Votre question

Rapport ZHPDiag et malwarebyte's

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
12 Avril 2011 21:40:24

bonjour,
depuis plus quelque, mon ordinateur est lent.
je suis suis sous vista . Ma connexion réseau aussi bien en wifi que par câble est impossible sur l'icône réseau j'ai le message "statut de connexion inconnu, le service ou le groupe de dépendance n'a pas pu démarrer".
J'ai essayer de taper sur invite commande "netsh winsock reset" et de redémarrer le pc ça n'a pas fonctionner. Je ne sais plus comment faire, sans connexion réseaux et internet je suis bloquer.
Pouvez vous m'aider s.v.p ?

voici le rapport avec malwarebytes

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5363

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

12-4-2011 21:27:08
mbam-log-2011-04-12 (21-27-08).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 137352
Temps écoulé: 5 minute(s), 27 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\Users\a\AppData\Local\Temp\Low\e.exe (Rootkit.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\a\AppData\Local\Temp\Low\google.exe (Rootkit.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\a\x.exe (Trojan.KillAV) -> Quarantined and deleted successfully.


et voici mon rapport avec ZHPDiag

Rapport de ZHPDiag v1.27.1869 par Nicolas Coolman, Update du 12/04/2011
Run by a at 12-4-2011 19:46:10
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.h...


---\\ Web Browser
MSIE: Internet Explorer v7.0.6002.18005
MFIE: Mozilla Firefox v3.6.16 (fr) (Defaut)
GCIE: Google Chrome v10.0.648.204

---\\ System Information
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2037 MB (52% free)
System Restore: Activé (Enable)
System drive C: has 126 GB (70%) free of 181 GB

---\\ Logged in mode
Computer Name: PC_VAN_A
User Name: a
All Users Names: Gast, Administrator, a,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
%AppData%=C:\Users\a\AppData\Roaming
%LocalAppData%=C:\Users\a\AppData\Local
%StartMenu%=C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 126 Go of 181 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 117 Go of 117 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Free 4 Go of 8 Go)


---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK


---\\ Search Generic System Files
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Windows Verkenner.) (.11-4-2009 14:18:30.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.21-1-2008 3:23:42.) -- C:\Windows\system32\Wininit.exe [96768]
[MD5.072213E1604D843D3230EE61663466A4] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.20-12-2010 17:36:20.) -- C:\Windows\system32\wininet.dll [834048]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.11-4-2009 14:18:46.) -- C:\Windows\system32\Winlogon.exe [314368]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11-4-2009 14:18:00.) -- C:\Windows\system32\drivers\atapi.sys [19944]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.11-4-2009 14:18:16.) -- C:\Windows\system32\drivers\ntfs.sys [1083880]


---\\ Running Processes
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184]
[MD5.F371C6DF9A810EF2E6E4FA60ACBB5C33] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [174872]
[MD5.6EC219F92D549F6DD08BAF8641449978] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [154136]
[MD5.5C2CEBA92016A7B365374DD767154C80] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [129560]
[MD5.A659F31AC25418738351E5BDF4C85780] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [4669440]
[MD5.9A2B413994133284DF08AFF3492ED040] - (.Synaptics, Inc. - Synaptics Pointing Device starter.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400]
[MD5.872B3D5F6F9F9BDFD6A83EE8AA5824B4] - (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [69632]
[MD5.4FA2F9A48AA6CEB5A4E1A1BA21ED0BA8] - (.Wistron - HotkeyApp.) -- C:\Program Files\Launch Manager\HotkeyApp.exe [192512]
[MD5.5C2DEF31326B9F873ED0B5F0272589E2] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [202256]
[MD5.90EBEAF4EE965E1182C8102D4CB8C4A6] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252440]
[MD5.A64DA4EF938434F19142F964296347BF] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe [111928]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952]
[MD5.66BC5F3AD50FE6225D3FD1964A749D38] - (.Eset - NOD32 Control Center GUI.) -- C:\Program Files\Eset\nod32kui.exe [949376]
[MD5.1542D48BEF0C07513453CDEF1577BB79] - (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\daemon.exe [691656]
[MD5.93C9DA7AAEBCEB19831CD8D0C471C20C] - (...) -- C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe [5636136]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376]
[MD5.E0033A799C7C761618AA22ECE403240E] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1021224]
[MD5.F576AADAFB58D214EE87B81F70C3DBD9] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\a\Desktop\ZHPDiag2\ZHPDiag2.exe [2419780]
[MD5.8C86190BAE1CE44913EE4C7108CD12FC] - (.Unknown owner - Setup/Uninstall.) -- C:\Users\a\AppData\Local\Temp\is-6L26M.tmp\ZHPDiag2.tmp [715264]
[MD5.3C03CB94875E43099EC375F05BB3DCC1] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [642560]


---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [a] -- C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\vorsfmxw.default\searchplugins\askcom.xml
M3 - MFPP: Plugins - [a] -- C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\vorsfmxw.default\searchplugins\bing.xml
M3 - MFPP: Plugins - [a] -- C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\vorsfmxw.default\searchplugins\sweetim.xml
M3 - MFPP: Plugins - [a] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [a] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [a] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [a] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [a] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [a] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - np-mswmp.) -- C:\Program Files\Mozilla Firefox\Plugins\np-mswmp.dll
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\Mozilla Firefox\Plugins\nppl3260.dll
P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Mozilla Firefox\Plugins\nprjplug.dll
P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - 6.0.12.688.) -- C:\Program Files\Mozilla Firefox\Plugins\nprpjplug.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Unknown owner - No comment.) -- C:\Windows\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.9.620.) -- C:\Windows\system32\Adobe\Director\np32dsw.dll
P2 - FPN: [HKLM] [@ma-config.com/HardwareDetection] - (.Cybelsoft - Plugin NPAPI Ma-Config.com.) -- C:\Program Files\ma-config.com\nphardwaredetection.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60129.0.) -- c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3508.1109] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.12.688] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
P2 - FPN: [HKLM] [@real.com/nprjplug;version=1.0.3.688] - (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.12.688] - (.RealNetworks, Inc. - 6.0.12.688.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
P2 - FPN: [HKCU] [@movenetworks.com/Quantum Media Player] - (.Move Networks - npmnqmp 989898989877.) -- C:\Users\a\AppData\Roaming\Move Networks\plugins\npqmp071700000016.dll
M0 - MFSP: prefs.js [a - vorsfmxw.default] http://google.be
M2 - MFEP: prefs.js [a - vorsfmxw.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.1 (.Microsoft.)
M2 - MFEP: prefs.js [a - vorsfmxw.default\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}] [dwhelper] DownloadHelper v4.8.4 (.Michel Gutierrez.)
M2 - MFEP: prefs.js [a - vorsfmxw.default\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}] [] Torbutton v1.2.5 (.Mike Perry & Scott Squires.)
M2 - MFEP: prefs.js [a - vorsfmxw.default\{E2082660-5330-49e6-BD84-9978CE15BA72}] [] SQL Injection! v1.2.5 (.Daniel Neto.)
M2 - MFEP: prefs.js [a - vorsfmxw.default\{EEE6C361-6118-11DC-9C72-001320C79847}] [] SweetIM Toolbar for Firefox v1.0.0.10 (.SweetIM Technologies LTD..)
M2 - MFEP: prefs.js [a - vorsfmxw.default\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}] [] HackBar v1.5.0 (.Johan Adriaans.)


---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com


---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKUS\S-1-5-21-2246348134-1748625400-1856794335-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (7.00.6000.16386 (vista_rtm.061101-2205)) -- C:\Windows\system32\ieframe.dll

Autres pages sur : rapport zhpdiag malwarebyte

12 Avril 2011 21:41:32

---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll


---\\ ---\\ Changed inifile Value, Mapped to Registry (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"


---\\ Browser Helper Objects (O2)
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealPlayer - RealPlayer Download and Record Plugin.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} . (.Microsoft Corporation - Windows Live Messenger Companion Core.) -- C:\Program Files\Windows Live\Companion\companioncore.dll


---\\ ---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [nod32kui] . (.Eset - NOD32 Control Center GUI.) -- C:\Program Files\Eset\nod32kui.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Windows\Skytel.exe
O4 - HKLM\..\Run: [SynTPStart] . (.Synaptics, Inc. - Synaptics Pointing Device starter.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ISUSScheduler] . (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HotkeyApp] . (.Wistron - HotkeyApp.) -- C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
O4 - HKLM\..\Run: [UpdateReminder] . (.ESET, spol. s r.o. - ESET Update Reminder.) -- C:\Program Files\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [ISUSPM Startup] . (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
O4 - HKCU\..\Run: [msnmsgr] ~C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
O4 - HKCU\..\Run: [Vidalia] . (...) -- C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-2246348134-1748625400-1856794335-1000\..\Run: [ISUSPM Startup] . (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
O4 - HKUS\S-1-5-21-2246348134-1748625400-1856794335-1000\..\Run: [msnmsgr] ~C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKUS\S-1-5-21-2246348134-1748625400-1856794335-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-2246348134-1748625400-1856794335-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
O4 - HKUS\S-1-5-21-2246348134-1748625400-1856794335-1000\..\Run: [Vidalia] . (...) -- C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe


---\\ ---\\ Other User Links (O4)
O4 - Global Startup: C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\a\Desktop\Documenten.lnk . (...) -- C:\Users\a\Documents
O4 - Global Startup: C:\Users\a\Desktop\dynast.txt - Snelkoppeling.lnk . (...) -- C:\Users\a\Desktop\dynast.txt (.not file.)
O4 - Global Startup: C:\Users\a\Desktop\HijackThis.lnk . (...) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe (.not file.)
O4 - Global Startup: C:\Users\a\Desktop\I.docxas.docx3.docxfinalité.docx - Snelkoppeling.lnk . (...) -- C:\Users\a\Desktop\docasmae\I.docxas.docx3.docxfinalité.docx
O4 - Global Startup: C:\Users\a\Desktop\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\a\Desktop\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\a\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk . (.Google Inc..) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - Global Startup: C:\Users\a\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\a\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe


---\\ Extra items in the IE right-click menu (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\Office12\EXCEL.exe


---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companion
O9 - Extra button: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBro
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO


---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Shim-provider van e-mailnamen.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP-naamruimteprovider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP-naamruimteprovider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service-aanbieder.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll


---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_...
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.c...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...


