[code] OTScanIt logfile created on: 2008-06-21 20:00:02 OTScanIt by OldTimer - Version 1.0.15.16 Folder = C:\Documents and Settings\utilisateur2\Bureau\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 0000040C | Country: France | Language: FRA | Date Format: yyyy-MM-dd 2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.04% Memory free 3.85 Gb Paging File | 3.28 Gb Available in Paging File | 85.14% Paging File free Paging file location(s): C:\pagefile.sys 0 0; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 30.01 Gb Total Space | 16.28 Gb Free Space | 54.24% Space Free | Partition Type: NTFS Drive D: | 81.78 Gb Total Space | 42.58 Gb Free Space | 52.07% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CHHUO1 Current User Name: vchhuo Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4124 | Size = 405504 bytes | Modified Date = 2005-12-20 22:46:24 | Attr = ] ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.8.3 | Size = 169632 bytes | Modified Date = 2006-03-24 18:14:58 | Attr = ] ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.8.3 | Size = 192160 bytes | Modified Date = 2006-03-24 18:14:52 | Attr = ] spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.7 | Size = 1160848 bytes | Modified Date = 2006-04-11 18:13:38 | Attr = ] acs.exe -> %SystemRoot%\system32\acs.exe -> [Ver = | Size = 36864 bytes | Modified Date = 2005-09-26 11:22:28 | Attr = ] cfsvcs.exe -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 2005-01-17 17:38:38 | Attr = ] crypserv.exe -> %SystemRoot%\system32\Crypserv.exe -> [Ver = | Size = 50176 bytes | Modified Date = 1997-04-09 22:04:50 | Attr = ] defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.4.4000 | Size = 31888 bytes | Modified Date = 2006-08-01 10:54:30 | Attr = ] fwcagent.exe -> %ProgramFiles%\Microsoft Firewall Client 2004\FwcAgent.exe -> Microsoft (R) Corporation [Ver = 4.0 | Size = 115544 bytes | Modified Date = 2004-06-10 02:00:00 | Attr = ] qosservm.exe -> %SystemRoot%\system32\qosservm.exe -> AVAYA Communication [Ver = 4, 0, 0, 5 | Size = 368640 bytes | Modified Date = 2002-02-20 16:37:52 | Attr = ] savroam.exe -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.1.4.4000 | Size = 118928 bytes | Modified Date = 2006-08-01 10:57:20 | Attr = ] rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.4.4000 | Size = 1827472 bytes | Modified Date = 2006-08-01 10:56:30 | Attr = ] tappsrv.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 13M | Size = 35328 bytes | Modified Date = 2005-12-20 11:22:14 | Attr = ] thpsrv.exe -> %SystemRoot%\system32\ThpSrv.exe -> TOSHIBA Corporation [Ver = 1, 1, 8, 4 | Size = 167936 bytes | Modified Date = 2005-12-21 16:24:42 | Attr = ] tmesrv31.exe -> %ProgramFiles%\TOSHIBA\TME3\TMESRV31.EXE -> TOSHIBA [Ver = 3, 1, 49, 0 | Size = 118784 bytes | Modified Date = 2005-04-05 09:27:14 | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4124 | Size = 405504 bytes | Modified Date = 2005-12-20 22:46:24 | Attr = ] cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 2005-08-12 14:43:58 | Attr = ] thotkey.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\THotkey.exe -> TOSHIBA [Ver = 1.00.0018 | Size = 352256 bytes | Modified Date = 2006-01-05 14:02:24 | Attr = ] thpsrv.exe -> %SystemRoot%\system32\ThpSrv.exe -> TOSHIBA Corporation [Ver = 1, 1, 8, 4 | Size = 167936 bytes | Modified Date = 2005-12-21 16:24:42 | Attr = ] tmerzctl.exe -> %ProgramFiles%\TOSHIBA\TME3\TMERzCtl.exe -> TOSHIBA [Ver = 1, 0, 2, 21 | Size = 77824 bytes | Modified Date = 2005-04-05 09:26:44 | Attr = ] tmeejme.exe -> %ProgramFiles%\TOSHIBA\TME3\TMEEJME.exe -> TOSHIBA [Ver = 1, 0, 0, 23 | Size = 77824 bytes | Modified Date = 2004-12-28 16:34:28 | Attr = ] rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.0.3.2 | Size = 15691264 bytes | Modified Date = 2005-12-09 16:49:42 | Attr = ] syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.9 16Dec05 | Size = 761945 bytes | Modified Date = 2005-12-16 17:32:58 | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.8.3 | Size = 53408 bytes | Modified Date = 2006-03-24 18:14:48 | Attr = ] vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.1.4.4000 | Size = 125072 bytes | Modified Date = 2006-08-01 10:58:58 | Attr = ] acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.1.0.2008042300 | Size = 483328 bytes | Modified Date = 2008-04-23 02:08:13 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 2008-03-25 04:28:02 | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2007-02-27 11:39:26 | Attr = ] tpsbattm.exe -> %SystemRoot%\system32\TPSBattM.exe -> TOSHIBA Corporation [Ver = 1, 0, 2, 0 | Size = 40960 bytes | Modified Date = 2005-08-03 16:08:58 | Attr = ] toshiba.exe -> %ProgramFiles%\Synaptics\SynTP\Toshiba.exe -> Synaptics, Inc. [Ver = 8.2.9 16Dec05 | Size = 151552 bytes | Modified Date = 2005-12-16 17:21:00 | Attr = ] ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103664 bytes | Modified Date = 2007-08-30 18:43:18 | Attr = ] hiharrapstray.exe -> %ProgramFiles%\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe -> [Ver = 1, 0, 0, 1 | Size = 122880 bytes | Modified Date = 2000-05-24 15:54:20 | Attr = ] fwcmgmt.exe -> %ProgramFiles%\Microsoft Firewall Client 2004\FwcMgmt.exe -> Microsoft (R) Corporation [Ver = 4.0 | Size = 100184 bytes | Modified Date = 2004-06-10 02:00:00 | Attr = ] tosbtmng.exe -> %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe -> TOSHIBA CORPORATION. [Ver = 3.03.5707.FR | Size = 491520 bytes | Modified Date = 2005-07-07 18:12:08 | Attr = ] logitechdesktopmessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 2008-05-05 06:21:29 | Attr = ] setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech, Inc. [Ver = 4.20.129 | Size = 768528 bytes | Modified Date = 2007-07-13 18:32:40 | Attr = ] tosa2dp.exe -> %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe -> TOSHIBA CORPORATION. [Ver = 3.01.5414.FR | Size = 262144 bytes | Modified Date = 2005-04-14 21:51:50 | Attr = ] tosbthsp.exe -> %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe -> TOSHIBA CORPORATION. [Ver = 1.01.03.5311 | Size = 217088 bytes | Modified Date = 2005-03-11 12:48:54 | Attr = ] khalmnpr.exe -> %CommonProgramFiles%\Logitech\KhalShared\KHALMNPR.exe -> Logitech, Inc. [Ver = 4.20.105 | Size = 55824 bytes | Modified Date = 2007-07-13 18:29:04 | Attr = ] cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 2005-08-12 14:43:58 | Attr = ] cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 2005-08-12 14:43:58 | Attr = ] otscanit.exe -> %UserProfile%\Bureau\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.16 | Size = 397312 bytes | Modified Date = 2008-06-20 13:47:40 | Attr = ] [Win32 Services - Non-Microsoft Only] (ACS) Service de configuration Atheros [Win32_Own | Auto | Running] -> %SystemRoot%\system32\acs.exe -> [Ver = | Size = 36864 bytes | Modified Date = 2005-09-26 11:22:28 | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4124 | Size = 405504 bytes | Modified Date = 2005-12-20 22:46:24 | Attr = ] (Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.70.000 | Size = 77944 bytes | Modified Date = 2007-04-10 13:17:38 | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.8.3 | Size = 192160 bytes | Modified Date = 2006-03-24 18:14:52 | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.8.3 | Size = 169632 bytes | Modified Date = 2006-03-24 18:14:58 | Attr = ] (CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 2005-01-17 17:38:38 | Attr = ] (Crypkey License) Crypkey License [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Crypserv.exe -> [Ver = | Size = 50176 bytes | Modified Date = 1997-04-09 22:04:50 | Attr = ] (DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.4.4000 | Size = 31888 bytes | Modified Date = 2006-08-01 10:54:30 | Attr = ] (dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 2004-08-05 14:00:00 | Attr = ] (FwcAgent) Agent du client de pare-feu [Win32_Own | Auto | Running] -> %ProgramFiles%\Microsoft Firewall Client 2004\FwcAgent.exe -> Microsoft (R) Corporation [Ver = 4.0 | Size = 115544 bytes | Modified Date = 2004-06-10 02:00:00 | Attr = ] (iClarityQoSService) iClarityQoSService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\qosservm.exe -> AVAYA Communication [Ver = 4, 0, 0, 5 | Size = 368640 bytes | Modified Date = 2002-02-20 16:37:52 | Attr = ] (LBTServ) Logitech Bluetooth Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\LogiShrd\Bluetooth\LBTServ.exe -> Logitech, Inc. [Ver = 4.20.129 | Size = 121360 bytes | Modified Date = 2007-07-13 18:30:22 | Attr = ] (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2006-03-29 16:34:26 | Attr = ] (SavRoam) SavRoam [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.1.4.4000 | Size = 118928 bytes | Modified Date = 2006-08-01 10:57:20 | Attr = ] (ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 85, 91, 18 | Size = 353280 bytes | Modified Date = 2007-12-10 14:59:04 | Attr = ] (SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.2.211 | Size = 214720 bytes | Modified Date = 2006-01-24 21:06:58 | Attr = ] (SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.7 | Size = 1160848 bytes | Modified Date = 2006-04-11 18:13:38 | Attr = ] (Spooler) Spouleur d'impression [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\spoolsv.exe -> File not found (Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.4.4000 | Size = 1827472 bytes | Modified Date = 2006-08-01 10:56:30 | Attr = ] (TAPPSRV) TOSHIBA