Attr = R  ]

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [Windows Live Toolbar] -> File not found

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 2007-10-27 17:18:24 | Attr = R  ]

ShellBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [Windows Live Toolbar] -> File not found

WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 2007-10-27 17:18:24 | Attr = R  ]

WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Windows Live Toolbar\msntb.dll [Windows Live Toolbar] -> File not found

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr =	]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 2007-09-25 01:11:33 | Attr =	]

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 2007-08-31 16:46:14 | Attr =	]

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr =	]

CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 2007-08-31 16:46:14 | Attr =	]

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 

&Windows Live Search -> %ProgramFiles%\Windows Live Toolbar\msntb.dll -> File not found

Add to Windows &Live Favorites ->  -> File not found

Ouvrir dans un nouvel onglet d'arrière-plan -> %ProgramFiles%\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui -> File not found

Ouvrir dans un nouvel onglet de premier plan -> %ProgramFiles%\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui -> File not found

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Bibliothèque de contrôles ActiveX Microsoft -> 

PluginsPage -> [url=http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s]http://activex.microsoft.com/controls/find...=%s&mime=%s[/url] -> 

< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 

SV1 ->  -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{6428A460-2CDA-4C27-AA49-7F293FA3A862} ->	(ADI USB Remote NDIS Network Device) -> 

{93BE5773-DC3E-45FB-B499-D4A0A927EEC8} ->	(Carte Fast Ethernet compatible VIA) -> 

{DF3DBA9E-CEB1-4750-B637-B351FE62231F} ->	() -> 

< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 

NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2006-02-28 12:42:30 | Attr =	]

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found

msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> [url=http://www.apple.com/qtactivex/qtplugin.cab]http://www.apple.com/qtactivex/qtplugin.cab[/url][QuickTime Object] -> 

{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> [url=http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab]http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab[/url][MSN Photo Upload Tool] -> 

{67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> [url=http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab]http://download.divx.com/webplayer/stage6/...erInstaller.cab[/url][DivXBrowserPlugin Object] -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> [url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url][Java Plug-in 1.6.0_03] -> 

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> [url=http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab]http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[/url][Reg Error: Key does not exist or could not be opened.] -> 

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url][Java Plug-in 1.6.0_03] -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url][Java Plug-in 1.6.0_03] -> 





[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 

msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =	]

C:\WINDOWS\system32\ssttu -> %System32%\ssttu.exe ->  [Ver =  | Size = 338432 bytes | Modified Date = 2008-01-25 17:32:20 | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 2005-06-15 14:50:31 | Attr =	]

msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =	]

schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 2007-04-25 11:22:35 | Attr =	]

wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1028 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 

scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 186368 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 

Windows NT Access Provider ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 119808 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> [url=http://www.passport.com]http://www.passport.com[/url] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Pare-feu Windows / Partage de connexion Internet -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 2306 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 332800 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142336 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-25 11:07:23 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2007-10-02 17:18:24 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142336 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2006-02-28 12:42:38 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\Program Files\Internet Explorer\IEXPLORE.EXE [C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Real\RealPlayer\realplay.exe -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer] -> RealNetworks, Inc. [Ver = 11.0.0.183 | Size = 214560 bytes | Modified Date = 2007-10-27 23:29:15 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 2008-01-08 19:04:53 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-18 11:24:28 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.321\English\setup.exe -> C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.321\English\setup.exe [C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.321\English\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup] -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 72280 bytes | Modified Date = 2007-12-20 16:26:52 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-25 11:07:23 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2007-10-02 17:18:24 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr   .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr   .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr   .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-18 16:19:55 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr	 .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr	 .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr	 .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-19 12:34:55 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr	  .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr	  .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr	  .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-20 10:16:12 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr	   .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr	   .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr	   .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-20 15:15:26 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr		  .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr		  .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr		  .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-22 13:14:49 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr		   .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr		   .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr		   .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-23 10:15:08 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr			.Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr			.Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr			.Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-24 11:15:34 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr			  .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr			  .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr			  .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-24 21:50:04 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr			   .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr			   .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr			   .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-24 22:07:29 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr				.Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr				.Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr				.Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-24 22:27:14 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr				 .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr				 .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr				 .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-25 09:17:08 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr					.Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr					.Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr					.Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-25 16:13:46 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr					 .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr					 .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr					 .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-25 17:04:56 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr					  .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr					  .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr					  .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 6094336 bytes | Modified Date = 2008-01-25 17:32:20 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\MsnMsgr					   .Exe -> C:\Program Files\Windows Live\Messenger\MsnMsgr					   .Exe [C:\Program Files\Windows Live\Messenger\MsnMsgr					   .Exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 2008-01-25 17:32:30 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Mises à jour automatiques -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Active le téléchargement et l'installation des mises à jour Windows. Si ce service est désactivé, cet ordinateur ne pourra pas utiliser la fonctionnalité des mises à jour automatiques ou le site Windows Update. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 

< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 

0 -> [Key] -> 

0 -> FriendlyName = Ma page d'accueil -> 

0 -> Source = About:Home -> 

0 -> SubscribedURL = About:Home -> 

< Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> 

BootExecute -> autocheck autochk *;lsdelete; -> 

ExcludeFromKnownDlls ->  -> 

< Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment -> 

ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 400896 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =	]

