cheval de troie

Question

Bonjour,
j'ai un trojant que je n'arive pas a supprimer comment dois je faire il me dit niveau d'alerte grave merci de votre aide

jfkpresident · Answer

bonsoir ;

Ouvre ce lien et télécharge ZHPDiag :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Une fois le téléchargement achevé, dézippe le fichier obtenu et place ZHPDiag.exe sur ton Bureau.

Double-clique sur l'icône pour lancer le programme.

Si tu es d'accord avec les termes du disclaimer, clique sur Continue.

A la fin du scan, enregistre le rapport en cliquant sur Sauve.

Ouvre le fichier sauvegardé avec le Bloc-Notes et copie son contenu dans ta réponse.

juju37p · Answer

tout est expliquer ici:

http://www.commentcamarche.net/forum/affich 2364537 virus trojan impossible a supprimer

jfkpresident · Answer

juju37p : chaque cas d'infections est différent !

gwenfreddy · Answer

apport de ZHPDiag v1.1.3.7 par Nicolas Coolman
Enregistré le 05/11/2008 23:45:09
Platform : Windows (TM) Vista Home Basic
MSIE: Internet Explorer v7.0.6001.18000
MFIE: Mozilla Firefox (3.0)

---\ Processus lancés
 C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
 C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
 C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
 C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
 C:\WINDOWS\FixCamera.exe
 C:\Windows	snp2std.exe
 C:\Program Files (x86)\iTunes\iTunesHelper.exe
 C:\Program Files\Windows Sidebar\sidebar.exe
 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
 C:\PROGRA~2\Magentic\bin\Magentic.exe
 c:\users\gwendoline\appdata\local\utbgnlsa.exe
 C:\Program Files (x86)\Iminent\imbooster.exe
 C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
 C:\Users\gwendoline\AppData\Roaming\Microsoft\Windows\kromqqm.exe

---\ Pages de recherche de Mozilla Firefox (M1)
M1 - SPR:Search Page Redirection - C:\Program Files (x86)\Mozilla FireFox\extensions\searchtheweb@iminent

---\ Modification d'une valeur System.ini (F2)
F2 - REG:system.ini: UserInit=userinit.exe
F2 - REG:system.ini: Shell=explorer.exe

---\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr

---\ Pages de recherche d'Internet Explorer (R1)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

---\ Redirection du fichier Hosts (O1)
O1 - Hosts: ::1             localhost

---\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Binbango Toolbar - {5c1ad0b8-f8e1-4edc-b15c-5743e61485ec} - C:\Program Files (x86)\Binbango	bBin1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared
\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
O2 - BHO: TBSB05234 - {C4EC4403-3E2C-44F3-A2EC-B31B91D3FD11} - C:\Program Files (x86)\BarreMagique\sms-illimite.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

---\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Binbango Toolbar - {5c1ad0b8-f8e1-4edc-b15c-5743e61485ec} - C:\Program Files (x86)\Binbango	bBin1.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

---\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\Windows	snp2std.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files (x86)\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [] 
O4 - HKCU\..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~2\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [utbgnlsa] c:\users\gwendoline\appdata\local\utbgnlsa.exe utbgnlsa
O4 - HKCU\..\Run: [IMBooster] C:\Program Files (x86)\Iminent\imbooster.exe /warmup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [mcaie] "c:\users\gwendoline\appdata\local\mcaie.exe" mcaie
O4 - HKCU\..\Run: [SfKg6wIPu] C:\Users\gwendoline\AppData\Roaming\Microsoft\Windows\kromqqm.exe
O4 - HKCU\..\Run: [WinButler] C:\Users\gwendoline\AppData\Roaming\WinButler\WinButler.exe
O4 - HKLM\..\policies\Explorer: [NoActiveDesktop] Data="1"
O4 - HKLM\..\policies\Explorer: [NoActiveDesktopChanges] Data="1"
O4 - HKLM\..\policies\Explorer: [ForceActiveDesktopOn] Data="0"

---\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files (x86)\IncrediMail\binesources\WebMenuImg.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm

---\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~2.0_0\bin\ssv.dll

---\ Onglet supplémentaire dans les options avancées d'Internet Explorer (O11)
O11 - Options group: [accessibility] Accessibility - C:\Windows\SysWOW64\inetcpl.cpl
O11 - Options group: [browse] Browsing - C:\Windows\SysWOW64\inetcpl.cpl
O11 - Options group: [crypto] Security - C:\Windows\SysWOW64\inetcpl.cpl
O11 - Options group: [http] HTTP 1.1 settings - C:\Windows\SysWOW64\inetcpl.cpl
O11 - Options group: [international] International* - C:\Windows\SysWOW64\inetcpl.cpl
O11 - Options group: [multimedia] Multimedia - C:\Windows\SysWOW64\inetcpl.cpl
O11 - Options group: [print] Printing - C:\Windows\SysWOW64\inetcpl.cpl
O11 - Options group: [searching] Search from the Address bar - C:\Windows\SysWOW64\inetcpl.cpl

---\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

---\ Protocole additionnel et piratage de protocole (O18)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

---\ Valeur de Registre AppInit_DLLs (O20)
O20 - AppInit_DLLs:c:\progra~2\bandoo\bndhook.dll 

---\ Clé de Registre autorun SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030}

---\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: YInstStarterUpgrade Class - {0291E591-EA41-4c82-8106-3DC6CE7F7664} - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\SysWOW64\wmpdxm.dll
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\system32egsvr32.exe /s /n /i:/UserInstall C:\Windows\system32	hemeui.dll
O40 - ASIC: YInstStarter Class - {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
O40 - ASIC: YSearchSetting2 Class - {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Dossiers Web - {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - (not file)
O40 - ASIC: Address Book 7 - {7790769C-0471-11d2-AF11-00C04FA35D02} - (not file)
O40 - ASIC: .NET Framework - {7C028AF8-F614-47B3-82DA-BA94E41B1089} - (not file)
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: YahooYMailTo Class - {A17E30C4-A9BA-11D4-8673-60DB54C10000} - C:\PROGRA~2\Yahoo!\Common\ymmapi.dll
O40 - ASIC: YMailAttach Class - {AA218328-0EA8-4D70-8972-E987A9190FF4} - C:\PROGRA~2\Yahoo!\Common\ymmapi.dll
O40 - ASIC: .NET Framework - {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\SysWow64\Macromed\Flash\Flash9f.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Messenger Class - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player Plugin
O42 - Logiciel: Bandoo
O42 - Logiciel: Binbango Toolbar
O42 - Logiciel: CA Yahoo! Anti-Spy (remove only)
O42 - Logiciel: Eurobarre
O42 - Logiciel: Hyperballoid 2
O42 - Logiciel: IMBooster
O42 - Logiciel: IncrediMail Xe
O42 - Logiciel: LimeWire 4.18.8
O42 - Logiciel: Live-Player
O42 - Logiciel: Magentic
O42 - Logiciel: Mozilla Firefox (3.0)
O42 - Logiciel: Neuf - Widget Neuf
O42 - Logiciel: PC Tools AntiVirus 5.0
O42 - Logiciel: Shareaza 2.4.0.0
O42 - Logiciel: SM
O42 - Logiciel: Favorit
O42 - Logiciel: Update Service
O42 - Logiciel: Windows Live Toolbar
O42 - Logiciel: Yahoo! Extras
O42 - Logiciel: Yahoo! Internet Mail
O42 - Logiciel: Yahoo! Messenger
O42 - Logiciel: YesMessenger 2.2.40
O42 - Logiciel: Yahoo! Install Manager
O42 - Logiciel: Microsoft Office 2000 Professional
O42 - Logiciel: Google Toolbar for Internet Explorer
O42 - Logiciel: Java(TM) 6 Update 6
O42 - Logiciel: Java(TM) 6 Update 7
O42 - Logiciel: SweetIM Toolbar for Internet Explorer 3.1
O42 - Logiciel: Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
O42 - Logiciel: Apple Software Update
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: USB2.0 PC Camera-268
O42 - Logiciel: Bonjour
O42 - Logiciel: HP Update
O42 - Logiciel: QuickTime
O42 - Logiciel: Adobe Reader 8.1.2 - Français
O42 - Logiciel: Adobe Reader 8.1.2 Security Update 1 (KB403742)
O42 - Logiciel: Assistant de connexion Windows Live
O42 - Logiciel: Spybot - Search & Destroy
O42 - Logiciel: Windows Live Messenger
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: Windows Live Mail
O42 - Logiciel: MSXML 4.0 SP2 (KB941833)
O42 - Logiciel: HP Photosmart Essential
O42 - Logiciel: HPSSupply
O42 - Logiciel: SweetIM for Messenger 2.5
O42 - Logiciel: VirginMega.Fr Premium
O42 - Logiciel: Windows Live installer

---\ Déni du service Local Security Authority (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - 
O48 - LSA:Local Security Authority Notification Packages - 


End of the scan:
Rapport de ZHPDiag v1.1.3.7 par Nicolas Coolman
Enregistré le 05/11/2008 23:45:09
Platform : Windows (TM) Vista Home Basic
MSIE: Internet Explorer v7.0.6001.18000
MFIE: Mozilla Firefox (3.0)

---\ Processus lancés
 C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
 C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
 C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
 C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
 C:\WINDOWS\FixCamera.exe
 C:\Windows	snp2std.exe
 C:\Program Files (x86)\iTunes\iTunesHelper.exe
 C:\Program Files\Windows Sidebar\sidebar.exe
 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
 C:\PROGRA~2\Magentic\bin\Magentic.exe
 c:\users\gwendoline\appdata\local\utbgnlsa.exe
 C:\Program Files (x86)\Iminent\imbooster.exe
 C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
 C:\Users\gwendoline\AppData\Roaming\Microsoft\Windows\kromqqm.exe

---\ Pages de recherche de Mozilla Firefox (M1)
M1 - SPR:Search Page Redirection - C:\Program Files (x86)\Mozilla FireFox\extensions\searchtheweb@iminent

---\ Modification d'une valeur System.ini (F2)
F2 - REG:system.ini: UserInit=userinit.exe
F2 - REG:system.ini: Shell=explorer.exe

---\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr

---\ Pages de recherche d'Internet Explorer (R1)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

---\ Redirection du fichier Hosts (O1)
O1 - Hosts: ::1             localhost

---\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Binbango Toolbar - {5c1ad0b8-f8e1-4edc-b15c-5743e61485ec} - C:\Program Files (x86)\Binbango	bBin1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared
\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
O2 - BHO: TBSB05234 - {C4EC4403-3E2C-44F3-A2EC-B31B91D3FD11} - C:\Program Files (x86)\BarreMagique\sms-illimite.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

---\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Binbango Toolbar - {5c1ad0b8-f8e1-4edc-b15c-5743e61485ec} - C:\Program Files (x86)\Binbango	bBin1.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

---\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\Windows	snp2std.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files (x86)\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [] 
O4 - HKCU\..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~2\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [utbgnlsa] c:\users\gwendoline\appdata\local\utbgnlsa.exe utbgnlsa
O4 - HKCU\..\Run: [IMBooster] C:\Program Files (x86)\Iminent\imbooster.exe /warmup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [mcaie] "c:\users\gwendoline\appdata\local\mcaie.exe" mcaie
O4 - HKCU\..\Run: [SfKg6wIPu] C:\Users\gwendoline\AppData\Roaming\Microsoft\Windows\kromqqm.exe
O4 - HKCU\..\Run: [WinButler] C:\Users\gwendoline\AppData\Roaming\WinButler\WinButler.exe
O4 - HKLM\..\policies\Explorer: [NoActiveDesktop] Data="1"
O4 - HKLM\..\policies\Explorer: [NoActiveDesktopChanges] Data="1"
O4 - HKLM\..\policies\Explorer: [ForceActiveDesktopOn] Data="0"

---\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files (x86)\IncrediMail\binesources\WebMenuImg.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm

---\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~2.0_0\bin\ssv.dll

---\ Onglet supplémentaire dans les options avancées d'Internet Explorer (O11)
O11 - Options group: [accessibility] Accessibility - C:\Windows\SysWOW64\inetcpl.cpl
O11 - Options group: [browse] Browsing - C:\Windows\SysWOW64\inetcpl.cpl
O11 - Options group: [crypto] Security - C:\Windows\SysWOW64\inetcpl.cpl
O11 - Options group: [http] HTTP 1.1 settings - C:\Windows\SysWOW64\inetcpl.cpl
O11 - Options group: [international] International* - C:\Windows\SysWOW64\inetcpl.cpl
O11 - Options group: [multimedia] Multimedia - C:\Windows\SysWOW64\inetcpl.cpl
O11 - Options group: [print] Printing - C:\Windows\SysWOW64\inetcpl.cpl
O11 - Options group: [searching] Search from the Address bar - C:\Windows\SysWOW64\inetcpl.cpl

---\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

---\ Protocole additionnel et piratage de protocole (O18)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

---\ Valeur de Registre AppInit_DLLs (O20)
O20 - AppInit_DLLs:c:\progra~2\bandoo\bndhook.dll 

---\ Clé de Registre autorun SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030}

---\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: YInstStarterUpgrade Class - {0291E591-EA41-4c82-8106-3DC6CE7F7664} - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\SysWOW64\wmpdxm.dll
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\system32egsvr32.exe /s /n /i:/UserInstall C:\Windows\system32	hemeui.dll
O40 - ASIC: YInstStarter Class - {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
O40 - ASIC: YSearchSetting2 Class - {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Dossiers Web - {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - (not file)
O40 - ASIC: Address Book 7 - {7790769C-0471-11d2-AF11-00C04FA35D02} - (not file)
O40 - ASIC: .NET Framework - {7C028AF8-F614-47B3-82DA-BA94E41B1089} - (not file)
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: YahooYMailTo Class - {A17E30C4-A9BA-11D4-8673-60DB54C10000} - C:\PROGRA~2\Yahoo!\Common\ymmapi.dll
O40 - ASIC: YMailAttach Class - {AA218328-0EA8-4D70-8972-E987A9190FF4} - C:\PROGRA~2\Yahoo!\Common\ymmapi.dll
O40 - ASIC: .NET Framework - {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\SysWow64\Macromed\Flash\Flash9f.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Messenger Class - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player Plugin
O42 - Logiciel: Bandoo
O42 - Logiciel: Binbango Toolbar
O42 - Logiciel: CA Yahoo! Anti-Spy (remove only)
O42 - Logiciel: Eurobarre
O42 - Logiciel: Hyperballoid 2
O42 - Logiciel: IMBooster
O42 - Logiciel: IncrediMail Xe
O42 - Logiciel: LimeWire 4.18.8
O42 - Logiciel: Live-Player
O42 - Logiciel: Magentic
O42 - Logiciel: Mozilla Firefox (3.0)
O42 - Logiciel: Neuf - Widget Neuf
O42 - Logiciel: PC Tools AntiVirus 5.0
O42 - Logiciel: Shareaza 2.4.0.0
O42 - Logiciel: SM
O42 - Logiciel: Favorit
O42 - Logiciel: Update Service
O42 - Logiciel: Windows Live Toolbar
O42 - Logiciel: Yahoo! Extras
O42 - Logiciel: Yahoo! Internet Mail
O42 - Logiciel: Yahoo! Messenger
O42 - Logiciel: YesMessenger 2.2.40
O42 - Logiciel: Yahoo! Install Manager
O42 - Logiciel: Microsoft Office 2000 Professional
O42 - Logiciel: Google Toolbar for Internet Explorer
O42 - Logiciel: Java(TM) 6 Update 6
O42 - Logiciel: Java(TM) 6 Update 7
O42 - Logiciel: SweetIM Toolbar for Internet Explorer 3.1
O42 - Logiciel: Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
O42 - Logiciel: Apple Software Update
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: USB2.0 PC Camera-268
O42 - Logiciel: Bonjour
O42 - Logiciel: HP Update
O42 - Logiciel: QuickTime
O42 - Logiciel: Adobe Reader 8.1.2 - Français
O42 - Logiciel: Adobe Reader 8.1.2 Security Update 1 (KB403742)
O42 - Logiciel: Assistant de connexion Windows Live
O42 - Logiciel: Spybot - Search & Destroy
O42 - Logiciel: Windows Live Messenger
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: Windows Live Mail
O42 - Logiciel: MSXML 4.0 SP2 (KB941833)
O42 - Logiciel: HP Photosmart Essential
O42 - Logiciel: HPSSupply
O42 - Logiciel: SweetIM for Messenger 2.5
O42 - Logiciel: VirginMega.Fr Premium
O42 - Logiciel: Windows Live installer

---\ Déni du service Local Security Authority (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - 
O48 - LSA:Local Security Authority Notification Packages - 


End of the scan:

jfkpresident · Answer

salut ;

effectivement tu es infecté ,On va commencer par cela :

télécharge lopS&D

*double-cliquez dessus pour installer le programme.
* Un raccourci sera créé sur votre bureau , double-cliquez dessus pour lancer l'outil.
*choisis la langue .
*choisis l'option 1 (recherche) .
*copie/colle le rapport sur le forum.

gwenfreddy · Answer

bonjour merci mais cela ne marche pas je n'ai pas d'icone qui s'intalle ni meme quand je le recherche

gwenfreddy · Answer

re, toujours rien quand je selectionne l'option rechercher l'application sarete merci de votre aide !!!!!!

jfkpresident · Answer

salut ;

trouve tu le "set- up" d'installation dans tes téléchargements ?

gwenfreddy · Answer

non je ne le trouve pas !!! merci de ton aide

jfkpresident · Answer

Hum....Quand tu clique sur le lien tu as bien la petite fenetre de téléchargement avec "ouvrir" ou "enregistrer" ,clique bien sur enregistrer le fichier ,ensuite tu dois avoir le set-up d'instal dans ton dossier téléchargement ,tu double clique dessus et l'instal se fait (normalement )..

gwenfreddy · Answer

j'ai bien fais comme tu m'as dit j'ai bien l'application mais quand je l'ouvre il me demande langue + recherche et apres plus rien merci

gwenfreddy · Answer

voila j'ai trouvé ca j'espere que ca peux t'aider merci 





   --  Changelog Lop S&D  --


==================================
Maj/Upd : --/--/2008 ( v 4.2.5-0 )
==================================

Folder : Browseblahamok
Folder : Fast knob warn
Folder : PEAK START ROAD
Folder : up 16 program 64
Folder : vga1user
Folder : 4 flag

==================================
Maj/Upd : 30/10/2008 ( v 4.2.4-9 )
==================================

# Keylogger.fung detection

Folder : Balm Seek Media Store
Folder : BoldSlowBatBoob
Folder : Bolt extra skip
Folder : Drivebendbows
Folder : enc jugs great user
Folder : FIND ABOUT LOGO
Folder : flagflap
Folder : HECKMEALJUMP
Folder : junkgramfour
Folder : PURESIGNNOUNFUNK
Folder : SETUP BEND FIRST 01
Floder : Shimactiveacid
Folder : Soft draw bold remote
Folder : thunk name
Folder : 16itchball

==================================
Maj/Upd : 27/10/2008 ( v 4.2.4-8 )
==================================

Folder : Gpl ooze view load
Folder : LOG LOVE BIAS
Folder : Pile Bait Multi
Folder : send find meet
Folder : StopActiveTons
Folder : 01 TRANS ACTIVE BALM

==================================
Maj/Upd : 23/10/2008 ( v 4.2.4-7 )
==================================

Folder : Axis Body Funk
Folder : Chin Bold Balm
Folder : Dent draw pure lies
Folder : DOG BIKE MEOW
Folder : manager exit list active
Folder : Owns Intra Time Log
Folder : settingsbytewindow
Folder : way global dash

==================================
Maj/Upd : 20/10/2008 ( v 4.2.4-6 )
==================================