Application Service [Win32_Own | Auto | Running] -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 13M | Size = 35328 bytes | Modified Date = 2005-12-20 11:22:14 | Attr = ] (Thpsrv) TOSHIBA HDD Protection [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\ThpSrv.exe -> TOSHIBA Corporation [Ver = 1, 1, 8, 4 | Size = 167936 bytes | Modified Date = 2005-12-21 16:24:42 | Attr = ] (Tmesrv) Tmesrv3 [Win32_Own | Auto | Running] -> %ProgramFiles%\TOSHIBA\TME3\TMESRV31.EXE -> TOSHIBA [Ver = 3, 1, 49, 0 | Size = 118784 bytes | Modified Date = 2005-04-05 09:27:14 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Acrobat Assistant 7.0 -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe ["C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"] -> Adobe Systems Inc. [Ver = 7.1.0.2008042300 | Size = 483328 bytes | Modified Date = 2008-04-23 02:08:13 | Attr = ] ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe ["C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay] -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 2005-08-12 14:43:58 | Attr = ] ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 104.0.8.3 | Size = 53408 bytes | Modified Date = 2006-03-24 18:14:48 | Attr = ] Kernel and Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe [KHALMNPR.EXE] -> Logitech, Inc. [Ver = 4.20.105 | Size = 56080 bytes | Modified Date = 2007-06-12 13:03:32 | Attr = ] MSPY2002 -> %SystemRoot%\system32\IME\PINTLGNT\IMSCINST.EXE [C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC] -> [Ver = | Size = 59392 bytes | Modified Date = 2004-08-05 14:00:00 | Attr = ] PWRESET -> %ProgramFiles%\Avaya\Avaya IP Softphone\IP Service Provider\pwreset.exe [C:\Program Files\Avaya\Avaya IP Softphone\IP Service Provider\pwreset.exe] -> Avaya Inc. [Ver = 3, 2, 0, 1 | Size = 45056 bytes | Modified Date = 2001-10-24 10:36:04 | Attr = ] RTHDCPL -> %SystemRoot%\RTHDCPL.exe [RTHDCPL.EXE] -> Realtek Semiconductor Corp. [Ver = 2.0.3.2 | Size = 15691264 bytes | Modified Date = 2005-12-09 16:49:42 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 2008-03-25 04:28:02 | Attr = ] SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 8.2.9 16Dec05 | Size = 761945 bytes | Modified Date = 2005-12-16 17:32:58 | Attr = ] THotkey -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\THotkey.exe [C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe] -> TOSHIBA [Ver = 1.00.0018 | Size = 352256 bytes | Modified Date = 2006-01-05 14:02:24 | Attr = ] ThpSrv -> %SystemRoot%\system32\ThpSrv.exe [c:\WINDOWS\system32\thpsrv /logon] -> TOSHIBA Corporation [Ver = 1, 1, 8, 4 | Size = 167936 bytes | Modified Date = 2005-12-21 16:24:42 | Attr = ] TMERzCtl.EXE -> %ProgramFiles%\TOSHIBA\TME3\TMERzCtl.exe [C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service] -> TOSHIBA [Ver = 1, 0, 2, 21 | Size = 77824 bytes | Modified Date = 2005-04-05 09:26:44 | Attr = ] TMESRV.EXE -> %ProgramFiles%\TOSHIBA\TME3\TMESRV31.EXE [C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon] -> TOSHIBA [Ver = 3, 1, 49, 0 | Size = 118784 bytes | Modified Date = 2005-04-05 09:27:14 | Attr = ] TPSMain -> %SystemRoot%\system32\TPSMain.exe [TPSMain.exe] -> TOSHIBA Corporation [Ver = 1, 0, 15, 0 | Size = 266240 bytes | Modified Date = 2005-08-03 16:09:12 | Attr = ] vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\VPTray.exe] -> Symantec Corporation [Ver = 10.1.4.4000 | Size = 125072 bytes | Modified Date = 2006-08-01 10:58:58 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2007-02-27 11:39:26 | Attr = ] updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcStd7_0_9 -reboot 1] -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 2006-03-30 16:45:08 | Attr = ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 2007-08-30 18:43:18 | Attr = ] < Run [HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\] > -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2007-02-27 11:39:26 | Attr = ] updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcStd7_0_9 -reboot 1] -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 2006-03-30 16:45:08 | Attr = ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 2007-08-30 18:43:18 | Attr = ] < Administrateur Startup Folder > -> C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage -> < Administrateur.CHHUO1 Startup Folder > -> C:\Documents and Settings\Administrateur.CHHUO1\Menu Démarrer\Programmes\Démarrage -> < administrator Startup Folder > -> C:\Documents and Settings\administrator\Menu Démarrer\Programmes\Démarrage -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage -> %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Accélérateur de démarrage AutoCAD.lnk -> %CommonProgramFiles%\Autodesk Shared\acstart17.exe -> Autodesk, Inc [Ver = 17.0.54.0 | Size = 11000 bytes | Modified Date = 2006-03-05 15:43:54 | Attr = ] %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 2006-10-23 01:01:50 | Attr = ] %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Ask Harrap's Shorter.lnk -> %ProgramFiles%\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe -> [Ver = 1, 0, 0, 1 | Size = 122880 bytes | Modified Date = 2000-05-24 15:54:20 | Attr = ] %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk -> %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng1.exe -> [Ver = | Size = 45056 bytes | Modified Date = 2004-12-21 20:42:30 | Attr = ] %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Gestion du client de pare-feu Microsoft.lnk -> %SystemRoot%\Installer\{199B7F78-69B7-47C5-8D4B-A3ED1391FB6B}\NewShortcut1_8C7A59A89ABE459A9A9308C281A4A264.exe -> InstallShield Software Corp. [Ver = 8.01.160 | Size = 53248 bytes | Modified Date = 2006-05-23 13:40:12 | Attr = R ] %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe -> [Ver = | Size = 25214 bytes | Modified Date = 2007-06-13 13:11:45 | Attr = R ] %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 2006-10-23 02:48:20 | Attr = ] %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 2008-05-05 06:21:29 | Attr = ] %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech, Inc. [Ver = 4.20.129 | Size = 768528 bytes | Modified Date = 2007-07-13 18:32:40 | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Menu Démarrer\Programmes\Démarrage -> < install Startup Folder > -> C:\Documents and Settings\install\Menu Démarrer\Programmes\Démarrage -> < user8 Startup Folder > -> C:\Documents and Settings\user8\Menu Démarrer\Programmes\Démarrage -> < user9 Startup Folder > -> C:\Documents and Settings\user9\Menu Démarrer\Programmes\Démarrage -> < utilisateur Startup Folder > -> C:\Documents and Settings\utilisateur\Menu Démarrer\Programmes\Démarrage -> < utilisateur2 Startup Folder > -> C:\Documents and Settings\utilisateur2\Menu Démarrer\Programmes\Démarrage -> < VChhuo Startup Folder > -> C:\Documents and Settings\VChhuo\Menu Démarrer\Programmes\Démarrage -> < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> {8F61586C-5D1B-4c76-BB3A-3B88F96A18B0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [adsnv] -> File not found < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 2006-12-20 12:55:48 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247] > -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2007-02-27 11:39:26 | Attr = ] AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4124 | Size = 48128 bytes | Modified Date = 2005-12-20 22:47:20 | Attr = ] LBTWlgn -> %CommonProgramFiles%\LogiShrd\Bluetooth\LBTWLgn.dll -> Logitech, Inc. [Ver = 4.20.129 | Size = 72208 bytes | Modified Date = 2007-07-13 18:30:52 | Attr = ] NavLogon -> %SystemRoot%\system32\NavLogon.dll -> Symantec Corporation [Ver = 10.1.4.4000 | Size = 43664 bytes | Modified Date = 2006-08-01 10:55:20 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247] > -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> Pilote de CD-ROM -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 2004-08-05 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomMATSHITA_DVD-RAM_UJ-841S________________1.60____\5&226f6cf2&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 2006-05-23 11:36:31 | Attr = ] autorun.inf [;LikJjL4DdiK2Za58ko0eKn3I9paw1as2so3SKDc4alojrfLr4aalOoULSifA2swe5lw5sol5kXrddjs30l | [AutoRun] | ;3aDLD74eL2ssjDkKdjiwol2l1jLiakiSosdADqqkoOisSewlw0w2eKqDkjcL4aaoias4wka0feUAAkSiilw42kd0D51JK2d430aAAwSLma8rpJ3JiwsrwK | open=r6r.exe | ;as463Oaj4aKsJaJdq0Kw9o53wjskkdwqqDw4s10jwS3D3DeLal4qKA3pZKklA2orw0riDo8qAlj5Ka4s0Ld71ApLa95wfdwla | shell\open\Command=r6r.exe | ;e0j9lw4Ls11Jsqki1cK4rAac5r2a2dlK0fa7DwDHkl2D5sFkSwJ7aAr4j3LDs | shell\open\Default=1 | ;1KiKISAi1dC7J4w4ddjkDAw2li20lq55jFKK7wkdDfkd | shell\explore\Command=r6r.exe | ;JL53w7sdLjsreaD | ] -> D:\autorun.inf [ NTFS ] -> [Ver = | Size = 541 bytes | Modified Date = 2008-05-12 05:54:55 | Attr = RHS] < HOSTS File > (788 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com/ -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> about:blank -> HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\] > -> -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\: Main\\Start Page -> about:blank -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\: ProxyOverride -> -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3942 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3942 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3942 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3942 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3942 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\] > -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3942 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\] > -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 2006-12-18 04:16:41 | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 2005-05-31 01:04:00 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 2008-03-25 04:28:01 | Attr = ] {AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 04:18:14 | Attr = ] {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Avaya\Avaya IP Softphone\AvayaWebDial.dll [AvayaIEHlprObj Class] -> [Ver = 5, 2, 4, 1 | Size = 98304 bytes | Modified Date = 2005-07-14 11:05:24 | Attr = ] < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 04:18:14 | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 04:18:14 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 04:18:14 | Attr = ] WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\] > -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 04:18:14 | Attr = ] WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 2008-03-25 04:28:01 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 2008-03-25 04:28:01 | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Convertir en Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 04:18:14 | Attr = ] Convertir en un fichier PDF existant -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 04:18:14 | Attr = ] Convertir la cible du lien en Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 04:18:14 | Attr = ] Convertir la cible du lien en un fichier PDF existant -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 04:18:14 | Attr = ] Convertir la sélection en Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 04:18:14 | Attr = ] Convertir la sélection en un fichier PDF existant -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 04:18:14 | Attr = ] Convertir les liens sélectionnés en fichier Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 04:18:14 | Attr = ] Convertir les liens sélectionnés en un fichier PDF existant -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 04:18:14 | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\] > -> HKEY_USERS\S-1-5-21-1409633899-1348143417-1233803906-1764247\Software\Microsoft\Internet Explorer\MenuExt\ -> Convertir en Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 04:18:14 | Attr = ] Convertir en un fichier PDF existant -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 04:18:14 | Attr = ] Convertir la cible du lien en Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 04:18:14 | Attr = ] Convertir la cible du lien en un fichier PDF existant -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 04:18:14 | Attr = ] Convertir la sélection en Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 04:18:14 | Attr = ] Convertir la sélection en un fichier PDF existant -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 04:18:14 | Attr = ] Convertir les liens sélectionnés en fichier Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 04:18:14 | Attr = ] Convertir les liens sélectionnés en un fichier PDF existant -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 04:18:14 | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {01FD0DEE-F458-48B6-946F-F76F6D98CBF2} -> (Carte réseau 1394) -> {29C60FDB-759D-4F76-8BDC-F86863E626CE} -> () -> {31E40795-67C1-491A-8909-13608D7D47B7} -> () -> {42A0584C-977F-4D86-B885-D30E7810ACA1} -> (Carte réseau 1394) -> {4713333C-B203-46D8-AF0B-69668B278057} -> () -> {523B6F57-D9AF-4CC2-8F68-383DE07D4ABC} -> (Carte réseau 1394) -> {656841C9-9169-4306-9376-40077ACF5C41} -> (Carte réseau 1394) -> {A656465A-48B5-4179-A6B9-58566A9A51C9} -> 192.168.1.100,85.255.112.230 (Intel(R) PRO/1000 PL Network Connection) -> {A6A1A3D9-6097-4428-9388-EABA7053E9CE} -> (Carte réseau 1394) -> {B9416DAA-D440-4B4F-B715-7BFB1AC36CBD} -> (FE575C-3COM 10/100 réseau CardBus-Fast Ethernet) -> {BE72FEC9-8C1C-41EF-BD8D-CB444BEFAC70} -> (Intel(R) PRO/Wireless 3945ABG Network Connection) -> {D28019AC-E0E4-4E0B-8453-2C24A1444AF0} -> (Carte réseau 1394) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000001 [Microsoft Firewall Client Name Space Service Provider] -> %ProgramFiles%\Microsoft Firewall Client 2004\FwcWsp.dll -> Microsoft (R) Corporation [Ver = 4.0 | Size = 173400 bytes | Modified Date = 2004-06-10 02:00:00 | Attr = ] < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 2008-05-05 06:21:29 | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {25365FF3-2746-4230-9DA7-163CCA318309}[HKEY_LOCAL_MACHINE] -> http://inst.c-wss.com/n042p/EN/install/gtdownlr.cab[Automatic Driver Installation Control] -> {2BCDB465-81F9-41CB-832C-8037A4064446}[HKEY_LOCAL_MACHINE] -> https://portailvpn.systra.com/vdesk/terminal/urxvpn.cab#version=6020,2007,1001,2147[F5 Networks VPN Manager] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] -> {45B69029-F3AB-4204-92DE-D5140C3E8E74}[HKEY_LOCAL_MACHINE] -> https://portailvpn.systra.com/vdesk/terminal/InstallerControl.cab#version=6020,2007,1001,2146[F5 Networks Auto Update] -> {57C76689-F052-487B-A19F-855AFDDF28EE}[HKEY_LOCAL_MACHINE] -> https://portailvpn.systra.com/vdesk/terminal/f5InspectionHost.cab#version=6020,2007,1001,2139[F5 Networks Policy Agent Host Class] -> {6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148388869609[WUWebControl Class] -> {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10}[HKEY_LOCAL_MACHINE] -> https://portailvpn.systra.com/vdesk/terminal/urTermProxy.cab#version=6020,2007,1001,2136[F5 Networks SSLTunnel] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148464138250[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {B1E2B96C-12FE-45E2-BEF1-44A219113CDD}[HKEY_LOCAL_MACHINE] -> http://www.superadblocker.com/activex/sabspx.cab[SABScanProcesses Class] -> {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7}[HKEY_LOCAL_MACHINE] -> https://portailvpn.systra.com/vdesk/terminal/urxshost.cab#version=6020,2007,1001,2141[F5 Networks SuperHost Class] -> {E0FF21FA-B857-45C5-8621-F120A0C17FF2}[HKEY_LOCAL_MACHINE] -> https://portailvpn.systra.com/vdesk/terminal/urxhost.cab#version=6020,2007,1001,2140[F5 Networks Host Control] -> {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D}[HKEY_LOCAL_MACHINE] -> https://portailvpn.systra.com/policy/download_binary.php/win32/f5syschk.cab#Version=6020,2007,1001,2143[F5 Networks OS Policy Agent] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Conflict.0/f5instd.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Conflict.0/f5instd.exe\\.Owner -> {45B69029-F3AB-4204-92DE-D5140C3E8E74} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Conflict.0/f5instd.exe\\{45B69029-F3AB-4204-92DE-D5140C3E8E74} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Conflict.0/F5InstH.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Conflict.0/F5InstH.exe\\.Owner -> {45B69029-F3AB-4204-92DE-D5140C3E8E74} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Conflict.0/F5InstH.exe\\{45B69029-F3AB-4204-92DE-D5140C3E8E74} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Conflict.0/F5InstP.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Conflict.0/F5InstP.dll\\.Owner -> {45B69029-F3AB-4204-92DE-D5140C3E8E74} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Conflict.0/F5InstP.dll\\{45B69029-F3AB-4204-92DE-D5140C3E8E74} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Conflict.0/InstallerControl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Conflict.0/InstallerControl.dll\\.Owner -> {45B69029-F3AB-4204-92DE-D5140C3E8E74} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Conflict.0/InstallerControl.dll\\{45B69029-F3AB-4204-92DE-D5140C3E8E74} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/F5ElHelper.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/F5ElHelper.dll\\.Owner -> {E0FF21FA-B857-45C5-8621-F120A0C17FF2} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/F5ElHelper.dll\\{E0FF21FA-B857-45C5-8621-F120A0C17FF2} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/F5ElHelper.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/F5ElHelper.exe\\.Owner -> {E0FF21FA-B857-45C5-8621-F120A0C17FF2} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/F5ElHelper.exe\\{E0FF21FA-B857-45C5-8621-F120A0C17FF2} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/f5InspectionHost.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/f5InspectionHost.dll\\.Owner -> {57C76689-F052-487B-A19F-855AFDDF28EE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/f5InspectionHost.dll\\{57C76689-F052-487B-A19F-855AFDDF28EE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/F5Win32CheckHelper.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/F5Win32CheckHelper.dll\\.Owner -> {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/F5Win32CheckHelper.dll\\{E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/F5Win32CheckHelper.dll\\{2BCDB465-81F9-41CB-832C-8037A4064446} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/F5Win32CheckHelper.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/F5Win32CheckHelper.exe\\.Owner -> {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/F5Win32CheckHelper.exe\\{E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/F5Win32CheckHelper.exe\\{2BCDB465-81F9-41CB-832C-8037A4064446} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/InstallerControl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/InstallerControl.dll\\.Owner -> {45B69029-F3AB-4204-92DE-D5140C3E8E74} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/InstallerControl.dll\\{45B69029-F3AB-4204-92DE-D5140C3E8E74} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sabspx.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sabspx.dll\\.Owner -> {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sabspx.dll\\{B1E2B96C-12FE-45E2-BEF1-44A219113CDD} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/setupdrvdll.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/setupdrvdll.dll\\.Owner -> {2BCDB465-81F9-41CB-832C-8037A4064446} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/setupdrvdll.dll\\{2BCDB465-81F9-41CB-832C-8037A4064446} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ursetvpn.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ursetvpn.exe\\.Owner -> {2BCDB465-81F9-41CB-832C-8037A4064446} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ursetvpn.exe\\{2BCDB465-81F9-41CB-832C-8037A4064446} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/urSuperHost.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/urSuperHost.dll\\.Owner -> {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/urSuperHost.dll\\{CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/urTermProxy.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/urTermProxy.dll\\.Owner -> {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/urTermProxy.dll\\{6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/urxdialer.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/urxdialer.dll\\.Owner -> {2BCDB465-81F9-41CB-832C-8037A4064446} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/urxdialer.dll\\{2BCDB465-81F9-41CB-832C-8037A4064446} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/urxdialerres.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/urxdialerres.dll\\.Owner -> {2BCDB465-81F9-41CB-832C-8037A4064446} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/urxdialerres.dll\\{2BCDB465-81F9-41CB-832C-8037A4064446} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/urxhost.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/urxhost.dll\\.Owner -> {E0FF21FA-B857-45C5-8621-F120A0C17FF2} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/urxhost.dll\\{E0FF21FA-B857-45C5-8621-F120A0C17FF2} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/urxhostres.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/urxhostres.dll\\.Owner -> {E0FF21FA-B857-45C5-8621-F120A0C17FF2} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/urxhostres.dll\\{E0FF21FA-B857-45C5-8621-F120A0C17FF2} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/urxvpnad.tag\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/urxvpnad.tag\\.Owner -> {2BCDB465-81F9-41CB-832C-8037A4064446} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/urxvpnad.tag\\{2BCDB465-81F9-41CB-832C-8037A4064446} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/utunres.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/utunres.dll\\.Owner -> {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/utunres.dll\\{6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Win32SystemCheck.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Win32SystemCheck.dll\\.Owner -> {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Win32SystemCheck.dll\\{E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sabprocenum.sys\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sabprocenum.sys\\.Owner -> {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sabprocenum.sys\\{B1E2B96C-12FE-45E2-BEF1-44A219113CDD} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\\AllowUserPrefMerge -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\\Enabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\\%windir%\System32\dmremot.exe:*:ENABLED:Accès de Maintenance aux Disques -> %SystemRoot%\System32\dmremot.exe [%windir%\System32\dmremot.exe:*:ENABLED:Accès de Maintenance aux Disques] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\\AllowUserPrefMerge -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\\Enabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\123:UDP:*:ENABLED:NTP -> 123:UDP:*:ENABLED:NTP -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\1270:TCP:*:ENABLED:MOM -> 1270:TCP:*:ENABLED:MOM -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\1270:UDP:*:ENABLED:MOM -> 1270:UDP:*:ENABLED:MOM -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\1271:TCP:*:ENABLED:MOM -> 1271:TCP:*:ENABLED:MOM -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\1272:TCP:*:ENABLED:MOM -> 1272:TCP:*:ENABLED:MOM -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\135:TCP:*:ENABLED:MOM sans Client -> 135:TCP:*:ENABLED:MOM sans Client -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\135:UDP:*:ENABLED:ASSISTANCE -> 135:UDP:*:ENABLED:ASSISTANCE -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\137:UDP:*:ENABLED:MESSAGES -> 137:UDP:*:ENABLED:MESSAGES -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\138:UDP:*:ENABLED:MESSAGES -> 138:UDP:*:ENABLED:MESSAGES -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\139:TCP:*:ENABLED:MESSAGES -> 139:TCP:*:ENABLED:MESSAGES -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\1433:TCP:*:ENABLED:MOM -> 1433:TCP:*:ENABLED:MOM -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\1433:UDP:*:ENABLED:MOM -> 1433:UDP:*:ENABLED:MOM -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\21:TCP:*:ENABLED:FTP -> 21:TCP:*:ENABLED:FTP -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\25:TCP:*:ENABLED:SMTP -> 25:TCP:*:ENABLED:SMTP -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\2701:TCP:*:ENABLED:SMS -> 2701:TCP:*:ENABLED:SMS -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\2701:UDP:*:ENABLED:SMS -> 2701:UDP:*:ENABLED:SMS -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\2702:TCP:*:ENABLED:SMS -> 2702:TCP:*:ENABLED:SMS -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\2702:UDP:*:ENABLED:SMS -> 2702:UDP:*:ENABLED:SMS -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\2703:TCP:*:ENABLED:SMS -> 2703:TCP:*:ENABLED:SMS -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\2703:UDP:*:ENABLED:SMS -> 2703:UDP:*:ENABLED:SMS -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\2704:TCP:*:ENABLED:SMS -> 2704:TCP:*:ENABLED:SMS -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\2704:UDP:*:ENABLED:SMS -> 2704:UDP:*:ENABLED:SMS -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\2967:UDP:172.16.14.46:ENABLED:ANTIVIRUS -> 2967:UDP:172.16.14.46:ENABLED:ANTIVIRUS -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\3389:TCP:*:ENABLED:TSE -> 3389:TCP:*:ENABLED:TSE -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\3389:UDP:*:ENABLED:TSE -> 3389:UDP:*:ENABLED:TSE -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\445:TCP:*:ENABLED:MESSAGES -> 445:TCP:*:ENABLED:MESSAGES -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\445:UDP:*:ENABLED:PARTAGES -> 445:UDP:*:ENABLED:PARTAGES -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\80:TCP:*:ENABLED:HTTP -> 80:TCP:*:ENABLED:HTTP -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings\\Enabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings\\RemoteAddresses -> * -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint\\Enabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint\\RemoteAddresses -> * -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop\\Enabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop\\RemoteAddresses -> * -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-05 14:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 2005-06-15 19:50:31 | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-05 14:00:00 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 2007-04-25 16:22:35 | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 2006-03-24 06:37:52 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1488 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 186368 bytes | Modified Date = 2004-08-05 14:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 119808 bytes | Modified Date = 2004-08-05 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 1F 21 9E C3 AC 55 F7 55 83 8B 1A B8 51 86 E0 50 61 39 34 64 61 65 63 39 00 FD 07 00 84 31 00 00 34 FA 07 00 56 82 74 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 93 7E 00 93 2B 04 4D 7E FF 9A 39 A9 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 2D 74 FD 68 60 9B E4 18 CD [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 14 91 70 30 7A EB [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 2004-08-05 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> B8 F2 49 F2 5D AF 06 A5 C6 97 AE FD 37 15 3A 38 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> %SystemRoot%\system32\fc.exe [FC FC A8 3E C2 D3 C8 01 [binary data]] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 14848 bytes | Modified Date = 2004-08-05 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 A0 CA BB E3 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 A0 CA BB E3 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 A0 CA BB E3 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Pare-feu Windows / Partage de connexion Internet -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-05 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11477 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 332800 bytes | Modified