TEMP -> %SystemRoot%\TEMP -> 

TMP -> %SystemRoot%\TEMP -> 

windir -> %SystemRoot% -> 

*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> 

%systemroot%\system32 -> %System32% ->  [Folder | Modified Date = 2008-01-25 17:32:20 | Attr =	]

%systemroot% -> %SystemRoot% ->  [Folder | Modified Date = 2008-01-25 17:02:57 | Attr =	]

%systemroot%\system32\wbem -> %System32%\wbem ->  [Folder | Modified Date = 2007-10-27 11:51:19 | Attr =	]

C:\Program Files\QuickTime\QTSystem" -> %ProgramFiles%\QuickTime\QTSystem" ->  [Folder | Modified Date = 2007-12-15 19:55:15 | Attr =	]

*MultiFile Done* -> -> 

*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT -> 

.COM -> .COM -> File not found

.EXE -> .EXE -> File not found

.BAT -> .BAT -> File not found

.CMD -> .CMD -> File not found

.VBS -> .VBS -> File not found

.VBE -> .VBE -> File not found

.JS -> .JS -> File not found

.JSE -> .JSE -> File not found

.WSF -> .WSF -> File not found

.WSH -> .WSH -> File not found

*MultiFile Done* -> -> 

< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\\tWhiteList -> Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreen|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideToolbarEditing|ShowHideToolbarCommenting|ShowHideToolbarEdit|ShowHideToolbarFile|ShowHideToolbarFind|ShowHideToolbarForms|ShowHideToolbarMeasuring|ShowHideToolbarData|ShowHideToolbarPageDisplay|ShowHideToolbarNavigation|ShowHideToolbarPrintProduction|ShowHideToolbarRedaction|ShowHideToolbarBasicTools|ShowHideToolbarTasks|ShowHideToolbarTypewriter|PropertyToolbar|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForwardDoc|HelpUserGuide|HelpReader -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\\tBuiltInPermList -> version:1|.ade [version:1|.ade:3|.adp:3|.app:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\\tSchemePerms -> version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\DisableServerCheck -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\LegacyPresence -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\CertificatePolicy\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\PortRange\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontSearchWindowsUpdate -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\DriverSearching\\DontPromptForWindowsUpdate -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> 

*ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> 

ADE ->  -> File not found

ADP ->  -> File not found

BAS ->  -> File not found

BAT ->  -> File not found

CHM ->  -> File not found

CMD -> %System32%\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 400896 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =	]

COM ->  -> File not found

CPL ->  -> File not found

CRT ->  -> File not found

EXE ->  -> File not found

HLP ->  -> File not found

HTA ->  -> File not found

INF ->  -> File not found

INS ->  -> File not found

ISP ->  -> File not found

LNK ->  -> File not found

MDB ->  -> File not found

MDE ->  -> File not found

MSC ->  -> File not found

MSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 2007-04-18 13:14:18 | Attr =	]

MSP ->  -> File not found

MST ->  -> File not found

OCX ->  -> File not found

PCD ->  -> File not found

PIF ->  -> File not found

REG -> %System32%\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 53248 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =	]

SCR ->  -> File not found

SHS ->  -> File not found

URL -> %System32%\url.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 37888 bytes | Modified Date = 2004-08-05 09:00:00 | Attr =	]

VB ->  -> File not found

WSC ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified ->  -> 

*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> 

̋ ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified ->  -> 

*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> 

ȅ ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified ->  -> 

*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> 

Ζ ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified ->  -> 

*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> 

å ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified ->  -> 

*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> 

Ų ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> -> 

< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ -> 

HKEY_CURRENT_USER\Software\Policies\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> -> 

HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\ -> -> 

HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> -> 

HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\ -> -> 

HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\ -> -> 

HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\Microsoft\ -> -> 

HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\Microsoft\Conferencing\ -> -> 

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> -> 

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> -> 

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> -> 

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> -> 

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> -> 





[Files/Folders - Created Within 30 days]

ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 2008-01-24 22:35:16 | Attr =	]

Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 2008-01-25 16:29:40 | Attr =  HS]

QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 2008-01-24 22:35:53 | Attr =	]

SDFix -> %SystemDrive%\SDFix ->  [Folder | Created Date = 2008-01-24 21:58:38 | Attr =	]

VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 2008-01-25 16:35:00 | Attr =	]

ssttu.dll -> %System32%\ssttu.dll ->  [Ver =  | Size = 334848 bytes | Created Date = 2008-01-25 17:02:40 | Attr =	]

ssttu.exe -> %System32%\ssttu.exe ->  [Ver =  | Size = 338432 bytes | Created Date = 2008-01-25 17:32:20 | Attr =	]

swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Created Date = 2008-01-24 22:35:42 | Attr =	]

swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 2008-01-24 22:35:42 | Attr =	]

swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2008-01-24 22:35:42 | Attr =	]

uttss.ini -> %System32%\uttss.ini ->  [Ver =  | Size = 23197 bytes | Created Date = 2008-01-16 12:22:42 | Attr =  HS]

uttss.ini2 -> %System32%\uttss.ini2 ->  [Ver =  | Size = 23197 bytes | Created Date = 2008-01-16 12:22:42 | Attr =  HS]

vbzip10.dll -> %System32%\vbzip10.dll -> Info-ZIP [Ver = 2.3 | Size = 147456 bytes | Created Date = 2008-01-14 20:50:06 | Attr =	]