---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7B0486F-5A36-4013-A2C5-7828D7CD7758}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F014324B-ACF8-49E7-AB97-9F9BE4FB46EC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E7B0486F-5A36-4013-A2C5-7828D7CD7758}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F014324B-ACF8-49E7-AB97-9F9BE4FB46EC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{E7B0486F-5A36-4013-A2C5-7828D7CD7758}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{F014324B-ACF8-49E7-AB97-9F9BE4FB46EC}: DhcpNameServer = 192.168.1.1


---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll


---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Website Monitor.) -- C:\Windows\system32\webcheck.dll


---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browserbibliotheek met gebruikersinte.) -- C:\Windows\system32\browseui.dll


---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: (EvtEng) . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Event Log Service.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: (IAANTMON) . (.Intel Corporation - RAID Monitor.) - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: (maconfservice) . (.CybelSoft - Service de détection matériel.) - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: (NOD32krn) . (.Eset - NOD32 Kernel Service.) - C:\Program Files\Eset\nod32krn.exe
O23 - Service: (RegSrvc) . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Registry Service.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: (WisLMSvc) . (.Wistron Corp. - No comment.) - C:\Program Files\Launch Manager\WisLMSvc.exe
O23 - Service: (wlidsvc) . (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.exe


---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)


---\\ Task Planned Automatically(039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job


---\\ Drivers launched at startup (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - i8042-poortstuurprogramma.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver: (kbdclass) . (.Microsoft Corporation - Stuurprogramma voor verschillende toetsenbo.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (mouclass) . (.Microsoft Corporation - Stuurprogramma voor muistypen.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (nod32drv) . (...) - C:\Windows\system32\drivers\nod32drv.sys
O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - QoS-pakketplanner.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\System32\DRIVERS\smb.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys


---\\ Software installed (O42)
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 8 - Nederlands - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1043-7B44-A80000000000}
O42 - Logiciel: Adobe Shockwave Player - (.Adobe Systems, Inc..) [HKLM] -- {43BFB9E2-169C-46A9-BB81-141A37FD9750}
O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {EE6097DD-05F4-4178-9719-D3170BF098E8}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {6956856F-B6B3-4BE0-BA0B-8F495BE32033}
O42 - Logiciel: Complément Messenger - (.Microsoft Corporation.) [HKLM] -- {6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}
O42 - Logiciel: Contrôle ActiveX Windows Live Mesh pour connexions à distance - (.Microsoft Corporation.) [HKLM] -- {55D003F4-9599-44BF-BA9E-95D060730DD3}
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM] -- {488F0347-C4A7-4374-91A7-30818BEDA710}
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Intel PROSet Wireless - (.Unknown owner.) [HKLM] -- ProInst
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Unknown owner.) [HKLM] -- HDMI
O42 - Logiciel: Intel(R) Matrix Storage Manager - (.Unknown owner.) [HKLM] -- {9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}
O42 - Logiciel: Intel(R) PROSet/Wireless WiFi-software - (.Intel Corporation.) [HKLM] -- {014EFADF-1AA8-44D0-B889-D39D77302A62}
O42 - Logiciel: Java(TM) SE Runtime Environment 6 Update 1 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160010}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
O42 - Logiciel: LAME v3.98.3 for Audacity - (.Unknown owner.) [HKLM] -- LAME for Audacity_is1
O42 - Logiciel: Launch Manager V1.4.9 - (.Wistron Corp..) [HKLM] -- {D0846526-66DD-4DC9-A02C-98F9A2806812}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSXML 4.0 SP2 (KB927978) - (.Microsoft Corporation.) [HKLM] -- {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Ma-Config.com - (.Cybelsoft.) [HKLM] -- {0810B8B7-7539-41D3-983E-6127FCF1CC9E}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Mesh Runtime - (.Microsoft Corporation.) [HKLM] -- {8C6D6116-B724-4810-8F2D-D047E6B7D68E}
O42 - Logiciel: Messenger Companion - (.Microsoft Corporation.) [HKLM] -- {8142D25E-028A-4563-86ED-5755783C8029}
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - nld - (.Microsoft Corporation.) [HKLM] -- {101738D7-D805-37A9-BB91-1F2C351782BF}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Outlook Connector - (.Microsoft Corporation.) [HKLM] -- {95140000-007A-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Outlook Connector - (.Microsoft Corporation.) [HKLM] -- {95140000-007A-0413-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- PROPLUS
O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}
O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Module de compatibilité pour Microsoft Office System 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0020-040C-0000-0000000FF1CE}
O42 - Logiciel: Move Media Player - (.Move Networks.) [HKCU] -- Move Media Player
O42 - Logiciel: Mozilla Firefox (3.6.16) - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.6.16)
O42 - Logiciel: NOD32 FiX - (.nsane productions.) [HKLM] -- {DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1
O42 - Logiciel: NOD32 antivirus systeem - (.Unknown owner.) [HKLM] -- NOD32
O42 - Logiciel: Nero 9 Lite - (.Nero AG.) [HKLM] -- {492d387a-12c0-458e-a05f-8a327e376045}
O42 - Logiciel: Nero Installer - (.Nero AG.) [HKLM] -- {E8A80433-302B-4FF1-815D-FCC8EAC482FF}
O42 - Logiciel: Nero Suite - (.Unknown owner.) [HKLM] -- NeroMultiInstaller!UninstallKey
O42 - Logiciel: Octoshape add-in for Adobe Flash Player - (.Unknown owner.) [HKCU] -- Octoshape add-in for Adobe Flash Player
O42 - Logiciel: RealPlayer - (.RealNetworks.) [HKLM] -- RealPlayer 12.0
O42 - Logiciel: RealUpgrade 1.0 - (.RealNetworks, Inc..) [HKLM] -- {F4F4F84E-804F-4E9A-84D7-C34283F0088F}
O42 - Logiciel: Realtek Ethernet Controller Driver For Windows Vista - (.Realtek.) [HKLM] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288621) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5C497F0B-2061-4CC9-A61C-6B45B867354D}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288931) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CD769337-C8AC-46DB-A7DC-643E50089263}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2289158) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{210B16C0-CEBD-4DE9-B474-04A7E8735E16}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2344875) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2345043) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{536FB502-775F-4494-BACE-C02CC90B7A5B}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB976321) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7F207DCA-3399-40CB-A968-6E5991B1421A}
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5A4E43D5-858F-49BD-BA72-8F30E1793060}
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB2345035) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{B23002DD-34EC-4988-B810-A5E2A0BF04F1}
O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB982158) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint Viewer (KB2413381) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3DED0A62-44C8-4E00-A785-5212F297A9D9}
O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB2284697) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3A4CDE54-2403-483D-8D9A-15E3264410DF}
O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB2344993) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
O42 - Logiciel: SweetIM for Messenger 3.3 - (.SweetIM Technologies Ltd..) [HKLM] -- {1D301950-EA2F-4882-9AA0-49467756842A}
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics.) [HKLM] -- SynTPDeinstKey
O42 - Logiciel: System Requirements Lab for Intel - (.Husdawg, LLC.) [HKLM] -- {F7FC9307-374E-4017-8E9D-DE1154780480}
O42 - Logiciel: Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - nld
O42 - Logiciel: TeLL me More - (.Unknown owner.) [HKLM] -- TellmeMoreV50Ara
O42 - Logiciel: Turbo Photo 6.8 - (.Stepok Image Lab..) [HKLM] -- Turbo Photo_is1
O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: Update for Microsoft Office Outlook 2007 (KB2412171) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{752A0B7C-BD24-4362-AC86-AB63FEE6F46F}
O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (KB2508979) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{D2137BBA-250B-4548-BC1C-19E5009893D7}
O42 - Logiciel: VLC media player 1.0.5 - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: WinRAR - (.Unknown owner.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Winamp AudioPlayer - (.Nullsoft, Inc..) [HKLM] -- {4F271C7A-5629-4849-B34A-6ACCDCDA5A05}
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM] -- {34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066}
O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.) [HKLM] -- {2A07C35B-8384-4DA4-9A95-442B6C89A073}
O42 - Logiciel: Windows Live Family Safety - (.Microsoft Corporation.) [HKLM] -- {0F1A2E4E-E2EE-4806-B7CE-356D83A3CDEB}
O42 - Logiciel: Windows Live Family Safety - (.Microsoft Corporation.) [HKLM] -- {F53D678E-238F-4A71-9742-08BB6774E9DC}
O42 - Logiciel: Windows Live Family Safety - (.Microsoft Corporation.) [HKLM] -- {FCFBA290-CB48-4AF1-A241-2685AEDEDD66}
O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {61AD15B2-50DB-4686-A739-14FE180D4429}
O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM] -- {0B0F231F-CE6A-483D-AA23-77B364F75917}
O42 - Logiciel: Windows Live MIME IFilter - (.Microsoft Corporation.) [HKLM] -- {AF844339-2F8A-4593-81B3-9F4C54038C4E}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {9D56775A-93F3-44A3-8092-840E3826DE30}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {9FAE6E8D-E686-49F5-A574-0A58DFD9580C}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {D588365A-AE39-4F27-BDAE-B4E72C8E900C}
O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM] -- {3F4143A1-9C21-4011-8679-3BC1014C6886}
O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM] -- {841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}
O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM] -- {DECDCB7C-58CC-4865-91AF-627F9798FE48}
O42 - Logiciel: Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen - (.Microsoft Corporation.) [HKLM] -- {C32CE55C-12BA-4951-8797-0967FDEF556F}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {6057E21C-ABE9-4059-AE3E-3BEB9925E660}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {6A563426-3474-41C6-B847-42B39F1485B2}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {EB4DF488-AAEF-406F-A341-CB2AAA315B90}
O42 - Logiciel: Windows Live Messenger Companion Core - (.Microsoft Corporation.) [HKLM] -- {78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM] -- {6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}
O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM] -- {92EA4134-10D1-418A-91E1-5A0453131A38}
O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM] -- {CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}
O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM] -- {4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {9BD262D0-B788-4546-A0A5-F4F56EC3834B}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {C893D8C0-1BA0-4517-B11C-E89B65E72F70}
O42 - Logiciel: Windows Live Photo Gallery - (.Microsoft Corporation.) [HKLM] -- {3336F667-9049-4D46-98B6-4C743EEBC5B1}
O42 - Logiciel: Windows Live Photo Gallery - (.Microsoft Corporation.) [HKLM] -- {A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}
O42 - Logiciel: Windows Live Remote Client - (.Microsoft Corporation.) [HKLM] -- {19A4A990-5343-4FF7-B3B5-6F046C091EDF}
O42 - Logiciel: Windows Live Remote Client Resources - (.Microsoft Corporation.) [HKLM] -- {DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}
O42 - Logiciel: Windows Live Remote Client Resources - (.Microsoft Corporation.) [HKLM] -- {F0CCBE54-9132-44E9-82DF-CD364AD5C22D}
O42 - Logiciel: Windows Live Remote Service - (.Microsoft Corporation.) [HKLM] -- {227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}
O42 - Logiciel: Windows Live Remote Service Resources - (.Microsoft Corporation.) [HKLM] -- {845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}
O42 - Logiciel: Windows Live Remote Service Resources - (.Microsoft Corporation.) [HKLM] -- {AB93C51F-71F9-4A28-8134-FE1B5B9373E9}
O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4}
O42 - Logiciel: Windows Live SOXE Definitions - (.Microsoft Corporation.) [HKLM] -- {200FEC62-3C34-4D60-9CE8-EC372E01C08F}
O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM] -- {09F56A49-A7B1-4AAB-95B9-D13094254AD1}
O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM] -- {0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {3B9A92DA-6374-4872-B646-253F18624D5F}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {7E017923-16F8-4E32-94EF-0A150BD196FE}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {A726AE06-AAA3-43D1-87E3-70F510314F04}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
O42 - Logiciel: Windows Live Writer Resources - (.Microsoft Corporation.) [HKLM] -- {14B441B7-774D-4170-98EA-A13667AE6218}
O42 - Logiciel: Windows Live Writer Resources - (.Microsoft Corporation.) [HKLM] -- {62687B11-58B5-4A18-9BC3-9DF4CE03F194}
O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM] -- {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AVS4YOU]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Audacity]
[HKCU\Software\Auralog]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Cyberlink]
[HKCU\Software\DT Soft]
[HKCU\Software\Eset]
[HKCU\Software\Fujitsu]
[HKCU\Software\GNU]
[HKCU\Software\Google]
[HKCU\Software\HotkeyPanel]
[HKCU\Software\IM Providers]
[HKCU\Software\InstallShield]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\Lake]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\Magnet]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\Moovida]
[HKCU\Software\MoveNetworks]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Olympus]
[HKCU\Software\Policies]
[HKCU\Software\Polipo]
[HKCU\Software\RealNetworks]
[HKCU\Software\Realtek]
[HKCU\Software\SecureMedia]
[HKCU\Software\Spointer]
[HKCU\Software\SweetIM]
[HKCU\Software\Synaptics]
[HKCU\Software\System Requirements Lab]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\WPI]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\WinampAC3]
[HKCU\Software\Winamp]
[HKCU\Software\Windows Live Writer]
[HKCU\Software\X-NetStat Professional 5]
[HKCU\Software\XNS_stan5_vc]
[HKCU\Software\cybelsoft]
[HKCU\Software\pth264]
[HKLM\Software\AVS4YOU]
[HKLM\Software\Adobe]
[HKLM\Software\Ahead]
[HKLM\Software\AppDataLow]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Auralog]
[HKLM\Software\BOB Software]
[HKLM\Software\Borland]
[HKLM\Software\BrowserChoice]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\CyberLink]
[HKLM\Software\DT Soft]
[HKLM\Software\DivXNetworks]
[HKLM\Software\DivX]
[HKLM\Software\Eset]
[HKLM\Software\Google]
[HKLM\Software\HotkeyPanel]
[HKLM\Software\InstallShield]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\Lake]
[HKLM\Software\Lame for Audacity]
[HKLM\Software\Launch Manager]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nero]
[HKLM\Software\Nullsoft]
[HKLM\Software\ODBC]
[HKLM\Software\Olympus]
[HKLM\Software\Policies]
[HKLM\Software\RTLSetup]
[HKLM\Software\RealNetworks]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RichFX]
[HKLM\Software\SRS Labs]
[HKLM\Software\SecureDigitalServices]
[HKLM\Software\Sonic]
[HKLM\Software\Stepok]
[HKLM\Software\SweetIM]
[HKLM\Software\Synaptics]
[HKLM\Software\TrendMicro]
[HKLM\Software\VideoLAN]
[HKLM\Software\Volatile]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Waves Audio]
[HKLM\Software\Wistron Corp.]
[HKLM\Software\Xing Technology Corp.]
[HKLM\Software\cybelsoft]
[HKLM\Software\mozilla.org]