# KoobFace detection

Folder : Aim download bolt bags
Folder : ArmyFunkWarn
Folder : BLUE LINK
Folder : bore inter bags this
Folder : cdrom curb cast
Folder : Citysurfhelp
Folder : Coolmpegencbits
Folder : DATA PROXY WAY FACE
Folder : Debug manager soft the
Folder : Drive Each
Folder : Drive flap
Folder : DRIVE STOP CORN
Folder : DRAW GLOBAL
Folder : Else Atom
Folder : extra admin acid
Folder : flap aim site
Folder : FLAPFOUR
Folder : flaw audio error data
Folder : FlawRect
Folder : Ford Proc Heart
Folder : freemore
Folder : funk bows wave
Folder : Glue comp noun
Folder : htm safe okay
Folder : Idol Mags
Folder : inside bits skip 16
Folder : internet phone mapi
Folder : itchtestless
Folder : math frag proc
Folder : mediacdromhole
Folder : Nurb live mags
Folder : PeakPlanLogo
Folder : platformsave
Folder : Platform soap settings
Folder : ProgramDateBashLogo
Folder : ProgramDeleteTime
Folder : Program meal settings
Folder : save time iso data
Folder : settings ford base
Folder : Soap lies love
Folder : theupbird
Folder : Tons balm hope 2
Folder : Tray soap
Folder : Trust dumb
Folder : Web Meta Send Glue
Folder : 1 SIGN 01

==================================
Maj/Upd : 02/10/2008 ( v 4.2.4-5 )
==================================

Folder : Admin Dart
Folder : amok user hope
Folder : BASE BOLD MAGS
Folder : bolt eq comp
Folder : Bold Grey Spam Peak
Folder : chicregs
Folder : chinblehbind
Folder : CORN GRAM DENT
Folder : Corn Mess Vga
Folder : Debugbalmcopy
Folder : Find Hole Bags
Folder : flapblahremote
Folder : flawmultiless
Folder : funk flag peak
Folder : inside readme lite
Folder : Inside web
Folder : Intra bike roam road
Folder : KNOBDENT
Folder : LocksDeafByte
Folder : lovefourjunk
Folder : math clock joy
Folder : Mess Blue Poke Slow
Folder : Once obj sixth
Folder : OptionOnceBold
Folder : PEAK DART PILE
Folder : PEAK RECT MIX
Folder : Poke admin tons bike
Folder : Programaxis
Folder : rule about cdrom thunk
Folder : Show 01
Folder : test bird meet
Folder : thatrealhole
Folder : ThunkDeafTime
Folder : Trayholesafe
Folder : UP CHIN EXIT TYPE
Folder : 32 Math Corn

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"part mags"=-

==================================
Maj/Upd : 19/09/2008 ( v 4.2.4-4 )
==================================

Folder : BASHELSEMETA
Folder : binddeadless
Folder : Bows Body Bash
Folder : chin window mail
Folder : dashshowsafe
Folder : find flaw media
Folder : Funk Thunk More
Folder : Gram new
Folder : heck nurb trans joy
Folder : Knob burn platform love
Folder : mail grey balm inter
Folder : Meal Grey Test Lies
Folder : mediaknobbowsmapi
Folder : Meow stop four mail
Folder : mp3 settings soap meal
Folder : Multi dale lies delete
Folder : objrdrpoke
Folder : play gpl wait idol
Folder : regs delete fast
Folder : SCR COPY DENT
Folder : Test Hole Time
Folder : Titledeletewipe
Folder : TOOLDEFYMEAL
Folder : TOOL TRAY WMA
Folder : transdent
Folder : Warn Mfcd Trust Download

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Base frag grid bows"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sizedrv"=-

==================================
Maj/Upd : 14/09/2008 ( v 4.2.4-3 )
==================================

Folder : Aim face support
Folder : BAITTICKACTIVE
Folder : Bold Play Media Byte
Folder : Bows obj warn
Folder : DELETE LOCKS MEDIA
Folder : ELSE LOUD ACID PART
Folder : Four Bleh Flaw Once
Folder : Glue File Five
Folder : Grim does
Folder : Iso Anti Test
Folder : itch idol
Folder : LESSTHATBORE
Folder : Mfcd Comp
Folder : open wait readme
Folder : real keep mail ping
Folder : THUNKSECOND
Folder : WEB THUNK JUGS
Folder : 16 seek
Folder : 64Thunk

==================================
Maj/Upd : 08/09/2008 ( v 4.2.4-2 )
==================================

Folder : bias grim user enc
Folder : byte loud style cool
Folder : drv atom pile
Folder : Else Ball
Folder : flap axis
Folder : List bias eggs 1
Folder : Obj bows dumb

==================================
Maj/Upd : 06/09/2008 ( v 4.2.4-1 )
==================================

Folder : aciddoesreal
Folder : active move body safe
Folder : bore draw ping
Folder : chin corn owns
Folder : eggshidebind
Folder : fastplatformreal
Folder : Idle bind itch live
Folder : Internet mpeg fork
Folder : knobfragdash
Folder : Iso sign frag chic
Folder : Lies shim upload curb
Folder : one draw support
Folder : phone move locks
Folder : Stop Great
Folder : THUNK BAIT

==================================
Maj/Upd : 04/09/2008 ( v 4.2.4-0 )
==================================

# New language : Finnish (Thanks to Shaba for translations)

Folder : atomsite
Folder : Creativeview
Folder : phoneburn

==================================
Maj/Upd : 02/09/2008 ( v 4.2.3-9 )
==================================

# New language : Dutch (Thanks to Thunder for translations)

Folder : activelicenseintranew
Folder : BASE GREY KIND POKE
Folder : bash win the junk
Folder : bluejunk
Folder : Campscr
Folder : DeafOnlineSite
Folder : else online five
Folder : film start link joy
Folder : the rect
Folder : 2 body
Folder : 2 Cake Meet
Folder : 16 skip

==================================
Maj/Upd : 31/08/2008 ( v 4.2.3-8 )
==================================

Folder : Dumb creative
Folder : jump delete hold
Folder : PHONEPLANMULTI

==================================
Maj/Upd : 30/08/2008 ( v 4.2.3-7 )
==================================

Folder : DRVUSERENCPILE
Folder : EXTRABYTE
Folder : Flaw Hide
Folder : Remote Audio New
Folder : soft dead ooze build
Folder : Trans Once Mess Frag
Folder : 01 Kind Beep

==================================
Maj/Upd : 27/08/2008 ( v 4.2.3-6 )
==================================

Folder : Defy Memo Find Trust
Folder : peakbodymore
Folder : surflitecopy
Folder : Up Creative Skip

==================================
Maj/Upd : 26/08/2008 ( v 4.2.3-5 )
==================================

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WinZix.exe]

Folder : body meow bolt
Folder : curbstupidref
Folder : data audio intra bat
Folder : Enc corn close play
Folder : Eqhtmskip
Folder : gram delete for
Folder : love ford manager
Folder : Slow Option Window
Folder : Slow owns
Folder : THATAXISCAMPJUNK
Folder : trans bird
Folder : WARN STUPID EACH STOP

==================================
Maj/Upd : 23/08/2008 ( v 4.2.3-4 )
==================================

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TorrentSpeeder_is1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BitRoll_is1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5792AA9-D373-4039-8670-2CDAB6A71F15}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2473BF2D-CA0A-11DA-88DB-0050BF2938E1}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\TorrentSpeeder]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\NetPumper]

[-HKEY_CLASSES_ROOT\CLSID\{D5792AA9-D373-4039-8670-2CDAB6A71F15}]
[-HKEY_CLASSES_ROOT\CLSID\{2473BF2D-CA0A-11DA-88DB-0050BF2938E1}]

Folder : Bib Dog Flap Long
Folder : chinhole
Folder : copymessbatnew
Folder : DateBowsLoadBash
Folder : GLUE RECT MOVE
Folder : GLUE TONS ERROR WIN
Folder : Greycake
Folder : Jugssupporteach
Folder : ShowDateDumb
Folder : Up corn

==================================
Maj/Upd : 21/08/2008 ( v 4.2.3-3 )
==================================

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{773B1AAD-A8DD-4010-A903-CDB32938F595}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{773B1AAD-A8DD-4010-A903-CDB32938F595}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DivoCodec.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\GalaPlayer.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PluginDL.exe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivoCodec]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GalaPlayer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PluginDL]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DownloadPlugin.DLPlugin]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DownloadPlugin.DLPlugin.1]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GalaPlayer"=-

%Programfiles%\Mozilla Firefox\Plugins
pdlplug.dll
%Windir%\Prefetch\GALAPLAYER*.pf
%Programfiles%\GalaPlayer
%Common Programs%\GalaPlayer
%Desktop%\GalaPlayer.lnk
%Cookies%\*.livemediasrv*.txt
%Cookies%\*.galaplayer*.txt
%Temp%
s*
%Temp%\pldl*
%Temp%\codec_dv*
%Temp%\DivoCodec*

Processes - GalaPlayer.exe

==================================
Maj/Upd : 20/08/2008 ( v 4.2.3-2 )
==================================

Folder : Extra hold two
Folder : film build inter site
Folder : knob build
Folder : Less mfcd sixth
Folder : 1logofunk
Folder : 64 dvd

==================================
Maj/Upd : 19/08/2008 ( v 4.2.3-1 )
==================================

%ProgramFiles%\Adverts
%ProgramFiles%\Bitdownload
%ProgramFiles%\BitGrabber
%ProgramFiles%\BitRoll
%ProgramFiles%\BitTorrent Fastest Tool
%ProgramFiles%\Circle Developement
%ProgramFiles%\CiD Help
%ProgramFiles%\CiD Manager
%ProgramFiles%\C2Media
%ProgramFiles%\DivoCodec
%ProgramFiles%\DivoPlayer
%ProgramFiles%\DomPlayer
%ProgramFiles%\Download Plugin
%ProgramFiles%\Get-Torrent
%ProgramFiles%\KitPlayer
%ProgramFiles%\Multi_Media
%ProgramFiles%\Multi_Media_France
%ProgramFiles%\MultiMedia France Toolbar
%ProgramFiles%\NetPumper
%ProgramFiles%\PluginDL
%ProgramFiles%\TorrentGamers
%ProgramFiles%\TorrentQ
%ProgramFiles%\TorrentSoftware
%ProgramFiles%\TorrentSpeeder
%ProgramFiles%\Torrent101
%ProgramFiles%\Winzix
%ProgramFiles%\3wPlayer

%ProgramData%\Adverts
%ProgramData%\Bitdownload
%ProgramData%\BitGrabber
%ProgramData%\BitRoll
%ProgramData%\BitTorrent Fastest Tool
%ProgramData%\Circle Developement
%ProgramData%\CiD Help
%ProgramData%\CiD Manager
%ProgramData%\C2Media
%ProgramData%\DivoCodec
%ProgramData%\DivoPlayer
%ProgramData%\DomPlayer
%ProgramData%\Download Plugin
%ProgramData%\Get-Torrent
%ProgramData%\KitPlayer
%ProgramData%\Multi_Media
%ProgramData%\Multi_Media_France
%ProgramData%\MultiMedia France Toolbar
%ProgramData%\NetPumper
%ProgramData%\PluginDL
%ProgramData%\TorrentGamers
%ProgramData%\TorrentQ
%ProgramData%\TorrentSoftware
%ProgramData%\TorrentSpeeder
%ProgramData%\Torrent101
%ProgramData%\Winzix
%ProgramData%\3wPlayer

%CommonProgramFiles%\Adverts
%CommonProgramFiles%\Bitdownload
%CommonProgramFiles%\BitGrabber
%CommonProgramFiles%\BitRoll
%CommonProgramFiles%\BitTorrent Fastest Tool
%CommonProgramFiles%\Circle Developement
%CommonProgramFiles%\CiD Help
%CommonProgramFiles%\CiD Manager
%CommonProgramFiles%\C2Media
%CommonProgramFiles%\DivoCodec
%CommonProgramFiles%\DivoPlayer
%CommonProgramFiles%\DomPlayer
%CommonProgramFiles%\Download Plugin
%CommonProgramFiles%\Get-Torrent
%CommonProgramFiles%\KitPlayer
%CommonProgramFiles%\Multi_Media
%CommonProgramFiles%\Multi_Media_France
%CommonProgramFiles%\MultiMedia France Toolbar
%CommonProgramFiles%\NetPumper
%CommonProgramFiles%\PluginDL
%CommonProgramFiles%\TorrentGamers
%CommonProgramFiles%\TorrentQ
%CommonProgramFiles%\TorrentSoftware
%CommonProgramFiles%\TorrentSpeeder
%CommonProgramFiles%\Torrent101
%CommonProgramFiles%\Winzix
%CommonProgramFiles%\3wPlayer

%Common Programs%\Adverts
%Common Programs%\Bitdownload
%Common Programs%\BitGrabber
%Common Programs%\BitRoll
%Common Programs%\BitTorrent Fastest Tool
%Common Programs%\DivoCodec
%Common Programs%\DivoPlayer
%Common Programs%\DomPlayer
%Common Programs%\Download Plugin
%Common Programs%\Get-Torrent
%Common Programs%\KitPlayer
%Common Programs%\Multi_Media
%Common Programs%\Multi_Media_France
%Common Programs%\NetPumper
%Common Programs%\PluginDL
%Common Programs%\TorrentGamers
%Common Programs%\TorrentQ
%Common Programs%\TorrentSoftware
%Common Programs%\TorrentSpeeder
%Common Programs%\Torrent101
%Common Programs%\Winzix
%Common Programs%\3wPlayer

%AppData%(s)\Bitdownload
%AppData%(s)\BitGrabber
%AppData%(s)\BitRoll
%AppData%(s)\Circle Developement
%AppData%(s)\C2Media
%AppData%(s)\DivoCodec
%AppData%(s)\DivoPlayer
%AppData%(s)\DomPlayer
%AppData%(s)\Get-Torrent
%AppData%(s)\KitPlayer
%AppData%(s)\Multi_Media
%AppData%(s)\Multi_Media_France
%AppData%(s)\NetPumper
%AppData%(s)\TorrentGamers
%AppData%(s)\TorrentQ
%AppData%(s)\TorrentSoftware
%AppData%(s)\TorrentSpeeder
%AppData%(s)\Torrent101
%AppData%(s)\Winzix

%Desktop%\Bitdownload.lnk
%Desktop%\BitGrabber.lnk
%Desktop%\BitRoll.lnk
%Desktop%\C2Media.lnk
%Desktop%\DivoCodec.ink
%Desktop%\DivoPlayer.ink
%Desktop%\DomPlayer.ink
%Desktop%\Get-Torrent.lnk
%Desktop%\KitPlayer.ink
%Desktop%\Multi_Media.lnk
%Desktop%\Multi_Media_France.lnk
%Desktop%\NetPumper.lnk
%Desktop%\TorrentGamers.lnk
%Desktop%\TorrentQ.lnk
%Desktop%\TorrentSoftware.lnk
%Desktop%\TorrentSpeeder.ink
%Desktop%\Torrent101.lnk
%Desktop%\Winzix.lnk

%Cookies%\*.Bitdownload*.txt
%Cookies%\*.BitGrabber*.txt
%Cookies%\*.BitRoll*.txt
%Cookies%\*.Circle Developement*.txt
%Cookies%\*.C2Media*.txt
%Cookies%\*.DivoCodec*.txt
%Cookies%\*.DivoPlayer*.txt
%Cookies%\*.DomPlayer*.txt
%Cookies%\*.Get-Torrent*.txt
%Cookies%\*.KitPlayer*.txt
%Cookies%\*.Multi_Media*.txt
%Cookies%\*.Multi_Media_France*.txt
%Cookies%\*.NetPumper*.txt
%Cookies%\*.TorrentGamers*.txt
%Cookies%\*.TorrentQ*.txt
%Cookies%\*.TorrentSoftware*.txt
%Cookies%\*.TorrentSpeeder*.txt
%Cookies%\*.Torrent101*.txt
%Cookies%\*.Winzix*.txt
%Cookies%\*.adserver5*.txt
%Cookies%\*.adultfriend*.txt
%Cookies%\*.advertising*.txt
%Cookies%\*.bblast*.txt
%Cookies%\*.bigpoint*.txt
%Cookies%\*.casinoking*.txt
%Cookies%\*.cotedazurpalace*.txt
%Cookies%\*.euroclick*.txt
%Cookies%\*.pacificpoker*.txt
%Cookies%\*.partygaming*.txt
%Cookies%\*.partypoker*.txt
%Cookies%\*.seafight*.txt
%Cookies%\*.vegas*.txt
%Cookies%\*.www.lop*.txt
%Cookies%\*.2xMoinscher*.txt
%Cookies%\*.@888*.txt

%Windir%\Prefetch\Bitdownload*.pf
%Windir%\Prefetch\BitGrabber*.pf
%Windir%\Prefetch\BitRoll*.pf
%Windir%\Prefetch\Circle Developement*.pf
%Windir%\Prefetch\C2Media*.pf
%Windir%\Prefetch\DivoCodec*.pf
%Windir%\Prefetch\DivoPlayer*.pf
%Windir%\Prefetch\DomPlayer*.pf
%Windir%\Prefetch\Get-Torrent*.pf
%Windir%\Prefetch\KitPlayer*.pf
%Windir%\Prefetch\Multi_Media*.pf
%Windir%\Prefetch\Multi_Media_France*.pf
%Windir%\Prefetch\NetPumper*.pf
%Windir%\Prefetch\TorrentGamers*.pf
%Windir%\Prefetch\TorrentQ*.pf
%Windir%\Prefetch\TorrentSoftware*.pf
%Windir%\Prefetch\TorrentSpeeder*.pf
%Windir%\Prefetch\Torrent101*.pf
%Windir%\Prefetch\Winzix*.pf
%Windir%\Prefetchandom_name(lop).exe*.pf

%windir%\Tasks\????????8???????.job
%windir%\Tasks\????????9???????.job

%temp%\bis*.exe
%temp%\HtmlControl*
%temp%\minime*
%temp%\msgpl_*
%temp%
se*
%temp%	orrent_*

===================================

Processes - Bitdownload.exe
Processes - BitGrabber.exe
Processes - BitP.exe
Processes - BitRoll.exe
Processes - Get-Torrent.exe
Processes - Iexplore.exe
Processes - NetPumper.exe
Processes - NetPumperIEProxy.exe
Processes - TorrentGamers.exe
Processes - TorrentQ.exe
Processes - TorrentSoftware.exe
Processes - TorrentSpeeder.exe
Processes - Torrent101.exe
Processes - WakeService.exe
Processes - Winzix.exe
Processes - 3wPlayer.exe
Processes - random_name(lop).exe