VFind.exe -> %System32%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 2008-01-24 22:35:42 | Attr =	]

wvvwa.ini -> %System32%\wvvwa.ini ->  [Ver =  | Size = 8502 bytes | Created Date = 2008-01-14 20:51:42 | Attr =  HS]

wvvwa.ini2 -> %System32%\wvvwa.ini2 ->  [Ver =  | Size = 8502 bytes | Created Date = 2008-01-14 20:51:42 | Attr =  HS]

xhprvvoo.ini -> %System32%\xhprvvoo.ini ->  [Ver =  | Size = 1118034 bytes | Created Date = 2008-01-23 22:23:39 | Attr =  HS]

assembly -> %SystemRoot%\assembly ->  [Folder | Created Date = 2008-01-16 14:13:12 | Attr = R S]

3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 2008-01-24 22:36:52 | Attr =	]

ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Created Date = 2008-01-24 22:14:06 | Attr =	]

ftpcache -> %SystemRoot%\ftpcache ->  [Folder | Created Date = 2008-01-14 14:44:19 | Attr =  HS]

Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Created Date = 2008-01-16 14:08:55 | Attr =	]

Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 2008-01-24 22:35:42 | Attr =	]

PTWebCam.INI -> %SystemRoot%\PTWebCam.INI ->  [Ver =  | Size = 0 bytes | Created Date = 2008-01-07 11:29:26 | Attr =	]

Thumbs.db -> %SystemRoot%\Thumbs.db ->  [Ver =  | Size = 8192 bytes | Created Date = 2008-01-24 21:30:21 | Attr =  HS]

@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable

wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 92 bytes | Created Date = 2008-01-16 12:11:37 | Attr =	]

[Files Created - Additional Folder Scans - Non-Microsoft Only]

Kaspersky Lab Setup Files -> %AllUsersAppData%\Kaspersky Lab Setup Files ->  [Folder | Created Date = 2008-01-07 10:03:05 | Attr =	]

Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Created Date = 2008-01-16 11:01:17 | Attr =	]

Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Created Date = 2008-01-16 11:39:51 | Attr =	]

TEMP -> %AllUsersAppData%\TEMP ->  [Folder | Created Date = 2008-01-14 20:45:02 | Attr =	]

@Alternate Data Stream - 117 bytes -> %AllUsersAppData%\TEMP:2615E8F1

LimeWire -> %UserAppData%\LimeWire ->  [Folder | Created Date = 2008-01-13 15:24:06 | Attr =	]

Installer3676 -> %LocalAppData%\Installer3676 ->  [Folder | Created Date = 2008-01-07 18:12:52 | Attr =	]

Installer484 -> %LocalAppData%\Installer484 ->  [Folder | Created Date = 2008-01-07 18:28:52 | Attr =	]

Installer948 -> %LocalAppData%\Installer948 ->  [Folder | Created Date = 2008-01-17 14:04:24 | Attr =	]

PCHealth -> %LocalAppData%\PCHealth ->  [Folder | Created Date = 2008-01-16 13:28:16 | Attr =	]

CyberLink -> %UserDocuments%\CyberLink ->  [Folder | Created Date = 2008-01-17 14:13:57 | Attr =	]

20338 C:\Documents and Settings\KASMO\Mes documents\*.tmp files -> C:\Documents and Settings\KASMO\Mes documents\*.tmp -> 

Janet_Jackson-Feedback-XviD-2008-DYNASTY.dld -> %UserDocuments%\Janet_Jackson-Feedback-XviD-2008-DYNASTY.dld ->  [Ver =  | Size = 7555 bytes | Created Date = 2008-01-12 17:57:57 | Attr =	]

LimeWire -> %UserDocuments%\LimeWire ->  [Folder | Created Date = 2008-01-13 15:24:17 | Attr =	]

My Received Files -> %UserDocuments%\My Received Files ->  [Folder | Created Date = 2008-01-15 22:50:44 | Attr =	]

My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk ->  [Ver =  | Size = 583 bytes | Created Date = 2008-01-16 21:34:10 | Attr =	]

My Stationery -> %UserDocuments%\My Stationery ->  [Folder | Created Date = 2008-01-16 14:25:30 | Attr = R S]

Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 2008-01-16 11:01:26 | Attr =	]

Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 2008-01-16 11:01:25 | Attr =	]

Adobe Reader 8.lnk -> %AllUsersDesktop%\Adobe Reader 8.lnk ->  [Ver =  | Size = 1729 bytes | Created Date = 2008-01-07 14:14:29 | Attr =	]

PhoTags Express .lnk -> %AllUsersDesktop%\PhoTags Express .lnk ->  [Ver =  | Size = 1602 bytes | Created Date = 2008-01-07 11:24:02 | Attr =	]

WebCam Express.lnk -> %AllUsersDesktop%\WebCam Express.lnk ->  [Ver =  | Size = 1611 bytes | Created Date = 2008-01-07 11:24:02 | Attr =	]

ComboFix.exe -> %UserDesktop%\ComboFix.exe ->  [Ver =  | Size = 1551017 bytes | Created Date = 2008-01-24 22:34:29 | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\ComboFix.exe:Zone.Identifier

Help and Support Center.lnk -> %UserDesktop%\Help and Support Center.lnk ->  [Ver =  | Size = 1272 bytes | Created Date = 2008-01-18 00:26:41 | Attr =	]