---\\ Contents of the Common Files folders (O43)
O43 - CFD: 19-2-2010 - 11:44:14 - [41432976] ----D- C:\Program Files\Adobe
O43 - CFD: 6-5-2010 - 1:00:48 - [98638789] ----D- C:\Program Files\Ahead
O43 - CFD: 21-1-2011 - 12:37:28 - [2221118] ----D- C:\Program Files\Apple Software Update
O43 - CFD: 12-4-2011 - 15:16:58 - [0] ----D- C:\Program Files\AVS4YOU
O43 - CFD: 30-3-2011 - 16:37:50 - [18] ----D- C:\Program Files\BOB
O43 - CFD: 17-4-2010 - 17:48:16 - [5789103] ----D- C:\Program Files\Cisco
O43 - CFD: 30-3-2011 - 16:37:50 - [932823315] ----D- C:\Program Files\Common Files
O43 - CFD: 12-4-2011 - 15:28:12 - [0] ----D- C:\Program Files\CyberLink
O43 - CFD: 2-2-2011 - 16:14:38 - [9691438] ----D- C:\Program Files\DAEMON Tools Lite
O43 - CFD: 2-2-2011 - 16:14:38 - [0] ----D- C:\Program Files\DAEMON Tools Toolbar
O43 - CFD: 7-6-2010 - 21:32:34 - [946497] ----D- C:\Program Files\DivX
O43 - CFD: 30-11-2010 - 17:19:24 - [68676264] ----D- C:\Program Files\ESET
O43 - CFD: 28-3-2011 - 15:42:08 - [0] ----D- C:\Program Files\Fluendo
O43 - CFD: 7-6-2010 - 19:13:10 - [365061716] ----D- C:\Program Files\Google
O43 - CFD: 30-3-2011 - 17:24:24 - [21162138] --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 17-4-2010 - 17:48:06 - [89965962] ----D- C:\Program Files\Intel
O43 - CFD: 24-6-2010 - 11:44:24 - [2140174] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 19-2-2010 - 11:42:26 - [72286049] ----D- C:\Program Files\Java
O43 - CFD: 25-1-2011 - 17:48:04 - [1237255] ----D- C:\Program Files\Lame For Audacity
O43 - CFD: 6-5-2010 - 23:18:28 - [697879] ----D- C:\Program Files\Launch Manager
O43 - CFD: 29-12-2010 - 20:59:18 - [0] ----D- C:\Program Files\LimeWire
O43 - CFD: 19-3-2011 - 23:05:40 - [5657562] ----D- C:\Program Files\ma-config.com
O43 - CFD: 7-9-2010 - 4:47:24 - [3966222] ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 12-4-2011 - 15:18:56 - [0] ----D- C:\Program Files\Microsoft
O43 - CFD: 2-11-2006 - 14:37:36 - [93421495] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 10-5-2010 - 0:46:06 - [580314234] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 19-2-2011 - 14:19:42 - [38371963] ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 11-10-2010 - 21:32:32 - [1829877] ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD: 10-5-2010 - 0:46:02 - [14904] ----D- C:\Program Files\Microsoft Visual Studio
O43 - CFD: 10-5-2010 - 0:42:08 - [1387249] ----D- C:\Program Files\Microsoft Visual Studio 8
O43 - CFD: 19-5-2010 - 18:45:34 - [3726168] ----D- C:\Program Files\Microsoft Works
O43 - CFD: 10-5-2010 - 0:45:28 - [8152064] ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 13-8-2010 - 3:43:16 - [99333230] ----D- C:\Program Files\Movie Maker
O43 - CFD: 25-3-2011 - 1:42:16 - [30402835] ----D- C:\Program Files\Mozilla Firefox
O43 - CFD: 10-5-2010 - 0:46:14 - [26521] ----D- C:\Program Files\MSBuild
O43 - CFD: 14-12-2010 - 23:45:36 - [39944647] ----D- C:\Program Files\MSECache
O43 - CFD: 7-5-2010 - 20:02:52 - [0] ----D- C:\Program Files\MSXML 4.0
O43 - CFD: 23-10-2010 - 1:13:08 - [0] ----D- C:\Program Files\Olympus
O43 - CFD: 24-6-2010 - 18:44:04 - [2641920] ----D- C:\Program Files\PianoFX
O43 - CFD: 12-4-2011 - 15:21:26 - [0] ----D- C:\Program Files\RALINK
O43 - CFD: 24-6-2010 - 11:46:06 - [82855445] ----D- C:\Program Files\Real
O43 - CFD: 17-4-2010 - 18:25:44 - [18011104] ----D- C:\Program Files\Realtek
O43 - CFD: 2-11-2006 - 14:37:36 - [38587649] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 21-12-2010 - 1:23:40 - [4136624] ----D- C:\Program Files\SweetIM
O43 - CFD: 19-2-2010 - 13:24:26 - [14262765] ----D- C:\Program Files\Synaptics
O43 - CFD: 17-4-2010 - 18:32:08 - [718080] ----D- C:\Program Files\SystemRequirementsLab
O43 - CFD: 12-4-2011 - 16:42:46 - [403669] ----D- C:\Program Files\Trend Micro
O43 - CFD: 30-11-2010 - 21:39:40 - [17369424] ----D- C:\Program Files\Turbo Photo
O43 - CFD: 2-11-2006 - 15:01:56 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 12-4-2011 - 15:20:14 - [19712806] ----D- C:\Program Files\Vidalia Bundle
O43 - CFD: 7-5-2010 - 20:09:16 - [78593361] ----D- C:\Program Files\VideoLAN
O43 - CFD: 12-4-2011 - 15:20:00 - [32768] ----D- C:\Program Files\Visual IP Trace 2009
O43 - CFD: 19-2-2010 - 11:53:52 - [40372044] ----D- C:\Program Files\Winamp
O43 - CFD: 11-4-2009 - 15:23:34 - [1012736] ----D- C:\Program Files\Windows Calendar
O43 - CFD: 11-4-2009 - 15:23:34 - [2733056] ----D- C:\Program Files\Windows Collaboration
O43 - CFD: 11-4-2009 - 15:23:30 - [4482432] ----D- C:\Program Files\Windows Defender
O43 - CFD: 11-4-2009 - 15:23:32 - [7080568] ----D- C:\Program Files\Windows Journal
O43 - CFD: 31-3-2011 - 13:07:00 - [203712900] ----D- C:\Program Files\Windows Live
O43 - CFD: 17-12-2010 - 18:34:28 - [9095352] ----D- C:\Program Files\Windows Mail
O43 - CFD: 2-2-2011 - 16:28:40 - [4599257] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 19-2-2010 - 7:51:12 - [7953448] ----D- C:\Program Files\Windows NT
O43 - CFD: 11-4-2009 - 15:23:32 - [13524130] ----D- C:\Program Files\Windows Photo Gallery
O43 - CFD: 26-4-2010 - 16:39:14 - [134144] ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 11-4-2009 - 15:23:34 - [6526757] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 19-2-2010 - 11:44:54 - [3318493] ----D- C:\Program Files\WinRAR
O43 - CFD: 2-2-2011 - 20:46:10 - [2518065] ----D- C:\Program Files\X-NetStat
O43 - CFD: 12-4-2011 - 19:46:16 - [3826197] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 19-2-2010 - 11:44:22 - [5801137] ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 19-2-2010 - 11:51:20 - [27058495] ----D- C:\Program Files\Common Files\Ahead
O43 - CFD: 21-1-2011 - 12:37:38 - [54774793] ----D- C:\Program Files\Common Files\Apple
O43 - CFD: 12-4-2011 - 15:17:00 - [179547] ----D- C:\Program Files\Common Files\AVSMedia
O43 - CFD: 10-5-2010 - 0:46:02 - [92976] ----D- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 30-3-2011 - 17:24:28 - [3960976] ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 17-4-2010 - 17:48:10 - [10965056] ----D- C:\Program Files\Common Files\Intel
O43 - CFD: 19-2-2010 - 11:41:52 - [27038761] ----D- C:\Program Files\Common Files\Java
O43 - CFD: 11-10-2010 - 21:30:26 - [405832154] ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 2-1-2011 - 1:24:12 - [25253302] ----D- C:\Program Files\Common Files\Nero
O43 - CFD: 7-6-2010 - 21:32:32 - [459184] ----D- C:\Program Files\Common Files\PX Storage Engine
O43 - CFD: 24-6-2010 - 11:46:18 - [21474659] ----D- C:\Program Files\Common Files\Real
O43 - CFD: 2-11-2006 - 13:18:34 - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 2-11-2006 - 13:18:34 - [41101735] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 19-5-2010 - 18:44:00 - [46822662] ----D- C:\Program Files\Common Files\System
O43 - CFD: 18-5-2010 - 18:46:42 - [261652920] ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 24-6-2010 - 11:46:02 - [352256] ----D- C:\Program Files\Common Files\xing shared
O43 - CFD: 19-2-2010 - 11:44:18 - [479] ----D- C:\ProgramData\Adobe
O43 - CFD: 21-1-2011 - 12:37:26 - [20614656] ----D- C:\ProgramData\Apple
O43 - CFD: 2-11-2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 19-3-2011 - 22:14:16 - [0] ----D- C:\ProgramData\AVS4YOU
O43 - CFD: 19-2-2010 - 7:51:12 - [0] -SH-D- C:\ProgramData\Bureaublad
O43 - CFD: 14-10-2010 - 15:57:54 - [322701] ----D- C:\ProgramData\CyberLink
O43 - CFD: 2-2-2011 - 16:14:42 - [0] ----D- C:\ProgramData\DAEMON Tools Lite
O43 - CFD: 2-2-2011 - 15:07:52 - [304] ----D- C:\ProgramData\DAEMON Tools Pro
O43 - CFD: 2-11-2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Desktop
O43 - CFD: 7-6-2010 - 21:32:36 - [319917] ----D- C:\ProgramData\DivX
O43 - CFD: 19-2-2010 - 7:51:12 - [0] -SH-D- C:\ProgramData\Documenten
O43 - CFD: 2-11-2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 19-2-2010 - 7:51:12 - [0] -SH-D- C:\ProgramData\Favorieten
O43 - CFD: 2-11-2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Favorites
O43 - CFD: 27-4-2010 - 0:23:02 - [171] ----D- C:\ProgramData\InstallShield
O43 - CFD: 17-4-2010 - 17:48:06 - [1283] ----D- C:\ProgramData\Intel
O43 - CFD: 19-3-2011 - 23:05:40 - [1208109] ----D- C:\ProgramData\ma-config.com
O43 - CFD: 7-9-2010 - 4:47:20 - [5603126] ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 19-2-2010 - 7:51:12 - [0] -SH-D- C:\ProgramData\Menu Start
O43 - CFD: 12-4-2011 - 15:18:56 - [125284453] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 10-3-2011 - 12:07:52 - [79462] ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 2-1-2011 - 1:24:12 - [400] ----D- C:\ProgramData\Nero
O43 - CFD: 6-12-2010 - 19:45:16 - [1380096] ----D- C:\ProgramData\Real
O43 - CFD: 19-2-2010 - 7:51:12 - [0] -SH-D- C:\ProgramData\Sjablonen
O43 - CFD: 2-11-2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 21-12-2010 - 1:23:30 - [2298999] ----D- C:\ProgramData\SweetIM
12 Avril 2011 21:42:29