===================================

Folder : About extra corn
Folder : ABOUT HOLD WAIT
Folder : About Inter
Folder : ABOUT TEAM INFO SECT
Folder : acebitssite
Folder : Ace license more
Folder : acidthatmail
Folder : Acid Type Mode
Folder : AcidProgramAntiAtom
Folder : Acid Wait City Ooze
Folder : Acid64Boob
Folder : Active Eggs Body Support
Folder : Active the bore sect
Folder : Admin Dart Noun
Folder : Admin Inter 1 Mags
Folder : adminlivemore
Folder : Admin meta
Folder : ADMIN MOVE DALE
Folder : Admin Rect Ace License
Folder : Admin Tool Owns Dvd
Folder : adminup
Folder : aim mix proc pure
Folder : aim rect help creative
Folder : AmenDownloadVga
Folder : AmenFunkBowsInside
Folder : AmenHopeNew
Folder : amok curb type bind
Folder : Anteeq
Folder : Ante Funk
Folder : ante nurb city
Folder : Antiadmintitle
Folder : antieach
Folder : AntiFreeMetaBody
Folder : antionline
Folder : anti platform
Folder : AntiTons
Folder : armybikeeggs
Folder : Army Delete Less
Folder : Atom ante comp mags
Folder : atom bike mode
Folder : atom bird more
Folder : atom book wait
Folder : atom bows burn dumb
Folder : Atom close sixth trans
Folder : AtomCurbCopyDefault
Folder : Atom Dash
Folder : Atom Dent Logo
Folder : ATOM DRAW MP3 ONLINE
Folder : Atom Eggs One Barb
Folder : Atom Fast Link Win
Folder : Atom Find
Folder : Atom Find Defy Tray
Folder : Atom Idle Dash Bend
Folder : atom idol safe warn
Folder : atom mpeg love each
Folder : Atom nurb base eq
Folder : atom seek live this
Folder : Atom Third Eggs More
Folder : Atomtonsmags
Folder : atom trust okay loud
Folder : atom 16 close creative
Folder : Audio Find Real Gram
Folder : AUDIO SCR BIAS POP
Folder : audio two view
Folder : Audio 4 part browse
Folder : axis dvd 4
Folder : axis else camp ball
Folder : Axis face active
Folder : Axis Readme Second Bat
Folder : Axis that
Folder : axis wait the bone
Folder : AXIS WAY
Folder : Bags Browse Face
Folder : bags gram base
Folder : Bags loud rect corn
Folder : Bags Plus Online Chin
Folder : bags readme locks tick
Folder : BAGSTONSJUMP
Folder : BAITBENDBAT
Folder : Bait cake roam slow
Folder : bait grid bore
Folder : Baitholebarb
Folder : Bait nurb roam real
Folder : Ball mapi owns ping
Folder : Ball Shim Dupe Tick
Folder : BallStupidBiasHeck
Folder : Ball 32 for
Folder : balmdatamultilive
Folder : BalmReadmeMemo
Folder : Balmscrjump
Folder : BALM START BIRD ARMY
Folder : Barb Base Hold
Folder : Barb Info Hold Audio
Folder : Barbjunkloud
Folder : Barb Sect Mapi
Folder : Barb 16 jump
Folder : Base Debug Internet One
Folder : BasePlanBody
Folder : bash army tool 01
Folder : Bash Dvd Hold Data
Folder : Bash Keep Title Dent
Folder : BASH OOZE WAVE DEFY
Folder : BashOwnsLoad
Folder : Bash Site Log
Folder : bat date
Folder : bat glue time dash
Folder : beep axis mode free
Folder : Bendboobchiceggs
Folder : bend ooze mags
Folder : BEND RECT ISO
Folder : Bend Settings Dupe
Folder : bend team hole trans
Folder : bend2eggs
Folder : bib fork bend
Folder : Bib option date
Folder : bibspamplanopen
Folder : bib 32 view mags
Folder : bike bold move shim
Folder : Bike Drive Bird
Folder : bike road bin
Folder : bin cast tray user
Folder : BindAimTrayBone
Folder : Bind army eggs joy
Folder : Bind Bird Bend Nurb
Folder : BINDGREATSEND
Folder : BIND INTER LOAD POKE
Folder : Bind Pile
Folder : Bin Wait Ante Cast
Folder : Bird Multi User
Folder : bits bike mode book
Folder : bits chin bind drive
Folder : bits love axis thunk
Folder : Blah User
Folder : blehbeep
Folder : blehbitssetupthird
Folder : bleh build
Folder : bleheach
Folder : Bleh kind cool memo
Folder : Bleh stupid wipe five
Folder : bleh that name
Folder : BlehThisMail
Folder : blue burn
Folder : Blue comp media
Folder : BLUEDARTROAM
Folder : blue lite
Folder : bluelogo
Folder : Blue Ref Option That
Folder : blue shim axis memo
Folder : blue tray
Folder : Body bait bin base
Folder : body copy second city
Folder : Body16city
Folder : Bold Bows Tray Dvd
Folder : Bolt chin wave
Folder : BoltCloseEq
Folder : bolt date book
Folder : Bolt error second
Folder : BOLTSTYLEWINDOW
Folder : Bolt 64 team
Folder : BONE ABOUT BOOK BOWS
Folder : bonemetafork
Folder : bonepilenoun
Folder : bone win film
Folder : Bonewipebuild
Folder : boobdeletesizetime
Folder : boob jump time
Folder : boob pile ace
Folder : Boob tray find
Folder : boob trust axis film
Folder : Book Slow Axis Web
Folder : BOOKTRUSTBOLD
Folder : BORE IDOL SKIP
Folder : borelistbags
Folder : BoreLoadPile
Folder : borepokefast
Folder : Bore Seek Intra Media
Folder : bore tick active
Folder : Boretrustuser
Folder : Bows Ball Meal Deaf
Folder : bowsitchreal
Folder : BOWS 16 JUGS FORD
Folder : Browse Dent Win Base
Folder : Browsedrawbend
Folder : BROWSE LOCKS BAT
Folder : BROWSE MP3 LIES
Folder : BROWSE PROGRAM STYLE FOR
Folder : BROWSE WINDOW DRV NAME
Folder : buildextradent
Folder : build ping dead more
Folder : burn download defy inside
Folder : burn spam ping upload
Folder : bytebatdate
Folder : Byte bat software
Folder : byte blah less
Folder : Byte Meow Send
Folder : Cakeeachlovehope
Folder : CakeSafeSectMail
Folder : campbagsbody
Folder : camp bits bags
Folder : Camp Mess Warn Pop
Folder : Camp Meta Joy
Folder : Camp 16 Mess
Folder : cast dale way math
Folder : Cash Dash Chin
Folder : cash error default
Folder : Cash Idol Bows Mode
Folder : Cast ping base frag
Folder : Cdromlogjunksite
Folder : Cdrom support more start
Folder : Cdrom Window
Folder : cdrom 1
Folder : chic htm show four
Folder : Chic slow bind base
Folder : Chic This
Folder : Chin dead way platform
Folder : Chin glue
Folder : chinencmeta
Folder : city about store file
Folder : citydashamokdraw
Folder : City download curb
Folder : city each safe move
Folder : city program ball
Folder : city wave win enc
Folder : clockaxis
Folder : clock bend
Folder : clock flag base love
Folder : Clock Regs Upload Copy
Folder : clockthisdoesamok
Folder : CloseDoes
Folder : CLOSELOADBOOB
Folder : closemultimedia
Folder : close poke frag ooze
Folder : closetwo
Folder : Close upload noun internet
Folder : COAL FUNK LONG
Folder : Coallinklicense
Folder : comp bike active
Folder : Compblahmanager
Folder : comp bolt eggs
Folder : COMPDVDSIGNMANAGER
Folder : comp inter vc
Folder : Comp Jugs Ball That
Folder : comp two long internet
Folder : cool deaf size
Folder : Cool Eggs The Locks
Folder : Coolflawthisflag
Folder : CoolFunkLong
Folder : CopyFaceLong
Folder : Copy Peak 01
Folder : CopyShowFile
Folder : creative bike site dog
Folder : CreativeBold
Folder : CreativeShimCorn
Folder : creativeglue
Folder : Creative One
Folder : creativeatomfind
Folder : creative16
Folder : Curb Axis Rect
Folder : dale dog ball
Folder : Dale Road Date Fast
Folder : DALE SECT BOLT
Folder : Dart cash mail burn
Folder : dart iso bolt
Folder : dash chin meow
Folder : dashinternetplayload
Folder : Data bend four
Folder : Data ford bolt
Folder : data trust heck that
Folder : Debug Jump Delete
Folder : DEFYSETUPPLUSGLUE
Folder : delete dead remote
Folder : DeleteLessMail
Folder : Deadfirstlog
Folder : Deadsoapchinjugs
Folder : Dead Stupid Web User
Folder : default about bolt hold
Folder : default five wave tick
Folder : defaultlogomode
Folder : defy build seek
Folder : Defy Memo Find Trust
Folder : Defy 2 Bait
Folder : deletemovethirdclock
Folder : dent base bolt close
Folder : Dent that bait
Folder : does dog two city
Folder : does mfcd amok play
Folder : does trans sign
Folder : Dogblahbias
Folder : dog inter pile proxy
Folder : Dogloudnew
Folder : dog nurb debug
Folder : Dog Start New Blue
Folder : Download Grey Settings
Folder : DrawUpload
Folder : drive bore bone
Folder : drive fast license
Folder : Drv Audio Dog About
Folder : Drvblehbash
Folder : Drv book build
Folder : drvjoy
Folder : dumb axis seek
Folder : DumbBatFour
Folder : dumb heck program four
Folder : dumb pure bind support
Folder : Dupe About Kind Mp3
Folder : Dupe bags amok
Folder : dupeoozemore32
Folder : DupeSeekFlawThird
Folder : Dupe 4 tick each
Folder : Dvd Dupe Mail
Folder : DVD FAST
Folder : Dvd open
Folder : each four heart
Folder : Each New Axis Love
Folder : EggsHideMessMeow
Folder : eggsmailmeow
Folder : eggs sign this meow
Folder : Eggs wait hole burn
Folder : ElseBleh
Folder : ELSE DEAD META MAGS
Folder : ElseGplView
Folder : Else Inter Send
Folder : ELSE PLUS
Folder : Else Roam Soap
Folder : Else Show
Folder : Elsesizeinsidecamp
Folder : elsesurfcoal
Folder : enc idol store 01
Folder : ENCMATH
Folder : Enc safe that grid
Folder : Enc Size Copy Pure
Folder : eq barb date
Folder : Error Dumb Readme Face
Folder : Errormags
Folder : espionServerData
Folder : EXITDVDDASH
Folder : exitglue
Folder : Exit lite file
Folder : exit mapi
Folder : ExitPlus
Folder : Exit Win Less Cdrom
Folder : Extra anti
Folder : extra link pile
Folder : Extraonlinedeadbows
Folder : FaceGlobalBarbBeep
Folder : facejumpway
Folder : Face Loud Mp3 Readme
Folder : FaceReadmeHeart
Folder : FaceThirdMeal
Folder : fast hide wma
Folder : File Blah Nurb
Folder : file cash army online
Folder : File dvd base road
Folder : File Joy Proc Deaf
Folder : FileWmaStopSurf
Folder : Film audio long
Folder : filmchicpartbind
Folder : film meet that mode
Folder : filmtimeupcurb
Folder : findantimulti
Folder : FIND BALM SEEK BAGS
Folder : FindBoltForkNew
Folder : find slow debug flaw
Folder : first platform grid store
Folder : Firstonegluevga
Folder : Five Anti Log Great
Folder : Five Option Obj Bait
Folder : Fivethiscake
Folder : Five01Locks
Folder : flag ace stupid data
Folder : flag ball size enc
Folder : flag barb cake wipe
Folder : Flag Copy
Folder : FlagInternetHole
Folder : flagliessetup
Folder : Flag Memo
Folder : flagmpegvccoal
Folder : Flag Proc Win Deaf
Folder : Flag Surf
Folder : FLAG THUNK
Folder : flap hold
Folder : flagjump
Folder : FLAP NEW
Folder : flap peak
Folder : Flap Store
Folder : flaw cake
Folder : flaw online bows
Folder : Flaw Play Data Burn
Folder : foraxistrustuser
Folder : FORD ACE HOLD
Folder : ford does hold option
Folder : Ford drive four file
Folder : Ford Error Hide
Folder : FORDKINDOOZE
Folder : For extra
Folder : For five regs bat
Folder : for global skip
Folder : forpilepurebrowse
Folder : Fork Intra Live
Folder : fork option
Folder : fork wma dupe
Folder : fourbookclockmp3
Folder : Four film keep
Folder : Four Meow Name
Folder : Four ping warn
Folder : Frag Bows Mess
Folder : Frag great bend logo
Folder : Frag program
Folder : FREEDATEAMEN
Folder : Free Dvd Two Gpl
Folder : Free glue browse title
Folder : Funk Cast Love
Folder : Funk Curb Soap
Folder : funk draw rect
Folder : Funk Heck Okay
Folder : funk hide store bat
Folder : funk scr online about
Folder : Funk way lies
Folder : global book move
Folder : global dead funk does
Folder : globalheartbits
Folder : Global program pure
Folder : GlobalWaveBait
Folder : Gluedeaddoes
Folder : gluejumpmeal
Folder : glue pop
Folder : GLUE SAVE
Folder : Glue User Defy About
Folder : Gpl active
Folder : Gpl active roam each
Folder : Gpl Bib
Folder : GplBirdHeartLogo
Folder : gpl data
Folder : Gpl Send 1 Support
Folder : gpltitle
Folder : Gpl16IsoFive
Folder : GramCopy
Folder : Gramjumproad
Folder : gramplaysixthcamp
Folder : gram safe
Folder : Gram View 4
Folder : Gram 32 Drv Wipe
Folder : great coal love default
Folder : Great Fork Draw Wma
Folder : Greatinteritchdebug
Folder : great long way
Folder : great scr logo
Folder : Great the ping
Folder : grey ante kind mess
Folder : Grey Deaf
Folder : greymode
Folder : greynewcash
Folder : greyroameqgrim
Folder : Grey Third Intra Long
Folder : Greythunkcast
Folder : Grid Blue Memo Site
Folder : griddeadbird
Folder : Gridfastbarb
Folder : Grid Gpl
Folder : grid keep
Folder : GridLies
Folder : Grim Dvd Size
Folder : grimloudmeal
Folder : grimplay
Folder : grim tons active test
Folder : heartremoteplatformroad
Folder : heart wave amok film
Folder : HeckGramFace
Folder : Heck Less Real
Folder : Help Show Pol
Folder : Help Test Bias File
Folder : hide bolt proc dent
Folder : hide cool shim link
Folder : holdbirdpoll
Folder : Hold Trust Amok Mode
Folder : Hold Wait Boob Vga
Folder : Hold way amok
Folder : Hope army browse bat
Folder : hope dent bash view
Folder : hopemessbook
Folder : hope ping mail
Folder : HoleBalmDefaultFor
Folder : HOLE BEND CLOCK META
Folder : Holeboltcast
Folder : HoleBowsMoreLocks
Folder : hole copy eq drv
Folder : Hole curb time soft
Folder : HOLE NOUN CAST
Folder : Htm Exit
Folder : htmrealloadball
Folder : Htm Support Bait Deaf
Folder : idlebows
Folder : idleplay
Folder : idle wma bin ford
Folder : IdleWmaFor
Folder : idol eq
Folder : Idol flag base
Folder : idolmathcurb
Folder : idol mp3 plus cake
Folder : IDOL OBJ POKE PROXY
Folder : idol setup dale frag
Folder : IdolSupport
Folder : idol time
Folder : infodata
Folder : Info Drive
Folder : info flag way
Folder : INFO STOP
Folder : INFO TWO
Folder : INFO16DART
Folder : inside free link
Folder : Inside Mfcd Mess Creative
Folder : Inside Play Amok
Folder : inside tool surf
Folder : interdefault
Folder : INTERKINDBLEH
Folder : Internet debug mess great
Folder : Internet else ford view
Folder : INTERNET SPAM SUPPORT AUDIO
Folder : internet trans media
Folder : Inter that wipe
Folder : Intrabags
Folder : intra copy
Folder : INTRAFLAP
Folder : intra funk
Folder : IntraLongMailBike
Folder : Iso does cool
Folder : isostopcash
Folder : Iso Web Bags Else
Folder : Itchcashpure
Folder : Itch Stupid
Folder : Itch32Bat
Folder : Joy coal mpeg heck
Folder : Joy Download Pure
Folder : joy heck ford cash
Folder : Joy pure rule
Folder : joyvgarulehtm
Folder : JugsSoftMapiByte
Folder : jugs rect move
Folder : Jump Poll Poke Mp3
Folder : JUNK BIN
Folder : Junk Book Iso
Folder : junk exit scr wait
Folder : junkhopecake
Folder : KEEP AXIS
Folder : Kindcreativecdromdoes
Folder : kind rule skip
Folder : kindtypeglobalshim
Folder : knobanti
Folder : knob start mapi third
Folder : lesseachhidebike
Folder : LessExitGridOwns
Folder : Lesssecondscrkind
Folder : LICENSE ADMIN OPTION BIB
Folder : LICENSE FORD HOPE DRAW
Folder : licensebagstwo
Folder : license draw cast
Folder : License settings bait
Folder : lies grim cdrom bash
Folder : Lies Jugs Readme Start
Folder : Lies List Aim
Folder : lies more hide
Folder : Link Axis Bat Wave
Folder : Link remote ball
Folder : Listoozefunk
Folder : LiteAntiMoreAtom
Folder : Litecastdefault
Folder : liveantigrimstyle
Folder : live drv owns
Folder : Live keep wait open
Folder : Live Locks Build
Folder : live manager trans barb
Folder : LivePartPeak
Folder : LiveWmaExitDog
Folder : live 64 math does
Folder : LOADNURBBORE
Folder : LOAD VGA BEND
Folder : locks bone film mpeg
Folder : log camp shim audio
Folder : Log Htm Lite Each
Folder : logo idle copy mail
Folder : Logo style sect remote
Folder : LogProcEggs
Folder : Log 32 cast
Folder : Long sect rule
Folder : Long slow road itch
Folder : LongSlowSiteCorn
Folder : Loud Dash Live Coal
Folder : Loud spam else tool
Folder : Loudway16meet
Folder : love aim ace
Folder : Love amok junk
Folder : loveproxyballtons
Folder : LOVE 01 BLAH FREE
Folder : magsmanagerwait
Folder : Mags Mapi Joy Bike
Folder : Mail For File Wave
Folder : ManagerBlueBind
Folder : Manager Thunk Bows Cast
Folder : mapidownloadcoalfrag
Folder : mapi info wait that
Folder : Mapi Live City Acid
Folder : Mapi Meta Book Bits
Folder : Mapi soft poke
Folder : mapi trust settings proc
Folder : math dvd skip
Folder : math remote bib exit
Folder : mathsafemfcdmags
Folder : mathtraydog
Folder : mealbikedale
Folder : MEALGLOBALAMOK
Folder : Meal Memo Free View
Folder : Mealmfcdaudio
Folder : meet scr funk else
Folder : meetstupidliesexit
Folder : Meet Web Hope
Folder : memobarbbias
Folder : memodatecomp
Folder : Memo Drive Vc Log
Folder : memo meow idle browse
Folder : Memo save stupid creative
Folder : Meow axis readme
Folder : MeowBagsNew
Folder : meow four dale link
Folder : Meow Intra Bait Face
Folder : meow less bolt
Folder : Messsendcopympeg
Folder : Messtworefmapi
Folder : meta grid two
Folder : Meta Multi Axis Dumb
Folder : META SETTINGS DATA
Folder : meta user regs
Folder : mfcdgpl
Folder : Mfcd Thunk Tool
Folder : Mfcd upload army browse
Folder : Mix Balm Manager
Folder : Mix jugs default aim
Folder : mixtestlogomanager
Folder : Mode Dog Debug
Folder : modeonedaleroad
Folder : Mode Rule 64 Inter
Folder : More dvd dale ref
Folder : Morefirstproxyloud
Folder : Move Bore Curb Tool
Folder : moveflagnoun
Folder : MpegBoneSaveBody
Folder : MPEG ELSE ONE VIEW
Folder : mpegidol
Folder : mpeg wait type
Folder : mp3anti
Folder : mp3bore
Folder : Mp3 online
Folder : mp3rulesecond
Folder : Mp3 Shim
Folder : multidatajoy
Folder : MultiMealChicMemo
Folder : Name beep copy real
Folder : name play type
Folder : newfileidolreadme
Folder : newforgreybias
Folder : new math hold
Folder : new second meal mess
Folder : NEW SIGN LIES
Folder : nounbyteboltcake
Folder : NounCdromHole
Folder : NounLinkMove
Folder : Noun Love Bits Peak
Folder : Noun Sect Jump Scr
Folder : Nurb Knob Audio
Folder : nurbproxywait
Folder : Obj comp that free
Folder : obj gpl
Folder : OBJ META UP BURN
Folder : Obj Send Meow
Folder : okay active sign
Folder : Okaycakeless
Folder : okaymapilog
Folder : Okay meta anti lite
Folder : okay peak 64 blue
Folder : Oncedead
Folder : Once jugs long
Folder : Oncemapiroad
Folder : ONCEMOVE
Folder : one idol dupe
Folder : One idol win data
Folder : Onesafe
Folder : OneSoapNoun
Folder : One Vga
Folder : Online Acid
Folder : Online gram
Folder : OozeBind
Folder : ooze seek
Folder : ooze this corn
Folder : Open Ante Anti Dog
Folder : open anti bin
Folder : openblehdownload
Folder : open jump cast
Folder : openpile
Folder : open trust pure
Folder : Option ace ref
Folder : optionacid
Folder : OPTIONAUDIO
Folder : Option Camp Pure Team
Folder : option load logo
Folder : option okay ford bird
Folder : owns copy pop
Folder : Owns else chic defy
Folder : OwnsForFilm
Folder : part dead amok eggs
Folder : PartDeleteLog
Folder : Part Hide Grey Pop
Folder : Part Long Boob Idle
Folder : Part site hole fast
Folder : PeakCreativeHeart
Folder : Peak Dead Date
Folder : peakmodeskip
Folder : Peak ooze date army
Folder : Phone Ante
Folder : Phone close
Folder : PHONEFOUR
Folder : Phonereadmeskip
Folder : Phone64Ref
Folder : Pile Trans Wipe
Folder : PingDrawKnobPlan
Folder : PingNameSafe
Folder : Ping Sign Byte Tool
Folder : plananti
Folder : plandraw
Folder : Plan Admin Browse Does
Folder : Plan Atom Sect
Folder : PlanBookBurnFind
Folder : Plannounwait
Folder : PLAN PART
Folder : Plan Test
Folder : Plan that
Folder : PLANSETUPLESS
Folder : plan 2
Folder : PLATFORMCAKESECONDONE
Folder : platform dupe draw memo
Folder : platform style setup
Folder : Play Close
Folder : Play grim the extra
Folder : Play mp3 eggs
Folder : playplusonewma
Folder : PlusCreative
Folder : Plus gram save
Folder : PlusGreatByteNoun
Folder : plusmail
Folder : plusmove
Folder : Plus Team Mix Exit
Folder : Poke dupe setup htm
Folder : PokeGrimSlowDead
Folder : PokeMessBorePure
Folder : pokenurbhope
Folder : polleachruleprogram
Folder : poll funk copy
Folder : pop inter coal
Folder : pop ping file
Folder : proc admin
Folder : procante
Folder : Procbikethatjoy
Folder : Proc Clock
Folder : proc creative
Folder : proc dash bags stop
Folder : PROC DATE CAST
Folder : Proc film manager hide
Folder : Proc Flaw
Folder : Program bib coal
Folder : program corn logo
Folder : Program Dead Film
Folder : programidle
Folder : Programtime
Folder : program2audiosupport
Folder : proxy dash
Folder : Proxy Long Chin Ping
Folder : Proxy Option Upload Acid
Folder : Proxyplus
Folder : proxyroad
Folder : Proxy Spam Sign
Folder : PureBiasBold
Folder : pure coal bone thunk
Folder : readme error trans title
Folder : readme great send balm
Folder : Readme Live Axis Tons
Folder : real blue meal find
Folder : Real jugs
Folder : real save pure
Folder : RectHideTitle
Folder : Ref Amen Curb
Folder : Ref Phone Roam
Folder : REF VIEW AMEN
Folder : Regs Eq Cdrom Funk
Folder : Remote bib
Folder : remote lite more
Folder : Remote User 01
Folder : road about owns
Folder : roadjugsrulebarb
Folder : RoadJunkMixManager
Folder : road manager lies camp
Folder : Roam Program Comp About
Folder : rule extra meal
Folder : rulevchope
Folder : Safe boob sixth
Folder : Save bat bags
Folder : savebodyhoperef
Folder : SaveFilmKnobWipe
Folder : Save scr pure
Folder : save third bin data
Folder : Scr Bird Does
Folder : Scrgreyfind
Folder : scr style mp3 glue
Folder : second regs grim software
Folder : Sect Build Bash
Folder : sect burn file once
Folder : seekaxishide
Folder : SEEKBOOBPOP
Folder : Seek Corn Drive Eq
Folder : seek film amok web
Folder : Send acid copy bin
Folder : Sendelsesign
Folder : SEND LIVE TEST
Folder : SENDPOLLBIND
Folder : settings blue film frag
Folder : settings plan way
Folder : setup bind funk
Folder : setup bolt beep
Folder : Setup Download Amok
Folder : setup film inter bib
Folder : Setup Roam Part
Folder : Shimarmy
Folder : Shim Cdrom Cast Surf
Folder : Shimcreativeball
Folder : Shim Dvd Skip
Folder : shimliveeq
Folder : SHIM MAGS ELSE
Folder : Showbatwin
Folder : SHOW CDROM COPY
Folder : ShowDashNurb
Folder : Show Inside Title
Folder : sign atom long
Folder : Sign Camp Dead Cast
Folder : SIGNLITE
Folder : SiteDartSlowOnce
Folder : Sitedatabibdeaf
Folder : SiteExitWeb
Folder : site extra bend
Folder : site mess grim build
Folder : SITE ONLINE DOWNLOAD BAT
Folder : siteupcreativewait
Folder : SIXTHBATMULTI
Folder : sixth junk 2
Folder : size bin fork
Folder : SizeBrowseCake
Folder : Skip Window Junk
Folder : Slow Internet 1
Folder : Slow Wma Time
Folder : SOAP BROWSE AUDIO MULTI
Folder : SOAPCDROMHEARTCAMP
Folder : SOAPCLOCKANTIRDR
Folder : soap scr enc wma
Folder : soap thunk lies soft
Folder : softboldcoal
Folder : Softboobdelete
Folder : soft chic meet great
Folder : soft ref platform bind
Folder : software joy link
Folder : Software rule flag owns
Folder : SOFTWARESKIPREAL
Folder : spam ball
Folder : Spam bold book
Folder : Start second cool
Folder : STOP BIB
Folder : StopCastTick
Folder : storedrvcoal
Folder : StoreHope
Folder : STORE LESS JUGS SURF
Folder : Store Name Math
Folder : Store Scr Audio
Folder : Store scr roam
Folder : STORETONS
Folder : stupid eggs bows
Folder : Stupid fast
Folder : StupidHold
Folder : STUPID TITLE
Folder : Stupid Vc Soft Defy
Folder : StyleEachShimThird
Folder : Style Trust Pile Heart
Folder : StyleTwoCloseMore
Folder : StyleTwoNewWindow
Folder : supportoncelocks
Folder : support setup second
Folder : surf each pure anti
Folder : SurfElseSize
Folder : surf pop bolt
Folder : surftickbuild
Folder : SURF TWO MESS
Folder : teambiasamenbody
Folder : team bows copy
Folder : team byte bore
Folder : Team Idol Readme
Folder : team pure
Folder : Team Wave Body
Folder : Test dent coal
Folder : test jugs web
Folder : Test pop second data
Folder : Test pure each
Folder : test sect regs kind
Folder : that balm road soft
Folder : That Beep Info Bash
Folder : that deaf send
Folder : That Face Camp Shim
Folder : Thatping
Folder : That Size Part Chin
Folder : That tick wipe
Folder : The Bat Settings
Folder : the gpl
Folder : the grim
Folder : thegrim
Folder : The link
Folder : The mapi web sign
Folder : the twi bikt
Folder : The two bolt
Folder : Third army
Folder : Third Build Default
Folder : THIRDDOG
Folder : Thirdgridbold
Folder : Third Joy Wma List
Folder : third lies itch ford
Folder : this anti
Folder : This Base Error Blah
Folder : This bash seek owns
Folder : this bird mags
Folder : This Comp
Folder : This comp locks list
Folder : This Hope
Folder : Thisslowokay
Folder : this spam hole
Folder : THIS STYLE COPY
Folder : ThunkAmenDashChin
Folder : Thunk Dog
Folder : thunk else
Folder : thunkonline
Folder : THUNK PURE
Folder : Tick Find Close Surf
Folder : Timechinbind
Folder : Time Dead Warn Default
Folder : timemultiactive
Folder : title new joy beep
Folder : title tool face bin
Folder : Tons bird logo
Folder : Tons byte send
Folder : Tons bows test
Folder : tonsmailcompcake
Folder : Tool Eggs Less City
Folder : trans default
Folder : Trans draw once less
Folder : Transthat
Folder : Tray Free
Folder : Tray Obj Shim Face
Folder : TRAY PART
Folder : tray rule
Folder : tray sign locks
Folder : Trust Bin
Folder : trust cake second
Folder : TrustLogoCash
Folder : trust okay
Folder : TWO CITY BOLT
Folder : twodefymail
Folder : Two Idol Wave Flag
Folder : two setup mode load
Folder : Two Site Ford
Folder : Type Bits More
Folder : Type Camp Roam
Folder : Up Aim Axis Third
Folder : up creative first dumb
Folder : up inter 64 dumb
Folder : up joy style date
Folder : upload beep third lies
Folder : upload bib view
Folder : Upload seek acid
Folder : Userbirdwaylicense
Folder : user first axis bows
Folder : vc third tick
Folder : vctooltitle
Folder : ViewAxisStupid01
Folder : View Bash Locks Rdr
Folder : view name beep for
Folder : Wait Find Browse New
Folder : Wait Send Grim Bird
Folder : WAITSIXTHSKIP
Folder : Wave Heck First
Folder : wave junk
Folder : wave log show title
Folder : wave readme free load
Folder : wayarmyhopesetup
Folder : way rdr ford mpeg
Folder : Web bait lies
Folder : web cdrom dead
Folder : WEBMPEG
Folder : Web Okay Five 01
Folder : Window Byte Free Meal
Folder : window five meal this
Folder : window move pile
Folder : Win knob owns four
Folder : Win mail bash city
Folder : wipebuildbits
Folder : Wipe More Boob
Folder : Wipe obj dumb
Folder : wipeownsbat
Folder : WmaLiteDefaultCamp
Folder : wma pile does two
Folder : WmaSettingsAdminBoob
Folder : 01dashmags
Folder : 01PLATFORMMOVE
Folder : 01thisdate
Folder : 1 aim roam
Folder : 1 copy
Folder : 2 Axis Dent
Folder : 2 clock build
Folder : 2 dog
Folder : 2FordBase
Folder : 2 fork
Folder : 2 SOFTWARE MEDIA
Folder : 2 Thunk Win
Folder : 2 tray tick inside
Folder : 2waitsoap
Folder : 4 Curb Loud Idol
Folder : 4elseproxycdrom
Folder : 16campbarbhtm
Folder : 16 Dead
Folder : 16LoudFunk
Folder : 16more
Folder : 16 new ping long
Folder : 16peak
Folder : 16realkeep
Folder : 32 coal bike
Folder : 32 Global File Mode
Folder : 32obj
Folder : 32 Online Open Drive
Folder : 32pure
Folder : 32 rule sign
Folder : 32 USER
Folder : 64 camp copy
Folder : 64FLAP
Folder : 64WaitList

===================================

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RANDOM_NAME(Lop)]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RANDOM_NAME(Lop)"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RANDOM_NAME(Lop)"=-

===================================

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7009fcd4-05be-44f4-9583-93fe419ab7b0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5792AA9-D373-4039-8670-2CDAB6A71F15}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E208C77-0097-DB40-1B6B-352EC62D41DD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f14b0ccd-aa41-4406-ab68-c5de9d85b4a3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FAD02E73-97E2-5865-0385-4C09C811071F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b5146c40-189a-4311-bda9-fbae3e023187}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C6DCFAA-53FF-AC04-6A41-A845AD498CD6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A425451-241C-74E5-33AA-E58F1EBDD92D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7009fcd4-05be-44f4-9583-93fe419ab7b0}"=-
"{f14b0ccd-aa41-4406-ab68-c5de9d85b4a3}"=-
"{b5146c40-189a-4311-bda9-fbae3e023187}"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7009fcd4-05be-44f4-9583-93fe419ab7b0}"=-
"{b5146c40-189a-4311-bda9-fbae3e023187}"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DivoPlayer_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{EE91F4CC-6BA2-424C-A1FE-64910CCB6A42}"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitDownload_is1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitDownload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitGrabber_is1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitGrabber]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitRoll_is1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitRoll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivoPlayer_is1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivoPlayer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Get-Torrent_is1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Get-Torrent]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TorrentQ_is1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TorrentQ]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TorrentSoftware_is1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TorrentSoftware]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TorrentSpeeder_is1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TorrentSpeeder]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Torrent101_is1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Torrent101]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZix_is1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZix]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3wPlayer_is1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3wPlayer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Download Plugin (ActiveX)]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2473BF20-CA0A-11DA-88DB-0050BF2938E1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2473BF2C-CA0A-11DA-88DB-0050BF2938E1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{10954590-2B3A-41EC-97BB-C95A5E646DA9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5A445F80-DAB5-4CD9-8A05-CD09AC145AA2}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE91F4CC-6BA2-424C-A1FE-64910CCB6A42}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{41CA7D4D-AE77-4B13-9459-E9AB7EFECAAD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-netpumper-detector]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZixManager]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZixManager]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZixManager]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NetPumperNNProxy.NetscapeInterface]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZixManager.WinZixShell]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinZixManager.WinZixShell.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitDownload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitGrabber]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitRoll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Get-Torrent]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NetPumper.AddUrl]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TorrentQ]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TorrentSoftware]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Torrent101]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winzix]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.zix]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xnpd]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent]

[-HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper]

[-HKEY_CURRENT_USER\Software\NetPumper]
[-HKEY_CURRENT_USER\Software\WakeNet\BitDownload]
[-HKEY_CURRENT_USER\Software\WakeNet\BitGrabber]
[-HKEY_CURRENT_USER\Software\WakeNet\BitRoll]
[-HKEY_CURRENT_USER\Software\WakeNet\Get-Torrent]
[-HKEY_CURRENT_USER\Software\WakeNet\TorrentQ]
[-HKEY_CURRENT_USER\Software\WakeNet\WinZix]
[-HKEY_CURRENT_USER\Software\WakeNet]
[-HKEY_CURRENT_USER\Software\Download Plugin]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BitDownload]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BitGrabber]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BitRoll]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DivoPlayer]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Get-Torrent]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\TorrentQ]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\TorrentSoftware]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Torrent101]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\WinZix]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\3wPlayer]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Roam Ping Cool]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with NetPumper]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow]
"host-domain-lookup.com"=-
"mysearchnow.com"=-
"netsearchsoft.com"=-
"www.host-domain-lookup.com"=-
"www.mysearchnow.com"=-
"www.netsearchsoft.com"=-

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zix]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f14b0ccd-aa41-4406-ab68-c5de9d85b4a3}"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDownload Service"=-
"BitGrabber Service"=-
"BitRoll Service"=-
"DivoPlayer Service"=-
"Get-Torrent Service"=-
"mobiswing"=-
"TorrentQ Service"=-
"TorrentSoftware Service"=-
"Torrent101 Service"=-
"WinZix Service"=-
"3wPlayer Service"=-
"ARMY SECT"=-
"book ante"=-
"OkayLicense"=-
"Peak Meal"=-
"Salestart"=-
"WhenUSave"=-
"4 ROAD"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
&quot

jfkpresident · Answer

Aide toi de ce tuto : lop S&D tutoriel

gwenfreddy · Answer

je n'est que ce que je t'ai dit !!! merci de m'aider

gwenfreddy · Answer

voila en recherchant ce que j'ai trouvé merci de m'aider stp !!




***** THE SYSTEM HAS BEEN RESTARTED *****
09/11/2008 22:01:59: Trojan Remover has been restarted
=======================================================
Removing the following registry keys:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4EC4403-3E2C-44F3-A2EC-B31B91D3FD11} - already removed (or did not exist)
HKCR\CLSID\{C4EC4403-3E2C-44F3-A2EC-B31B91D3FD11} - already removed (or did not exist)
=======================================================
=======================================================
Deleting the following registry value(s):
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[utbgnlsa] - already deleted
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[mcaie] - already deleted
=======================================================
Unable to rename c:\users\gwendoline\appdata\local\utbgnlsa.exe to c:\users\gwendoline\appdata\local\utbgnlsa.exe.vir
(c:\users\gwendoline\appdata\local\utbgnlsa.exe does not appear to exist)
Unable to rename c:\users\gwendoline\appdata\local\mcaie.exe to c:\users\gwendoline\appdata\local\mcaie.exe.vir
(c:\users\gwendoline\appdata\local\mcaie.exe does not appear to exist)
09/11/2008 22:01:59: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.4.2551. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 21:53:51 09 nov. 2008
Using Database v7194
Operating System:  Windows Vista SP1 [Windows Vista Service Pack 1 (Build 6001)]
Edition:           Windows (TM) Vista Home Basic
File System:       NTFS
User Account Control is Enabled.
Data directory:     C:\Users\gwendoline\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files (x86)\Trojan Remover\
Logfile directory:  C:\Users\gwendoline\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
Microsoft Windows Defender

************************************************************


************************************************************
21:53:51: Scanning ----------WIN.INI-----------
WIN.INI found in C:\Windows

************************************************************
21:53:51: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\Windows

************************************************************
21:53:51: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
21:53:52: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: explorer.exe
C:\Windows\system32\explorer.exe
2927104 bytes
Created:  27/05/2008
Modified: 19/01/2008
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: userinit.exe
C:\Windows\system32\userinit.exe
25088 bytes
Created:  27/05/2008
Modified: 19/01/2008
Company:  Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: HP Software Update
Value Data: C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
49152 bytes
Created:  10/12/2006
Modified: 10/12/2006
Company:  Hewlett-Packard Co.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
39792 bytes
Created:  11/01/2008
Modified: 11/01/2008
Company:  Adobe Systems Incorporated
--------------------
Value Name: SweetIM
Value Data: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
-R- 111928 bytes
Created:  27/03/2008
Modified: 27/03/2008
Company:  SweetIM Technologies Ltd.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
144784 bytes
Created:  14/09/2008
Modified: 10/06/2008
Company:  Sun Microsystems, Inc.
--------------------
Value Name: FixCamera
Value Data: C:\WINDOWS\FixCamera.exe
C:\WINDOWS\FixCamera.exe
20480 bytes
Created:  24/06/2008
Modified: 01/06/2006
Company:  
--------------------
Value Name: tsnp2std
Value Data: C:\Windows\tsnp2std.exe
C:\Windows\tsnp2std.exe
262144 bytes
Created:  24/06/2008
Modified: 22/05/2006
Company:  
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
C:\Program Files (x86)\QuickTime\QTTask.exe
413696 bytes
Created:  06/09/2008
Modified: 06/09/2008
Company:  Apple Inc.
--------------------
Value Name: iTunesHelper
Value Data: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
C:\Program Files (x86)\iTunes\iTunesHelper.exe
289576 bytes
Created:  01/10/2008
Modified: 01/10/2008
Company:  Apple Inc.
--------------------
Value Name: PCTAVApp
Value Data: "C:\Program Files (x86)\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
C:\Program Files (x86)\PC Tools AntiVirus\PCTAV.exe
1370000 bytes
Created:  30/10/2008
Modified: 25/09/2008
Company:  PC Tools Research Pty Ltd
--------------------
Value Name: HiYo
Value Data: C:\Program Files (x86)\HiYo\bin\HiYo.exe /RunFromStartup
C:\Program Files (x86)\HiYo\bin\HiYo.exe
300336 bytes
Created:  23/10/2008
Modified: 23/10/2008
Company:  IncrediMail, Ltd.
--------------------
Value Name: TrojanScanner
Value Data: "C:\Program Files (x86)\Trojan Remover\Trjscan.exe" /boot
C:\Program Files (x86)\Trojan Remover\Trjscan.exe
1233800 bytes
Created:  09/11/2008
Modified: 08/11/2008
Company:  Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: Sidebar
Value Data: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
C:\Program Files\Windows Sidebar\sidebar.exe
1555968 bytes
Created:  27/05/2008
Modified: 19/01/2008
Company:  Microsoft Corporation
--------------------
Value Name: 
Value Data: 
Blank entry: []
--------------------
Value Name: StartCCC
Value Data: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
90112 bytes
Created:  10/11/2006
Modified: 10/11/2006
Company:  
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
Value Name: Magentic
Value Data: C:\PROGRA~2\Magentic\bin\Magentic.exe /c
C:\PROGRA~2\Magentic\bin\Magentic.exe
480648 bytes
Created:  30/05/2008
Modified: 09/03/2008
Company:  
--------------------
Value Name: Yahoo! Pager
Value Data: ~"C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
~ [file not found to scan]
--------------------
Value Name: utbgnlsa
Value Data: c:\users\gwendoline\appdata\local\utbgnlsa.exe utbgnlsa
c:\users\gwendoline\appdata\local\utbgnlsa.exe - has a *known* Malware filename: ADWARE.NAVIPROMO (HEURISTIC DETECTION)
c:\users\gwendoline\appdata\local\utbgnlsa.exe utbgnlsa - this registry value has been removed [file not found to scan]
c:\users\gwendoline\appdata\local\utbgnlsa.exe - process is either not running or could not be terminated
c:\users\gwendoline\appdata\local\utbgnlsa.exe - unable to take ownership/change permissions
c:\users\gwendoline\appdata\local\utbgnlsa.exe - marked for renaming when the PC is restarted (if it exists)
NVS2.INF, associated with Adware.NaviPromo, found in C:\Windows\system32\
C:\Windows\system32\NVS2.INF - file renamed to: C:\Windows\system32\NVS2.INF.vir
--------------------
Value Name: IMBooster
Value Data: C:\Program Files (x86)\Iminent\imbooster.exe /warmup
C:\Program Files (x86)\Iminent\imbooster.exe
528384 bytes
Created:  17/07/2008
Modified: 17/07/2008
Company:  Iminent
--------------------
Value Name: WMPNSCFG
Value Data: C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [file not found to scan]
--------------------
Value Name: mcaie
Value Data: "c:\users\gwendoline\appdata\local\mcaie.exe" mcaie
c:\users\gwendoline\appdata\local\mcaie.exe - has a *known* Malware filename: ADWARE.NAVIPROMO (HEURISTIC DETECTION)
"c:\users\gwendoline\appdata\local\mcaie.exe" mcaie - this registry value has been removed [file not found to scan]
c:\users\gwendoline\appdata\local\mcaie.exe - process is either not running or could not be terminated
c:\users\gwendoline\appdata\local\mcaie.exe - unable to take ownership/change permissions
c:\users\gwendoline\appdata\local\mcaie.exe - marked for renaming when the PC is restarted (if it exists)
--------------------
Value Name: SfKg6wIPu
Value Data: C:\Users\gwendoline\AppData\Roaming\Microsoft\Windows\kromqqm.exe
C:\Users\gwendoline\AppData\Roaming\Microsoft\Windows\kromqqm.exe [file not found to scan]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

************************************************************
21:54:54: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty

************************************************************
21:54:54: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
21:54:54: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\Windows\System32\MAGENT~1.SCR
C:\Windows\System32\MAGENT~1.SCR
751016 bytes
Created:  30/05/2008
Modified: 09/03/2008
Company:  IncrediMail LTD.
--------------------

************************************************************
21:54:54: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key:  >{26923b43-4d38-484f-9b9e-de460746276c}
Path: C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
C:\Windows\SysWOW64\ie4uinit.exe
70656 bytes
Created:  27/05/2008
Modified: 19/01/2008
Company:  Microsoft Corporation
----------
Key:  {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
%ProgramFiles(x86)%\Windows Mail\WinMail.exe [file not found to scan]
----------
Key:  {89820200-ECBD-11cf-8B85-00AA005B4383}
Path: C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
C:\Windows\SysWOW64\ie4uinit.exe
70656 bytes
Created:  27/05/2008
Modified: 19/01/2008
Company:  Microsoft Corporation
----------
Key:  {89B4C1CD-B018-4511-B0A1-5476DBF70820}
Path: C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
C:\Windows\SysWOW64\mscories.dll
84480 bytes
Created:  27/05/2008
Modified: 05/01/2008
Company:  Microsoft Corporation
----------

************************************************************
21:54:55: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key:  AeLookupSvc
Path: %SystemRoot%\System32\aelupsvc.dll
C:\Windows\System32\aelupsvc.dll [file not found to scan]
--------------------
Key:  Appinfo
Path: %SystemRoot%\System32\appinfo.dll
C:\Windows\System32\appinfo.dll [file not found to scan]
--------------------
Key:  AudioEndpointBuilder
Path: %SystemRoot%\System32\Audiosrv.dll
C:\Windows\System32\Audiosrv.dll [file not found to scan]
--------------------
Key:  AudioSrv
Path: %SystemRoot%\System32\Audiosrv.dll
C:\Windows\System32\Audiosrv.dll [file not found to scan]
--------------------
Key:  BFE
Path: %SystemRoot%\System32\bfe.dll
C:\Windows\System32\bfe.dll [file not found to scan]
--------------------
Key:  BITS
Path: %SystemRoot%\System32\qmgr.dll
C:\Windows\System32\qmgr.dll [file not found to scan]
--------------------
Key:  Browser
Path: %SystemRoot%\System32\browser.dll
C:\Windows\System32\browser.dll [file not found to scan]
--------------------
Key:  CertPropSvc
Path: %SystemRoot%\System32\certprop.dll
C:\Windows\System32\certprop.dll [file not found to scan]
--------------------
Key:  DcomLaunch
Path: %SystemRoot%\system32\rpcss.dll
C:\Windows\system32\rpcss.dll [file not found to scan]
--------------------
Key:  Dnscache
Path: %SystemRoot%\System32\dnsrslvr.dll
C:\Windows\System32\dnsrslvr.dll [file not found to scan]
--------------------
Key:  dot3svc
Path: %SystemRoot%\System32\dot3svc.dll
C:\Windows\System32\dot3svc.dll [file not found to scan]
--------------------
Key:  DPS
Path: %SystemRoot%\system32\dps.dll
C:\Windows\system32\dps.dll [file not found to scan]
--------------------
Key:  EapHost
Path: %SystemRoot%\System32\eapsvc.dll
C:\Windows\System32\eapsvc.dll [file not found to scan]
--------------------
Key:  EMDMgmt
Path: %systemroot%\system32\emdmgmt.dll
C:\Windows\system32\emdmgmt.dll [file not found to scan]
--------------------
Key:  fdPHost
Path: %SystemRoot%\system32\fdPHost.dll
C:\Windows\system32\fdPHost.dll [file not found to scan]
--------------------
Key:  FDResPub
Path: %SystemRoot%\system32\fdrespub.dll
C:\Windows\system32\fdrespub.dll [file not found to scan]
--------------------
Key:  gpsvc
Path: %SystemRoot%\System32\gpsvc.dll
C:\Windows\System32\gpsvc.dll [file not found to scan]
--------------------
Key:  hkmsvc
Path: %SystemRoot%\system32\kmsvc.dll
C:\Windows\system32\kmsvc.dll [file not found to scan]
--------------------
Key:  hpqcxs08
Path: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
225280 bytes
Created:  19/01/2007
Modified: 19/01/2007
Company:  Hewlett-Packard Co.
--------------------
Key:  hpqddsvc
Path: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
131072 bytes
Created:  19/01/2007
Modified: 19/01/2007
Company:  Hewlett-Packard Co.
--------------------
Key:  IKEEXT
Path: %SystemRoot%\System32\ikeext.dll
C:\Windows\System32\ikeext.dll [file not found to scan]
--------------------
Key:  IPBusEnum
Path: %SystemRoot%\system32\ipbusenum.dll
C:\Windows\system32\ipbusenum.dll [file not found to scan]
--------------------
Key:  iphlpsvc
Path: %SystemRoot%\System32\iphlpsvc.dll
C:\Windows\System32\iphlpsvc.dll [file not found to scan]
--------------------
Key:  KtmRm
Path: %systemroot%\system32\msdtckrm.dll
C:\Windows\system32\msdtckrm.dll [file not found to scan]
--------------------
Key:  LanmanServer
Path: %SystemRoot%\system32\srvsvc.dll
C:\Windows\system32\srvsvc.dll [file not found to scan]
--------------------
Key:  LanmanWorkstation
Path: %SystemRoot%\System32\wkssvc.dll
C:\Windows\System32\wkssvc.dll [file not found to scan]
--------------------
Key:  lltdsvc
Path: %SystemRoot%\System32\lltdsvc.dll
C:\Windows\System32\lltdsvc.dll [file not found to scan]
--------------------
Key:  lmhosts
Path: %SystemRoot%\System32\lmhsvc.dll
C:\Windows\System32\lmhsvc.dll [file not found to scan]
--------------------
Key:  MMCSS
Path: %SystemRoot%\system32\mmcss.dll
C:\Windows\system32\mmcss.dll [file not found to scan]
--------------------
Key:  MpsSvc
Path: %SystemRoot%\system32\mpssvc.dll
C:\Windows\system32\mpssvc.dll [file not found to scan]
--------------------
Key:  MSiSCSI
Path: %systemroot%\system32\iscsiexe.dll
C:\Windows\system32\iscsiexe.dll [file not found to scan]
--------------------
Key:  napagent
Path: %SystemRoot%\system32\qagentRT.dll
C:\Windows\system32\qagentRT.dll [file not found to scan]
--------------------
Key:  Net Driver HPZ12
Path: C:\Windows\system32\HPZinw12.dll
C:\Windows\system32\HPZinw12.dll [file not found to scan]
--------------------
Key:  Netman
Path: %SystemRoot%\System32\netman.dll
C:\Windows\System32\netman.dll [file not found to scan]
--------------------
Key:  NlaSvc
Path: %SystemRoot%\System32\nlasvc.dll
C:\Windows\System32\nlasvc.dll [file not found to scan]
--------------------
Key:  nsi
Path: %systemroot%\system32\nsisvc.dll
C:\Windows\system32\nsisvc.dll [file not found to scan]
--------------------
Key:  PcaSvc
Path: %SystemRoot%\System32\pcasvc.dll
C:\Windows\System32\pcasvc.dll [file not found to scan]
--------------------
Key:  PlugPlay
Path: %SystemRoot%\system32\umpnpmgr.dll
C:\Windows\system32\umpnpmgr.dll [file not found to scan]
--------------------
Key:  Pml Driver HPZ12
Path: C:\Windows\system32\HPZipm12.dll
C:\Windows\system32\HPZipm12.dll [file not found to scan]
--------------------
Key:  PolicyAgent
Path: %SystemRoot%\System32\ipsecsvc.dll
C:\Windows\System32\ipsecsvc.dll [file not found to scan]
--------------------
Key:  ProfSvc
Path: %systemroot%\system32\profsvc.dll
C:\Windows\system32\profsvc.dll [file not found to scan]
--------------------
Key:  RasAuto
Path: %SystemRoot%\System32\rasauto.dll
C:\Windows\System32\rasauto.dll [file not found to scan]
--------------------
Key:  RasMan
Path: %SystemRoot%\System32\rasmans.dll
C:\Windows\System32\rasmans.dll [file not found to scan]
--------------------
Key:  RemoteRegistry
Path: %SystemRoot%\system32\regsvc.dll
C:\Windows\system32\regsvc.dll [file not found to scan]
--------------------
Key:  RpcSs
Path: %SystemRoot%\system32\rpcss.dll
C:\Windows\system32\rpcss.dll [file not found to scan]
--------------------
Key:  Schedule
Path: %systemroot%\system32\schedsvc.dll
C:\Windows\system32\schedsvc.dll [file not found to scan]
--------------------
Key:  SCPolicySvc
Path: %SystemRoot%\System32\certprop.dll
C:\Windows\System32\certprop.dll [file not found to scan]
--------------------
Key:  SDRSVC
Path: %Systemroot%\System32\SDRSVC.dll
C:\Windows\System32\SDRSVC.dll [file not found to scan]
--------------------
Key:  seclogon
Path: %windir%\system32\seclogon.dll
C:\Windows\system32\seclogon.dll [file not found to scan]
--------------------
Key:  SharedAccess
Path: %SystemRoot%\System32\ipnathlp.dll
C:\Windows\System32\ipnathlp.dll [file not found to scan]
--------------------
Key:  SLUINotify
Path: %SystemRoot%\system32\SLUINotify.dll
C:\Windows\system32\SLUINotify.dll [file not found to scan]
--------------------
Key:  SSDPSRV
Path: %SystemRoot%\System32\ssdpsrv.dll
C:\Windows\System32\ssdpsrv.dll [file not found to scan]
--------------------
Key:  SstpSvc
Path: %SystemRoot%\system32\sstpsvc.dll
C:\Windows\system32\sstpsvc.dll [file not found to scan]
--------------------
Key:  stisvc
Path: %SystemRoot%\System32\wiaservc.dll
C:\Windows\System32\wiaservc.dll [file not found to scan]
--------------------
Key:  swprv
Path: %Systemroot%\System32\swprv.dll
C:\Windows\System32\swprv.dll [file not found to scan]
--------------------
Key:  SysMain
Path: %systemroot%\system32\sysmain.dll
C:\Windows\system32\sysmain.dll [file not found to scan]
--------------------
Key:  TabletInputService
Path: %SystemRoot%\System32\TabSvc.dll
C:\Windows\System32\TabSvc.dll [file not found to scan]
--------------------
Key:  TBS
Path: %SystemRoot%\System32\tbssvc.dll
C:\Windows\System32\tbssvc.dll [file not found to scan]
--------------------
Key:  TermService
Path: %SystemRoot%\System32\termsrv.dll
C:\Windows\System32\termsrv.dll [file not found to scan]
--------------------
Key:  THREADORDER
Path: %SystemRoot%\system32\mmcss.dll
C:\Windows\system32\mmcss.dll [file not found to scan]
--------------------
Key:  TrkWks
Path: %SystemRoot%\System32\trkwks.dll
C:\Windows\System32\trkwks.dll [file not found to scan]
--------------------
Key:  UxSms
Path: %SystemRoot%\System32\uxsms.dll
C:\Windows\System32\uxsms.dll [file not found to scan]
--------------------
Key:  W32Time
Path: %systemroot%\system32\w32time.dll
C:\Windows\system32\w32time.dll [file not found to scan]
--------------------
Key:  Wecsvc
Path: %SystemRoot%\system32\wecsvc.dll
C:\Windows\system32\wecsvc.dll [file not found to scan]
--------------------
Key:  wercplsupport
Path: %SystemRoot%\System32\wercplsupport.dll
C:\Windows\System32\wercplsupport.dll [file not found to scan]
--------------------
Key:  WerSvc
Path: %SystemRoot%\System32\WerSvc.dll
C:\Windows\System32\WerSvc.dll [file not found to scan]
--------------------
Key:  Winmgmt
Path: %SystemRoot%\system32\wbem\WMIsvc.dll
C:\Windows\system32\wbem\WMIsvc.dll [file not found to scan]
--------------------
Key:  Wlansvc
Path: %SystemRoot%\System32\wlansvc.dll
C:\Windows\System32\wlansvc.dll [file not found to scan]
--------------------
Key:  WPDBusEnum
Path: %SystemRoot%\system32\wpdbusenum.dll
C:\Windows\system32\wpdbusenum.dll [file not found to scan]
--------------------
Key:  wscsvc
Path: %SystemRoot%\System32\wscsvc.dll
C:\Windows\System32\wscsvc.dll [file not found to scan]
--------------------
Key:  wuauserv
Path: %systemroot%\system32\wuaueng.dll
C:\Windows\system32\wuaueng.dll [file not found to scan]
--------------------
Key:  wudfsvc
Path: %SystemRoot%\System32\WUDFSvc.dll
C:\Windows\System32\WUDFSvc.dll [file not found to scan]
--------------------