Hi dawn4eleven.doc -> %UserDesktop%\Hi dawn4eleven.doc ->  [Ver =  | Size = 37888 bytes | Created Date = 2008-01-24 21:14:40 | Attr =	]

HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 2008-01-18 16:48:40 | Attr =	]

LimeWire PRO 4.16.1.lnk -> %UserDesktop%\LimeWire PRO 4.16.1.lnk ->  [Ver =  | Size = 1588 bytes | Created Date = 2008-01-13 15:23:51 | Attr =	]

SDFix.exe -> %UserDesktop%\SDFix.exe ->  [Ver =  | Size = 1212961 bytes | Created Date = 2008-01-24 21:58:14 | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\SDFix.exe:Zone.Identifier

VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Created Date = 2008-01-25 16:33:55 | Attr =	]

Windows Update.lnk -> %UserDesktop%\Windows Update.lnk ->  [Ver =  | Size = 1270 bytes | Created Date = 2008-01-18 00:26:43 | Attr =	]

WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 2008-01-25 16:24:16 | Attr =	]

WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 477895 bytes | Created Date = 2008-01-25 16:23:55 | Attr =	]

Photags AutoDetect.lnk -> %AllUsersStartup%\Photags AutoDetect.lnk ->  [Ver =  | Size = 1711 bytes | Created Date = 2008-01-07 11:24:02 | Attr =	]

PC Camera -> %CommonProgramFiles%\PC Camera ->  [Folder | Created Date = 2008-01-07 11:26:07 | Attr =	]

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 2008-01-16 11:00:31 | Attr =	]



[Files/Folders - Modified Within 30 days]

ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 2008-01-24 22:45:05 | Attr =	]

Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2008-01-25 16:31:55 | Attr =  HS]

Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 2008-01-24 21:45:48 | Attr =	]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2008-01-18 16:48:40 | Attr = R  ]

QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 2008-01-24 22:38:28 | Attr =	]

SDFix -> %SystemDrive%\SDFix ->  [Folder | Modified Date = 2008-01-24 22:31:39 | Attr =	]

System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 2008-01-18 13:42:13 | Attr =  HS]

VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 2008-01-25 17:02:33 | Attr =	]

WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2008-01-25 17:02:57 | Attr =	]

etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 2008-01-24 22:19:53 | Attr =	]

HOSTS -> %System32%\drivers\etc\HOSTS ->  [Ver =  | Size = 686 bytes | Modified Date = 2008-01-24 22:19:53 | Attr =	]

CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 2008-01-25 16:31:02 | Attr =	]

5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

config -> %System32%\config ->  [Folder | Modified Date = 2008-01-07 17:31:43 | Attr =	]

CONFIG.NT -> %System32%\CONFIG.NT ->  [Ver =  | Size = 3072 bytes | Modified Date = 2008-01-14 23:40:56 | Attr =	]

dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 2008-01-15 22:41:48 | Attr = RHS]

drivers -> %System32%\drivers ->  [Folder | Modified Date = 2008-01-25 16:31:32 | Attr =	]

FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 1455104 bytes | Modified Date = 2008-01-13 19:41:50 | Attr =	]

lsdelete.exe -> %System32%\lsdelete.exe ->  [Ver =  | Size = 12632 bytes | Modified Date = 2008-01-16 11:07:38 | Attr =	]

mui -> %System32%\mui ->  [Folder | Modified Date = 2008-01-24 11:21:38 | Attr =	]

perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 59780 bytes | Modified Date = 2008-01-24 11:23:59 | Attr =	]

perfc00C.dat -> %System32%\perfc00C.dat ->  [Ver =  | Size = 73020 bytes | Modified Date = 2008-01-24 11:23:59 | Attr =	]

perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 397560 bytes | Modified Date = 2008-01-24 11:23:59 | Attr =	]

perfh00C.dat -> %System32%\perfh00C.dat ->  [Ver =  | Size = 464474 bytes | Modified Date = 2008-01-24 11:23:59 | Attr =	]

PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 960616 bytes | Modified Date = 2008-01-24 11:23:59 | Attr =	]

ssttu.dll -> %System32%\ssttu.dll ->  [Ver =  | Size = 334848 bytes | Modified Date = 2008-01-25 17:02:40 | Attr =	]

ssttu.exe -> %System32%\ssttu.exe ->  [Ver =  | Size = 338432 bytes | Modified Date = 2008-01-25 17:32:20 | Attr =	]

uttss.ini -> %System32%\uttss.ini ->  [Ver =  | Size = 23197 bytes | Modified Date = 2008-01-25 17:36:02 | Attr =  HS]

uttss.ini2 -> %System32%\uttss.ini2 ->  [Ver =  | Size = 23197 bytes | Modified Date = 2008-01-25 17:35:23 | Attr =  HS]

vbzip10.dll -> %System32%\vbzip10.dll -> Info-ZIP [Ver = 2.3 | Size = 147456 bytes | Modified Date = 2008-01-14 20:50:06 | Attr =	]

wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 13646 bytes | Modified Date = 2008-01-24 11:15:09 | Attr =	]

wvvwa.ini -> %System32%\wvvwa.ini ->  [Ver =  | Size = 8502 bytes | Modified Date = 2008-01-16 12:12:04 | Attr =  HS]

wvvwa.ini2 -> %System32%\wvvwa.ini2 ->  [Ver =  | Size = 8502 bytes | Modified Date = 2008-01-16 12:11:15 | Attr =  HS]

xhprvvoo.ini -> %System32%\xhprvvoo.ini ->  [Ver =  | Size = 1118034 bytes | Modified Date = 2008-01-25 17:06:31 | Attr =  HS]