O43 - CFD: 2-11-2006 - 15:02:06 - [0] -SH-D- C:\ProgramData\Templates
O43 - CFD: 21-5-2010 - 18:46:40 - [1571517] ----D- C:\Users\a\AppData\Local\Adobe
O43 - CFD: 21-1-2011 - 12:37:30 - [0] ----D- C:\Users\a\AppData\Local\Apple
O43 - CFD: 19-2-2010 - 7:53:18 - [0] -SH-D- C:\Users\a\AppData\Local\Application Data
O43 - CFD: 19-9-2010 - 21:41:02 - [0] ----D- C:\Users\a\AppData\Local\Apps
O43 - CFD: 19-2-2010 - 7:53:18 - [0] -SH-D- C:\Users\a\AppData\Local\Geschiedenis
O43 - CFD: 7-6-2010 - 19:17:06 - [130091862] ----D- C:\Users\a\AppData\Local\Google
O43 - CFD: 12-4-2011 - 15:18:56 - [1934752819] ----D- C:\Users\a\AppData\Local\Microsoft
O43 - CFD: 28-6-2010 - 23:59:20 - [674474] ----D- C:\Users\a\AppData\Local\Microsoft Games
O43 - CFD: 1-12-2010 - 2:32:36 - [203780] ----D- C:\Users\a\AppData\Local\Microsoft Help
O43 - CFD: 28-3-2011 - 15:40:44 - [16852] ----D- C:\Users\a\AppData\Local\moovida Air
O43 - CFD: 3-6-2010 - 2:28:52 - [48254560] ----D- C:\Users\a\AppData\Local\Mozilla
O43 - CFD: 12-4-2011 - 19:45:38 - [1090935344] ----D- C:\Users\a\AppData\Local\Temp
O43 - CFD: 19-2-2010 - 7:53:18 - [0] -SH-D- C:\Users\a\AppData\Local\Temporary Internet Files
O43 - CFD: 13-12-2010 - 18:00:32 - [0] ----D- C:\Users\a\AppData\Local\Thinstall
O43 - CFD: 27-8-2010 - 17:01:42 - [36118] ----D- C:\Users\a\AppData\Local\VirtualStore
O43 - CFD: 12-4-2011 - 14:32:44 - [57344] ----D- C:\Users\a\AppData\Local\Windows Live
O43 - CFD: 24-12-2010 - 4:16:30 - [374728] ----D- C:\Users\a\AppData\Local\Windows Live Writer
O43 - CFD: 25-10-2010 - 17:55:16 - [29868] ----D- C:\Users\a\AppData\Roaming\0218135B02FB1256FDB2969175078662
O43 - CFD: 21-5-2010 - 18:44:08 - [3503219] ----D- C:\Users\a\AppData\Roaming\Adobe
O43 - CFD: 19-3-2011 - 22:14:16 - [0] ----D- C:\Users\a\AppData\Roaming\AVS4YOU
O43 - CFD: 3-3-2010 - 18:08:46 - [0] ----D- C:\Users\a\AppData\Roaming\CyberLink
O43 - CFD: 2-2-2011 - 16:25:04 - [1172] ----D- C:\Users\a\AppData\Roaming\DAEMON Tools Lite
O43 - CFD: 2-2-2011 - 15:02:26 - [0] ----D- C:\Users\a\AppData\Roaming\DAEMON Tools Pro
O43 - CFD: 7-6-2010 - 19:16:32 - [76800] ----D- C:\Users\a\AppData\Roaming\DivX
O43 - CFD: 18-9-2010 - 2:16:04 - [199] ----D- C:\Users\a\AppData\Roaming\dvdcss
O43 - CFD: 19-2-2010 - 7:53:26 - [0] ----D- C:\Users\a\AppData\Roaming\Identities
O43 - CFD: 19-2-2010 - 13:16:08 - [0] ----D- C:\Users\a\AppData\Roaming\InstallShield
O43 - CFD: 17-4-2010 - 17:49:32 - [1341] ----D- C:\Users\a\AppData\Roaming\Intel
O43 - CFD: 17-4-2010 - 18:33:52 - [1184650] ----D- C:\Users\a\AppData\Roaming\Macromedia
O43 - CFD: 7-9-2010 - 4:47:30 - [4309656] ----D- C:\Users\a\AppData\Roaming\Malwarebytes
O43 - CFD: 2-11-2006 - 14:37:36 - [0] ----D- C:\Users\a\AppData\Roaming\Media Center Programs
O43 - CFD: 15-12-2010 - 8:06:04 - [1713146] -S--D- C:\Users\a\AppData\Roaming\Microsoft
O43 - CFD: 28-3-2011 - 15:39:18 - [603593] ----D- C:\Users\a\AppData\Roaming\moovida-1
O43 - CFD: 1-2-2011 - 17:45:02 - [5886267] ----D- C:\Users\a\AppData\Roaming\Move Networks
O43 - CFD: 19-9-2010 - 22:06:12 - [18475864] ----D- C:\Users\a\AppData\Roaming\Mozilla
O43 - CFD: 6-5-2010 - 1:34:18 - [51256] ----D- C:\Users\a\AppData\Roaming\Nero
O43 - CFD: 12-4-2011 - 15:21:46 - [347479] ----D- C:\Users\a\AppData\Roaming\Paltalk
O43 - CFD: 6-12-2010 - 19:45:04 - [2826789] ----D- C:\Users\a\AppData\Roaming\Real
O43 - CFD: 13-12-2010 - 18:00:32 - [2926797] ----D- C:\Users\a\AppData\Roaming\Thinstall
O43 - CFD: 12-4-2011 - 19:37:28 - [726] ----D- C:\Users\a\AppData\Roaming\Vidalia
O43 - CFD: 7-4-2011 - 22:00:44 - [516704] ----D- C:\Users\a\AppData\Roaming\vlc
O43 - CFD: 2-3-2010 - 0:53:54 - [14596] ----D- C:\Users\a\AppData\Roaming\Winamp
O43 - CFD: 24-12-2010 - 4:16:24 - [0] ----D- C:\Users\a\AppData\Roaming\Windows Live Writer
O43 - CFD: 2-9-2010 - 4:15:52 - [0] ----D- C:\Users\a\AppData\Roaming\WinRAR
O43 - CFD: 25-10-2010 - 17:55:16 - [29868] ----D- C:\Users\a\AppData\Roaming\0218135B02FB1256FDB2969175078662
O43 - CFD: 21-5-2010 - 18:44:08 - [3503219] ----D- C:\Users\a\AppData\Roaming\Adobe
O43 - CFD: 19-3-2011 - 22:14:16 - [0] ----D- C:\Users\a\AppData\Roaming\AVS4YOU
O43 - CFD: 3-3-2010 - 18:08:46 - [0] ----D- C:\Users\a\AppData\Roaming\CyberLink
O43 - CFD: 2-2-2011 - 16:25:04 - [1172] ----D- C:\Users\a\AppData\Roaming\DAEMON Tools Lite
O43 - CFD: 2-2-2011 - 15:02:26 - [0] ----D- C:\Users\a\AppData\Roaming\DAEMON Tools Pro
O43 - CFD: 7-6-2010 - 19:16:32 - [76800] ----D- C:\Users\a\AppData\Roaming\DivX
O43 - CFD: 18-9-2010 - 2:16:04 - [199] ----D- C:\Users\a\AppData\Roaming\dvdcss
O43 - CFD: 19-2-2010 - 7:53:26 - [0] ----D- C:\Users\a\AppData\Roaming\Identities
O43 - CFD: 19-2-2010 - 13:16:08 - [0] ----D- C:\Users\a\AppData\Roaming\InstallShield
O43 - CFD: 17-4-2010 - 17:49:32 - [1341] ----D- C:\Users\a\AppData\Roaming\Intel
O43 - CFD: 17-4-2010 - 18:33:52 - [1184650] ----D- C:\Users\a\AppData\Roaming\Macromedia
O43 - CFD: 7-9-2010 - 4:47:30 - [4309656] ----D- C:\Users\a\AppData\Roaming\Malwarebytes
O43 - CFD: 2-11-2006 - 14:37:36 - [0] ----D- C:\Users\a\AppData\Roaming\Media Center Programs
O43 - CFD: 15-12-2010 - 8:06:04 - [1713146] -S--D- C:\Users\a\AppData\Roaming\Microsoft
O43 - CFD: 28-3-2011 - 15:39:18 - [603593] ----D- C:\Users\a\AppData\Roaming\moovida-1
O43 - CFD: 1-2-2011 - 17:45:02 - [5886267] ----D- C:\Users\a\AppData\Roaming\Move Networks
O43 - CFD: 19-9-2010 - 22:06:12 - [18475864] ----D- C:\Users\a\AppData\Roaming\Mozilla
O43 - CFD: 6-5-2010 - 1:34:18 - [51256] ----D- C:\Users\a\AppData\Roaming\Nero
O43 - CFD: 12-4-2011 - 15:21:46 - [347479] ----D- C:\Users\a\AppData\Roaming\Paltalk
O43 - CFD: 6-12-2010 - 19:45:04 - [2826789] ----D- C:\Users\a\AppData\Roaming\Real
O43 - CFD: 13-12-2010 - 18:00:32 - [2926797] ----D- C:\Users\a\AppData\Roaming\Thinstall
O43 - CFD: 12-4-2011 - 19:37:28 - [726] ----D- C:\Users\a\AppData\Roaming\Vidalia
O43 - CFD: 7-4-2011 - 22:00:44 - [516704] ----D- C:\Users\a\AppData\Roaming\vlc
O43 - CFD: 2-3-2010 - 0:53:54 - [14596] ----D- C:\Users\a\AppData\Roaming\Winamp
O43 - CFD: 24-12-2010 - 4:16:24 - [0] ----D- C:\Users\a\AppData\Roaming\Windows Live Writer
O43 - CFD: 2-9-2010 - 4:15:52 - [0] ----D- C:\Users\a\AppData\Roaming\WinRAR