************************************************************
21:55:06: Scanning ----- SERVICES REGISTRY KEYS -----
Key:       ACPI
ImagePath: system32\drivers\acpi.sys
C:\Windows\system32\drivers\acpi.sys [file not found to scan]
----------
Key:       adp94xx
ImagePath: \SystemRoot\system32\drivers\adp94xx.sys
C:\Windows\system32\drivers\adp94xx.sys [file not found to scan]
----------
Key:       adpahci
ImagePath: \SystemRoot\system32\drivers\adpahci.sys
C:\Windows\system32\drivers\adpahci.sys [file not found to scan]
----------
Key:       adpu320
ImagePath: \SystemRoot\system32\drivers\adpu320.sys
C:\Windows\system32\drivers\adpu320.sys [file not found to scan]
----------
Key:       AFD
ImagePath: \SystemRoot\system32\drivers\afd.sys
C:\Windows\system32\drivers\afd.sys [file not found to scan]
----------
Key:       agp440
ImagePath: \SystemRoot\system32\drivers\agp440.sys
C:\Windows\system32\drivers\agp440.sys [file not found to scan]
----------
Key:       aic78xx
ImagePath: \SystemRoot\system32\drivers\djsvs.sys
C:\Windows\system32\drivers\djsvs.sys [file not found to scan]
----------
Key:       ALG
ImagePath: %SystemRoot%\System32\alg.exe
C:\Windows\System32\alg.exe [file not found to scan]
----------
Key:       aliide
ImagePath: \SystemRoot\system32\drivers\aliide.sys
C:\Windows\system32\drivers\aliide.sys [file not found to scan]
----------
Key:       amdide
ImagePath: \SystemRoot\system32\drivers\amdide.sys
C:\Windows\system32\drivers\amdide.sys [file not found to scan]
----------
Key:       AmdK8
ImagePath: system32\DRIVERS\amdk8.sys
C:\Windows\system32\DRIVERS\amdk8.sys [file not found to scan]
----------
Key:       Apple Mobile Device
ImagePath: "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
116040 bytes
Created:  01/10/2008
Modified: 01/10/2008
Company:  Apple Inc.
----------
Key:       arc
ImagePath: \SystemRoot\system32\drivers\arc.sys
C:\Windows\system32\drivers\arc.sys [file not found to scan]
----------
Key:       arcsas
ImagePath: \SystemRoot\system32\drivers\arcsas.sys
C:\Windows\system32\drivers\arcsas.sys [file not found to scan]
----------
Key:       AsyncMac
ImagePath: system32\DRIVERS\asyncmac.sys
C:\Windows\system32\DRIVERS\asyncmac.sys [file not found to scan]
----------
Key:       atapi
ImagePath: system32\drivers\atapi.sys
C:\Windows\system32\drivers\atapi.sys [file not found to scan]
----------
Key:       Ati External Event Utility
ImagePath: %SystemRoot%\system32\Ati2evxx.exe
C:\Windows\system32\Ati2evxx.exe [file not found to scan]
----------
Key:       atikmdag
ImagePath: system32\DRIVERS\atikmdag.sys
C:\Windows\system32\DRIVERS\atikmdag.sys [file not found to scan]
----------
Key:       AVFilter
ImagePath: system32\drivers\AVFilter.sys
C:\Windows\system32\drivers\AVFilter.sys
21904 bytes
Created:  30/10/2008
Modified: 12/02/2008
Company:  PC Tools Research Pty Ltd
----------
Key:       AVHook
ImagePath: system32\drivers\AVHook.sys
C:\Windows\system32\drivers\AVHook.sys
28568 bytes
Created:  30/10/2008
Modified: 06/12/2007
Company:  PC Tools Research Pty Ltd.
----------
Key:       AVRec
ImagePath: system32\drivers\AVRec.sys
C:\Windows\system32\drivers\AVRec.sys
21912 bytes
Created:  30/10/2008
Modified: 06/12/2007
Company:  PC Tools Research Pty Ltd 
----------
Key:       Bandoo Coordinator
ImagePath: "C:\PROGRA~2\Bandoo\Bandoo.exe"
C:\PROGRA~2\Bandoo\Bandoo.exe
1271232 bytes
Created:  29/08/2008
Modified: 26/06/2008
Company:  Discordia Limited
----------
Key:       blbdrive
ImagePath: \SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded
----------
Key:       Bonjour Service
ImagePath: "C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
238888 bytes
Created:  29/08/2008
Modified: 29/08/2008
Company:  Apple Inc.
----------
Key:       bowser
ImagePath: system32\DRIVERS\bowser.sys
C:\Windows\system32\DRIVERS\bowser.sys [file not found to scan]
----------
Key:       BrFiltLo
ImagePath: \SystemRoot\system32\drivers\brfiltlo.sys
C:\Windows\system32\drivers\brfiltlo.sys [file not found to scan]
----------
Key:       BrFiltUp
ImagePath: \SystemRoot\system32\drivers\brfiltup.sys
C:\Windows\system32\drivers\brfiltup.sys [file not found to scan]
----------
Key:       Brserid
ImagePath: \SystemRoot\system32\drivers\brserid.sys
C:\Windows\system32\drivers\brserid.sys [file not found to scan]
----------
Key:       BrSerWdm
ImagePath: \SystemRoot\system32\drivers\brserwdm.sys
C:\Windows\system32\drivers\brserwdm.sys [file not found to scan]
----------
Key:       BrUsbMdm
ImagePath: \SystemRoot\system32\drivers\brusbmdm.sys
C:\Windows\system32\drivers\brusbmdm.sys [file not found to scan]
----------
Key:       BrUsbSer
ImagePath: \SystemRoot\system32\drivers\brusbser.sys
C:\Windows\system32\drivers\brusbser.sys [file not found to scan]
----------
Key:       BTHMODEM
ImagePath: \SystemRoot\system32\drivers\bthmodem.sys
C:\Windows\system32\drivers\bthmodem.sys [file not found to scan]
----------
Key:       cdfs
ImagePath: system32\DRIVERS\cdfs.sys
C:\Windows\system32\DRIVERS\cdfs.sys [file not found to scan]
----------
Key:       cdrom
ImagePath: system32\DRIVERS\cdrom.sys
C:\Windows\system32\DRIVERS\cdrom.sys [file not found to scan]
----------
Key:       circlass
ImagePath: \SystemRoot\system32\drivers\circlass.sys
C:\Windows\system32\drivers\circlass.sys [file not found to scan]
----------
Key:       CLFS
ImagePath: System32\CLFS.sys
C:\Windows\System32\CLFS.sys [file not found to scan]
----------
Key:       clr_optimization_v2.0.50727_64
ImagePath: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
93696 bytes
Created:  27/05/2008
Modified: 05/01/2008
Company:  Microsoft Corporation
----------
Key:       cmdide
ImagePath: \SystemRoot\system32\drivers\cmdide.sys
C:\Windows\system32\drivers\cmdide.sys [file not found to scan]
----------
Key:       Compbatt
ImagePath: \SystemRoot\system32\drivers\compbatt.sys
C:\Windows\system32\drivers\compbatt.sys [file not found to scan]
----------
Key:       crcdisk
ImagePath: system32\drivers\crcdisk.sys
C:\Windows\system32\drivers\crcdisk.sys [file not found to scan]
----------
Key:       DfsC
ImagePath: System32\Drivers\dfsc.sys
C:\Windows\System32\Drivers\dfsc.sys [file not found to scan]
----------
Key:       DFSR
ImagePath: %SystemRoot%\system32\DFSR.exe
C:\Windows\system32\DFSR.exe [file not found to scan]
----------
Key:       disk
ImagePath: system32\drivers\disk.sys
C:\Windows\system32\drivers\disk.sys [file not found to scan]
----------
Key:       Dot4
ImagePath: system32\DRIVERS\Dot4.sys
C:\Windows\system32\DRIVERS\Dot4.sys [file not found to scan]
----------
Key:       Dot4Print
ImagePath: system32\DRIVERS\Dot4Prt.sys
C:\Windows\system32\DRIVERS\Dot4Prt.sys [file not found to scan]
----------
Key:       dot4usb
ImagePath: system32\DRIVERS\dot4usb.sys
C:\Windows\system32\DRIVERS\dot4usb.sys [file not found to scan]
----------
Key:       drmkaud
ImagePath: system32\drivers\drmkaud.sys
C:\Windows\system32\drivers\drmkaud.sys [file not found to scan]
----------
Key:       DXGKrnl
ImagePath: \SystemRoot\System32\drivers\dxgkrnl.sys
C:\Windows\System32\drivers\dxgkrnl.sys [file not found to scan]
----------
Key:       E1G60
ImagePath: system32\DRIVERS\E1G6032E.sys
C:\Windows\system32\DRIVERS\E1G6032E.sys [file not found to scan]
----------
Key:       Ecache
ImagePath: System32\drivers\ecache.sys
C:\Windows\System32\drivers\ecache.sys [file not found to scan]
----------
Key:       elxstor
ImagePath: \SystemRoot\system32\drivers\elxstor.sys
C:\Windows\system32\drivers\elxstor.sys [file not found to scan]
----------
Key:       fdc
ImagePath: system32\DRIVERS\fdc.sys
C:\Windows\system32\DRIVERS\fdc.sys [file not found to scan]
----------
Key:       FileInfo
ImagePath: system32\drivers\fileinfo.sys
C:\Windows\system32\drivers\fileinfo.sys [file not found to scan]
----------
Key:       Filetrace
ImagePath: system32\drivers\filetrace.sys
C:\Windows\system32\drivers\filetrace.sys [file not found to scan]
----------
Key:       flpydisk
ImagePath: system32\DRIVERS\flpydisk.sys
C:\Windows\system32\DRIVERS\flpydisk.sys [file not found to scan]
----------
Key:       FltMgr
ImagePath: system32\drivers\fltmgr.sys
C:\Windows\system32\drivers\fltmgr.sys [file not found to scan]
----------
Key:       FontCache3.0.0.0
ImagePath: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
36864 bytes
Created:  27/05/2008
Modified: 05/01/2008
Company:  Microsoft Corporation
----------
Key:       gagp30kx
ImagePath: \SystemRoot\system32\drivers\gagp30kx.sys
C:\Windows\system32\drivers\gagp30kx.sys [file not found to scan]
----------
Key:       GEARAspiWDM
ImagePath: system32\DRIVERS\GEARAspiWDM.sys
C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [file not found to scan]
----------
Key:       gusvc
ImagePath: "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
138168 bytes
Created:  13/06/2008
Modified: 13/06/2008
Company:  Google
----------
Key:       HdAudAddService
ImagePath: system32\drivers\HdAudio.sys
C:\Windows\system32\drivers\HdAudio.sys [file not found to scan]
----------
Key:       HDAudBus
ImagePath: system32\DRIVERS\HDAudBus.sys
C:\Windows\system32\DRIVERS\HDAudBus.sys [file not found to scan]
----------
Key:       HidBth
ImagePath: \SystemRoot\system32\drivers\hidbth.sys
C:\Windows\system32\drivers\hidbth.sys [file not found to scan]
----------
Key:       HidIr
ImagePath: \SystemRoot\system32\drivers\hidir.sys
C:\Windows\system32\drivers\hidir.sys [file not found to scan]
----------
Key:       HidUsb
ImagePath: system32\DRIVERS\hidusb.sys
C:\Windows\system32\DRIVERS\hidusb.sys [file not found to scan]
----------
Key:       HpCISSs
ImagePath: \SystemRoot\system32\drivers\hpcisss.sys
C:\Windows\system32\drivers\hpcisss.sys [file not found to scan]
----------
Key:       HTTP
ImagePath: system32\drivers\HTTP.sys
C:\Windows\system32\drivers\HTTP.sys [file not found to scan]
----------
Key:       i2omp
ImagePath: \SystemRoot\system32\drivers\i2omp.sys
C:\Windows\system32\drivers\i2omp.sys [file not found to scan]
----------
Key:       i8042prt
ImagePath: system32\DRIVERS\i8042prt.sys
C:\Windows\system32\DRIVERS\i8042prt.sys [file not found to scan]
----------
Key:       iaStorV
ImagePath: \SystemRoot\system32\drivers\iastorv.sys
C:\Windows\system32\drivers\iastorv.sys [file not found to scan]
----------
Key:       idsvc
ImagePath: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
921600 bytes
Created:  27/05/2008
Modified: 05/01/2008
Company:  Microsoft Corporation
----------
Key:       iirsp
ImagePath: \SystemRoot\system32\drivers\iirsp.sys
C:\Windows\system32\drivers\iirsp.sys [file not found to scan]
----------
Key:       intelide
ImagePath: \SystemRoot\system32\drivers\intelide.sys
C:\Windows\system32\drivers\intelide.sys [file not found to scan]
----------
Key:       intelppm
ImagePath: system32\DRIVERS\intelppm.sys - file is missing - alert is globally excluded
----------
Key:       IpFilterDriver
ImagePath: system32\DRIVERS\ipfltdrv.sys
C:\Windows\system32\DRIVERS\ipfltdrv.sys [file not found to scan]
----------
Key:       IpInIp
ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded
----------
Key:       IPMIDRV
ImagePath: \SystemRoot\system32\drivers\ipmidrv.sys
C:\Windows\system32\drivers\ipmidrv.sys [file not found to scan]
----------
Key:       IPNAT
ImagePath: system32\DRIVERS\ipnat.sys
C:\Windows\system32\DRIVERS\ipnat.sys [file not found to scan]
----------
Key:       iPod Service
ImagePath: "C:\Program Files (x86)\iPod\bin\iPodService.exe"
C:\Program Files (x86)\iPod\bin\iPodService.exe
536872 bytes
Created:  01/10/2008
Modified: 01/10/2008
Company:  Apple Inc.
----------
Key:       IRENUM
ImagePath: system32\drivers\irenum.sys
C:\Windows\system32\drivers\irenum.sys [file not found to scan]
----------
Key:       isapnp
ImagePath: \SystemRoot\system32\drivers\isapnp.sys
C:\Windows\system32\drivers\isapnp.sys [file not found to scan]
----------
Key:       iScsiPrt
ImagePath: system32\DRIVERS\msiscsi.sys
C:\Windows\system32\DRIVERS\msiscsi.sys [file not found to scan]
----------
Key:       iteatapi
ImagePath: \SystemRoot\system32\drivers\iteatapi.sys
C:\Windows\system32\drivers\iteatapi.sys [file not found to scan]
----------
Key:       iteraid
ImagePath: \SystemRoot\system32\drivers\iteraid.sys
C:\Windows\system32\drivers\iteraid.sys [file not found to scan]
----------
Key:       kbdclass
ImagePath: system32\DRIVERS\kbdclass.sys
C:\Windows\system32\DRIVERS\kbdclass.sys [file not found to scan]
----------
Key:       kbdhid
ImagePath: system32\DRIVERS\kbdhid.sys
C:\Windows\system32\DRIVERS\kbdhid.sys [file not found to scan]
----------
Key:       KeyIso
ImagePath: %SystemRoot%\system32\lsass.exe
C:\Windows\system32\lsass.exe [file not found to scan]
----------
Key:       KSecDD
ImagePath: System32\Drivers\ksecdd.sys
C:\Windows\System32\Drivers\ksecdd.sys [file not found to scan]
----------
Key:       ksthunk
ImagePath: \SystemRoot\system32\drivers\ksthunk.sys
C:\Windows\system32\drivers\ksthunk.sys [file not found to scan]
----------
Key:       lltdio
ImagePath: system32\DRIVERS\lltdio.sys
C:\Windows\system32\DRIVERS\lltdio.sys [file not found to scan]
----------
Key:       LSI_FC
ImagePath: \SystemRoot\system32\drivers\lsi_fc.sys
C:\Windows\system32\drivers\lsi_fc.sys [file not found to scan]
----------
Key:       LSI_SAS
ImagePath: \SystemRoot\system32\drivers\lsi_sas.sys
C:\Windows\system32\drivers\lsi_sas.sys [file not found to scan]
----------
Key:       LSI_SCSI
ImagePath: \SystemRoot\system32\drivers\lsi_scsi.sys
C:\Windows\system32\drivers\lsi_scsi.sys [file not found to scan]
----------
Key:       luafv
ImagePath: \SystemRoot\system32\drivers\luafv.sys
C:\Windows\system32\drivers\luafv.sys [file not found to scan]
----------
Key:       megasas
ImagePath: \SystemRoot\system32\drivers\megasas.sys
C:\Windows\system32\drivers\megasas.sys [file not found to scan]
----------
Key:       Modem
ImagePath: system32\drivers\modem.sys
C:\Windows\system32\drivers\modem.sys [file not found to scan]
----------
Key:       monitor
ImagePath: system32\DRIVERS\monitor.sys
C:\Windows\system32\DRIVERS\monitor.sys [file not found to scan]
----------
Key:       mouclass
ImagePath: system32\DRIVERS\mouclass.sys
C:\Windows\system32\DRIVERS\mouclass.sys [file not found to scan]
----------
Key:       mouhid
ImagePath: system32\DRIVERS\mouhid.sys
C:\Windows\system32\DRIVERS\mouhid.sys [file not found to scan]
----------
Key:       MountMgr
ImagePath: System32\drivers\mountmgr.sys
C:\Windows\System32\drivers\mountmgr.sys [file not found to scan]
----------
Key:       mpio
ImagePath: \SystemRoot\system32\drivers\mpio.sys
C:\Windows\system32\drivers\mpio.sys [file not found to scan]
----------
Key:       mpsdrv
ImagePath: System32\drivers\mpsdrv.sys
C:\Windows\System32\drivers\mpsdrv.sys [file not found to scan]
----------
Key:       Mraid35x
ImagePath: \SystemRoot\system32\drivers\mraid35x.sys
C:\Windows\system32\drivers\mraid35x.sys [file not found to scan]
----------
Key:       MRxDAV
ImagePath: \SystemRoot\system32\drivers\mrxdav.sys
C:\Windows\system32\drivers\mrxdav.sys [file not found to scan]
----------
Key:       mrxsmb
ImagePath: system32\DRIVERS\mrxsmb.sys
C:\Windows\system32\DRIVERS\mrxsmb.sys [file not found to scan]
----------
Key:       mrxsmb10
ImagePath: system32\DRIVERS\mrxsmb10.sys
C:\Windows\system32\DRIVERS\mrxsmb10.sys [file not found to scan]
----------
Key:       mrxsmb20
ImagePath: system32\DRIVERS\mrxsmb20.sys
C:\Windows\system32\DRIVERS\mrxsmb20.sys [file not found to scan]
----------
Key:       msahci
ImagePath: \SystemRoot\system32\drivers\msahci.sys
C:\Windows\system32\drivers\msahci.sys [file not found to scan]
----------
Key:       msdsm
ImagePath: \SystemRoot\system32\drivers\msdsm.sys
C:\Windows\system32\drivers\msdsm.sys [file not found to scan]
----------
Key:       MSDTC
ImagePath: %SystemRoot%\System32\msdtc.exe
C:\Windows\System32\msdtc.exe [file not found to scan]
----------
Key:       msisadrv
ImagePath: system32\drivers\msisadrv.sys
C:\Windows\system32\drivers\msisadrv.sys [file not found to scan]
----------
Key:       msiserver
ImagePath: %systemroot%\system32\msiexec /V
----------
Key:       MSKSSRV
ImagePath: system32\drivers\MSKSSRV.sys
C:\Windows\system32\drivers\MSKSSRV.sys [file not found to scan]
----------
Key:       MSPCLOCK
ImagePath: system32\drivers\MSPCLOCK.sys
C:\Windows\system32\drivers\MSPCLOCK.sys [file not found to scan]
----------
Key:       MSPQM
ImagePath: system32\drivers\MSPQM.sys
C:\Windows\system32\drivers\MSPQM.sys [file not found to scan]
----------
Key:       mssmbios
ImagePath: system32\DRIVERS\mssmbios.sys
C:\Windows\system32\DRIVERS\mssmbios.sys [file not found to scan]
----------
Key:       MSTEE
ImagePath: system32\drivers\MSTEE.sys
C:\Windows\system32\drivers\MSTEE.sys [file not found to scan]
----------
Key:       Mup
ImagePath: System32\Drivers\mup.sys
C:\Windows\System32\Drivers\mup.sys [file not found to scan]
----------
Key:       NativeWifiP
ImagePath: system32\DRIVERS\nwifi.sys
C:\Windows\system32\DRIVERS\nwifi.sys [file not found to scan]
----------
Key:       NDIS
ImagePath: system32\drivers\ndis.sys
C:\Windows\system32\drivers\ndis.sys [file not found to scan]
----------
Key:       NdisTapi
ImagePath: system32\DRIVERS\ndistapi.sys
C:\Windows\system32\DRIVERS\ndistapi.sys [file not found to scan]
----------
Key:       Ndisuio
ImagePath: system32\DRIVERS\ndisuio.sys
C:\Windows\system32\DRIVERS\ndisuio.sys [file not found to scan]
----------
Key:       NdisWan
ImagePath: system32\DRIVERS\ndiswan.sys
C:\Windows\system32\DRIVERS\ndiswan.sys [file not found to scan]
----------
Key:       NetBIOS
ImagePath: system32\DRIVERS\netbios.sys
C:\Windows\system32\DRIVERS\netbios.sys [file not found to scan]
----------
Key:       netbt
ImagePath: System32\DRIVERS\netbt.sys
C:\Windows\System32\DRIVERS\netbt.sys [file not found to scan]
----------
Key:       Netlogon
ImagePath: %systemroot%\system32\lsass.exe
C:\Windows\system32\lsass.exe [file not found to scan]
----------
Key:       nfrd960
ImagePath: \SystemRoot\system32\drivers\nfrd960.sys
C:\Windows\system32\drivers\nfrd960.sys [file not found to scan]
----------
Key:       nsiproxy
ImagePath: system32\drivers\nsiproxy.sys
C:\Windows\system32\drivers\nsiproxy.sys [file not found to scan]
----------
Key:       nvraid
ImagePath: \SystemRoot\system32\drivers\nvraid.sys
C:\Windows\system32\drivers\nvraid.sys [file not found to scan]
----------
Key:       nvstor
ImagePath: \SystemRoot\system32\drivers\nvstor.sys
C:\Windows\system32\drivers\nvstor.sys [file not found to scan]
----------
Key:       nv_agp
ImagePath: \SystemRoot\system32\drivers\nv_agp.sys
C:\Windows\system32\drivers\nv_agp.sys [file not found to scan]
----------
Key:       NwlnkFlt
ImagePath: system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded
----------
Key:       NwlnkFwd
ImagePath: system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded
----------
Key:       ohci1394
ImagePath: system32\DRIVERS\ohci1394.sys
C:\Windows\system32\DRIVERS\ohci1394.sys [file not found to scan]
----------
Key:       Parport
ImagePath: system32\DRIVERS\parport.sys
C:\Windows\system32\DRIVERS\parport.sys [file not found to scan]
----------
Key:       partmgr
ImagePath: System32\drivers\partmgr.sys
C:\Windows\System32\drivers\partmgr.sys [file not found to scan]
----------
Key:       pci
ImagePath: system32\drivers\pci.sys
C:\Windows\system32\drivers\pci.sys [file not found to scan]
----------
Key:       pciide
ImagePath: system32\drivers\pciide.sys
C:\Windows\system32\drivers\pciide.sys [file not found to scan]
----------
Key:       pcmcia
ImagePath: \SystemRoot\system32\drivers\pcmcia.sys
C:\Windows\system32\drivers\pcmcia.sys [file not found to scan]
----------
Key:       PCTAVSvc
ImagePath: "C:\Program Files (x86)\PC Tools AntiVirus\PCTAVSvc.exe"
C:\Program Files (x86)\PC Tools AntiVirus\PCTAVSvc.exe
995520 bytes
Created:  30/10/2008
Modified: 23/09/2008
Company:  PC Tools Research Pty Ltd
----------
Key:       PEAUTH
ImagePath: system32\drivers\peauth.sys
C:\Windows\system32\drivers\peauth.sys [file not found to scan]
----------
Key:       PerfHost
ImagePath: %SystemRoot%\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
19968 bytes
Created:  27/05/2008
Modified: 19/01/2008
Company:  Microsoft Corporation
----------
Key:       PptpMiniport
ImagePath: system32\DRIVERS\raspptp.sys
C:\Windows\system32\DRIVERS\raspptp.sys [file not found to scan]
----------
Key:       Processor
ImagePath: \SystemRoot\system32\drivers\processr.sys
C:\Windows\system32\drivers\processr.sys [file not found to scan]
----------
Key:       ProtectedStorage
ImagePath: %SystemRoot%\system32\lsass.exe
C:\Windows\system32\lsass.exe [file not found to scan]
----------
Key:       PSched
ImagePath: system32\DRIVERS\pacer.sys
C:\Windows\system32\DRIVERS\pacer.sys [file not found to scan]
----------
Key:       ql2300
ImagePath: \SystemRoot\system32\drivers\ql2300.sys
C:\Windows\system32\drivers\ql2300.sys [file not found to scan]
----------
Key:       ql40xx
ImagePath: \SystemRoot\system32\drivers\ql40xx.sys
C:\Windows\system32\drivers\ql40xx.sys [file not found to scan]
----------
Key:       QWAVEdrv
ImagePath: \SystemRoot\system32\drivers\qwavedrv.sys
C:\Windows\system32\drivers\qwavedrv.sys [file not found to scan]
----------
Key:       RasAcd
ImagePath: System32\DRIVERS\rasacd.sys
C:\Windows\System32\DRIVERS\rasacd.sys [file not found to scan]
----------
Key:       Rasl2tp
ImagePath: system32\DRIVERS\rasl2tp.sys
C:\Windows\system32\DRIVERS\rasl2tp.sys [file not found to scan]
----------
Key:       RasPppoe
ImagePath: system32\DRIVERS\raspppoe.sys
C:\Windows\system32\DRIVERS\raspppoe.sys [file not found to scan]
----------
Key:       RasSstp
ImagePath: system32\DRIVERS\rassstp.sys
C:\Windows\system32\DRIVERS\rassstp.sys [file not found to scan]
----------
Key:       rdbss
ImagePath: system32\DRIVERS\rdbss.sys
C:\Windows\system32\DRIVERS\rdbss.sys [file not found to scan]
----------
Key:       RDPCDD
ImagePath: System32\DRIVERS\RDPCDD.sys
C:\Windows\System32\DRIVERS\RDPCDD.sys [file not found to scan]
----------
Key:       rdpdr
ImagePath: \SystemRoot\system32\drivers\rdpdr.sys
C:\Windows\system32\drivers\rdpdr.sys [file not found to scan]
----------
Key:       RDPENCDD
ImagePath: system32\drivers\rdpencdd.sys
C:\Windows\system32\drivers\rdpencdd.sys [file not found to scan]
----------
Key:       RpcLocator
ImagePath: %SystemRoot%\system32\locator.exe
C:\Windows\system32\locator.exe [file not found to scan]
----------
Key:       rspndr
ImagePath: system32\DRIVERS\rspndr.sys
C:\Windows\system32\DRIVERS\rspndr.sys [file not found to scan]
----------
Key:       s117bus
ImagePath: system32\DRIVERS\s117bus.sys
C:\Windows\system32\DRIVERS\s117bus.sys [file not found to scan]
----------
Key:       s117mdfl
ImagePath: system32\DRIVERS\s117mdfl.sys
C:\Windows\system32\DRIVERS\s117mdfl.sys [file not found to scan]
----------
Key:       s117mdm
ImagePath: system32\DRIVERS\s117mdm.sys
C:\Windows\system32\DRIVERS\s117mdm.sys [file not found to scan]
----------
Key:       s117mgmt
ImagePath: system32\DRIVERS\s117mgmt.sys
C:\Windows\system32\DRIVERS\s117mgmt.sys [file not found to scan]
----------
Key:       s117nd5
ImagePath: system32\DRIVERS\s117nd5.sys
C:\Windows\system32\DRIVERS\s117nd5.sys [file not found to scan]
----------
Key:       s117obex
ImagePath: system32\DRIVERS\s117obex.sys
C:\Windows\system32\DRIVERS\s117obex.sys [file not found to scan]
----------
Key:       s117unic
ImagePath: system32\DRIVERS\s117unic.sys
C:\Windows\system32\DRIVERS\s117unic.sys [file not found to scan]
----------
Key:       s916bus
ImagePath: system32\DRIVERS\s916bus.sys
C:\Windows\system32\DRIVERS\s916bus.sys [file not found to scan]
----------
Key:       SamSs
ImagePath: %SystemRoot%\system32\lsass.exe
C:\Windows\system32\lsass.exe [file not found to scan]
----------
Key:       sbp2port
ImagePath: \SystemRoot\system32\drivers\sbp2port.sys
C:\Windows\system32\drivers\sbp2port.sys [file not found to scan]
----------
Key:       SBSDWSCService
ImagePath: C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
810320 bytes
Created:  29/05/2008
Modified: 28/01/2008
Company:  Safer Networking Ltd.
----------
Key:       Serenum
ImagePath: system32\DRIVERS\serenum.sys
C:\Windows\system32\DRIVERS\serenum.sys [file not found to scan]
----------
Key:       Serial
ImagePath: system32\DRIVERS\serial.sys
C:\Windows\system32\DRIVERS\serial.sys [file not found to scan]
----------
Key:       sermouse
ImagePath: \SystemRoot\system32\drivers\sermouse.sys
C:\Windows\system32\drivers\sermouse.sys [file not found to scan]
----------
Key:       sffdisk
ImagePath: \SystemRoot\system32\drivers\sffdisk.sys
C:\Windows\system32\drivers\sffdisk.sys [file not found to scan]
----------
Key:       sffp_mmc
ImagePath: \SystemRoot\system32\drivers\sffp_mmc.sys
C:\Windows\system32\drivers\sffp_mmc.sys [file not found to scan]
----------
Key:       sffp_sd
ImagePath: \SystemRoot\system32\drivers\sffp_sd.sys
C:\Windows\system32\drivers\sffp_sd.sys [file not found to scan]
----------
Key:       sfloppy
ImagePath: \SystemRoot\system32\drivers\sfloppy.sys
C:\Windows\system32\drivers\sfloppy.sys [file not found to scan]
----------
Key:       SiSRaid2
ImagePath: \SystemRoot\system32\drivers\sisraid2.sys
C:\Windows\system32\drivers\sisraid2.sys [file not found to scan]
----------
Key:       SiSRaid4
ImagePath: \SystemRoot\system32\drivers\sisraid4.sys
C:\Windows\system32\drivers\sisraid4.sys [file not found to scan]
----------
Key:       slsvc
ImagePath: %SystemRoot%\system32\SLsvc.exe
C:\Windows\system32\SLsvc.exe [file not found to scan]
----------
Key:       Smb
ImagePath: system32\DRIVERS\smb.sys
C:\Windows\system32\DRIVERS\smb.sys [file not found to scan]
----------
Key:       SNMPTRAP
ImagePath: %SystemRoot%\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe [file not found to scan]
----------
Key:       Spooler
ImagePath: %SystemRoot%\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe [file not found to scan]
----------
Key:       srv
ImagePath: System32\DRIVERS\srv.sys
C:\Windows\System32\DRIVERS\srv.sys [file not found to scan]
----------
Key:       srv2
ImagePath: System32\DRIVERS\srv2.sys
C:\Windows\System32\DRIVERS\srv2.sys [file not found to scan]
----------
Key:       srvnet
ImagePath: System32\DRIVERS\srvnet.sys
C:\Windows\System32\DRIVERS\srvnet.sys [file not found to scan]
----------
Key:       swenum
ImagePath: system32\DRIVERS\swenum.sys
C:\Windows\system32\DRIVERS\swenum.sys [file not found to scan]
----------
Key:       Symc8xx
ImagePath: \SystemRoot\system32\drivers\symc8xx.sys
C:\Windows\system32\drivers\symc8xx.sys [file not found to scan]
----------
Key:       Sym_hi
ImagePath: \SystemRoot\system32\drivers\sym_hi.sys
C:\Windows\system32\drivers\sym_hi.sys [file not found to scan]
----------
Key:       Sym_u3
ImagePath: \SystemRoot\system32\drivers\sym_u3.sys
C:\Windows\system32\drivers\sym_u3.sys [file not found to scan]
----------
Key:       Tcpip
ImagePath: System32\drivers\tcpip.sys
C:\Windows\System32\drivers\tcpip.sys [file not found to scan]
----------
Key:       Tcpip6
ImagePath: system32\DRIVERS\tcpip.sys
C:\Windows\system32\DRIVERS\tcpip.sys [file not found to scan]
----------
Key:       tcpipreg
ImagePath: System32\drivers\tcpipreg.sys
C:\Windows\System32\drivers\tcpipreg.sys [file not found to scan]
----------
Key:       TDPIPE
ImagePath: system32\drivers\tdpipe.sys
C:\Windows\system32\drivers\tdpipe.sys [file not found to scan]
----------
Key:       TDTCP
ImagePath: system32\drivers\tdtcp.sys
C:\Windows\system32\drivers\tdtcp.sys [file not found to scan]
----------
Key:       tdx
ImagePath: system32\DRIVERS\tdx.sys
C:\Windows\system32\DRIVERS\tdx.sys [file not found to scan]
----------
Key:       TermDD
ImagePath: system32\DRIVERS\termdd.sys
C:\Windows\system32\DRIVERS\termdd.sys [file not found to scan]
----------
Key:       tssecsrv
ImagePath: System32\DRIVERS\tssecsrv.sys
C:\Windows\System32\DRIVERS\tssecsrv.sys [file not found to scan]
----------
Key:       tunmp
ImagePath: system32\DRIVERS\tunmp.sys
C:\Windows\system32\DRIVERS\tunmp.sys [file not found to scan]
----------
Key:       tunnel
ImagePath: system32\DRIVERS\tunnel.sys
C:\Windows\system32\DRIVERS\tunnel.sys [file not found to scan]
----------
Key:       uagp35
ImagePath: \SystemRoot\system32\drivers\uagp35.sys
C:\Windows\system32\drivers\uagp35.sys [file not found to scan]
----------
Key:       udfs
ImagePath: system32\DRIVERS\udfs.sys
C:\Windows\system32\DRIVERS\udfs.sys [file not found to scan]
----------
Key:       UI0Detect
ImagePath: %SystemRoot%\system32\UI0Detect.exe
C:\Windows\system32\UI0Detect.exe [file not found to scan]
----------
Key:       uliagpkx
ImagePath: \SystemRoot\system32\drivers\uliagpkx.sys
C:\Windows\system32\drivers\uliagpkx.sys [file not found to scan]
----------
Key:       uliahci
ImagePath: \SystemRoot\system32\drivers\uliahci.sys
C:\Windows\system32\drivers\uliahci.sys [file not found to scan]
----------
Key:       UlSata
ImagePath: \SystemRoot\system32\drivers\ulsata.sys
C:\Windows\system32\drivers\ulsata.sys [file not found to scan]
----------
Key:       ulsata2
ImagePath: \SystemRoot\system32\drivers\ulsata2.sys
C:\Windows\system32\drivers\ulsata2.sys [file not found to scan]
----------
Key:       umbus
ImagePath: system32\DRIVERS\umbus.sys
C:\Windows\system32\DRIVERS\umbus.sys [file not found to scan]
----------
Key:       usbccgp
ImagePath: system32\DRIVERS\usbccgp.sys
C:\Windows\system32\DRIVERS\usbccgp.sys [file not found to scan]
----------
Key:       usbcir
ImagePath: \SystemRoot\system32\drivers\usbcir.sys
C:\Windows\system32\drivers\usbcir.sys [file not found to scan]
----------
Key:       usbehci
ImagePath: system32\DRIVERS\usbehci.sys
C:\Windows\system32\DRIVERS\usbehci.sys [file not found to scan]
----------
Key:       usbhub
ImagePath: system32\DRIVERS\usbhub.sys
C:\Windows\system32\DRIVERS\usbhub.sys [file not found to scan]
----------
Key:       usbohci
ImagePath: system32\DRIVERS\usbohci.sys
C:\Windows\system32\DRIVERS\usbohci.sys [file not found to scan]
----------
Key:       usbprint
ImagePath: system32\DRIVERS\usbprint.sys
C:\Windows\system32\DRIVERS\usbprint.sys [file not found to scan]
----------
Key:       usbscan
ImagePath: system32\DRIVERS\usbscan.sys
C:\Windows\system32\DRIVERS\usbscan.sys [file not found to scan]
----------
Key:       USBSTOR
ImagePath: system32\DRIVERS\USBSTOR.SYS - file is missing - alert is globally excluded
----------
Key:       usbuhci
ImagePath: system32\DRIVERS\usbuhci.sys
C:\Windows\system32\DRIVERS\usbuhci.sys [file not found to scan]
----------
Key:       usnjsvc
ImagePath: "C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe"
C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created:  18/10/2007
Modified: 18/10/2007
Company:  Microsoft Corporation
----------
Key:       vds
ImagePath: %SystemRoot%\System32\vds.exe
C:\Windows\System32\vds.exe [file not found to scan]
----------
Key:       vga
ImagePath: system32\DRIVERS\vgapnp.sys
C:\Windows\system32\DRIVERS\vgapnp.sys [file not found to scan]
----------
Key:       VgaSave
ImagePath: \SystemRoot\System32\drivers\vga.sys
C:\Windows\System32\drivers\vga.sys [file not found to scan]
----------
Key:       viaide
ImagePath: \SystemRoot\system32\drivers\viaide.sys
C:\Windows\system32\drivers\viaide.sys [file not found to scan]
----------
Key:       volmgr
ImagePath: system32\drivers\volmgr.sys
C:\Windows\system32\drivers\volmgr.sys [file not found to scan]
----------
Key:       volmgrx
ImagePath: System32\drivers\volmgrx.sys
C:\Windows\System32\drivers\volmgrx.sys [file not found to scan]
----------
Key:       volsnap
ImagePath: system32\drivers\volsnap.sys
C:\Windows\system32\drivers\volsnap.sys [file not found to scan]
----------
Key:       vsmraid
ImagePath: \SystemRoot\system32\drivers\vsmraid.sys
C:\Windows\system32\drivers\vsmraid.sys [file not found to scan]
----------
Key:       VSS
ImagePath: %systemroot%\system32\vssvc.exe
C:\Windows\system32\vssvc.exe [file not found to scan]
----------
Key:       WacomPen
ImagePath: \SystemRoot\system32\drivers\wacompen.sys
C:\Windows\system32\drivers\wacompen.sys [file not found to scan]
----------
Key:

jfkpresident · Answer

salut ,désolé du retard ;

Tu va désinstaller le sponsor Msnplus comme indiqué ici : https://www.luanagames.com/index.fr.html

ensuite tu vas faire ceci :

1) télécharge hijackthis ici:hijackthis
ceci est un outil pour diagnostiquer ton pc .

*.Enregistre HJTInstall.exe sur ton bureau
*. Double-clique sur HJTInstall.exe pour lancer le programme
*. Par défaut, il s'installera là C:\Program Files\Trend Micro\HijackThis
*. Accepte la license en cliquant sur le bouton "I Accept"
*. Choisis l'option "Do a system scan and save a log file"
*. Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
*. Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
*. Colle le rapport que tu viens de copier sur ce forum
*. Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement 

tutoriel générer un rapport

gwenfreddy · Answer

salut peux tu me dire ce qu'il se passent j'ai besooin de ton aide car gross infection !! merci de ton aide 




apport de ZHPDiag v1.15 par Nicolas Coolman
Enregistré le 15/11/2008 23:35:23
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
MSIE: Internet Explorer v6.0.2900.5512

---\ Processus lancés
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
SOUNDMAN.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
autoclk.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
adiras.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
c:\Programmi\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\SystemDoctor\usdrmdr.exe
C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe
C:\WINDOWS\system32\PSDrvCheck.exe
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
c:\program files\orange\player orange\Orange Player.exe
C:\DOCUME~1\gilles\LOCALS~1\Temp\a.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ati2sgag.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\services.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

---\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

---\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm

---\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mxlivemedia - {3ce3e873-561d-9834-b9d8-bca83c494f0d} - C:\WINDOWS\system32
sk46B.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

---\ Internet Explorer Toolbars (O3)
O3 - Toolbar: 1 - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

---\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Corel Print Office 2000] "C:\WINDOWS\COREL\StpLnch.exe" /setup="D:" /rspfile="C:\WINDOWS\Corel\Corel Print Office 2000\5\RECOVERY.CSW" /g+ /close /df="setup\projectfr.csw, setup\compfr.csw" /LANG=FR
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Control] c:\Programmi\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [DNSE] "C:\Program Files\Fichiers communs\SystemDoctor\DNSE.exe" -c
O4 - HKLM\..\Run: [MDRV_Check] "C:\Program Files\Fichiers communs\SystemDoctor\usdrmdr.exe"
O4 - HKLM\..\Run: [DC6V_Check] "C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [RegistryMechanic] 
O4 - HKLM\..\Run: [NWEReboot] 
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [OrangePlayer] c:\program files\orange\player orange\Orange Player.exe /systray
O4 - HKCU\..\Run: [iekqi] "c:\documents and settings\gilles\local settings\application data\iekqi.exe" iekqi
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\gilles\LOCALS~1\Temp\a.exe
O4 - HKCU\..\Run: [98560682039166472816119688101031] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKLM\..\policies\Explorer: [NoCDBurning] Data="0"
O4 - Global Startup: Antivirus Firewall.lnk - C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
O4 - Global Startup: DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe

---\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

---\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra 'Tools' menuitem: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Program Files\Real\RealPlayer\eb_act.ico
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302
O9 - Extra 'Tools' menuitem: Windows Messenger - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - C:\Program Files\Messenger\msmsgs.exe,302
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshieldh.ico
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshieldh.ico
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Program Files\Real\RealPlayer\eb_act.ico
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302

---\ Paramètres par défaut des options Internet Explorer (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

---\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

---\ Piratage de domaine (Lop.com) (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF7E4767-CB42-4D2C-A5DE-283E5CCF8D23}: 80.10.246.130 81.253.149.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{BF7E4767-CB42-4D2C-A5DE-283E5CCF8D23}: 80.10.246.130 81.253.149.10

---\ Protocole additionnel et piratage de protocole (O18)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

---\ Valeur de registre AppInit_DLLs et sous-clés Winlogon Notify (O20)
O20 - Winlogon Notify: AtiStartupEvent - C:\WINDOWS\System32\Ati2evxx.dll
O20 - Winlogon Notify: WlDimsStartup - C:\WINDOWS\System32\%SystemRoot%\System32\dimsntfy.dll
O20 - Winlogon Notify: WLEventStartup - C:\WINDOWS\System32\WgaLogon.dll

---\ Services NT non Microsoft et non désactivés (O23)
O23 - Service: AOL Connectivity Service (AOL ACS) - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service:  (Ati HotKey Poller) - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart (ATI Smart) - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
O23 - Service: Media Center Receiver Service (ehRecvr) - C:\WINDOWS\eHome\ehRecvr.exe
O23 - Service: Service de planification Media Center (ehSched) - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: F-Secure Gatekeeper Handler Starter (F-Secure Gatekeeper Handler Starter) - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: Fax (Fax) - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: FSBWSYS (FSBWSYS) - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
O23 - Service: FSMA (FSMA) - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: Media Center Extender Service (McrdSvc) - C:\WINDOWS\ehome\mcrdsvc.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: USBDeviceService (USBDeviceService) - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

---\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: KB910393 - KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
O40 - ASIC: (no name) - Microsoft Base Smart Card Crypto Provider Package - (not file)
O40 - ASIC: Viewpoint Media Player - {03F998B2-0E00-11D3-A498-00104B6EB52E} - C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0306003B.dll
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: Rendu VML (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Macromedia Shockwave Director 10.1 - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\WINDOWS\system32\macromed\Director\SwDir.dll
O40 - ASIC: Viewpoint Media Player - {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0306003B.dll
O40 - ASIC: Microsoft .NET Framework 1.0 Hotfix (KB887998) - {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - C:\WINDOWS\system32\danim.dll
O40 - ASIC: Macromedia Shockwave Director 10.1 - {2A202491-F00D-11cf-87CC-0020AFEECF20} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32egsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32	hemeui.dll
O40 - ASIC: Liaison de données Dynamic HTML pour Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Logiciel de navigation hors connexion - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: Media Center - {407408d4-94ed-4d86-ab69-a7f649d112ee} - C:\WINDOWS\System32undll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 C:\WINDOWS\inf\mcdftreg.inf
O40 - ASIC: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) - {411EDCF7-755D-414E-A74B-3DCD6583F589} - (not file)
O40 - ASIC: Création avancée - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Aide sur Internet Explorer - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Classes Java DirectAnimation - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file)
O40 - ASIC: Outils d'installation Internet Explorer - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Améliorations pour la navigation - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
O40 - ASIC: Accès au site MSN - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: .NET Framework - {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - (not file)
O40 - ASIC: Dossiers Web - {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - (not file)
O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer 6 - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: Fax - {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
O40 - ASIC: Microsoft .NET Framework 1.1 Hotfix (KB928366) - {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - (not file)
O40 - ASIC: Liaison de données Dynamic HTML - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: Fax Provider - {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - (not file)
O40 - ASIC: .NET Framework - {9A394342-4A68-4EBA-85A6-55B559F4E700} - (not file)
O40 - ASIC: .NET Framework - {B508B3F1-A24A-32C0-B310-85786919EF28} - (not file)
O40 - ASIC: Microsoft .NET Framework 1.0 Hotfix (KB930494) - {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - (not file)
O40 - ASIC: Polices de base Internet Explorer - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: .NET Framework - {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - (not file)
O40 - ASIC: Planificateur de tâches - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
O40 - ASIC: Aide HTML - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)
O40 - ASIC: Microsoft .NET Framework 1.0 Service Pack 3 - {EA29D410-CE41-4953-A862-2DE706A1DAD7} - (not file)
O40 - ASIC: .NET Framework - {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - (not file)
O40 - ASIC: .NET Framework - {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - (not file)

---\ Pilotes lancés au démarrage (O41)
O41 - Driver: Pilote d'unité 61883 (61883) - C:\WINDOWS\system32\DRIVERS\61883.sys
O41 - Driver: General Purpose USB Driver (adildr.sys) (ADILOADER) - C:\WINDOWS\System32\Drivers\adildr.sys
O41 - Driver: USB ADSL WAN Adapter (adiusbaw) - C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
O41 - Driver: Suppresseur d'écho acoustique (Noyau Microsoft) (aec) - C:\WINDOWS\system32\drivers\aec.sys
O41 - Driver: Service for Realtek AC97 Audio (WDM) (ALCXWDM) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
O41 - Driver: Protocole client ARP 1394 (Arp1394) - C:\WINDOWS\system32\DRIVERS\arp1394.sys
O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: (no object) (ati2mtag) - C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
O41 - Driver: Protocole client ATM ARP (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O41 - Driver: Pilote audio Stub (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys
O41 - Driver: Périphérique AVC (Avc) - C:\WINDOWS\system32\DRIVERS\avc.sys
O41 - Driver: AVFilter (AVFilter) - C:\WINDOWS\system32\drivers\AVFilter.sys
O41 - Driver: AVHook (AVHook) - C:\WINDOWS\system32\drivers\AVHook.sys
O41 - Driver: AVRec (AVRec) - C:\WINDOWS\system32\drivers\AVRec.sys
O41 - Driver: Canon BJ Scanner Port Driver (BjsPort) - C:\WINDOWS\system32\drivers\BjsPort.SYS
O41 - Driver: Décodeur sous-titre fermé (CCDECODE) - C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys
O41 - Driver: Pilote de Gestionnaire de disque logique (dmio) - C:\WINDOWS\System32\drivers\dmio.sys
O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys
O41 - Driver: Synthétiseur DLS du noyau Microsoft (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys
O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: F-Secure File System Filter (F-Secure Filter) - C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys
O41 - Driver: F-Secure Gatekeeper (F-Secure Gatekeeper) - C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSgk.sys
O41 - Driver: F-Secure File System Recognizer (F-Secure Recognizer) - C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys
O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\drivers\fltmgr.sys
O41 - Driver: Classificateur de paquets générique (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O41 - Driver: Pilote de classe HID Microsoft (hidusb) - C:\WINDOWS\system32\DRIVERS\hidusb.sys
O41 - Driver: IEEE-1284.4 Driver HPZid412 (HPZid412) - C:\WINDOWS\system32\DRIVERS\HPZid412.sys
O41 - Driver: Print Class Driver for IEEE-1284.4 HPZipr12 (HPZipr12) - C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
O41 - Driver: USB to IEEE-1284.4 Translation Driver HPZius12 (HPZius12) - C:\WINDOWS\system32\DRIVERS\HPZius12.sys
O41 - Driver: Pilote pour clavier i8042 et souris sur port PS/2 (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: Pilote de processeur Intel (intelppm) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver: Pilote du pare-feu Windows IPv6 (Ip6Fw) - C:\WINDOWS\system32\drivers\ip6fw.sys
O41 - Driver: Pilote de filtre de trafic IP (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: Pilote de tunnelage IP dans IP (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: Pilote IPSEC (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: Service énumérateur IR (IRENUM) - C:\WINDOWS\system32\DRIVERS\irenum.sys
O41 - Driver: Pilote HID de clavier (kbdhid) - C:\WINDOWS\system32\DRIVERS\kbdhid.sys
O41 - Driver: Mélangeur audio Wave de noyau Microsoft (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys
O41 - Driver: Pilote MHN (MHNDRV) - C:\WINDOWS\system32\DRIVERS\mhndrv.sys
O41 - Driver: Pilote HID de souris (mouhid) - C:\WINDOWS\system32\DRIVERS\mouhid.sys
O41 - Driver: Redirecteur client WebDav (MRxDAV) - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: Microsoft DV Camera and VCR (MSDV) - C:\WINDOWS\system32\DRIVERS\msdv.sys
O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Proxy d'horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Pilote BIOS de gestion de systèmes Microsoft (mssmbios) - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
O41 - Driver: Convertisseur en T/site-à-site de répartition Microsoft (MSTEE) - C:\WINDOWS\system32\drivers\MSTEE.sys
O41 - Driver: Codec NABTS/FEC VBI (NABTSFEC) - C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
O41 - Driver: Connection TV/vidéo Microsoft (NdisIP) - C:\WINDOWS\system32\DRIVERS\NdisIP.sys
O41 - Driver: Pilote TAPI NDIS d'accès distant (NdisTapi) - C:\WINDOWS\system32\DRIVERS
distapi.sys
O41 - Driver: NDIS mode utilisateur E/S Protocole (Ndisuio) - C:\WINDOWS\system32\DRIVERS
disuio.sys
O41 - Driver: Pilote réseau étendu NDIS d'accès distant (NdisWan) - C:\WINDOWS\system32\DRIVERS
diswan.sys
O41 - Driver: Interface NetBIOS (NetBIOS) - C:\WINDOWS\system32\DRIVERS
etbios.sys
O41 - Driver: NetBIOS sur TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS
etbt.sys
O41 - Driver: Pilote réseau 1394 (NIC1394) - C:\WINDOWS\system32\DRIVERS
ic1394.sys
O41 - Driver: Pilote de filtre de trafic IPX (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS
wlnkflt.sys
O41 - Driver: Pilote de transfert de trafic IPX (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS
wlnkfwd.sys
O41 - Driver: Contrôleurs hôte IEEE 1394 compatible OHCI (ohci1394) - C:\WINDOWS\system32\DRIVERS\ohci1394.sys
O41 - Driver: PCLEPCI (PCLEPCI) - C:\WINDOWS\system32\drivers\pclepci.sys
O41 - Driver: Miniport réseau étendu (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERSaspptp.sys
O41 - Driver: Planificateur de paquets QoS (PSched) - C:\WINDOWS\system32\DRIVERS\psched.sys
O41 - Driver: Pilote de liaison parallèle directe (Ptilink) - C:\WINDOWS\system32\DRIVERS\ptilink.sys
O41 - Driver: PxHelp20 (PxHelp20) - C:\WINDOWS\System32\Drivers\PxHelp20.sys
O41 - Driver: Pilote de connexion automatique d'accès distant (RasAcd) - C:\WINDOWS\system32\DRIVERSasacd.sys
O41 - Driver: Miniport réseau étendu (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERSasl2tp.sys
O41 - Driver: Pilote PPPOE d'accès à distance (RasPppoe) - C:\WINDOWS\system32\DRIVERSaspppoe.sys
O41 - Driver: Parallèle direct (Raspti) - C:\WINDOWS\system32\DRIVERSaspti.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERSdbss.sys
O41 - Driver: Pilote de redirecteur de périphérique Terminal Server (rdpdr) - C:\WINDOWS\system32\DRIVERSdpdr.sys
O41 - Driver: Pilote de filtre de lecture digitale de CD audio (redbook) - C:\WINDOWS\system32\DRIVERSedbook.sys
O41 - Driver: Realtek 10/100/1000 NIC Family all in one NDIS XP Driver (RTL8023xp) - C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
O41 - Driver: Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) (rtl8139) - C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\system32\DRIVERS\secdrv.sys
O41 - Driver: USB Filter Driver (ser2pl) - C:\WINDOWS\system32\DRIVERS\ser2pl.sys
O41 - Driver: Détrameur décalage BDA (SLIP) - C:\WINDOWS\system32\DRIVERS\SLIP.sys
O41 - Driver: Splitter audio du noyau Microsoft (splitter) - C:\WINDOWS\system32\drivers\splitter.sys
O41 - Driver: DualCamera (SQTECH905C) - C:\WINDOWS\System32\Drivers\Capt905c.sys
O41 - Driver: Pilote de filtre de restauration système (sr) - C:\WINDOWS\system32\DRIVERS\sr.sys
O41 - Driver: Srv (Srv) - C:\WINDOWS\system32\DRIVERS\srv.sys
O41 - Driver: BDA IPSink (streamip) - C:\WINDOWS\system32\DRIVERS\StreamIP.sys
O41 - Driver: Pilote de bus logiciel (swenum) - C:\WINDOWS\system32\DRIVERS\swenum.sys
O41 - Driver: Synthétiseur de table de sons GC noyau Microsoft (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys
O41 - Driver: Périphérique audio système du noyau Microsoft (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys
O41 - Driver: Pilote du protocole TCP/IP (Tcpip) - C:\WINDOWS\system32\DRIVERS	cpip.sys
O41 - Driver: Pilote de mise à jour microcode (Update) - C:\WINDOWS\system32\DRIVERS\update.sys
O41 - Driver: Pilote parent générique USB Microsoft (usbccgp) - C:\WINDOWS\system32\DRIVERS\usbccgp.sys
O41 - Driver: Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0 (usbehci) - C:\WINDOWS\system32\DRIVERS\usbehci.sys
O41 - Driver: Pilote de concentrateur standard USB Microsoft (usbhub) - C:\WINDOWS\system32\DRIVERS\usbhub.sys
O41 - Driver: Pilote miniport de contrôleur hôte ouvert USB Microsoft (usbohci) - C:\WINDOWS\system32\DRIVERS\usbohci.sys
O41 - Driver: Classe d'imprimantes USB Microsoft (usbprint) - C:\WINDOWS\system32\DRIVERS\usbprint.sys
O41 - Driver: Pilote de scanneur USB (usbscan) - C:\WINDOWS\system32\DRIVERS\usbscan.sys
O41 - Driver: Pilote de stockage de masse USB (usbstor) - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
O41 - Driver: Pilote ARP IP d'accès distant (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: WAN Miniport (ATW) (wanatw) - C:\WINDOWS\system32\DRIVERS\wanatw4.sys
O41 - Driver: Pilote WINMM de compatibilité audio WDM Microsoft (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys
O41 - Driver: Codec Teletext standard (WSTCODEC) - C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Platform Driver (WudfPf) - C:\WINDOWS\system32\DRIVERS\WudfPf.sys
O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Reflector (WudfRd) - C:\WINDOWS\system32\DRIVERS\wudfrd.sys

---\ Logiciels installés (O42)
O42 - Logiciel: Adobe Acrobat 4.0
O42 - Logiciel: AOL (France)
O42 - Logiciel: Module de connectivité AOL
O42 - Logiciel: Ecran de veille AOL Photos
O42 - Logiciel: AOL Coach Version 1.0(Build:20040229.1 fr)
O42 - Logiciel: ATI Display Driver
O42 - Logiciel: AntiVirus Firewall
O42 - Logiciel: Intel A/V Codecs V2.0
O42 - Logiciel: Browser Performance Tool Mxlivemedia
O42 - Logiciel: Electronic Arts Game Updater
O42 - Logiciel: Wanadoo
O42 - Logiciel: RON Tool Mxlivemedia
O42 - Logiciel: HP Document Viewer 7.0
O42 - Logiciel: HP Imaging Device Functions 7.0
O42 - Logiciel: HP Photosmart Premier Software 6.5
O42 - Logiciel: Photo et imagerie HP 2.0 - hp psc 2200 series
O42 - Logiciel: HP Solution Center 7.0
O42 - Logiciel: HP Customer Participation Program 7.0
O42 - Logiciel: OCR Software by I.R.I.S 7.0
O42 - Logiciel: INFORAD MANAGER 3.3
O42 - Logiciel: Canon Utilities PhotoStitch 3.1
O42 - Logiciel: Canon RemoteCapture Task for ZoomBrowser EX
O42 - Logiciel: Canon Internet Library for ZoomBrowser EX
O42 - Logiciel: Canon RAW Image Task for ZoomBrowser EX
O42 - Logiciel: SmartSound Quicktracks Plugin
O42 - Logiciel: Canon Camera Window DVC for ZoomBrowser EX
O42 - Logiciel: Canon MovieEdit Task for ZoomBrowser EX
O42 - Logiciel: Canon Camera Window DS for ZoomBrowser EX
O42 - Logiciel: Canon Camera Support Core Library
O42 - Logiciel: Canon Camera Window for ZoomBrowser EX
O42 - Logiciel: Windows Media Format SDK Hotfix - KB891122
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130)
O42 - Logiciel: Hotfix for Windows Media Player 10 (KB903157)
O42 - Logiciel: Package de base Microsoft de service de chiffrement pour cartes à puce
O42 - Logiciel: Windows XP Media Center Edition 2005 KB925766
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399)
O42 - Logiciel: Security Update for CAPICOM (KB931906)
O42 - Logiciel: LimeWire 4.16.6
O42 - Logiciel: LiveUpdate 3.2 (Symantec Corporation)
O42 - Logiciel: Microsoft .NET Framework 1.1 Hotfix (KB928366)
O42 - Logiciel: MAGIX playR jukebox
O42 - Logiciel: MAGIX video deLuxe 2.0
O42 - Logiciel: Microsoft .NET Framework 1.1
O42 - Logiciel: Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP
O42 - Logiciel: MSN
O42 - Logiciel: Nero Suite
O42 - Logiciel: PC Tools AntiVirus 5.0
O42 - Logiciel: proDAD Heroglyph 2.5
O42 - Logiciel: QuickTime
O42 - Logiciel: RealPlayer Basic
O42 - Logiciel: Registry Mechanic 7.0
O42 - Logiciel: Adobe Flash Player 9 ActiveX
O42 - Logiciel: Packard Bell - Skype 2.0
O42 - Logiciel: Learn2 Player (Uninstall Only)
O42 - Logiciel: Ulead iPhoto Express 1.1
O42 - Logiciel: Viewpoint Media Player
O42 - Logiciel: Wanadoo Messager
O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474)
O42 - Logiciel: Windows Imaging Component
O42 - Logiciel: Windows Live Toolbar
O42 - Logiciel: Windows Media Format 11 runtime
O42 - Logiciel: Lecteur Windows Media 11
O42 - Logiciel: Windows XP Service Pack 3
O42 - Logiciel: Windows Media Player 11
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0
O42 - Logiciel: Microsoft Office 2000 Premium
O42 - Logiciel: Sonic RecordNow Data
O42 - Logiciel: Canon PhotoRecord
O42 - Logiciel: ATI Control Panel
O42 - Logiciel: Extension de Windows Live Toolbar (Windows Live Toolbar)
O42 - Logiciel: Menus intelligents (Windows Live Toolbar)
O42 - Logiciel: IS Scan 2
O42 - Logiciel: Sonic MyDVD LE
O42 - Logiciel: Google Toolbar for Internet Explorer
O42 - Logiciel: Sonic Update Manager
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 4
O42 - Logiciel: MSXML 4.0 SP2 (KB927978)
O42 - Logiciel: Studio 10
O42 - Logiciel: SAGEM F@st 800-840
O42 - Logiciel: Music Manager
O42 - Logiciel: Sonic Express Labeler
O42 - Logiciel: PowerDVD
O42 - Logiciel: DVD de bonus Studio 10
O42 - Logiciel: Photo et imagerie HP 2.0 - All-in-One Pilote
O42 - Logiciel: Code de la Route Deluxe 2008
O42 - Logiciel: LiveUpdate BVRP Software
O42 - Logiciel: Windows Live Favorites pour Windows Live Toolbar
O42 - Logiciel: DivX
O42 - Logiciel: Macromedia Shockwave Player
O42 - Logiciel: Surligneur (Windows Live Toolbar)
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: hp psc 2200 series
O42 - Logiciel: Photo et imagerie HP 2.0 - All-in-One
O42 - Logiciel: Microsoft .NET Framework 1.1 French Language Pack
O42 - Logiciel: Microsoft Works 2000
O42 - Logiciel: Galerie de photos Windows Live
O42 - Logiciel: DiscAPI (Studio 10)
O42 - Logiciel: Sonic RecordNow Audio
O42 - Logiciel: Adobe Reader 7.0 - Français
O42 - Logiciel: Assistant de connexion Windows Live
O42 - Logiciel: Sonic RecordNow Copy
O42 - Logiciel: Disque de souvenirs HP
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 1
O42 - Logiciel: Windows Live Messenger
O42 - Logiciel: HP Software Update
O42 - Logiciel: HP Photosmart, Officejet and Deskjet 7.0.A
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: Canon ZoomBrowser EX
O42 - Logiciel: Popsicle
O42 - Logiciel: RAPID (Studio 10)
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU]
O42 - Logiciel: mobile PhoneTools
O42 - Logiciel: Realtek AC'97 Audio
O42 - Logiciel: Windows Live installer

---\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
O47 - AAKE:Key Export - "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
O47 - AAKE:Key Export - "C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
O47 - AAKE:Key Export - "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
O47 - AAKE:Key Export - "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
O47 - AAKE:Key Export - "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
O47 - AAKE:Key Export - "C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
O47 - AAKE:Key Export - "C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
O47 - AAKE:Key Export - "C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
O47 - AAKE:Key Export - "C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
O47 - AAKE:Key Export - "C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\backWeb-1044199.exe"="C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\backWeb-1044199.exe:*:Disabled:backWeb-1044199"
O47 - AAKE:Key Export - "C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
O47 - AAKE:Key Export - "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
O47 - AAKE:Key Export - "F:\StubInstaller.exe"="F:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
O47 - AAKE:Key Export - "C:\Documents and Settings\gilles\Bureau\StubInstaller.exe"="C:\Documents and Settings\gilles\Bureau\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
O47 - AAKE:Key Export - "C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe"="C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
O47 - AAKE:Key Export - "C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe"="C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe:*:Enabled:Antivirus Firewall"
O47 - AAKE:Key Export - "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
O47 - AAKE:Key Export - "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
O47 - AAKE:Key Export - "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
O47 - AAKE:Key Export - "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
O47 - AAKE:Key Export - "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
O47 - AAKE:Key Export - "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
O47 - AAKE:Key Export - "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
O47 - AAKE:Key Export - "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
O47 - AAKE:Key Export - "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
O47 - AAKE:Key Export - "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
O47 - AAKE:Key Export - "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
O47 - AAKE:Key Export - "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
O47 - AAKE:Key Export - "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
O47 - AAKE:Key Export - "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
O47 - AAKE:Key Export - "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
O47 - AAKE:Key Export - "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
O47 - AAKE:Key Export - "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
O47 - AAKE:Key Export - "C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
O47 - AAKE:Key Export - "C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe"="C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe:*:Enabled:Antivirus Firewall"
O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
O47 - AAKE:Key Export - "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

---\ Déni du service Local Security Authority (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll


End of the scan:







merci d'avannce

Cheval de troie

17 réponses

Votre réponse

Discussions similaires

Newsletters