$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2008-01-09 15:10:26 | Attr =  H ]

3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 2008-01-24 12:17:19 | Attr = R S]

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2008-01-25 17:32:07 | Attr =   S]

erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 2008-01-24 22:36:52 | Attr =	]

ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Modified Date = 2008-01-24 22:14:17 | Attr =	]

Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 2008-01-16 14:20:57 | Attr = R S]

ftpcache -> %SystemRoot%\ftpcache ->  [Folder | Modified Date = 2008-01-14 14:44:19 | Attr =  HS]

imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2008-01-16 14:24:52 | Attr =	]

inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2008-01-25 16:31:14 | Attr =  H ]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2008-01-25 16:32:08 | Attr =  HS]

Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 2008-01-24 12:17:27 | Attr =	]

NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 2008-01-24 22:01:59 | Attr =	]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2008-01-25 17:08:43 | Attr =	]

PTWebCam.INI -> %SystemRoot%\PTWebCam.INI ->  [Ver =  | Size = 0 bytes | Modified Date = 2008-01-07 11:29:26 | Attr =	]

Resources -> %SystemRoot%\Resources ->  [Folder | Modified Date = 2008-01-14 20:51:07 | Attr =	]

security -> %SystemRoot%\security ->  [Folder | Modified Date = 2008-01-15 23:17:27 | Attr =	]

system32 -> %System32% ->  [Folder | Modified Date = 2008-01-25 17:32:20 | Attr =	]

Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2008-01-25 17:32:44 | Attr =	]

Thumbs.db -> %SystemRoot%\Thumbs.db ->  [Ver =  | Size = 8192 bytes | Modified Date = 2008-01-24 21:30:21 | Attr =  HS]

@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable

twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 2008-01-07 11:27:07 | Attr =	]

win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 877 bytes | Modified Date = 2008-01-14 14:46:44 | Attr =	]

wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 92 bytes | Modified Date = 2008-01-16 12:11:37 | Attr =	]

WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 2008-01-24 11:23:37 | Attr =	]

AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2008-01-19 19:36:51 | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2008-01-25 17:32:21 | Attr =  H ]

Vérifier les mises à jour de Windows Live Toolbar.job -> %SystemRoot%\tasks\Vérifier les mises à jour de Windows Live Toolbar.job ->  [Ver =  | Size = 256 bytes | Modified Date = 2008-01-25 17:21:00 | Attr =	]

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

Adobe -> %AllUsersAppData%\Adobe ->  [Folder | Modified Date = 2008-01-07 14:15:05 | Attr =	]

Apple Computer -> %AllUsersAppData%\Apple Computer ->  [Folder | Modified Date = 2008-01-15 21:20:49 | Attr =	]

Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab ->  [Folder | Modified Date = 2008-01-25 16:31:41 | Attr =	]

Kaspersky Lab Setup Files -> %AllUsersAppData%\Kaspersky Lab Setup Files ->  [Folder | Modified Date = 2008-01-14 23:43:56 | Attr =	]

Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Modified Date = 2008-01-16 11:09:30 | Attr =	]

Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Modified Date = 2008-01-16 12:15:48 | Attr =	]

TEMP -> %AllUsersAppData%\TEMP ->  [Folder | Modified Date = 2008-01-15 00:03:52 | Attr =	]

@Alternate Data Stream - 117 bytes -> %AllUsersAppData%\TEMP:2615E8F1

WLInstaller -> %AllUsersAppData%\WLInstaller ->  [Folder | Modified Date = 2008-01-16 21:53:26 | Attr =	]

Adobe -> %UserAppData%\Adobe ->  [Folder | Modified Date = 2008-01-24 14:49:48 | Attr =	]

CyberLink -> %UserAppData%\CyberLink ->  [Folder | Modified Date = 2008-01-17 14:14:02 | Attr =	]

LimeWire -> %UserAppData%\LimeWire ->  [Folder | Modified Date = 2008-01-21 12:27:33 | Attr =	]

Microsoft -> %UserAppData%\Microsoft ->  [Folder | Modified Date = 2008-01-08 18:34:16 | Attr =   S]

Adobe -> %LocalAppData%\Adobe ->  [Folder | Modified Date = 2008-01-07 17:34:17 | Attr =	]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 57856 bytes | Modified Date = 2008-01-24 22:01:58 | Attr =	]

GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 37360 bytes | Modified Date = 2008-01-14 20:14:58 | Attr =	]

Installer3676 -> %LocalAppData%\Installer3676 ->  [Folder | Modified Date = 2008-01-07 18:12:56 | Attr =	]

Installer484 -> %LocalAppData%\Installer484 ->  [Folder | Modified Date = 2008-01-07 18:28:55 | Attr =	]

Installer948 -> %LocalAppData%\Installer948 ->  [Folder | Modified Date = 2008-01-17 14:04:27 | Attr =	]

Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Modified Date = 2008-01-23 10:46:37 | Attr =	]

PCHealth -> %LocalAppData%\PCHealth ->  [Folder | Modified Date = 2008-01-16 13:28:16 | Attr =	]