---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.A0E0A0C4FC086F5DCD843A2A1CC245AC] - 12-4-2011 - 14:03:21 ---A- . (...) -- C:\WirelessDiagLog.csv [299]
O44 - LFC:[MD5.7CB0992E260C5904036EF3061E9F0BD0] - 12-4-2011 - 14:07:53 ---A- . (...) -- C:\Windows\ntbtlog.txt [58780]
O44 - LFC:[MD5.8883AA409B33D83E448D3F3E13BD4463] - 12-4-2011 - 14:53:49 ---A- . (...) -- C:\Windows\PFRO.log [14332]
O44 - LFC:[MD5.3787E749B5225A69D6CAD30F37EA38CF] - 12-4-2011 - 18:33:25 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.EB3F3CE9D2EA60233BD9F4C9A6FE5010] - 12-4-2011 - 18:38:29 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1946248]
O44 - LFC:[MD5.B3F8F2E5141CA52BEF40B959A3288D18] - 12-4-2011 - 18:40:28 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1479398]
O44 - LFC:[MD5.76A9628FD315D836638030DE3C39133C] - 12-4-2011 - 18:40:29 ---A- . (...) -- C:\Windows\System32\perfc009.dat [102094]
O44 - LFC:[MD5.5B163394F11357EDD92FC051A58194A8] - 12-4-2011 - 18:40:29 ---A- . (...) -- C:\Windows\System32\perfc013.dat [127698]
O44 - LFC:[MD5.C53CDA5B73682FB5557098AACBC2B198] - 12-4-2011 - 18:40:29 ---A- . (...) -- C:\Windows\System32\perfh009.dat [590082]
O44 - LFC:[MD5.FC24C8F550B5BCB3CB68BDF1BE4C02B7] - 12-4-2011 - 18:40:29 ---A- . (...) -- C:\Windows\System32\perfh013.dat [670256]
O44 - LFC:[MD5.92FAE5F0C0F613B027E188790B66E870] - 30-3-2011 - 18:10:35 ---A- . (...) -- C:\Windows\MEMORY.DMP [266651806]


---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{374a5cc3-2ecd-11e0-a7c2-0016d38d1ff6}\AutoRun\command. (.Unknown owner - No comment.) -- E:\AutoRun.exe (.not file.)


---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak®-codec.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm


---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll


---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0


---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "BindDirectlyToPropertySetStorage"=0


---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21-1-2008 - 3:23:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422968]
O58 - SDL:[MD5.60505E0041F7751BDBB80F88BF45C2CE] - 21-1-2008 - 3:23:25 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [300600]
O58 - SDL:[MD5.8A42779B02AEC986EAB64ECFC98F8BD7] - 21-1-2008 - 3:23:26 ---A- . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (x86).) -- C:\Windows\system32\drivers\adpu160m.sys [101432]
O58 - SDL:[MD5.241C9E37F8CE45EF51C3DE27515CA4E5] - 21-1-2008 - 3:23:27 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [149560]
O58 - SDL:[MD5.9EAEF5FC9B8E351AFA7E78A6FAE91F91] - 21-1-2008 - 3:23:00 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [17464]
O58 - SDL:[MD5.98ECCA556D67DEBA604A4B4B1FDB02B8] - 19-2-2010 - 10:52:48 ---A- . (.Eset - Amon monitor.) -- C:\Windows\system32\drivers\amon.sys [512096]
O58 - SDL:[MD5.5D2888182FB46632511ACEE92FDAD522] - 21-1-2008 - 3:23:23 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [79416]
O58 - SDL:[MD5.5E2A321BD7C8B3624E41FDEC3E244945] - 21-1-2008 - 3:23:24 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [79928]
O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 2-11-2006 - 9:24:45 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568]
O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 2-11-2006 - 9:24:46 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248]
O58 - SDL:[MD5.B304E75CFF293029EDDF094246747113] - 2-11-2006 - 9:25:24 ---A- . (.Brother Industries Ltd. - Brotehr Serieel I/F-stuurprogramma (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [71808]
O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 2-11-2006 - 9:24:44 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336]
O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 2-11-2006 - 9:24:44 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160]
O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 2-11-2006 - 9:24:47 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904]
O58 - SDL:[MD5.0CA25E686A4928484E9FDABD168AB629] - 21-1-2008 - 3:23:00 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [19000]
O58 - SDL:[MD5.AE1FDF7BF7BB6C6A70F67699D880592A] - 2-11-2006 - 10:50:11 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [71272]
O58 - SDL:[MD5.5425F74AC0C1DBD96A1E04F17D63F94C] - 21-1-2008 - 3:23:24 ---A- . (.Intel Corporation - Intel(R) PRO/1000-adapter NDIS 6 gedeserialiseerd stuurprogramm.) -- C:\Windows\system32\drivers\E1G60I32.sys [118784]
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21-1-2008 - 3:23:22 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [342584]
O58 - SDL:[MD5.8B566EA71D5B76157A9CDB78F25A5731] - 28-4-2003 - 10:27:06 ---A- . (...) -- C:\Windows\system32\drivers\HOTKEY.sys [9867]
O58 - SDL:[MD5.7EBEC5EB56B90ED65A8BBD91464E5CFB] - 11-4-2009 - 14:18:01 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpCISSs.sys [69096]
O58 - SDL:[MD5.997E8F5939F2D12CD9F2E6B395724C16] - 21-3-2007 - 12:58:56 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStor.sys [304920]
O58 - SDL:[MD5.54155EA1B0DF185878E0FC9EC3AC3A14] - 21-1-2008 - 3:23:23 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) -- C:\Windows\system32\drivers\iaStorV.sys [235064]
O58 - SDL:[MD5.038815297078D236D8CC064C295A74C6] - 13-9-2007 - 15:23:50 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\system32\drivers\igdkmd32.sys [1925632]
O58 - SDL:[MD5.2D077BF86E843F901D8DB709C95B49A5] - 2-11-2006 - 10:50:17 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41576]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 2-11-2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\system32\drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 2-11-2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\system32\drivers\iteraid.sys [35944]
O58 - SDL:[MD5.C7E15E82879BF3235B559563D4185365] - 21-1-2008 - 3:23:23 ---A- . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [96312]
O58 - SDL:[MD5.EE01EBAE8C9BF0FA072E0FF68718920A] - 21-1-2008 - 3:23:25 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89656]
O58 - SDL:[MD5.912A04696E9CA30146A62AFA1463DD5C] - 21-1-2008 - 3:23:23 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96312]
O58 - SDL:[MD5.67B48A903430C6D4FB58CBACA1866601] - 29-4-2010 - 14:39:26 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [20952]
O58 - SDL:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 29-4-2010 - 14:39:38 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [38224]
O58 - SDL:[MD5.0001CE609D66632FA17B84705F658879] - 21-1-2008 - 3:23:27 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) -- C:\Windows\system32\drivers\megasas.sys [31288]
O58 - SDL:[MD5.C252F32CD9A49DBFC25ECF26EBD51A99] - 21-1-2008 - 3:23:27 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [386616]
O58 - SDL:[MD5.4FBBB70D30FD20EC51F80061703B001E] - 2-11-2006 - 10:49:59 ---A- . (.LSI Logic Corporation - MegaRAID RAID Controller Driver for Windows Vista/Longhorn for.) -- C:\Windows\system32\drivers\Mraid35x.sys [33384]
O58 - SDL:[MD5.9EF6D6002F07697F66FFFAF11A3FEB66] - 4-1-2007 - 15:41:50 ---A- . (.Ralink Technology Inc. - Ralink 802.11 Wireless Adapter Driver.) -- C:\Windows\system32\drivers\netr73.sys [255488]
O58 - SDL:[MD5.35D5458D9A1B26B2005ABFFBF4C1C5E7] - 21-1-2008 - 3:23:20 ---A- . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\system32\drivers\NETw3v32.sys [2225664]
O58 - SDL:[MD5.6522DD40A5F67CED020BD81B856613FB] - 26-9-2007 - 0:00:00 ---A- . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\system32\drivers\NETw4v32.sys [2251776]
O58 - SDL:[MD5.FEB745E4669476C8D368F6C1CA7C7442] - 13-1-2010 - 7:29:56 ---A- . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\system32\drivers\NETw5v32.sys [6628352]
O58 - SDL:[MD5.2E7FB731D4790A1BC6270ACCEFACB36E] - 2-11-2006 - 10:50:19 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [45160]
O58 - SDL:[MD5.18C1C4B7098130E672CB9D28CF67F81E] - 19-2-2010 - 10:52:47 ---A- . (...) -- C:\Windows\system32\drivers\nod32drv.sys [15424]
O58 - SDL:[MD5.E875C093AEC0C978A90F30C9E0DFBB72] - 2-11-2006 - 8:36:50 ---A- . (.N-trig Innovative Technologies - Meegeleverd N-trig HID Tablet-stuurprogramma.) -- C:\Windows\system32\drivers\ntrigdigi.sys [20608]
O58 - SDL:[MD5.2EDF9E7751554B42CBB60116DE727101] - 21-1-2008 - 3:23:21 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [102968]
O58 - SDL:[MD5.ABED0C09758D1D97DB0042DBB2688177] - 21-1-2008 - 3:23:21 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [45112]
O58 - SDL:[MD5.0A6DB55AFB7820C99AA1F3A1D270F4F6] - 21-1-2008 - 3:23:24 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1122360]
O58 - SDL:[MD5.81A7E5C076E59995D54BC1ED3A16E60B] - 2-11-2006 - 10:50:35 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106088]
O58 - SDL:[MD5.6F62BAFE6150F3952F877051C65786FE] - 18-7-2007 - 19:32:40 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RTKVHDA.sys [1841312]
O58 - SDL:[MD5.3D2B6520699D1DCD5A13F9E7CAD62199] - 3-8-2007 - 10:44:58 ---A- . (.Realtek Corporation - Realtek 8101E/8168/8169 NDIS6 32-bit Driver.) -- C:\Windows\system32\drivers\Rtlh86.sys [91648]
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 2-11-2006 - 7:37:21 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [20480]
O58 - SDL:[MD5.A99C6C8B0BAA970D8AA59DDC50B57F94] - 21-1-2008 - 3:23:26 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [74808]
O58 - SDL:[MD5.3CEF12005489037700FCFD7F10F01200] - 2-2-2011 - 0:00:00 ---A- . (...) -- C:\Windows\system32\drivers\sptd.sys [722416]
O58 - SDL:[MD5.192AA3AC01DF071B541094F251DEED10] - 2-11-2006 - 10:50:05 ---A- . (.LSI Logic - LSI Logic 8XX SCSI Miniport Driver.) -- C:\Windows\system32\drivers\symc8xx.sys [35944]
O58 - SDL:[MD5.8C8EB8C76736EBAF3B13B633B2E64125] - 2-11-2006 - 10:49:56 ---A- . (.LSI Logic - LSI Logic Hi-Perf SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_hi.sys [31848]
O58 - SDL:[MD5.8072AF52B5FD103BBBA387A1E49F62CB] - 2-11-2006 - 10:50:03 ---A- . (.LSI Logic - LSI Logic Ultra160 SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_u3.sys [34920]
O58 - SDL:[MD5.DB835C324CD488A86E9BFC2C3FD29CD8] - 17-8-2007 - 15:12:28 ---A- . (.Synaptics, Inc. - Synaptics Touchpad Driver.) -- C:\Windows\system32\drivers\SynTP.sys [190512]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21-1-2008 - 3:23:20 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\system32\drivers\uliahci.sys [238648]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 2-11-2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\system32\drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21-1-2008 - 3:23:23 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\system32\drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.AADF5587A4063F52C2C3FED7887426FC] - 21-1-2008 - 3:23:00 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [20024]
O58 - SDL:[MD5.587253E09325E6BF226B299774B728A9] - 21-1-2008 - 3:23:23 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [130616]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2-11-2006 - 8:09:42 ---A- . (...) -- C:\Windows\system32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 2-11-2006 - 8:09:45 ---A- . (...) -- C:\Windows\system32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 2-11-2006 - 8:09:41 ---A- . (...) -- C:\Windows\system32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 2-11-2006 - 8:09:44 ---A- . (...) -- C:\Windows\system32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 2-11-2006 - 8:09:44 ---A- . (...) -- C:\Windows\system32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 2-11-2006 - 8:09:29 ---A- . (...) -- C:\Windows\system32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 2-11-2006 - 8:09:35 ---A- . (...) -- C:\Windows\system32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 2-11-2006 - 8:09:38 ---A- . (...) -- C:\Windows\system32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 2-11-2006 - 8:09:40 ---A- . (...) -- C:\Windows\system32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 2-11-2006 - 8:09:31 ---A- . (...) -- C:\Windows\system32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 2-11-2006 - 8:09:20 ---A- . (...) -- C:\Windows\system32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 2-11-2006 - 8:09:23 ---A- . (...) -- C:\Windows\system32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 2-11-2006 - 8:09:24 ---A- . (...) -- C:\Windows\system32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 2-11-2006 - 8:09:26 ---A- . (...) -- C:\Windows\system32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 2-11-2006 - 8:09:22 ---A- . (...) -- C:\Windows\system32\NTIO804.SYS [34672]