Date = 2004-08-05 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142336 bytes | Modified Date = 2004-08-05 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 2006-10-10 14:44:50 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Robot Office\ROBOT Millennium 18.0\System\Exe\robot.EXE -> %ProgramFiles%\Robot Office\ROBOT Millennium 18.0\System\Exe\robot.EXE [C:\Program Files\Robot Office\ROBOT Millennium 18.0\System\Exe\robot.EXE:*:Enabled:Robot Millennium v.18.0] -> RoboBAT [Ver = 18,0,4,1887 | Size = 688167 bytes | Modified Date = 2005-05-16 15:28:30 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 2007-08-30 18:43:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 2008-05-05 06:21:29 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142336 bytes | Modified Date = 2004-08-05 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 2006-10-10 14:44:50 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 2007-08-30 18:43:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 2007-08-30 18:43:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dllhost.exe -> %SystemRoot%\system32\dllhost.exe [C:\WINDOWS\system32\dllhost.exe:*:Disabled:COM Surrogate] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5120 bytes | Modified Date = 2004-08-05 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 2004-10-13 18:24:37 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Avaya\Avaya IP Softphone\ipsoftphone.exe -> %ProgramFiles%\Avaya\Avaya IP Softphone\ipsoftphone.exe [C:\Program Files\Avaya\Avaya IP Softphone\ipsoftphone.exe:*:Enabled:Avaya IP Softphone R5] -> Avaya Inc. [Ver = 5, 2, 4, 20 | Size = 6439048 bytes | Modified Date = 2005-07-14 11:40:32 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 2008-05-05 06:21:29 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe -> %ProgramFiles%\VoipStunt.com\VoipStunt\VoipStunt.exe [C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:*:Enabled:VoipStunt] -> VoipStunt [Ver = 4, 2, 487, 0 | Size = 8824112 bytes | Modified Date = 2007-12-13 16:31:16 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-05 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Mises à jour automatiques -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Active le téléchargement et l'installation des mises à jour Windows. Si ce service est désactivé, cet ordinateur ne pourra pas utiliser la fonctionnalité des mises à jour automatiques ou le site Windows Update. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2004-08-05 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Permet aux utilisateurs à distance de modifier les paramètres du Registre sur cet ordinateur. Si ce service est arrêté, le Registre ne pourra être modifié que par les utilisateurs de cet ordinateur. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-26 06:40:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Accès à distance au Registre -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-05 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 2004-08-05 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 75264 bytes | Modified Date = 2004-08-05 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-26 06:40:00 | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Permet à un utilisateur distant de se connecter au système et d'exécuter des programmes, et prend en charge divers clients Telnet TCP/IP dont les ordinateurs sous UNIX et sous Windows. Si ce service est arrêté, l'utilisateur peut ne plus avoir accès à distance aux programmes. Si ce service est désactivé, les services qui en dépendent explicitement ne pourront pas démarrer. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 90 days] .rnd -> %SystemDrive%\.rnd -> [Ver = | Size = 1024 bytes | Created Date = 2008-04-13 16:57:19 | Attr = ] Boot.bak -> %SystemDrive%\Boot.bak -> [Ver = | Size = 212 bytes | Created Date = 2008-06-21 16:12:00 | Attr = ] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Created Date = 2008-06-21 16:11:51 | Attr = ] cmldr -> %SystemDrive%\cmldr -> [Ver = | Size = 263488 bytes | Created Date = 2008-06-21 16:11:58 | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 2008-06-20 15:03:23 | Attr = ] Kaspersky -> %SystemDrive%\Kaspersky -> [Folder | Created Date = 2008-05-24 20:40:37 | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 2008-06-21 16:11:02 | Attr = ] RECUP6.DOC -> %SystemDrive%\RECUP6.DOC -> [Ver = | Size = 48470 bytes | Created Date = 2008-05-09 07:25:15 | Attr = ] LHidFilt.Sys -> %SystemRoot%\System32\drivers\LHidFilt.Sys -> Logitech, Inc. [Ver = 4.20.105.00 | Size = 35216 bytes | Created Date = 2008-05-05 06:17:12 | Attr = ] LMouFilt.Sys -> %SystemRoot%\System32\drivers\LMouFilt.Sys -> Logitech, Inc. [Ver = 4.20.105.00 | Size = 36496 bytes | Created Date = 2008-05-05 06:17:12 | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [Ver = | Size = 15864 bytes | Created Date = 2008-06-15 12:02:13 | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Created Date = 2008-06-15 12:02:13 | Attr = ] MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> [Ver = | Size = 0 bytes | Created Date = 2008-05-05 06:31:47 | Attr = H ] Msft_Kernel_LMouFilt_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf -> [Ver = | Size = 0 bytes | Created Date = 2008-05-05 06:31:50 | Attr = H ] BtCoreIf.dll -> %SystemRoot%\System32\BtCoreIf.dll -> Broadcom Corporation. [Ver = 5.1.0.3600 | Size = 301656 bytes | Created Date = 2008-05-05 06:16:47 | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 2008-06-21 15:52:47 | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 69632 bytes | Created Date = 2008-06-21 15:52:47 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 2008-06-21 15:52:47 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 139264 bytes | Created Date = 2008-06-21 15:52:47 | Attr = ] kemutb.dll -> %SystemRoot%\System32\kemutb.dll -> Logitech, Inc. [Ver = 4.20.129 | Size = 170512 bytes | Created Date = 2008-05-05 06:16:37 | Attr = ] KemUtil.dll -> %SystemRoot%\System32\KemUtil.dll -> Logitech, Inc. [Ver = 4.20.129 | Size = 141840 bytes | Created Date = 2008-05-05 06:16:37 | Attr = ] KemWnd.dll -> %SystemRoot%\System32\KemWnd.dll -> Logitech, Inc. [Ver = 4.20.129 | Size = 117264 bytes | Created Date = 2008-05-05 06:16:37 | Attr = ] KemXML.dll -> %SystemRoot%\System32\KemXML.dll -> Logitech, Inc. [Ver = 4.20.129 | Size = 76304 bytes | Created Date = 2008-05-05 06:16:37 | Attr = ] diagerr.xml -> %SystemRoot%\diagerr.xml -> [Ver = | Size = 1905 bytes | Created Date = 2008-05-28 13:41:38 | Attr = ] diagwrn.xml -> %SystemRoot%\diagwrn.xml -> [Ver = | Size = 1905 bytes | Created Date = 2008-05-28 13:41:38 | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 2008-06-20 15:03:43 | Attr = ] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 2008-06-21 16:10:58 | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 2008-06-21 16:10:58 | Attr = ] KHALMNPR.Exe -> %SystemRoot%\KHALMNPR.Exe -> Logitech, Inc. [Ver = 4.20.105 | Size = 56080 bytes | Created Date = 2008-05-05 06:17:12 | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.10 | Size = 28672 bytes | Created Date = 2008-06-21 16:13:16 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 2008-05-25 13:18:25 | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 2008-06-21 16:10:58 | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 2008-06-21 16:10:58 | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 2008-06-21 16:10:58 | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2008-06-21 16:10:57 | Attr = ] tosOBEX.INI -> %SystemRoot%\tosOBEX.INI -> [Ver = | Size = 0 bytes | Created Date = 2008-05-05 06:08:14 | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2008-06-21 16:10:58 | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 2008-06-21 16:10:58 | Attr = ] Ask Harrap's Shorter.job -> %SystemRoot%\tasks\Ask Harrap's Shorter.job -> [Ver = | Size = 314 bytes | Created Date = 2008-04-06 18:10:19 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Avira -> %AllUsersProfile%\Application Data\Avira -> [Folder | Created Date = 2008-05-30 19:25:48 | Attr = ] LogiShrd -> %AllUsersProfile%\Application Data\LogiShrd -> [Folder | Created Date = 2008-05-05 06:15:30 | Attr = ] Logitech -> %AllUsersProfile%\Application Data\Logitech -> [Folder | Created Date = 2008-05-05 06:16:20 | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 2008-06-10 15:52:54 | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 2008-06-10 16:06:00 | Attr = ] InstallShield -> %AppData%\InstallShield -> [Folder | Created Date = 2008-05-05 06:15:44 | Attr = ] Leadertech -> %AppData%\Leadertech -> [Folder | Created Date = 2008-06-14 16:21:18 | Attr = ] Logitech -> %AppData%\Logitech -> [Folder | Created Date = 2008-05-05 06:18:44 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 2008-06-10 15:52:56 | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 2008-06-10 16:05:55 | Attr = ] VoipStunt -> %AppData%\VoipStunt -> [Folder | Created Date = 2008-05-24 20:46:31 | Attr = ] WinRAR -> %AppData%\WinRAR -> [Folder | Created Date = 2008-06-17 06:53:23 | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Created Date = 2008-04-09 05:33:41 | Attr = ] Toshiba -> %UserProfile%\Local Settings\Application Data\Toshiba -> [Folder | Created Date = 2008-05-05 06:07:25 | Attr = ] Mool.RES -> D:\Vos Documents\Mool.RES -> [Ver = | Size = 1264 bytes | Created Date = 2008-03-24 11:30:02 | Attr = ] PRAG8.RES -> D:\Vos Documents\PRAG8.RES -> [Ver = | Size = 33 bytes | Created Date = 2008-03-24 11:17:36 | Attr = ] PRAG8.std -> D:\Vos Documents\PRAG8.std -> [Ver = | Size = 29753344 bytes | Created Date = 2008-03-24 11:17:40 | Attr = ] PRAG8.sti -> D:\Vos Documents\PRAG8.sti -> [Ver = | Size = 12842432 bytes | Created Date = 2008-03-24 11:17:39 | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Bureau\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 2008-06-15 12:02:14 | Attr = ] Paramètres de la souris et du clavier Logitech.lnk -> %AllUsersProfile%\Bureau\Paramètres de la souris et du clavier Logitech.lnk -> [Ver = | Size = 1681 bytes | Created Date = 2008-05-05 06:16:47 | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Bureau\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Created Date = 2008-06-15 12:04:08 | Attr = ] 05B101-111.pdf -> %UserProfile%\Bureau\05B101-111.pdf -> [Ver = | Size = 1069719 bytes | Created Date = 2008-06-05 12:57:28 | Attr = ] 1214049972331-integrated.jnlp -> %UserProfile%\Bureau\1214049972331-integrated.jnlp -> [Ver = | Size = 1251 bytes | Created Date = 2008-06-21 14:06:17 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\1214049972331-integrated.jnlp:Zone.Identifier Accidental breaking of an extradossed cable.doc -> %UserProfile%\Bureau\Accidental breaking of an extradossed cable.doc -> [Ver = | Size = 146944 bytes | Created Date = 2008-06-20 06:27:09 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\Accidental breaking of an extradossed cable.doc:Zone.Identifier ACTIVE-BOOT-DISK.ISO -> %UserProfile%\Bureau\ACTIVE-BOOT-DISK.ISO -> [Ver = | Size = 117995520 bytes | Created Date = 2008-05-25 13:04:02 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\ACTIVE-BOOT-DISK.ISO:Zone.Identifier ATF_Cleaner.exe -> %UserProfile%\Bureau\ATF_Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 2008-06-14 16:50:41 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\ATF_Cleaner.exe:Zone.Identifier BeachCompilation!.wmv -> %UserProfile%\Bureau\BeachCompilation!.wmv -> [Ver = | Size = 4440691 bytes | Created Date = 2008-06-18 15:21:18 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\BeachCompilation!.wmv:Zone.Identifier boot-cd-iso -> %UserProfile%\Bureau\boot-cd-iso -> [Folder | Created Date = 2008-06-17 06:53:23 | Attr = ] boot-cd-iso.zip -> %UserProfile%\Bureau\boot-cd-iso.zip -> [Ver = | Size = 4122450 bytes | Created Date = 2008-06-17 06:51:31 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\boot-cd-iso.zip:Zone.Identifier BurnISO.exe -> %UserProfile%\Bureau\BurnISO.exe -> LSoft Technologies Inc. [Ver = 1.1.0.7 | Size = 660936 bytes | Created Date = 2008-05-25 09:29:02 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\BurnISO.exe:Zone.Identifier clean -> %UserProfile%\Bureau\clean -> [Folder | Created Date = 2008-05-24 20:44:10 | Attr = ] clean.zip -> %UserProfile%\Bureau\clean.zip -> [Ver = | Size = 226258 bytes | Created Date = 2008-05-24 13:58:16 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\clean.zip:Zone.Identifier Combo fix -> %UserProfile%\Bureau\Combo fix -> [Folder | Created Date = 2008-06-21 16:12:21 | Attr = ] ComboFix.exe -> %UserProfile%\Bureau\ComboFix.exe -> [Ver = | Size = 2037114 bytes | Created Date = 2008-06-21 16:10:13 | Attr = ] Download_mbam-setup.exe -> %UserProfile%\Bureau\Download_mbam-setup.exe -> Digital River [Ver = 1.0.0.1 | Size = 128368 bytes | Created Date = 2008-06-15 11:49:57 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\Download_mbam-setup.exe:Zone.Identifier dss.exe -> %UserProfile%\Bureau\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 2008-06-20 15:03:12 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\dss.exe:Zone.Identifier Escan tool kit -> %UserProfile%\Bureau\Escan tool kit -> [Folder | Created Date = 2008-05-24 13:59:02 | Attr = ] Flash_Disinfector.exe -> %UserProfile%\Bureau\Flash_Disinfector.exe -> [Ver = | Size = 103992 bytes | Created Date = 2008-06-21 15:37:55 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\Flash_Disinfector.exe:Zone.Identifier Friction coefficient in the saddles _ 01.doc -> %UserProfile%\Bureau\Friction coefficient in the saddles _ 01.doc -> [Ver = | Size = 408576 bytes | Created Date = 2008-05-30 18:57:22 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\Friction coefficient in the saddles _ 01.doc:Zone.Identifier HijackThis.lnk -> %UserProfile%\Bureau\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 2008-06-14 20:03:22 | Attr = ] jre-6u6-windows-i586-p.exe -> %UserProfile%\Bureau\jre-6u6-windows-i586-p.exe -> [Ver = | Size = 15951256 bytes | Created Date = 2008-06-21 14:10:57 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\jre-6u6-windows-i586-p.exe:Zone.Identifier juin 2008.ppt -> %UserProfile%\Bureau\juin 2008.ppt -> [Ver = | Size = 356864 bytes | Created Date = 2008-06-12 05:55:30 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\juin 2008.ppt:Zone.Identifier KillDiskSuiteFree-Setup.exe -> %UserProfile%\Bureau\KillDiskSuiteFree-Setup.exe -> [Ver = | Size = 10339840 bytes | Created Date = 2008-06-17 06:48:48 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\KillDiskSuiteFree-Setup.exe:Zone.Identifier OTScanIt -> %UserProfile%\Bureau\OTScanIt -> [Folder | Created Date = 2008-06-21 19:57:21 | Attr = ] OTScanIt.exe -> %UserProfile%\Bureau\OTScanIt.exe -> [Ver = | Size = 568483 bytes | Created Date = 2008-06-21 19:57:12 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\OTScanIt.exe:Zone.Identifier Pilotes Samsung -> %UserProfile%\Bureau\Pilotes Samsung -> [Folder | Created Date = 2008-05-27 20:08:51 | Attr = ] Raccourci vers Projets Sejour Inde.lnk -> %UserProfile%\Bureau\Raccourci vers Projets Sejour Inde.lnk -> [Ver = | Size = 581 bytes | Created Date = 2008-05-26 06:02:31 | Attr = ] Raccourci vers Systra_India.lnk -> %UserProfile%\Bureau\Raccourci vers Systra_India.lnk -> [Ver = | Size = 374 bytes | Created Date = 2008-06-17 05:39:40 | Attr = ] stay anchorage.tif -> %UserProfile%\Bureau\stay anchorage.tif -> [Ver = | Size = 24348 bytes | Created Date = 2008-06-03 05:53:46 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\stay anchorage.tif:Zone.Identifier SUPERAntiSpyware.exe -> %UserProfile%\Bureau\SUPERAntiSpyware.exe -> [Ver = | Size = 5797152 bytes | Created Date = 2008-06-15 11:58:51 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\SUPERAntiSpyware.exe:Zone.Identifier TEMPS -> %UserProfile%\Bureau\TEMPS -> [Folder | Created Date = 2008-06-02 06:34:21 | Attr = ] Thumbs.db -> %UserProfile%\Bureau\Thumbs.db -> [Ver = | Size = 9728 bytes | Created Date = 2008-04-22 12:52:30 | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\Bureau\Thumbs.db:encryptable VoipStunt.lnk -> %UserProfile%\Bureau\VoipStunt.lnk -> [Ver = | Size = 760 bytes | Created Date = 2008-05-24 20:46:07 | Attr = ] wrar371fr.exe -> %UserProfile%\Bureau\wrar371fr.exe -> [Ver = | Size = 1271557 bytes | Created Date = 2008-06-17 06:53:05 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\wrar371fr.exe:Zone.Identifier Bluetooth Manager.lnk -> %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk -> [Ver = | Size = 719 bytes | Created Date = 2008-05-05 06:07:26 | Attr = ] Lancement rapide d'Adobe Acrobat.lnk -> %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk -> [Ver = | Size = 2335 bytes | Created Date = 2008-05-16 10:09:50 | Attr = ] Logitech Desktop Messenger.lnk -> %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk -> [Ver = | Size = 2072 bytes | Created Date = 2008-05-05 06:21:36 | Attr = ] Logitech SetPoint.lnk -> %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk -> [Ver = | Size = 1687 bytes | Created Date = 2008-05-05 06:16:37 | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 2008-06-21 15:51:59 | Attr = ] LogiShared -> %CommonProgramFiles%\LogiShared -> [Folder | Created Date = 2008-05-05 06:21:49 | Attr = ] LogiShrd -> %CommonProgramFiles%\LogiShrd -> [Folder | Created Date = 2008-05-05 06:16:35 | Attr = ] Logitech -> %CommonProgramFiles%\Logitech -> [Folder | Created Date = 2008-05-05 06:16:10 | Attr = ] Alwil Software -> %ProgramFiles%\Alwil Software -> [Folder | Created Date = 2008-05-11 14:27:00 | Attr = ] Burn4Free -> %ProgramFiles%\Burn4Free -> [Folder | Created Date = 2008-04-17 22:36:38 | Attr = ] Java -> %ProgramFiles%\Java -> [Folder | Created Date = 2008-06-21 15:52:03 | Attr = ] Logitech -> %ProgramFiles%\Logitech -> [Folder | Created Date = 2008-05-05 06:15:58 | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 2008-06-15 12:02:13 | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [Folder | Created Date = 2008-06-10 16:05:55 | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 2008-06-14 20:03:21 | Attr = ] VoipStunt.com -> %ProgramFiles%\VoipStunt.com -> [Folder | Created Date = 2008-05-24 20:46:06 | Attr = ] WinRAR -> %ProgramFiles%\WinRAR -> [Folder | Created Date = 2008-06-17 06:53:12 | Attr = ] [Files/Folders - Modified Within 90 days] .rnd -> %SystemDrive%\.rnd -> [Ver = | Size = 1024 bytes | Modified Date = 2008-04-13 17:01:01 | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 282 bytes | Modified Date = 2008-06-21 16:12:00 | Attr = RHS] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Modified Date = 2008-06-21 16:12:00 | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 2008-06-20 15:03:23 | Attr = ] Kaspersky -> %SystemDrive%\Kaspersky -> [Folder | Modified Date = 2008-05-24 20:40:48 | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2008-06-21 15:52:03 | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 2008-06-21 19:52:14 | Attr = ] RECUP6.DOC -> %SystemDrive%\RECUP6.DOC -> [Ver = | Size = 48470 bytes | Modified Date = 2008-05-09 07:25:16 | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2008-06-20 15:03:38 | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2008-06-21 19:52:20 | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 2008-05-23 05:54:41 | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 788 bytes | Modified Date = 2008-05-31 07:55:27 | Attr = ] hosts.bak -> %SystemRoot%\System32\drivers\etc\hosts.bak -> [Ver = | Size = 788 bytes | Modified Date = 2008-05-30 14:50:14 | Attr = ] hosts.ics -> %SystemRoot%\System32\drivers\etc\hosts.ics -> [Ver = | Size = 434 bytes | Modified Date = 2008-06-14 16:30:34 | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [Ver = | Size = 15864 bytes | Modified Date = 2008-06-10 19:02:40 | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Modified Date = 2008-06-10 19:02:44 | Attr = ] MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 2008-05-05 06:31:47 | Attr = H ] Msft_Kernel_LMouFilt_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 2008-05-05 06:31:50 | Attr = H ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2008-06-21 19:51:42 | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 2008-05-11 16:01:34 | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 3116 bytes | Modified Date = 2008-05-16 10:05:57 | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 2008-05-06 05:52:27 | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2008-06-21 19:49:31 | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 2008-06-14 16:17:09 | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Modified Date = 2008-03-25 01:28:39 | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 69632 bytes | Modified Date = 2008-03-25 02:37:01 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Modified Date = 2008-03-25 01:28:43 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 139264 bytes | Modified Date = 2008-03-25 02:37:01 | Attr = ] Lang -> %SystemRoot%\System32\Lang -> [Folder | Modified Date = 2008-06-21 19:46:05 | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 71878 bytes | Modified Date = 2008-03-30 17:21:17 | Attr = ] perfc00C.dat -> %SystemRoot%\System32\perfc00C.dat -> [Ver = | Size = 85004 bytes | Modified Date = 2008-03-30 17:21:17 | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 441320 bytes | Modified Date = 2008-03-30 17:21:17 | Attr = ] perfh00C.dat -> %SystemRoot%\System32\perfh00C.dat -> [Ver = | Size = 509814 bytes | Modified Date = 2008-03-30 17:21:17 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 1121450 bytes | Modified Date = 2008-03-30 17:21:17 | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 2008-06-20 15:03:38 | Attr = ] VPCache -> %SystemRoot%\System32\VPCache -> [Folder | Modified Date = 2008-04-25 13:13:00 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 2008-06-21 19:44:44 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2008-06-21 19:43:27 | Attr = S] bthservsdp.dat -> %SystemRoot%\bthservsdp.dat -> [Ver = | Size = 12 bytes | Modified Date = 2008-06-21 19:28:22 | Attr = ] CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 2008-05-26 05:56:19 | Attr = HS] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2008-04-17 22:26:59 | Attr = ] diagerr.xml -> %SystemRoot%\diagerr.xml -> [Ver = | Size = 1905 bytes | Modified Date = 2008-05-28 13:42:17 | Attr = ] diagwrn.xml -> %SystemRoot%\diagwrn.xml -> [Ver = | Size = 1905 bytes | Modified Date = 2008-05-28 13:42:17 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2008-06-20 15:04:50 | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 2008-06-21 16:11:15 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2008-06-21 19:45:19 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2008-06-21 15:52:49 | Attr = HS] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 2008-04-17 22:26:59 | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 2008-03-24 08:03:44 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2008-06-21 15:43:26 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 2008-05-25 13:18:25 | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 2008-03-25 15:50:17 | Attr = ] SMSCFG.ini -> %SystemRoot%\SMSCFG.ini -> [Ver = | Size = 503 bytes | Modified Date = 2008-06-21 19:43:52 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 2008-06-21 19:51:12 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2008-06-21 19:52:23 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2008-04-06 18:10:19 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2008-06-21 19:52:27 | Attr = ] tosOBEX.INI -> %SystemRoot%\tosOBEX.INI -> [Ver = | Size = 0 bytes | Modified Date = 2008-05-05 06:08:14 | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 675 bytes | Modified Date = 2008-04-06 18:09:15 | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2008-05-05 06:17:31 | Attr = ] Ask Harrap's Shorter.job -> %SystemRoot%\tasks\Ask Harrap's Shorter.job -> [Ver = | Size = 314 bytes | Modified Date = 2008-04-06 18:11:00 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2008-06-21 19:43:34 | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 2006-05-23 15:36:26 | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 2006-05-23 15:36:26 | Attr = ] C:\Documents and Settings\utilisateur2\Local Settings\Temp\ -> C:\Documents and Settings\utilisateur2\Local Settings\Temp -> [Folder | Modified Date = 2008-06-21 19:53:45 | Attr = ] Perflib_Perfdata_98c.dat -> C:\Documents and Settings\utilisateur2\Local Settings\Temp\Perflib_Perfdata_98c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-06-21 19:45:19 | Attr = ] Perflib_Perfdata_a60.dat -> C:\Documents and Settings\utilisateur2\Local Settings\Temp\Perflib_Perfdata_a60.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-06-21 19:45:38 | Attr = ] Perflib_Perfdata_b50.dat -> C:\Documents and Settings\utilisateur2\Local Settings\Temp\Perflib_Perfdata_b50.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-06-21 19:45:38 | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 2008-06-21 19:59:05 | Attr = ] Perflib_Perfdata_1118.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1118.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-06-21 19:59:05 | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Avira -> %AllUsersProfile%\Application Data\Avira -> [Folder | Modified Date = 2008-06-11 06:01:58 | Attr = ] Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Modified Date = 2008-04-13 15:39:15 | Attr = ] LogiShrd -> %AllUsersProfile%\Application Data\LogiShrd -> [Folder | Modified Date = 2008-05-05 06:15:30 | Attr = ] Logitech -> %AllUsersProfile%\Application Data\Logitech -> [Folder | Modified Date = 2008-05-05 06:16:20 | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 2008-06-10 15:52:54 | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 2008-05-31 05:49:01 | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 2008-06-10 16:06:00 | Attr = ] AdobeUM -> %AppData%\AdobeUM -> [Folder | Modified Date = 2008-05-19 14:11:39 | Attr = ] InstallShield -> %AppData%\InstallShield -> [Folder | Modified Date = 2008-05-05 06:15:44 | Attr = ] Leadertech -> %AppData%\Leadertech -> [Folder | Modified Date = 2008-06-14 16:21:18 | Attr = ] Logitech -> %AppData%\Logitech -> [Folder | Modified Date = 2008-05-05 06:18:44 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 2008-06-10 15:52:56 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 2008-05-22 18:41:21 | Attr = S] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 2008-06-15 12:04:07 | Attr = ] VoipStunt -> %AppData%\VoipStunt -> [Folder | Modified Date = 2008-05-25 04:11:04 | Attr = ] WinRAR -> %AppData%\WinRAR -> [Folder | Modified Date = 2008-06-17 06:53:23 | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Modified Date = 2008-04-29 06:09:12 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 83456 bytes | Modified Date = 2008-04-06 16:40:26 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 3179486 bytes | Modified Date = 2008-03-24 08:23:43 | Attr = H ] Toshiba -> %UserProfile%\Local Settings\Application Data\Toshiba -> [Folder | Modified Date = 2008-05-05 06:07:25 | Attr = ] Beams.prn -> D:\Vos Documents\Beams.prn -> [Ver = | Size = 51837 bytes | Modified Date = 2008-03-24 13:18:56 | Attr = ] Bearings.prn -> D:\Vos Documents\Bearings.prn -> [Ver = | Size = 11833 bytes | Modified Date = 2008-03-24 13:18:56 | Attr = ] Documents du Bureau -> D:\Vos Documents\Documents du Bureau -> [Folder | Modified Date = 2008-05-25 18:18:25 | Attr = ] Ma musique -> D:\Vos Documents\Ma musique -> [Folder | Modified Date = 2008-04-17 22:32:34 | Attr = ] Mes images -> D:\Vos Documents\Mes images -> [Folder | Modified Date = 2008-05-09 07:57:00 | Attr = ] Mool.RES -> D:\Vos Documents\Mool.RES -> [Ver = | Size = 1264 bytes | Modified Date = 2008-03-24 13:19:08 | Attr = ] Mool.std -> D:\Vos Documents\Mool.std -> [Ver = | Size = 64765952 bytes | Modified Date = 2008-03-24 13:19:03 | Attr = ] Mool.sti -> D:\Vos Documents\Mool.sti -> [Ver = | Size = 12842432 bytes | Modified Date = 2008-03-24 13:19:03 | Attr = ] Nodes.prn -> D:\Vos Documents\Nodes.prn -> [Ver = | Size = 44474 bytes | Modified Date = 2008-03-24 13:18:56 | Attr = ] PRAG8.RES -> D:\Vos Documents\PRAG8.RES -> [Ver = | Size = 33 bytes | Modified Date = 2008-03-24 13:09:16 | Attr = ] PRAG8.std -> D:\Vos Documents\PRAG8.std -> [Ver = | Size = 29753344 bytes | Modified Date = 2008-03-24 13:01:01 | Attr = ] PRAG8.sti -> D:\Vos Documents\PRAG8.sti -> [Ver = | Size = 12842432 bytes | Modified Date = 2008-03-24 13:01:01 | Attr = ] Res-Bearings.prn -> D:\Vos Documents\Res-Bearings.prn -> [Ver = | Size = 2986 bytes | Modified Date = 2008-03-24 13:18:56 | Attr = ] Res-Contr.prn -> D:\Vos Documents\Res-Contr.prn -> [Ver = | Size = 366812 bytes | Modified Date = 2008-03-24 13:18:55 | Attr = ] Res-Depla.prn -> D:\Vos Documents\Res-Depla.prn -> [Ver = | Size = 682060 bytes | Modified Date = 2008-03-24 13:18:55 | Attr = ] Res-Forces.prn -> D:\Vos Documents\Res-Forces.prn -> [Ver = | Size = 459420 bytes | Modified Date = 2008-03-24 13:18:55 | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Bureau\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 2008-06-15 12:02:14 | Attr = ] Microsoft Office Excel 2003.lnk -> %AllUsersProfile%\Bureau\Microsoft Office Excel 2003.lnk -> [Ver = | Size = 2551 bytes | Modified Date = 2008-04-22 14:14:03 | Attr = ] Microsoft Office Outlook 2003.lnk -> %AllUsersProfile%\Bureau\Microsoft Office Outlook 2003.lnk -> [Ver = | Size = 2623 bytes | Modified Date = 2008-06-20 11:02:16 | Attr = ] Microsoft Office Word 2003.lnk -> %AllUsersProfile%\Bureau\Microsoft Office Word 2003.lnk -> [Ver = | Size = 2573 bytes | Modified Date = 2008-06-21 09:17:16 | Attr = ] Paramètres de la souris et du clavier Logitech.lnk -> %AllUsersProfile%\Bureau\Paramètres de la souris et du clavier Logitech.lnk -> [Ver = | Size = 1681 bytes | Modified Date = 2008-05-05 06:20:24 | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Bureau\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 2008-06-15 12:04:08 | Attr = ] 05B101-111.pdf -> %UserProfile%\Bureau\05B101-111.pdf -> [Ver = | Size = 1069719 bytes | Modified Date = 2008-06-05 13:03:44 | Attr = ] 1214049972331-integrated.jnlp -> %UserProfile%\Bureau\1214049972331-integrated.jnlp -> [Ver = | Size = 1251 bytes | Modified Date = 2008-06-21 14:06:17 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\1214049972331-integrated.jnlp:Zone.Identifier Accidental breaking of an extradossed cable.doc -> %UserProfile%\Bureau\Accidental breaking of an extradossed cable.doc -> [Ver = | Size = 146944 bytes | Modified Date = 2008-06-20 10:59:50 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\Accidental breaking of an extradossed cable.doc:Zone.Identifier ACTIVE-BOOT-DISK.ISO -> %UserProfile%\Bureau\ACTIVE-BOOT-DISK.ISO -> [Ver = | Size = 117995520 bytes | Modified Date = 2008-05-25 13:04:06 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\ACTIVE-BOOT-DISK.ISO:Zone.Identifier ATF_Cleaner.exe -> %UserProfile%\Bureau\ATF_Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2008-06-14 16:50:43 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\ATF_Cleaner.exe:Zone.Identifier BeachCompilation!.wmv -> %UserProfile%\Bureau\BeachCompilation!.wmv -> [Ver = | Size = 4440691 bytes | Modified Date = 2008-06-18 15:21:18 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\BeachCompilation!.wmv:Zone.Identifier boot-cd-iso -> %UserProfile%\Bureau\boot-cd-iso -> [Folder | Modified Date = 2008-06-17 06:53:23 | Attr = ] boot-cd-iso.zip -> %UserProfile%\Bureau\boot-cd-iso.zip -> [Ver = | Size = 4122450 bytes | Modified Date = 2008-06-17 06:51:32 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\boot-cd-iso.zip:Zone.Identifier BurnISO.exe -> %UserProfile%\Bureau\BurnISO.exe -> LSoft Technologies Inc. [Ver = 1.1.0.7 | Size = 660936 bytes | Modified Date = 2008-05-25 09:29:02 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\BurnISO.exe:Zone.Identifier clean -> %UserProfile%\Bureau\clean -> [Folder | Modified Date = 2008-05-24 20:44:10 | Attr = ] clean.zip -> %UserProfile%\Bureau\clean.zip -> [Ver = | Size = 226258 bytes | Modified Date = 2008-05-24 13:58:28 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\clean.zip:Zone.Identifier Combo fix -> %UserProfile%\Bureau\Combo fix -> [Folder | Modified Date = 2008-06-21 19:53:00 | Attr = ] ComboFix.exe -> %UserProfile%\Bureau\ComboFix.exe -> [Ver = | Size = 2037114 bytes | Modified Date = 2008-06-21 06:57:24 | Attr = ] Download_mbam-setup.exe -> %UserProfile%\Bureau\Download_mbam-setup.exe -> Digital River [Ver = 1.0.0.1 | Size = 128368 bytes | Modified Date = 2008-06-15 11:50:09 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\Download_mbam-setup.exe:Zone.Identifier dss.exe -> %UserProfile%\Bureau\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 2008-06-20 15:03:12 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\dss.exe:Zone.Identifier Escan tool kit -> %UserProfile%\Bureau\Escan tool kit -> [Folder | Modified Date = 2008-05-24 14:38:32 | Attr = ] Flash_Disinfector.exe -> %UserProfile%\Bureau\Flash_Disinfector.exe -> [Ver = | Size = 103992 bytes | Modified Date = 2008-06-21 15:38:04 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\Flash_Disinfector.exe:Zone.Identifier Friction coefficient in the saddles _ 01.doc -> %UserProfile%\Bureau\Friction coefficient in the saddles _ 01.doc -> [Ver = | Size = 408576 bytes | Modified Date = 2008-05-30 18:57:32 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\Friction coefficient in the saddles _ 01.doc:Zone.Identifier HijackThis.lnk -> %UserProfile%\Bureau\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 2008-06-14 20:03:22 | Attr = ] jre-6u6-windows-i586-p.exe -> %UserProfile%\Bureau\jre-6u6-windows-i586-p.exe -> [Ver = | Size = 15951256 bytes | Modified Date = 2008-06-21 14:10:57 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\jre-6u6-windows-i586-p.exe:Zone.Identifier juin 2008.ppt -> %UserProfile%\Bureau\juin 2008.ppt -> [Ver = | Size = 356864 bytes | Modified Date = 2008-06-12 05:55:37 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\juin 2008.ppt:Zone.Identifier KillDiskSuiteFree-Setup.exe -> %UserProfile%\Bureau\KillDiskSuiteFree-Setup.exe -> [Ver = | Size = 10339840 bytes | Modified Date = 2008-06-17 06:48:49 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\KillDiskSuiteFree-Setup.exe:Zone.Identifier OTScanIt -> %UserProfile%\Bureau\OTScanIt -> [Folder | Modified Date = 2008-06-21 19:57:21 | Attr = ] OTScanIt.exe -> %UserProfile%\Bureau\OTScanIt.exe -> [Ver = | Size = 568483 bytes | Modified Date = 2008-06-21 19:57:13 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\OTScanIt.exe:Zone.Identifier Pilotes Samsung -> %UserProfile%\Bureau\Pilotes Samsung -> [Folder | Modified Date = 2008-05-28 19:12:50 | Attr = ] Raccourci vers Projets Sejour Inde.lnk -> %UserProfile%\Bureau\Raccourci vers Projets Sejour Inde.lnk -> [Ver = | Size = 581 bytes | Modified Date = 2008-05-26 06:02:31 | Attr = ] Raccourci vers Systra_India.lnk -> %UserProfile%\Bureau\Raccourci vers Systra_India.lnk -> [Ver = | Size = 374 bytes | Modified Date = 2008-06-17 05:39:40 | Attr = ] stay anchorage.tif -> %UserProfile%\Bureau\stay anchorage.tif -> [Ver = | Size = 24348 bytes | Modified Date = 2008-06-03 05:53:46 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\stay anchorage.tif:Zone.Identifier SUPERAntiSpyware.exe -> %UserProfile%\Bureau\SUPERAntiSpyware.exe -> [Ver = | Size = 5797152 bytes | Modified Date = 2008-06-15 11:58:51 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\SUPERAntiSpyware.exe:Zone.Identifier TEMPS -> %UserProfile%\Bureau\TEMPS -> [Folder | Modified Date = 2008-06-21 05:51:37 | Attr = ] Thumbs.db -> %UserProfile%\Bureau\Thumbs.db -> [Ver = | Size = 9728 bytes | Modified Date = 2008-05-06 09:25:29 | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\Bureau\Thumbs.db:encryptable VoipStunt.lnk -> %UserProfile%\Bureau\VoipStunt.lnk -> [Ver = | Size = 760 bytes | Modified Date = 2008-05-24 20:46:07 | Attr = ] wrar371fr.exe -> %UserProfile%\Bureau\wrar371fr.exe -> [Ver = | Size = 1271557 bytes | Modified Date = 2008-06-17 06:53:05 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureau\wrar371fr.exe:Zone.Identifier Bluetooth Manager.lnk -> %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk -> [Ver = | Size = 719 bytes | Modified Date = 2008-05-05 06:07:43 | Attr = ] Gestion du client de pare-feu Microsoft.lnk -> %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Gestion du client de pare-feu Microsoft.lnk -> [Ver = | Size = 2637 bytes | Modified Date = 2008-06-21 19:45:15 | Attr = ] Lancement rapide d'Adobe Acrobat.lnk -> %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk -> [Ver = | Size = 2335 bytes | Modified Date = 2008-06-21 19:45:16 | Attr = ] Logitech Desktop Messenger.lnk -> %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk -> [Ver = | Size = 2072 bytes | Modified Date = 2008-05-05 06:21:36 | Attr = ] Logitech SetPoint.lnk -> %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk -> [Ver = | Size = 1687 bytes | Modified Date = 2008-05-05 06:20:22 | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 2008-06-21 15:51:59 | Attr = ] LogiShared -> %CommonProgramFiles%\LogiShared -> [Folder | Modified Date = 2008-05-05 06:21:49 | Attr = ] LogiShrd -> %CommonProgramFiles%\LogiShrd -> [Folder | Modified Date = 2008-05-05 06:16:40 | Attr = ] Logitech -> %CommonProgramFiles%\Logitech -> [Folder | Modified Date = 2008-05-05 06:16:10 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 2008-06-15 12:03:54 | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]