CyberLink -> %UserDocuments%\CyberLink ->  [Folder | Modified Date = 2008-01-17 14:13:57 | Attr =	]

20338 C:\Documents and Settings\KASMO\Mes documents\*.tmp files -> C:\Documents and Settings\KASMO\Mes documents\*.tmp -> 

Janet_Jackson-Feedback-XviD-2008-DYNASTY.dld -> %UserDocuments%\Janet_Jackson-Feedback-XviD-2008-DYNASTY.dld ->  [Ver =  | Size = 7555 bytes | Modified Date = 2008-01-12 18:04:09 | Attr =	]

LimeWire -> %UserDocuments%\LimeWire ->  [Folder | Modified Date = 2008-01-13 15:24:35 | Attr =	]

Mes dossiers de partage.lnk -> %UserDocuments%\Mes dossiers de partage.lnk ->  [Ver =  | Size = 899 bytes | Modified Date = 2008-01-15 22:48:36 | Attr =	]

Mes fichiers reçus -> %UserDocuments%\Mes fichiers reçus ->  [Folder | Modified Date = 2008-01-12 19:17:15 | Attr =	]

Mes images -> %UserDocuments%\Mes images ->  [Folder | Modified Date = 2008-01-20 22:17:15 | Attr = R  ]

Mes vidéos -> %UserDocuments%\Mes vidéos ->  [Folder | Modified Date = 2008-01-14 14:29:19 | Attr = R  ]

My Received Files -> %UserDocuments%\My Received Files ->  [Folder | Modified Date = 2008-01-25 12:10:55 | Attr =	]

My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk ->  [Ver =  | Size = 583 bytes | Modified Date = 2008-01-25 11:08:03 | Attr =	]

My Stationery -> %UserDocuments%\My Stationery ->  [Folder | Modified Date = 2008-01-16 14:25:31 | Attr = R S]

Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 2008-01-16 11:01:26 | Attr =	]

Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 2008-01-16 11:01:25 | Attr =	]

Adobe Reader 8.lnk -> %AllUsersDesktop%\Adobe Reader 8.lnk ->  [Ver =  | Size = 1729 bytes | Modified Date = 2008-01-07 14:14:29 | Attr =	]

PhoTags Express .lnk -> %AllUsersDesktop%\PhoTags Express .lnk ->  [Ver =  | Size = 1602 bytes | Modified Date = 2008-01-07 11:24:02 | Attr =	]

WebCam Express.lnk -> %AllUsersDesktop%\WebCam Express.lnk ->  [Ver =  | Size = 1611 bytes | Modified Date = 2008-01-07 11:24:02 | Attr =	]

ComboFix.exe -> %UserDesktop%\ComboFix.exe ->  [Ver =  | Size = 1551017 bytes | Modified Date = 2008-01-24 22:34:43 | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\ComboFix.exe:Zone.Identifier

Help and Support Center.lnk -> %UserDesktop%\Help and Support Center.lnk ->  [Ver =  | Size = 1272 bytes | Modified Date = 2008-01-25 16:21:34 | Attr =	]

Hi dawn4eleven.doc -> %UserDesktop%\Hi dawn4eleven.doc ->  [Ver =  | Size = 37888 bytes | Modified Date = 2008-01-24 21:14:41 | Attr =	]

HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 2008-01-18 16:48:40 | Attr =	]

LimeWire PRO 4.16.1.lnk -> %UserDesktop%\LimeWire PRO 4.16.1.lnk ->  [Ver =  | Size = 1588 bytes | Modified Date = 2008-01-13 15:23:51 | Attr =	]

Raccourcis Bureau non utilisés -> %UserDesktop%\Raccourcis Bureau non utilisés ->  [Folder | Modified Date = 2008-01-15 21:33:16 | Attr =	]

SDFix.exe -> %UserDesktop%\SDFix.exe ->  [Ver =  | Size = 1212961 bytes | Modified Date = 2008-01-24 21:58:14 | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\SDFix.exe:Zone.Identifier

TPE.rar -> %UserDesktop%\TPE.rar ->  [Ver =  | Size = 3533545 bytes | Modified Date = 2008-01-10 14:43:31 | Attr =	]

VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Modified Date = 2008-01-25 16:33:36 | Attr =	]

Windows Update.lnk -> %UserDesktop%\Windows Update.lnk ->  [Ver =  | Size = 1270 bytes | Modified Date = 2008-01-25 16:21:36 | Attr =	]

WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 2008-01-25 17:10:49 | Attr =	]

WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 477895 bytes | Modified Date = 2008-01-25 16:23:56 | Attr =	]

Photags AutoDetect.lnk -> %AllUsersStartup%\Photags AutoDetect.lnk ->  [Ver =  | Size = 1711 bytes | Modified Date = 2008-01-07 11:24:02 | Attr =	]

Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Modified Date = 2008-01-07 14:14:26 | Attr =	]

InstallShield -> %CommonProgramFiles%\InstallShield ->  [Folder | Modified Date = 2008-01-07 11:24:30 | Attr =	]

Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 2008-01-13 18:00:27 | Attr =	]

PC Camera -> %CommonProgramFiles%\PC Camera ->  [Folder | Modified Date = 2008-01-07 11:26:07 | Attr =	]

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2008-01-16 11:00:31 | Attr =	]

qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5434 bytes | Modified Date = 2008-01-25 17:33:23 | Attr =	]

qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5434 bytes | Modified Date = 2008-01-25 17:33:23 | Attr =	]

data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1372 bytes | Modified Date = 2007-11-06 23:41:57 | Attr =	]



< End of report >

Edited by OldTimer, 24 January 2008 - 05:18 PM.


#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:15 AM

Posted 24 January 2008 - 05:39 PM

Hi dawn4eleven. We're going to have to try and get ComboFix to run on here. This has infected some of your applciation files and it won't go away without it.

Try running ComboFix from Safe Mode and see if it can complete.

Post the log back here along with a new WinPFind35 log.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 dawn4eleven

dawn4eleven
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 24 January 2008 - 06:16 PM

I already ran combofix and it completed successfully, maybe I posted a wrong log or something! not sure, But there is one thing I'd like to say: I've seen some major changes :thumbsup: no more errors, no more pos.tmp files, and no more pop ups. Maybe I should give it a day or 2 just to see how my pc's doing. In between I'll do another combofix scan and post the log.
Btw how do I post a combofix log? When it finished no window popped open showing the logfile?!! Is it hidden in some folder?

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:15 AM

Posted 24 January 2008 - 06:33 PM

Hi dawn4eleven. Taht is good. If ComboFix ran the log will be located at c:\combofix.txt. Can you post the contents of that back here. There are still some registry entries that need to be removed and teh CF log will tell me if there are any more infected files we need to deal with.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 dawn4eleven

dawn4eleven
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 24 January 2008 - 07:03 PM

ComboFix 08-01-23.2 - KASMO 2008-01-25 17:37:45.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.196 [GMT -3:00]
Endroit: C:\Documents and Settings\KASMO\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Mes documents\pos3F9.tmp
C:\Documents and Settings\Administrateur\Mes documents\pos3FA.tmp
C:\Documents and Settings\Administrateur\Mes documents\pos3FB.tmp

. . . . . . ''millions of the pos.tmp files deleted in between"

C:\Documents and Settings\KASMO\Mes documents\posFFD.tmp
C:\Documents and Settings\KASMO\Mes documents\posFFE.tmp
C:\Documents and Settings\KASMO\Mes documents\posFFF.tmp
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\ssttu.exe
C:\WINDOWS\system32\uttss.ini
C:\WINDOWS\system32\uttss.ini2
C:\WINDOWS\system32\wvvwa.ini
C:\WINDOWS\system32\wvvwa.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers créés 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))))))))
.

2008-01-25 16:35 . 2008-01-25 17:02 <REP> d-------- C:\VundoFix Backups
2008-01-24 22:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 22:14 . 2008-01-24 22:14 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-24 21:30 . 2008-01-24 21:30 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-01-23 22:23 . 2008-01-25 17:06 1,118,034 ---hs---- C:\WINDOWS\system32\xhprvvoo.ini
2008-01-18 16:48 . 2008-01-18 16:48 <REP> d-------- C:\Program Files\Trend Micro
2008-01-16 14:23 . 2008-01-16 14:23 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-16 12:11 . 2008-01-16 12:11 92 --a------ C:\WINDOWS\wininit.ini
2008-01-16 11:01 . 2008-01-16 11:01 <REP> d-------- C:\Program Files\Lavasoft
2008-01-16 11:00 . 2008-01-16 11:00 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-15 22:38 . 2008-01-16 21:53 <REP> d-------- C:\Program Files\Windows Live
2008-01-14 21:42 . 2008-01-15 00:24 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-14 21:03 . 2008-01-14 21:03 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-01-14 20:50 . 2008-01-14 20:50 <REP> d-------- C:\Program Files\TGTSoft
2008-01-14 20:50 . 2008-01-14 20:50 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-01-14 14:44 . 2008-01-14 14:44 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-01-13 17:59 . 2008-01-13 17:59 <REP> d-------- C:\Program Files\MSECache
2008-01-13 15:23 . 2008-01-13 15:23 <REP> d-------- C:\Program Files\LimeWire
2008-01-10 14:12 . 2008-01-12 18:05 <REP> d-------- C:\Program Files\Download Direct
2008-01-07 11:29 . 2008-01-07 11:29 0 --a------ C:\WINDOWS\PTWebCam.INI
2008-01-07 11:26 . 2008-01-07 11:26 <REP> d-------- C:\Program Files\PC Camera
2008-01-07 11:26 . 2008-01-07 11:26 <REP> d-------- C:\Program Files\Fichiers communs\PC Camera
2008-01-07 11:23 . 2008-01-07 11:29 <REP> d-------- C:\Program Files\PhoTags Express
2008-01-07 10:46 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 14:07 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-15 15:39 --------- d-----w C:\Program Files\QuickTime
2008-01-10 17:51 --------- d-----w C:\Program Files\Total Video Converter
2008-01-07 17:14 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-07 14:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-07 14:24 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-07 13:11 --------- d-----w C:\Program Files\Kaspersky Lab
2007-12-17 21:41 --------- d-----w C:\Program Files\DivX
2007-12-15 23:27 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-12-11 19:46 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-11 19:46 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-11 19:46 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 19:46 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-12-11 19:46 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 19:46 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-12-11 19:46 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 19:46 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 19:45 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 19:45 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 19:44 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 19:44 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 19:44 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 19:44 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 19:44 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 19:44 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 19:43 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 02:29 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-28 02:29 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-10-25 12:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.
<pre>
----a-w		   576,000 2008-01-25 14:07:13  C:\Documents and Settings\KASMO\Bureau\WinPFind35u\MovedFiles\01252008_171054\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w			39,792 2008-01-15 03:03:26  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w			56,928 2008-01-15 03:03:22  C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w			54,832 2008-01-15 03:03:22  C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
----a-w		   155,648 2008-01-15 03:03:23  C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck .exe
----a-w			36,040 2008-01-16 16:38:43  C:\Program Files\Fichiers communs\Microsoft Shared\DW\dwtrig20 .exe
----a-w		   185,632 2008-01-15 03:03:22  C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
----a-w			68,856 2008-01-15 03:03:30  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w		   132,496 2008-01-15 03:03:23  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w		   227,856 2008-01-25 20:05:03  C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp  .exe
----a-w		 1,694,208 2008-01-15 03:03:35  C:\Program Files\Messenger\msmsgs .exe
----a-w		   651,776 2008-01-15 15:39:12  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   651,776 2008-01-15 15:29:07  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   651,776 2008-01-15 03:24:17  C:\Program Files\QuickTime\qttask	.exe
----a-w		   651,776 2008-01-15 03:16:51  C:\Program Files\QuickTime\qttask   .exe
----a-w		   651,776 2008-01-15 03:03:12  C:\Program Files\QuickTime\qttask  .exe
----a-w		 1,460,560 2008-01-16 16:38:46  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w		 1,372,160 2008-01-16 13:11:23  C:\Program Files\TGTSoft\StyleXP\StyleXP		 .exe
----a-w		 5,724,184 2008-01-25 20:32:30  C:\Program Files\Windows Live\Messenger\MsnMsgr					   .Exe
----a-w		 6,094,336 2008-01-25 20:32:20  C:\Program Files\Windows Live\Messenger\MsnMsgr					  .Exe
----a-w		 6,094,336 2008-01-25 20:04:56  C:\Program Files\Windows Live\Messenger\MsnMsgr					 .Exe
----a-w		 6,094,336 2008-01-25 19:13:46  C:\Program Files\Windows Live\Messenger\MsnMsgr					.Exe
----a-w		 6,094,336 2008-01-25 16:11:44  C:\Program Files\Windows Live\Messenger\MsnMsgr				   .Exe
----a-w		 6,094,336 2008-01-25 14:01:20  C:\Program Files\Windows Live\Messenger\MsnMsgr				  .Exe
----a-w		 6,094,336 2008-01-25 12:17:08  C:\Program Files\Windows Live\Messenger\MsnMsgr				 .Exe
----a-w		 6,094,336 2008-01-25 01:27:14  C:\Program Files\Windows Live\Messenger\MsnMsgr				.Exe
----a-w		 6,094,336 2008-01-25 01:07:29  C:\Program Files\Windows Live\Messenger\MsnMsgr			   .Exe
----a-w		 6,094,336 2008-01-25 00:50:04  C:\Program Files\Windows Live\Messenger\MsnMsgr			  .Exe
----a-w		 6,094,336 2008-01-25 00:36:09  C:\Program Files\Windows Live\Messenger\MsnMsgr			 .Exe
----a-w		 6,094,336 2008-01-24 14:15:34  C:\Program Files\Windows Live\Messenger\MsnMsgr			.Exe
----a-w		 6,094,336 2008-01-23 13:15:08  C:\Program Files\Windows Live\Messenger\MsnMsgr		   .Exe
----a-w		 6,094,336 2008-01-22 16:14:49  C:\Program Files\Windows Live\Messenger\MsnMsgr		  .Exe
----a-w		 6,094,336 2008-01-21 13:28:11  C:\Program Files\Windows Live\Messenger\MsnMsgr		 .Exe
----a-w		 6,094,336 2008-01-21 13:09:11  C:\Program Files\Windows Live\Messenger\MsnMsgr		.Exe
----a-w		 6,094,336 2008-01-20 18:15:26  C:\Program Files\Windows Live\Messenger\MsnMsgr	   .Exe
----a-w		 6,094,336 2008-01-20 13:16:12  C:\Program Files\Windows Live\Messenger\MsnMsgr	  .Exe
----a-w		 6,094,336 2008-01-19 15:34:55  C:\Program Files\Windows Live\Messenger\MsnMsgr	 .Exe
----a-w		 6,094,336 2008-01-18 19:36:29  C:\Program Files\Windows Live\Messenger\MsnMsgr	.Exe
----a-w		 6,094,336 2008-01-18 19:19:55  C:\Program Files\Windows Live\Messenger\MsnMsgr   .Exe
----a-w		 6,094,336 2008-01-18 16:48:45  C:\Program Files\Windows Live\Messenger\MsnMsgr  .Exe
----a-w		 6,094,336 2008-01-18 14:24:28  C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w			15,360 2008-01-15 03:24:25  C:\WINDOWS\system32\ctfmon .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLD.EXE"="C:\Program Files\Download Direct\DLD.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr .exe" [2008-01-25 17:32 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-04-01 02:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]

S2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-25 17:05]
S2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" []
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys []


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{79BEDC7F-AE6B-BC9F-C85E-6A39A8D397BF}]
C:\WINDOWS\system32:spoolsv.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-19 22:36:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-25 21:21:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"






I don't know how it automatically switch into French, maybe because I have a French pc. But oh well there you go :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users