---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis
O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1


---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKLM\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Register-editor.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Register-editor.) -- C:\Windows\regedit.exe


---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe


---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\vorsfmxw.default\searchplugins\askcom.xml
O69 - SBI: SearchScopes [HKCU] {105E99FF-8B9A-4492-B155-06194B9056D2} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://websearch.ask.com
O69 - SBI: SearchScopes [HKCU] {EEE6C360-6118-11DC-9C72-001320C79847} - (SweetIM Search) - http://search.sweetim.com


---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.FAF5143A4002657C23697C35E48C829E] [SPRF] (.Unknown owner - Setup Application.) -- C:\Users\a\AppData\Local\Temp\2.exe [476521]
[MD5.E4EC57E8508C5C4040383EBE6D367928] [SPRF] (.Unknown owner - No comment.) -- C:\Users\a\AppData\Local\Temp\bassmod.dll [34308]
[MD5.E2EF79B13DB77233CEC4C2B3D27D894F] [SPRF] (.JiJiTechnologies - Object Picker Helper.) -- C:\Users\a\AppData\Local\Temp\DirectoryObjectPicker.dll [88064]
[MD5.9240006C4248107C9551086B3324FA3E] [SPRF] (.Adobe Systems Incorporated - Adobe® Flash® Player Plugin Installer.) -- C:\Users\a\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe [1924992]
[MD5.0B3B4E8D1DE31F844E466D61CF7937B5] [SPRF] (.ICSharpCode.net - SharpZipLib for .NET Framework 2.0.) -- C:\Users\a\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll [192512]
[MD5.DCA42C1E70610967929933560F5BC87B] [SPRF] (.JiJi Technologies - JiJi Password Reset Suite - Windows Service Install.) -- C:\Users\a\AppData\Local\Temp\InstallWindowsService.exe [445440]
[MD5.DCC36ABE64C894CCBE4ABAF0BE52CAF2] [SPRF] (.Unknown owner - No comment.) -- C:\Users\a\AppData\Local\Temp\Interop.ActiveDs.dll [106496]
[MD5.0FDD0A48EDFB33AB5DEF81482DB31678] [SPRF] (.Unknown owner - No comment.) -- C:\Users\a\AppData\Local\Temp\Interop.IWshRuntimeLibrary.dll [49152]
[MD5.593430AC923FA29B7E1366A4BA493CE8] [SPRF] (.JiJi Technologies - JiJi.) -- C:\Users\a\AppData\Local\Temp\JiJi.dll [258048]
[MD5.DEB3A2F671B76C7E9988C86659F49080] [SPRF] (.JiJi Technologies - JiJi Password Reset Suite - Windows Service.) -- C:\Users\a\AppData\Local\Temp\JiJiPasswordSelfService.exe [394240]
[MD5.DAA67955784FF79CF587C46286B5F8A7] [SPRF] (.JIJI TECHNOLOGIES - JIJISSPRSetUp.) -- C:\Users\a\AppData\Local\Temp\JIJISSPRSetUp.exe [276992]
[MD5.5499D545588AD5E8C5203C85981D7D5E] [SPRF] (.JiJiTechnologies - UserPasswordSelfServiceInterface.) -- C:\Users\a\AppData\Local\Temp\JiJiUserPasswordSelfServiceInterface.dll [17920]
[MD5.852A4748AB6C1843E2F282A34F5A2DE5] [SPRF] (.Microsoft Corporation - No comment.) -- C:\Users\a\AppData\Local\Temp\Microsoft.Web.Administration.dll [143360]
[MD5.5A432A042DAE460ABE7199B758E8606C] [SPRF] (.Microsoft Corporation - Office Source Engine.) -- C:\Users\a\AppData\Local\Temp\ose00000.exe [145184]
[MD5.5A432A042DAE460ABE7199B758E8606C] [SPRF] (.Microsoft Corporation - Office Source Engine.) -- C:\Users\a\AppData\Local\Temp\ose00001.exe [145184]
[MD5.98CD41381F64C01095BB13A4B25D4C0A] [SPRF] (.JIJI TECHNOLOGIES - Uninstall Wizard.) -- C:\Users\a\AppData\Local\Temp\Uninstall Wizard.exe [163840]
[MD5.1ADEF2F47412F5D3A6A7651E604077D0] [SPRF] (.JIJI TECHNOLOGIES - UnInstallWindowsService.) -- C:\Users\a\AppData\Local\Temp\UnInstallWindowsService.exe [292352]
[MD5.EC635657AAC6ACA13EE9E65F6A5266B5] [SPRF] (.Unknown owner - UserPasswordSelfServiceCommon.) -- C:\Users\a\AppData\Local\Temp\UserPasswordSelfServiceCommon.dll [199168]
[MD5.8367EE1CD9E77DED8CD1B176CA687365] [SPRF] (.Unknown owner - WebSiteConfig.) -- C:\Users\a\AppData\Local\Temp\WebSiteConfig.dll [53760]
[MD5.EFE6439B236C71235AA62384ADF4B6D1] [SPRF] (.Unknown owner - WebSiteConfiguration.) -- C:\Users\a\AppData\Local\Temp\WebSiteConfiguration.exe [430592]


---\\ Search Rogue Infection (SRI) (O86)
C:\Users\a\AppData\Roaming\0218135B02FB1256FDB2969175078662


---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "CoreNet-GP-LSASS-Out-TCP" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Proces van lokale beveiligingsautoriteit.) -- C:\Windows\system32\lsass.exe
O87 - FAEL: "FPS-SpoolSvc-In-TCP" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Toepassing voor Spooler-subsysteem.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "FPS-SpoolSvc-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Toepassing voor Spooler-subsysteem.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "NetPres-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-WSD-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-WSD-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "RemoteSvcAdmin-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Services en controllertoepassingen.) -- C:\Windows\system32\services.exe
O87 - FAEL: "RemoteSvcAdmin-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Services en controllertoepassingen.) -- C:\Windows\system32\services.exe
O87 - FAEL: "WinCollab-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe
O87 - FAEL: "WinCollab-In-UDP" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe
O87 - FAEL: "WinCollab-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe
O87 - FAEL: "WinCollab-In-TCP" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe
O87 - FAEL: "WinCollab-DFSR-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Distributed File System Replication.) -- C:\Windows\system32\dfsr.exe
O87 - FAEL: "WinCollab-DFSR-In-TCP" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Distributed File System Replication.) -- C:\Windows\system32\dfsr.exe
O87 - FAEL: "{879C8229-585F-48C2-9457-BA00653F5A66}" |In - None - P6 - TRUE | .(...) -- C:\Program Files\Cyberlink\PowerDVD\PowerDVD.exe (.not file.)
O87 - FAEL: "{C633A3E4-08A0-4107-BF09-88CE5B6BA67D}" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Toepassing voor Spooler-subsysteem.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "TCP Query User{D694A48D-887D-43AC-BBE4-852E345B90DA}C:\program files\internet explorer\iexplore.exe" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Internet Explorer.) -- C:\program files\internet explorer\iexplore.exe
O87 - FAEL: "UDP Query User{3E9CC540-4E93-4ADF-86EB-A9B3F6848FCC}C:\program files\internet explorer\iexplore.exe" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Internet Explorer.) -- C:\program files\internet explorer\iexplore.exe
O87 - FAEL: "{D9C68D7A-E905-405E-9000-8B91F84FD7ED}" | In - None - P17 - TRUE | .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O87 - FAEL: "TCP Query User{9E6B89BB-1142-4577-AA4A-E8BE9077F8A3}C:\program files\java\jre1.6.0_01\bin\javaw.exe" | In - Public - P6 - TRUE | .(.Sun Microsystems, Inc..) -- C:\program files\java\jre1.6.0_01\bin\javaw.exe
O87 - FAEL: "UDP Query User{38601F4C-926C-4FCB-AE2F-8916FDFD967E}C:\program files\java\jre1.6.0_01\bin\javaw.exe" | In - Public - P17 - TRUE | .(.Sun Microsystems, Inc..) -- C:\program files\java\jre1.6.0_01\bin\javaw.exe
O87 - FAEL: "{0C0D39C5-0593-4E3E-841B-00FD58E4C8B2}" | In - None - P17 - TRUE | .(.Microsoft Corporation - Mesh Operating Environment.) -- C:\Program Files\Windows Live\Mesh\MOE.exe
O87 - FAEL: "TCP Query User{8E63C56C-751A-400F-B586-F5AEA7AB6CF4}C:\program files\real\realplayer\realplay.exe" | In - Public - P6 - TRUE | .(.RealNetworks, Inc. - RealPlayer.) -- C:\program files\real\realplayer\realplay.exe
O87 - FAEL: "UDP Query User{A76BA666-3FB0-4B02-B408-01A68EE3ECAC}C:\program files\real\realplayer\realplay.exe" | In - Public - P17 - TRUE | .(.RealNetworks, Inc. - RealPlayer.) -- C:\program files\real\realplayer\realplay.exe
O87 - FAEL: "TCP Query User{F188652C-BE82-42CF-A847-A698EE4DD53F}C:\program files\paltalk messenger\paltalk.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\paltalk messenger\paltalk.exe (.not file.)
O87 - FAEL: "UDP Query User{CA3A839E-58E5-45F4-90BF-8CD20DB035F7}C:\program files\paltalk messenger\paltalk.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\paltalk messenger\paltalk.exe (.not file.)
O87 - FAEL: "TCP Query User{AB6AD228-11A2-4218-B484-D4D0A9B59FA2}C:\users\a\appdata\local\temp\rar$ex00.838\tv player classic 6.7.23 portable\tv player classic.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\a\appdata\local\temp\rar$ex00.838\tv player
O87 - FAEL: "UDP Query User{A1F369E1-8833-4F85-9C54-8521133867AF}C:\users\a\appdata\local\temp\rar$ex00.838\tv player classic 6.7.23 portable\tv player classic.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\a\appdata\local\temp\rar$ex00.838\tv playe
O87 - FAEL: "TCP Query User{36341653-A240-4C62-B6E6-592231ADCF6B}C:\program files\limewire\limewire.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\limewire\limewire.exe (.not file.)
O87 - FAEL: "UDP Query User{9FABF1B8-5BA6-42A9-88D4-60EE5040500D}C:\program files\limewire\limewire.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\limewire\limewire.exe (.not file.)
O87 - FAEL: "TCP Query User{5AEF8AAB-7E99-43ED-8C1D-E73295A2B26E}C:\program files\mozilla firefox\firefox.exe" | In - Public - P6 - TRUE | .(.Mozilla Corporation - Firefox.) -- C:\program files\mozilla firefox\firefox.exe
O87 - FAEL: "UDP Query User{EBB0AD45-235D-4433-9A4C-F40F2456BFAC}C:\program files\mozilla firefox\firefox.exe" | In - Public - P17 - TRUE | .(.Mozilla Corporation - Firefox.) -- C:\program files\mozilla firefox\firefox.exe
O87 - FAEL: "TCP Query User{65260422-CAF8-48A5-9B6F-DFE5D65B972E}C:\users\a\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" | In - Public - P6 - TRUE | .(.Octoshape ApS.) -- C:\users\a\appdata\roaming\macromedia\fl
O87 - FAEL: "UDP Query User{4353321F-5002-4B56-8106-E1D4D3A9DD5A}C:\users\a\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" | In - Public - P17 - TRUE | .(.Octoshape ApS.) -- C:\users\a\appdata\roaming\macromedia\f
O87 - FAEL: "{61F78C28-C233-4E0F-88C8-97DD5C8AE4FE}" | In - Public - P6 - TRUE | .(.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\maconfservice.exe
O87 - FAEL: "{0FC13D4A-1A0A-4B83-9BED-417E7D7B6B11}" | In - Public - P17 - TRUE | .(.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\maconfservice.exe


---\\ Additionnal Scan (O88)
Database Version : 5359 - (12/04/2011)

[HKCU\Software\Microsoft\Internet Explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}] =>Adware.AdRotator
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBar
[HKLM\Software\Classes\CLSID\{82ac53b4-164c-4b07-a016-437a8388b81a}] =>Toolbar.SweetIM
[HKLM\Software\Classes\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19}] =>Toolbar.SweetIM
[HKLM\Software\Microsoft\Internet Explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}] =>Adware.AdRotator
[HKLM\Software\Microsoft\Windows\CurrentVersion\app paths\sweetim.exe] =>Toolbar.SweetIM


---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 19-1-2010 858384 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SS - | Auto 7-6-2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 21-3-2007 355096 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
SS - | Demand 10-3-2011 311744 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe
SR - | Auto 19-2-2010 552064 | (NOD32krn) . (.Eset.) - C:\Program Files\Eset\nod32krn.exe
SR - | Auto 19-1-2010 473360 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Demand 17-11-2006 118784 | (WisLMSvc) . (.Wistron Corp..) - C:\Program Files\Launch Manager\WisLMSvc.exe
SS - | Auto 21-1-2008 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe


---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by a at 12-4-2011 19:47:23

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys spkc.sys >>UNKNOWN [0x84DC2938]<<
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
System32\Drivers\spkc.sys
1 ntkrnlpa!IofCallDriver[0x8228B912] -> \Device\Harddisk0\DR0[0x859C11A8]
3 CLASSPNP[0x883A68B3] -> ntkrnlpa!IofCallDriver[0x8228B912] -> [0x84EAA860]
5 acpi[0x805BA6BC] -> ntkrnlpa!IofCallDriver[0x8228B912] -> \Device\Ide\IAAStorageDevice-0[0x84EA4030]
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi -> 0x84e0b1f8
user & kernel MBR OK
Warning: possible MBR rootkit infection !


---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by a at 12-4-2011 19:47:27

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

********* Dump File Header *********
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: FUJITSU SIEMENS
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: FUJITSU SIEMENS
System Product Name: AMILO Li 2735
Logical Drives Mask: 0x0000007c

********* Dump File Analysis *********
Windows 2008 MBR code detected


---\\ List of CD/DVD Emulators (MBR Hook)
O58 - SDL:[MD5.3CEF12005489037700FCFD7F10F01200] - 2-2-2011 - 0:00:00 ---A- . (...) -- C:\Windows\system32\drivers\sptd.sys [722416]


End of the scan (1124 lines in 01mn 17s)(0)
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS