Ask a question Report

Trojan Virus affecting my anti-virus

loukas78 19Posts Thursday October 20, 2011Registration date November 3, 2011 Last seen - Latest answer on Nov 12, 2011 10:06AM
Hello, guys!
It seems that bad habbits die hard...
As you may remember (especially Ambucias and Suundar) 1 week ago i installed the AVG free edition on my PC (HP Pavillon dv6000 series) after a virus infection.
Everything seemed to worked nice till yesterday night when AVG blocked a trojan attack. After a while i shut down my laptop and today first thing in the morning i found out that the winamp shortcut did not work. Moreover the AVG icon was missing from the notification area. MSCONFIG command showed that AVG starts same time with my PC but its icon was missing. I also could not operate-run AVG so i uninstalled it.
I suspect some suspicious things are going on.
I also found (through CTRL +ALT+DEL) that a strange 1159008889:2263739066.exe exist on C/WINDOWS. I downloaded avast, it found it (together with a whole bunch of other stuff) but could not eliminate it.
Can you please give me your input on what should i do? Is my PC infected again?
Thank you
P.S. During all these processes my PC has automatically rebooted 3-4 times which was also rare
Read more 
Answer
+0
moins plus
Sorry to say your PC has been infected with zero access rootkit.

Please boot into safemode with networking

Download this

http://download.bleepingcomputer.com/sUBs/dds.scr

Save it on desktop,run it ,a command prompt window will pop up ,

after that you will get two logs

dds.txt
attach.txt

Please upload the dds.txt file to

http://www.speedyshare.com/

and paste the link here
Add comment
Answer
+0
moins plus
I did what you said.
5 seconds after the program started running the black command window closed and i guess the run was interrupted. NO dds.txt or attach.txt files were found.
I got the impression something blocked this operation...
Add comment
Answer
+0
moins plus
Good ol Loukas,

Let's take a good inside look:

Open this link and download ZHPDiag2 :

http://telechargement.zebulon.fr/telecharger-zhpdiag.html


Save the file on your Desktop.

Double click on ZHPDiag.exe and follow the instructions.

the tool created two icons ZHPDiag and ZHPFix (we will use ZHPFix at the next step).

Double click on the short cut ZHPDiag on your Destktop.

Click on the Magnifying glass and run the analysys.

Wait for the tool to finished (maybe a long time)

Close ZHPDiag.


To transmit the report, click on this link :

http://www.speedyshare.com/

Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\Program Files\ZHPDiag).

Select the file ZHPDiag.txt.

Click on "upload »

Copy the url and post it here
Add comment
Answer
+0
moins plus
Just finished the scan.
I did everything as you said. However, after the scan completion the ZHPDiag window automatically shutdown.
I then went to the C:\Program Files\ZHPDiag folder but the report wasn't there...
Something is stopping all these...and not letting them follow the right procedures

If i try to rerun the ZHPDiag i get the message "Windows can not access the specified device, path, or file. You might not have the appropriate permissions to access the item."
Very very strange...
Add comment
Answer
+0
moins plus
Loukas,

The error may come that you previously had ZHP Diag in your system and traces of it may still be there.

You must totally uninstall ZHP with the add/remove utility and then make a search for it "ZHP" a delete all the files.

When successful, the log should appear on your desktop.

Must log off now for 10 hours.

Let me know.

Ambucias
Add comment
Answer
+0
moins plus
i will get back to you ASAP
Add comment
Answer
+0
moins plus
First step, boot your system in safe mode with networking

1. Download Combofix to your desktop.

http://www.combofix.org/download.php

2.Close all open Windows including this one.

Close or disable all running Antivirus,(AVG) Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

3. Double click on the ComboFix icon.

Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.

4. Accept the disclaimer and the recovery

5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.

ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.


Do not work on the PC when combofix scans.Please restart twice or thrice if you face internet issues.

If you still face issues with internet after running combofix

http://www.snapfiles.com/get/winsockxpfix.html

run this.

Now run zhpdiag after running combofix ,please post the CF logs and zhpdiag logs here
Add comment
Answer
+0
moins plus
First, once you have cleaned up ZHP Diag and downloaded again, to outwit the virus, before launching it, try to change its name to explore.exe

If you are unsuccessful, go to your root c:/ and try to locate any numbered files. Delete them.

Go back to : alt+ctrl+del and delete: 1159008889:2263739066.exe

Try then to launch ZHP

Let me know
Add comment
Answer
+0
moins plus
I followed suundar procedure since it was written first.
CF recognized a rootkit.zeroaccess and did its stuff...
Currently i have two issues:
1st. I can't connect to internet even though i have a connection on my PC (rooter is working fine, i checked it with another laptop,).
2nd. Rebooting is very slow. Specifically after restart, the welcome screen appears but after that a black window remains on my screen for at least 1min. This is something strange. It didn't happen before

Here are the CF and ZHP logs.

ComboFix 11-11-03.05 - MAKIS 11/03/2011 18:06:23.1.2 - x86 NETWORK
Microsoft® Windows Vista(TM) Home Premium 6.0.6002.2.1252.1.1033.18.1013.659 [GMT -5:00]
Running from: c:\users\MAKIS\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Update
c:\users\MAKIS\AppData\Local\79121545\U
c:\users\MAKIS\AppData\Local\79121545\U\80000000.@
c:\windows\1159008889
c:\windows\HPCPCUninstaller-6.3.2.139-6811507.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-03 to 2011-11-03 )))))))))))))))))))))))))))))))
.
.
2011-11-03 23:14 . 2011-11-03 23:14 -------- d-----w- c:\users\MAKIS\AppData\Local\temp
2011-11-03 23:14 . 2011-11-03 23:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-03 11:30 . 2011-11-03 11:30 100864 ----a-w- C:\kgloypod.sys
2011-11-03 10:48 . 2011-11-03 10:55 -------- d-----w- C:\ZHP
2011-11-02 23:38 . 2011-11-02 23:38 388096 ----a-r- c:\users\MAKIS\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-02 23:38 . 2011-11-02 23:38 -------- d-----w- c:\program files\Trend Micro
2011-11-02 19:45 . 2011-11-03 00:06 -------- d-----w- c:\programdata\AVAST Software
2011-11-02 19:45 . 2011-11-02 19:45 -------- d-----w- c:\program files\AVAST Software
2011-11-02 14:30 . 2011-11-02 14:30 -------- d--h--w- c:\windows\PIF
2011-11-02 12:49 . 2011-11-02 12:49 -------- d-----w- c:\users\MAKIS\AppData\Local\DDMSettings
2011-11-01 22:43 . 2011-11-01 22:43 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-01 22:32 . 2011-11-03 23:13 -------- d-sh--w- c:\users\MAKIS\AppData\Local\79121545
2011-10-29 04:29 . 2011-10-29 04:29 -------- d-----w- c:\users\MAKIS\AppData\Local\Sunbelt Software
2011-10-24 20:48 . 2011-10-24 20:48 -------- d--h--w- c:\programdata\Common Files
2011-10-24 20:48 . 2011-11-02 10:03 -------- d-----w- c:\programdata\MFAData
2011-10-24 15:19 . 2011-10-24 19:48 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2011-10-23 15:42 . 2011-10-23 15:54 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2011-10-23 15:32 . 2011-11-03 11:20 -------- d-----w- c:\program files\ZHPDiag
2011-10-22 18:34 . 2011-10-22 18:34 -------- d-----w- c:\programdata\ParetoLogic
2011-10-22 18:33 . 2011-10-22 18:33 -------- d-----w- c:\programdata\Cached Installations
2011-10-22 04:00 . 2011-10-22 04:00 -------- d-----w- c:\program files\Recuva
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-01 22:38 . 2011-05-16 07:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-05 09:33 . 2009-11-12 19:18 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-05 09:33 . 2011-09-05 13:55 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-09-03 14:51 . 2003-03-19 04:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-09-03 14:51 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-08-31 21:00 . 2009-12-24 14:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/..." [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk
backup=c:\windows\pss\HP Connections.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2006-11-02 09:45 8704 ----a-w- c:\windows\System32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2006-11-28 23:42 46704 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 07:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2006-10-18 17:32 472800 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-08-31 21:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nMTaskBarService]
2005-05-06 17:19 90112 ----a-w- c:\windows\nMtsk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2006-11-06 18:58 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2006-11-24 23:33 167936 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-28 07:05 1045800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2006-10-18 17:56 317152 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 04:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 04:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2702659663-2037236513-2545033368-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 DCamUSBUVT;ICM532A;c:\windows\system32\Drivers\usbuvt.sys [2002-07-10 95232]
R3 EHZ;EHZ;c:\users\MAKIS\AppData\Local\Temp\EHZ.exe [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-10-29 2152152]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-08-18 15232]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-10-18 73344]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-10-18 43904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WVKW;WVKW;c:\users\MAKIS\AppData\Local\Temp\WVKW.exe [x]
R3 XHMF;XHMF;c:\users\MAKIS\AppData\Local\Temp\XHMF.exe [x]
R4 nMtskService;nMtskBar Service;c:\windows\nMtsk.exe [2005-05-06 90112]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-03 c:\windows\Tasks\User_Feed_Synchronization-{EB12E85B-485F-4282-A970-7F520AED81E8}.job
- c:\windows\system32\msfeedssync.exe [2011-09-01 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-70715535.sys
SafeBoot-78696367.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-03 18:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2702659663-2037236513-2545033368-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05013706-D494-0222-70EE-B942554B457E}*]
"oaconcoighfmcjpheofhafloahnngc"=hex:69,61,62,6b,6c,67,65,6f,61,6d,6f,6e,69,65,
6b,63,64,69,00,01
"naenhcccnlelijnbddibbldhceff"=hex:6a,61,6f,6b,63,65,6f,68,62,62,62,6d,62,6b,
70,66,70,70,65,61,00,17
"oaomhgfpkblobjegeogjkfjognchbl"=hex:64,61,6a,6b,6a,65,64,63,00,41
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-03 18:17:12
ComboFix-quarantined-files.txt 2011-11-03 23:16
.
Pre-Run: 42,975,121,408 bytes free
Post-Run: 43,055,730,688 bytes free

.
- - End Of File - - FA68A6260DB31CD168398F004CBB2960
Add comment
Answer
+0
moins plus
Here is the ZHP log

Rapport de ZHPDiag v1.28.2155 par Nicolas Coolman, Update du 28/10/2011
Run by MAKIS at 11/3/2011 6:36:33 PM
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
State :


---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.19019 (Defaut)
OPIE: Opera v10.62

---\\ Windows Product Information
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows Automatic Updates : OK

---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1013.3 MB (31% free)
System Restore: Activé (Enable)
System drive C: has 39 GB (37%) free of 105 GB

---\\ Logged in mode
~ Computer Name: MAKIS-PC
~ User Name: MAKIS
~ All Users Names: MAKIS, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\MAKIS\AppData\Roaming\
~ %Desktop% : C:\Users\MAKIS\Desktop\
~ %Favorites% : C:\Users\MAKIS\Favorites\
~ %LocalAppData% : C:\Users\MAKIS\AppData\Local\
~ %StartMenu% : C:\Users\MAKIS\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\system32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 39 Go of 105 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 7 Go)
E:\ CD-ROM drive (Not Inserted)
H:\ CD-ROM drive (Free 0 Go of 0 Go)
I:\ Floppy drive, Flash card reader, USB Key (Free 1 Go of 4 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoStartMenuSubFolder: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoResolveSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoClose: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoDispScrSavPage: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK
~ Scan Security Center in 00mn AMs



---\\ Search Generic System Files
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Windows Explorer.) (.12/19/2009 - 10:27:38 PM.) -- C:\Windows\Explorer.exe [2926592]
[MD5.4B555106290BD117334E9A08761C035A] - (....) (.11/2/2006 - 3:45:37 AM.) -- C:\Windows\system32\rundll32.exe [44544]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Windows Start-Up Application.) (.12/19/2009 - 10:33:38 PM.) -- C:\Windows\system32\Wininit.exe [96768]
[MD5.74BCC23D622F32DA0450D164735ACAB1] - (.Microsoft Corporation - Internet Extensions for Win32.) (.9/1/2011 - 12:27:04 AM.) -- C:\Windows\system32\wininet.dll [916480]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Windows Logon Application.) (.12/19/2009 - 10:28:14 PM.) -- C:\Windows\system32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.9/1/2011 - 7:58:27 AM.) -- C:\Windows\system32\drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.12/19/2009 - 10:32:28 PM.) -- C:\Windows\system32\drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.12/19/2009 - 8:28:04 PM.) -- C:\Windows\system32\drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.12/19/2009 - 8:39:18 PM.) -- C:\Windows\system32\drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.9/1/2011 - 8:59:03 AM.) -- C:\Windows\system32\drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.12/19/2009 - 8:42:44 PM.) -- C:\Windows\system32\drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - i8042 Port Driver.) (.12/19/2009 - 8:49:20 PM.) -- C:\Windows\system32\drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.12/19/2009 - 8:56:30 PM.) -- C:\Windows\system32\drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.9/1/2011 - 7:24:40 AM.) -- C:\Windows\system32\drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.12/19/2009 - 8:45:38 PM.) -- C:\Windows\system32\drivers\netBT.sys [185856]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - NT File System Driver.) (.12/19/2009 - 10:32:50 PM.) -- C:\Windows\system32\drivers\ntfs.sys [1083880]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Parallel Port Driver.) (.11/2/2006 - 2:51:30 AM.) -- C:\Windows\system32\drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.12/19/2009 - 8:56:36 PM.) -- C:\Windows\system32\drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.11/2/2006 - 3:03:00 AM.) -- C:\Windows\system32\drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.12/19/2009 - 8:45:24 PM.) -- C:\Windows\system32\drivers\smb.sys [66560]
~ Scan Generic Processes in 00mn AMs



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/3
~ Mes Videos (My Videos) : 1/6
~ Mes Favoris (My Favorites) : 3/37
~ Mes Documents (My Documents) : 304/20172
~ Mon Bureau (My Desktop) : 1/400
~ Menu demarrer (Programs) : 6/33
~ Scan Hidden Files in 41mn AMs



---\\ Running Processes
[MD5.B9E350C3EEE748E332251274DEC33829] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IELowutil.exe [115712] [PID.3076]
[MD5.9F323EEAFAD860204EAA0630E0A3D7F9] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\HRA\ZHPDiag.exe [696320] [PID.3224]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.3432]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Microsoft Software Licensing Service.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.]
~ Scan Processes Running in 01mn AMs



---\\ Opera, Plugins,Start,Search (P1,B0,B1)
B0 - SPO: operaprefs.ini [MAKIS] Home URL=http://www.google.com
B1 - OSP: search.ini [MAKIS] URL=http://www.google.com
B1 - OSP: search.ini [MAKIS] URL=http://yahoo.opera.com/search/?q=%s&fr=opera2
B1 - OSP: search.ini [MAKIS] URL=http://www.google.com/search?q=%s&sourceid=opera&num=%i&ie=utf-8&oe=utf-8
P1 - OPN:Opera Plugin Navigator . (.Medical Informatics Engineering, Inc. - AlternaTIFF v1.8.3.) -- C:\Program Files\Opera\Program\Plugins\npzzatif.dll
~ Scan Opera Browser in 00mn AMs



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@bittorrent.com/BitTorrentDNA] - (.BitTorrent, Inc. - Scripting bridge to the BitTorrent(TM) Engine.) -- C:\Program Files\BitTorrent_DNA\npbtdna.dll
P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (.DivX, LLC - DivX Web Player version 2.1.2.265.) -- C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
P2 - FPN: [HKLM] [@divx.com/DivX VOD Helper,version=1.0.0] - (.DivX, LLC. - DivX VOD Helper Plug-in.) -- C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60531.0.) -- c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.4] - (.Microsoft Corp. - Office Live Update v1.4.) -- C:\Program Files\Microsoft\Office Live\npOLW.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@veetle.com/vbp;version=0.9.17] - (.Veetle Inc - Version 0.9.17, copyright 2008-2010 Veetle Inc<br><a href="http://www..) -- C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
P2 - FPN: [HKLM] [@veetle.com/veetleCorePlugin,version=0.9.17] - (.Veetle Inc - Version 0.9.17, Copyright 2006-2009 Veetle Inc<br><a href="http://www..) -- C:\Program Files\Veetle\plugins\npVeetle.dll
P2 - FPN: [HKLM] [@veetle.com/veetlePlayerPlugin,version=0.9.17] - (.Veetle Inc - Version 0.9.17, copyright 2006-2010 Veetle Inc<br><a href="http://www..) -- C:\Program Files\Veetle\Player\npvlc.dll
~ Scan Firefox Browser in 00mn AMs



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)) -- C:\Windows\system32\ieframe.dll
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
~ Scan IE Browser in 00mn AMs



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn AMs



---\\ Changed inifile Value, Mapped to Registry (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Scan Keys in 00mn AMs



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn AMs



---\\ Browser Helper Objects (O2)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} . (.Yahoo! Inc. - Yahoo! Toolbar.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} . (.DivX, LLC - DivX Plus Web Player HTML5 <video> version.) -- C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
~ Scan BHO in 00mn AMs



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Yahoo! Inc. - Yahoo! Toolbar.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
~ Scan Toolbar in 00mn AMs



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exeKTUgtNDJBT0EtSzZIVTk"&"inst=NzctODg5OTEyMzg2LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1834"&"mid=de47fa1e308047d186e8d15f70275d2d-0b6be6138a9768543f526becaf10a6b83c57ff0c
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-2702659663-2037236513-2545033368-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Scan Application in 00mn AMs



---\\ Other User Links (O4)
O4 - Global Startup: C:\Users\MAKIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\MAKIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\myTV.exe.lnk . (.Home.) -- C:\Program Files\myTV\myTV.exe
O4 - Global Startup: C:\Users\MAKIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Merger Pro.lnk . (...) -- C:\Users\MAKIS\AppData\Roaming\Microsoft\Installer\{209962E3-F989-416B-A31E-76CF8DEEFF36}\_A7AE4FD7D48863B99149CB.exe
O4 - Global Startup: C:\Users\MAKIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast.lnk . (.www.sopcast.com.) -- C:\Program Files\SopCast\SopCast.exe
O4 - Global Startup: C:\Users\MAKIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\MAKIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\MAKIS\Desktop\MWSnap 3.lnk . (.Mirek Wojtowicz.) -- C:\Program Files\MWSnap\MWSnap.exe
O4 - Global Startup: C:\Users\MAKIS\Desktop\PDF Merger Pro.lnk . (...) -- C:\Users\MAKIS\AppData\Roaming\Microsoft\Installer\{209962E3-F989-416B-A31E-76CF8DEEFF36}\_1F8074C70CB3D56489FEA4.exe
O4 - Global Startup: C:\Users\MAKIS\Desktop\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\MAKIS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\MAKIS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera.lnk . (.Opera Software.) -- C:\Program Files\Opera\opera.exe
O4 - Global Startup: C:\Users\MAKIS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\POLYLEX - Shortcut.lnk . (.Magenta ltd.) -- C:\Program Files\Greek-English Dictionary\POLYLEX.EXE
~ Scan Global Startup in 00mn AMs



---\\ Extra items in the IE right-click menu (O8)
O8 - Extra context menu item: E&xport to Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.exe
~ Scan IE Menu Contextuel in 00mn AMs



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} -- Orphean Key
O9 - Extra button: Skype add-on for Internet Explorer - {77BF5300-1474-4EC7-9980-D32B190E9B07} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\favicon.ico
O9 - Extra button: Skype add-on for Internet Explorer - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\PROGRA~1\MICROS~3\OFFICE11\REFBARH.ICO
~ Scan IE Extra Buttons in 00mn AMs



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service Provider.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - E-mail Naming Shim Provider.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service Provider.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
~ Scan Winsock in 00mn AMs



---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Scan Objets ActiveX in 00mn AMs



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C7D09FE-5715-499A-B9F3-250BC139D504}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF03C2AC-CCC3-4B53-88F4-A9F3B9251614}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C7D09FE-5715-499A-B9F3-250BC139D504}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{AF03C2AC-CCC3-4B53-88F4-A9F3B9251614}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{4C7D09FE-5715-499A-B9F3-250BC139D504}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{AF03C2AC-CCC3-4B53-88F4-A9F3B9251614}: DhcpNameServer = 192.168.1.1
~ Scan Domain in 00mn AMs



---\\ Extra protocols (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\system32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\system32\mshtml.dll
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\system32\mshtml.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\system32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} . (.Microsoft Corporation - Microsoft Office XP Web Components.) -- C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} . (.Microsoft Corporation - Microsoft Office Web Components 2003.) -- C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\system32\mshtml.dll
O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\system32\mshtml.dll
O18 - Handler: vsharechrome - Y . (...) --
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
~ Scan Protocole Additionnel in 00mn AMs



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\system32\igfxdev.dll
~ Scan Winlogon in 00mn AMs



---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\Windows\System32\webcheck.dll
~ Scan SSODL in 00mn AMs



---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\Windows\system32\browseui.dll
~ Scan STS/SSO in 00mn AMs



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn AMs



---\\ BootExecute (O34)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
~ Scan Keys in 00mn AMs



---\\ Task Planned Automatically(039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\User_Feed_Synchronization-{EB12E85B-485F-4282-A970-7F520AED81E8}.job
[MD5.00000000000000000000000000000000] [APT] [Dr.Web Daily scan] (...) -- C:\Program Files\DrWeb\drweb32w.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [Dr.Web Update] (...) -- C:\Program Files\DrWeb\DrWebUpW.exe (.not file.)
[MD5.7C1A45DA07D669AC4BB4678E53D0D1E2] [APT] [HP Health Check] (.Hewlett-Packard.) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[MD5.19F30AAEED0460ECF72D983C4E140152] [APT] [IntenetServiceOffers] (...) -- C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe
[MD5.00000000000000000000000000000000] [APT] [RealUpgradeLogonTaskS-1-5-21-2702659663-2037236513-2545033368-1000] (...) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [RealUpgradeScheduledTaskS-1-5-21-2702659663-2037236513-2545033368-1000] (...) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{52697FB7-6879-430B-A896-5C2C463CC55C}] (...) -- C:\Users\MAKIS\AppData\Local\Temp\Temp1_photoshop7.zip\Adobe Photoshop 7.0\Setup.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{6B58D991-4204-409C-846B-635DBD3E96EA}] (...) -- C:\Users\MAKIS\AppData\Local\Temp\Temp1_nMsetup322_NET_ML.zip\SelLangnMsetup.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{C8DE2DC9-4DE9-4501-9524-8102D4E65A7F}] (...) -- C:\Program Files\AVG\AVG2012\avgmfapx.exe (.not file.)
~ Scan Scheduled Task in 04mn AMs



---\\ Drivers launched at startup (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys
O41 - Driver: (eabfiltr) . (.Hewlett-Packard Development Company, L.P. - QLB PS/2 Keyboard filter driver.) - C:\Windows\system32\DRIVERS\eabfiltr.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - i8042 Port Driver.) - C:\Windows\system32\DRIVERS\i8042prt.sys
O41 - Driver: (kbdclass) . (.Microsoft Corporation - Keyboard Class Driver.) - C:\Windows\system32\DRIVERS\kbdclass.sys
O41 - Driver: (kbdhid) . (.Microsoft Corporation - HID Keyboard Filter Driver.) - C:\Windows\system32\DRIVERS\kbdhid.sys
O41 - Driver: (mouclass) . (.Microsoft Corporation - Mouse Class Driver.) - C:\Windows\system32\DRIVERS\mouclass.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys
O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys
O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - QoS Packet Scheduler.) - C:\Windows\system32\DRIVERS\pacer.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\system32\DRIVERS\rasacd.sys
O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\system32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys
O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\system32\DRIVERS\smb.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\system32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys
~ Scan Drivers in 00mn AMs



---\\ Software installed (O42)
O42 - Logiciel: 123 Audio Video Merger - (.Manitools Software.) [HKLM] -- 123 Audio Video Merger_is1
O42 - Logiciel: ASL_HS_Installer32 - (.Hewlett-Packard.) [HKLM] -- {FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
O42 - Logiciel: AVIcodec (remove only) - (.Unknown owner.) [HKLM] -- AVIcodec
O42 - Logiciel: Activation Assistant for the 2007 Microsoft Office suites - (.Microsoft Corporation.) [HKLM] -- Activation Assistant for the 2007 Microsoft Office suites
O42 - Logiciel: ActiveCheck component for HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {254C37AA-6B72-4300-84F6-98A82419187E}
O42 - Logiciel: Ad-Aware - (.Lavasoft Limited.) [HKLM] -- {385DD1DD-65AA-408D-8E70-74601C2DB7E6}
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Photoshop 7.0 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Photoshop 7.0
O42 - Logiciel: Adobe Reader 9.3.3 - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1033-7B44-A93000000001}
O42 - Logiciel: Adobe SVG Viewer 3.0 - (.Unknown owner.) [HKLM] -- Adobe SVG Viewer
O42 - Logiciel: Any Video Converter 2.5.2 - (.Any-Video-Converter.com.) [HKLM] -- Any Video Converter_is1
O42 - Logiciel: Boilsoft Video Joiner 5.01 - (.Boilsoft, Inc..) [HKLM] -- Boilsoft Video Joiner_is1
O42 - Logiciel: Clean Disk 2010 - (.AE Software Technologies.) [HKLM] -- {5C78ECB4-38A4-400D-AEDF-DCCE4A4DF30C}_is1
O42 - Logiciel: Conexant HD Audio - (.Unknown owner.) [HKLM] -- CNXT_HDAUDIO
O42 - Logiciel: Cool Music RecordEdit Station v7.4.4.57 - (.Unknown owner.) [HKLM] -- Cool Music RecordEdit Station_is1
O42 - Logiciel: DVD Region+CSS Free 5.9.8.3 - (.Fengtao Software Inc..) [HKLM] -- DVD Region+CSS Free_is1
O42 - Logiciel: Direct MP3 Joiner 2.3 - (.Piston Software.) [HKLM] -- Direct MP3 Joiner_is1
O42 - Logiciel: DivX Plus DirectShow Filters - (.DivX, Inc..) [HKLM] -- DivX Plus DirectShow Filters
O42 - Logiciel: DivX Setup - (.DivX, LLC.) [HKLM] -- DivX Setup
O42 - Logiciel: Download Updater (AOL LLC) - (.Unknown owner.) [HKLM] -- SoftwareUpdUtility
O42 - Logiciel: EPSON Scan - (.Unknown owner.) [HKLM] -- EPSON Scanner
O42 - Logiciel: EasyCleaner - (.ToniArts.) [HKLM] -- {F5346614-B7C4-4E94-826A-E2363155233D}
O42 - Logiciel: Eusing Free Registry Cleaner - (.Unknown owner.) [HKLM] -- Eusing Free Registry Cleaner
O42 - Logiciel: Free PS Convert driver 8.15 - (.Unknown owner.) [HKLM] -- Free PS Convert driver_is1
O42 - Logiciel: HDAUDIO Soft Data Fax Modem with SmartCP - (.Unknown owner.) [HKLM] -- CNXT_MODEM_HDA_HSF
O42 - Logiciel: HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {21E62565-8639-457C-B64C-A3FF0A8B4D80}
O42 - Logiciel: HP Connections (remove only) - (.Unknown owner.) [HKLM] -- HPOOVClient-6811507 Uninstaller
O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM] -- {AB5E289E-76BF-4251-9F3F-9B763F681AE0}
O42 - Logiciel: HP Easy Setup - Core - (.Hewlett-Packard.) [HKLM] -- {F94234DB-FD06-42C3-B88D-6FC4DC9F988C}
O42 - Logiciel: HP Easy Setup - Frontend - (.Hewlett-Packard.) [HKLM] -- {40F7AED3-0C7D-4582-99F6-484A515C73F2}
O42 - Logiciel: HP Help and Support - (.Hewlett-Packard.) [HKLM] -- {E4DDBA93-769B-49D8-BA33-8814E45ED0C1}
O42 - Logiciel: HP Pavilion Webcam Driver for Vista v061.001.00006 - (.Chicony.) [HKLM] -- {5CA81D12-9EC2-4082-972B-43ECA63F41F2}
O42 - Logiciel: HP Quick Launch Buttons 6.10 B9 - (.Hewlett-Packard.) [HKLM] -- {34D2AB40-150D-475D-AE32-BD23FB5EE355}
O42 - Logiciel: HP QuickPlay 3.0 - (.Unknown owner.) [HKLM] -- {45D707E9-F3C4-11D9-A373-0050BAE317E1}
O42 - Logiciel: HP Total Care Advisor - (.Hewlett-Packard.) [HKLM] -- {A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}
O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {8C6027FD-53DC-446D-BB75-CACD7028A134}
O42 - Logiciel: HP User Guide 0048 - (.Hewlett-Packard.) [HKLM] -- {ED4905E3-2B32-4DD8-BC14-7CAFD30E9ECD}
O42 - Logiciel: HP Wireless Assistant - (.Hewlett-Packard.) [HKLM] -- {02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}
O42 - Logiciel: HPAsset component for HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {669D4A35-146B-4314-89F1-1AC3D7B88367}
O42 - Logiciel: HPNetworkAssistant - (.Hewlett-Packard..) [HKLM] -- {228C6B46-64E2-404E-898A-EF0830603EF4}
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Unknown owner.) [HKLM] -- HDMI
O42 - Logiciel: Intel(R) Network Connections Drivers - (.Unknown owner.) [HKLM] -- PROSet
O42 - Logiciel: Japanese Fonts Support For Adobe Reader 9 - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-5760-0000-900000000003}
O42 - Logiciel: Java(TM) 6 Update 17 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216017FF}
O42 - Logiciel: Java(TM) SE Runtime Environment 6 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160000}
O42 - Logiciel: K-Lite Codec Pack 5.4.4 (Full) - (.Unknown owner.) [HKLM] -- KLiteCodecPack_is1
O42 - Logiciel: LizardTech DjVu Control - (.Unknown owner.) [HKLM] -- {105CFC7C-6992-11D5-BD9D-000102C10FD8}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: MWSnap 3 - (.Mirek Wojtowicz.) [HKLM] -- MWSnap 3
O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.2.1300 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}
O42 - Logiciel: Microsoft Office Live Add-in 1.4 - (.Microsoft Corporation.) [HKLM] -- {AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
O42 - Logiciel: Microsoft Office Professional Edition 2003 - (.Microsoft Corporation.) [HKLM] -- {90110409-6000-11D3-8CFE-0150048383C9}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F}
O42 - Logiciel: Microsoft Works - (.Microsoft Corporation.) [HKLM] -- {6D52C408-B09A-4520-9B18-475B81D393F1}
O42 - Logiciel: OGA Notifier 2.0.0048.0 - (.Microsoft Corporation.) [HKLM] -- {B2544A03-10D0-4E5E-BA69-0362FFC20D18}
O42 - Logiciel: Opera 10.62 - (.Opera Software ASA.) [HKLM] -- {44397CF9-315D-4535-8585-DCD2EE47B966}
O42 - Logiciel: PDF Merger Pro - (.Massive Anvil Technologies.) [HKLM] -- {209962E3-F989-416B-A31E-76CF8DEEFF36}
O42 - Logiciel: Recuva - (.Piriform.) [HKLM] -- Recuva
O42 - Logiciel: Roxio Creator Audio - (.Roxio.) [HKLM] -- {83FFCFC7-88C6-41c6-8752-958A45325C82}
O42 - Logiciel: Roxio Creator Basic v9 - (.Roxio.) [HKLM] -- {C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
O42 - Logiciel: Roxio Creator Copy - (.Roxio.) [HKLM] -- {619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
O42 - Logiciel: Roxio Creator Data - (.Roxio.) [HKLM] -- {0D397393-9B50-4c52-84D5-77E344289F87}
O42 - Logiciel: Roxio Creator EasyArchive - (.Roxio.) [HKLM] -- {11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
O42 - Logiciel: Roxio Creator Tools - (.Roxio.) [HKLM] -- {0394CDC8-FABD-4ed8-B104-03393876DFDF}
O42 - Logiciel: Roxio Express Labeler 3 - (.Roxio.) [HKLM] -- {6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
O42 - Logiciel: Roxio MyDVD Basic v9 - (.Roxio.) [HKLM] -- {33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- KB931906
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870
O42 - Logiciel: Skype web features - (.Skype Technologies S.A..) [HKLM] -- {541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
O42 - Logiciel: Skype(TM) 4.1 - (.Skype Technologies S.A..) [HKLM] -- {D103C4BA-F905-437A-8049-DB24763BBE36}
O42 - Logiciel: Sonic Activation Module - (.Sonic Solutions.) [HKLM] -- {35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
O42 - Logiciel: SopCast 2.0.4 - (.SopCast.com.) [HKLM] -- SopCast
O42 - Logiciel: Streamripper (Remove only) - (.Unknown owner.) [HKLM] -- Streamripper
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics.) [HKLM] -- SynTPDeinstKey
O42 - Logiciel: Total Video Converter 3.10 - (.EffectMatrix Inc..) [HKLM] -- Total Video Converter 3.10_is1
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: VC80CRTRedist - 8.0.50727.6195 - (.DivX, Inc.) [HKLM] -- {933B4015-4618-4716-A828-5289FC03165F}
O42 - Logiciel: Veetle TV 0.9.17 - (.Veetle, Inc.) [HKLM] -- Veetle TV
O42 - Logiciel: Visual C++ 2008 x86 Runtime - (v9.0.30729) - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}
O42 - Logiciel: Visual C++ 2008 x86 Runtime - v9.0.30729.01 - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01
O42 - Logiciel: WinRAR archiver - (.Unknown owner.) [HKLM] -- WinRAR archiver
O42 - Logiciel: X264 H.264/AVC Video Codec (remove only) - (.Unknown owner.) [HKLM] -- X264 H.264/AVC Video Codec
O42 - Logiciel: Yahoo! Toolbar for Internet Explorer - (.Unknown owner.) [HKLM] -- Yahoo! Companion
O42 - Logiciel: muvee autoProducer 5.0 - (.muvee Technologies.) [HKLM] -- {99C5770C-1C90-42E7-9B74-D47CFAF14621}
O42 - Logiciel: myTV - (.Unknown owner.) [HKLM] -- {C54184D0-D281-4523-B357-0606209DB56C}
O42 - Logiciel: vShare Plugin - (.Unknown owner.) [HKLM] -- vShare

---\\ HKCU & HKLM Software Keys
[HKCU\Software\8848soft]
[HKCU\Software\ASProtect]
[HKCU\Software\Adobe]
[HKCU\Software\Any Video Converter]
[HKCU\Software\AppDataLow\Software\DivXNetworks]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software\Yahoo]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Binary Noise]
[HKCU\Software\Boilsoft]
[HKCU\Software\BugSplat]
[HKCU\Software\CDDB]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CoreVorbis]
[HKCU\Software\CyberLink]
[HKCU\Software\DVD Region-Free]
[HKCU\Software\DivXNetworks]
[HKCU\Software\DivX]
[HKCU\Software\Dx7.8.5]
[HKCU\Software\EPSON]
[HKCU\Software\FLEXnet]
[HKCU\Software\GNU]
[HKCU\Software\GSpot Appliance Corp]
[HKCU\Software\Gabest]
[HKCU\Software\HP Guide]
[HKCU\Software\Haali]
[HKCU\Software\Helix]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IDAVLab]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\Lavasoft]
[HKCU\Software\LizardTech]
[HKCU\Software\MIE]
[HKCU\Software\MONOGRAM]
[HKCU\Software\Macromedia]
[HKCU\Software\MainConcept (Sonic)]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MediaInfo]
[HKCU\Software\MimarSinan]
[HKCU\Software\MirWoj]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\Nitro PDF]
[HKCU\Software\ODBC]
[HKCU\Software\Opera Software]
[HKCU\Software\PC Wizard]
[HKCU\Software\PDFSVG]
[HKCU\Software\ParetoLogic]
[HKCU\Software\Pdf-convert]
[HKCU\Software\Piriform]
[HKCU\Software\PistonSoft]
[HKCU\Software\Policies]
[HKCU\Software\RealNetworks]
[HKCU\Software\Roxio]
[HKCU\Software\SWiSHzone.com]
[HKCU\Software\Safer Networking Limited]
[HKCU\Software\Screamer Radio]
[HKCU\Software\Skype]
[HKCU\Software\SolidDocuments]
[HKCU\Software\Streamripper]
[HKCU\Software\Synaptics]
[HKCU\Software\Sysinternals]
[HKCU\Software\Trend Micro]
[HKCU\Software\Trolltech]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\Veetle]
[HKCU\Software\Vodafone]
[HKCU\Software\Wget]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\dskMetrics]
[HKCU\Software\madFlac]
[HKCU\Software\muvee Technologies]
[HKCU\Software\vShare]
[HKLM\Software\532customer]
[HKLM\Software\Adobe]
[HKLM\Software\Avg]
[HKLM\Software\BackWeb]
[HKLM\Software\Belarc]
[HKLM\Software\CXT]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Codec Tweak Tool]
[HKLM\Software\Conexant]
[HKLM\Software\CyberLink]
[HKLM\Software\Debug]
[HKLM\Software\DivXNetworks]
[HKLM\Software\DivX]
[HKLM\Software\Doctor Web]
[HKLM\Software\EPSON]
[HKLM\Software\Eset]
[HKLM\Software\Fengtao Software]
[HKLM\Software\GNU]
[HKLM\Software\GPL Ghostscript]
[HKLM\Software\Google]
[HKLM\Software\HPQ]
[HKLM\Software\HaaliMkx]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\ICM532A]
[HKLM\Software\IDAVLab]
[HKLM\Software\ISSS]
[HKLM\Software\InstallShield]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\KLCodecPack]
[HKLM\Software\L&H]
[HKLM\Software\Lavasoft]
[HKLM\Software\Licenses]
[HKLM\Software\LightScribe]
[HKLM\Software\LizardTech]
[HKLM\Software\MIE]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MicroVision]
[HKLM\Software\MimarSinan]
[HKLM\Software\Mini-Stream]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Netscape]
[HKLM\Software\ODBC]
[HKLM\Software\OldTimer Tools]
[HKLM\Software\Opera Software]
[HKLM\Software\PSCONVDriver]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\RealNetworks]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Roxio]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\Skype]
[HKLM\Software\Sonic]
[HKLM\Software\Swearware]
[HKLM\Software\Symantec]
[HKLM\Software\Synaptics]
[HKLM\Software\TrendMicro]
[HKLM\Software\Uniblue]
[HKLM\Software\Veetle]
[HKLM\Software\Volatile]
[HKLM\Software\WebToGo]
[HKLM\Software\Yahoo]
[HKLM\Software\Yuan High-Tech]
[HKLM\Software\illiminable]
[HKLM\Software\muvee Technologies]
~ Scan Softwares in 00mn AMs



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 12/6/2006 - 11:04:48 PM - [12164052] ----D- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
O43 - CFD: 7/24/2010 - 7:15:06 AM - [380103149] ----D- C:\Program Files\Adobe
O43 - CFD: 9/3/2010 - 8:31:00 AM - [4244] ----D- C:\Program Files\Alwil Software
O43 - CFD: 11/12/2009 - 3:41:02 PM - [59355236] ----D- C:\Program Files\Any Video Converter
O43 - CFD: 11/2/2011 - 2:45:36 PM - [0] ----D- C:\Program Files\AVAST Software
O43 - CFD: 10/24/2011 - 3:52:44 PM - [7862728] ----D- C:\Program Files\AVG
O43 - CFD: 11/12/2009 - 3:41:38 PM - [639278] ----D- C:\Program Files\AVIcodec
O43 - CFD: 11/12/2009 - 5:55:24 PM - [365282] ----D- C:\Program Files\BitTorrent_DNA
O43 - CFD: 9/14/2011 - 1:44:44 PM - [8332236] ----D- C:\Program Files\Boilsoft Video Joiner
O43 - CFD: 3/10/2010 - 2:37:34 PM - [0] ----D- C:\Program Files\Boilsoft Video Joiner v5.01
O43 - CFD: 9/8/2010 - 6:11:24 AM - [2533281] ----D- C:\Program Files\Clean Disk 2010
O43 - CFD: 11/3/2011 - 6:11:28 PM - [818762482] ----D- C:\Program Files\Common Files
O43 - CFD: 11/20/2009 - 3:07:02 PM - [2543616] ----D- C:\Program Files\CONEXANT
O43 - CFD: 11/19/2009 - 10:15:06 AM - [28509427] ----D- C:\Program Files\Cool Music RecordEdit Station
O43 - CFD: 12/19/2009 - 2:43:30 PM - [0] ----D- C:\Program Files\CPUID
O43 - CFD: 11/12/2009 - 5:53:08 PM - [3003958] ----D- C:\Program Files\Direct MP3 Joiner
O43 - CFD: 11/2/2011 - 7:48:00 AM - [99791244] ----D- C:\Program Files\DivX
O43 - CFD: 6/25/2011 - 1:58:14 AM - [2522] ----D- C:\Program Files\DrWeb
O43 - CFD: 11/14/2009 - 4:57:20 PM - [1941015] ----D- C:\Program Files\DVD Region+CSS Free
O43 - CFD: 12/6/2006 - 11:18:22 PM - [952088] ----D- C:\Program Files\earthlink totalaccess
O43 - CFD: 2/18/2010 - 11:59:14 AM - [6004592] ----D- C:\Program Files\epson
O43 - CFD: 10/24/2011 - 2:48:38 PM - [2421035] ----D- C:\Program Files\Eusing Free Registry Cleaner
O43 - CFD: 3/2/2010 - 10:30:42 AM - [10094116] ----D- C:\Program Files\Greek-English Dictionary
O43 - CFD: 12/6/2006 - 11:32:04 PM - [279039458] ----D- C:\Program Files\Hewlett-Packard
O43 - CFD: 12/6/2006 - 11:24:38 PM - [123668755] ----D- C:\Program Files\HP
O43 - CFD: 12/6/2006 - 11:17:18 PM - [14187899] ----D- C:\Program Files\HP Connections
O43 - CFD: 12/6/2006 - 11:25:52 PM - [0] ----D- C:\Program Files\HPQ
O43 - CFD: 11/3/2011 - 6:37:42 PM - [4244278] ----D- C:\Program Files\HRA
O43 - CFD: 8/22/2010 - 6:59:54 AM - [52383721] ----D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 9/1/2011 - 11:15:38 AM - [4543788] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 7/28/2011 - 2:30:32 AM - [343249] ----D- C:\Program Files\IObit
O43 - CFD: 11/15/2009 - 1:43:18 PM - [169177641] ----D- C:\Program Files\Java
O43 - CFD: 12/2/2009 - 3:27:16 PM - [43967472] ----D- C:\Program Files\K-Lite Codec Pack
O43 - CFD: 9/5/2011 - 4:28:20 AM - [39554102] ----D- C:\Program Files\Lavasoft
O43 - CFD: 8/22/2010 - 6:59:54 AM - [5388562] ----D- C:\Program Files\LizardTech
O43 - CFD: 9/13/2011 - 10:30:20 AM - [7114495] ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 4/9/2010 - 3:37:12 PM - [191195] ----D- C:\Program Files\Manitools
O43 - CFD: 10/12/2010 - 3:50:18 AM - [5518709] ----D- C:\Program Files\Massive Anvil Technologies
O43 - CFD: 11/20/2009 - 3:04:36 PM - [515475] ----D- C:\Program Files\Microsoft
O43 - CFD: 11/12/2009 - 11:25:02 AM - [208979] ----D- C:\Program Files\Microsoft ActiveSync
O43 - CFD: 11/20/2009 - 2:29:34 PM - [20216] ----D- C:\Program Files\Microsoft ATS
O43 - CFD: 11/13/2009 - 3:56:18 PM - [800662] ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2
O43 - CFD: 11/2/2006 - 7:37:36 AM - [93392311] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 7/17/2011 - 6:58:26 PM - [228518055] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 9/1/2011 - 11:18:36 AM - [38411899] ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 11/12/2009 - 11:22:50 AM - [14904] ----D- C:\Program Files\Microsoft Visual Studio
O43 - CFD: 12/19/2009 - 5:57:12 AM - [161829928] ----D- C:\Program Files\Microsoft Works
O43 - CFD: 7/3/2010 - 4:22:04 AM - [331107] ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 9/21/2010 - 4:36:48 AM - [99269230] ----D- C:\Program Files\Movie Maker
O43 - CFD: 11/2/2006 - 7:37:36 AM - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 11/13/2009 - 1:13:00 PM - [0] ----D- C:\Program Files\MSXML 4.0
O43 - CFD: 12/6/2006 - 11:21:38 PM - [116779782] ----D- C:\Program Files\muvee Technologies
O43 - CFD: 12/27/2009 - 6:11:22 AM - [949206] ----D- C:\Program Files\MWSnap
O43 - CFD: 11/12/2009 - 5:46:46 PM - [710431] ----D- C:\Program Files\myTV
O43 - CFD: 8/13/2011 - 5:29:14 AM - [0] ----D- C:\Program Files\Nitro PDF
O43 - CFD: 12/6/2006 - 11:20:38 PM - [217266591] ----D- C:\Program Files\Online Services
O43 - CFD: 9/15/2011 - 7:52:34 AM - [14758649] ----D- C:\Program Files\Opera
O43 - CFD: 6/25/2011 - 11:04:32 AM - [1289088] ----D- C:\Program Files\PdfSvg
O43 - CFD: 6/15/2011 - 4:41:54 PM - [723868] ----D- C:\Program Files\psconvert
O43 - CFD: 12/20/2009 - 4:05:50 AM - [16941] ----D- C:\Program Files\RCC2000
O43 - CFD: 10/23/2011 - 9:51:08 AM - [0] ----D- C:\Program Files\Real
O43 - CFD: 10/21/2011 - 11:00:26 PM - [2090288] ----D- C:\Program Files\Recuva
O43 - CFD: 11/2/2006 - 7:37:36 AM - [36409089] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 12/6/2006 - 10:47:04 PM - [203373266] ----D- C:\Program Files\Roxio
O43 - CFD: 11/12/2009 - 1:23:52 PM - [37484405] R---D- C:\Program Files\Skype
O43 - CFD: 11/12/2009 - 5:50:12 PM - [8758891] ----D- C:\Program Files\SopCast
O43 - CFD: 10/23/2011 - 4:37:28 PM - [2321584] ----D- C:\Program Files\Spybot - Search & Destroy
O43 - CFD: 1/18/2010 - 9:43:32 AM - [6579681] ----D- C:\Program Files\Streamripper
O43 - CFD: 10/23/2011 - 4:38:24 PM - [4004320] ----D- C:\Program Files\SUPERAntiSpyware
O43 - CFD: 12/6/2006 - 10:22:30 PM - [14629191] ----D- C:\Program Files\Synaptics
O43 - CFD: 12/28/2009 - 6:27:14 PM - [3542086] ----D- C:\Program Files\ToniArts
O43 - CFD: 5/16/2010 - 3:56:18 PM - [22059691] ----D- C:\Program Files\Total Video Converter
O43 - CFD: 11/2/2011 - 6:38:52 PM - [388096] ----D- C:\Program Files\Trend Micro
O43 - CFD: 11/2/2006 - 8:01:56 AM - [0] ----D- C:\Program Files\Uninstall Information
O43 - CFD: 10/3/2010 - 3:21:46 PM - [37376791] ----D- C:\Program Files\Veetle
O43 - CFD: 11/12/2009 - 1:20:56 PM - [0] ----D- C:\Program Files\VideoLAN
O43 - CFD: 10/23/2011 - 4:27:40 PM - [673852] ----D- C:\Program Files\vShare
O43 - CFD: 11/2/2011 - 2:12:28 AM - [195313] ----D- C:\Program Files\Winamp
O43 - CFD: 12/19/2009 - 11:18:20 AM - [1012736] ----D- C:\Program Files\Windows Calendar
O43 - CFD: 12/19/2009 - 11:18:16 AM - [2724864] ----D- C:\Program Files\Windows Collaboration
O43 - CFD: 12/19/2009 - 11:18:04 AM - [4465536] ----D- C:\Program Files\Windows Defender
O43 - CFD: 12/19/2009 - 11:18:16 AM - [7071352] ----D- C:\Program Files\Windows Journal
O43 - CFD: 9/1/2011 - 11:15:38 AM - [9050296] ----D- C:\Program Files\Windows Mail
O43 - CFD: 1/6/2011 - 10:17:44 AM - [4480201] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 11/2/2006 - 7:37:36 AM - [7953448] ----D- C:\Program Files\Windows NT
O43 - CFD: 12/19/2009 - 11:18:12 AM - [13513890] ----D- C:\Program Files\Windows Photo Gallery
O43 - CFD: 1/7/2010 - 1:53:42 PM - [134144] ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 12/19/2009 - 11:18:18 AM - [6522288] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 10/17/2010 - 8:22:18 AM - [3309272] ----D- C:\Program Files\WinRAR
O43 - CFD: 12/6/2006 - 11:20:02 PM - [1266658] ----D- C:\Program Files\Yahoo!
O43 - CFD: 3/2/2010 - 10:30:46 AM - [82] ----D- C:\Program Files\__MACOSX
O43 - CFD: 7/24/2010 - 7:15:50 AM - [60605769] ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 12/6/2006 - 11:02:52 PM - [92976] ----D- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 11/2/2011 - 7:46:14 AM - [24656896] ----D- C:\Program Files\Common Files\DivX Shared
O43 - CFD: 12/6/2006 - 11:05:12 PM - [12063235] ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 12/6/2006 - 11:35:58 PM - [31616890] ----D- C:\Program Files\Common Files\Java
O43 - CFD: 11/12/2009 - 11:26:14 AM - [2742349] ----D- C:\Program Files\Common Files\L&H
O43 - CFD: 12/6/2006 - 11:25:48 PM - [7863751] ----D- C:\Program Files\Common Files\LightScribe
O43 - CFD: 8/7/2010 - 1:02:02 PM - [383135522] ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 12/6/2006 - 11:22:12 PM - [38191627] ----D- C:\Program Files\Common Files\muvee Technologies
O43 - CFD: 5/5/2011 - 5:29:18 AM - [4780336] ----D- C:\Program Files\Common Files\PX Storage Engine
O43 - CFD: 9/3/2011 - 9:51:18 AM - [271184] ----D- C:\Program Files\Common Files\Real
O43 - CFD: 12/6/2006 - 10:43:48 PM - [104979325] ----D- C:\Program Files\Common Files\Roxio Shared
O43 - CFD: 11/2/2006 - 6:18:34 AM - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 11/12/2009 - 1:23:28 PM - [1959208] ----D- C:\Program Files\Common Files\Skype
O43 - CFD: 5/5/2011 - 5:29:58 AM - [240776] ----D- C:\Program Files\Common Files\Software Update Utility
O43 - CFD: 12/6/2006 - 10:44:38 PM - [4890624] ----D- C:\Program Files\Common Files\Sonic Shared
O43 - CFD: 11/2/2006 - 6:18:34 AM - [112937978] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 12/6/2006 - 10:47:06 PM - [600992] ----D- C:\Program Files\Common Files\SureThing Shared
O43 - CFD: 12/21/2009 - 1:05:02 PM - [459016] ----D- C:\Program Files\Common Files\Symantec Shared
O43 - CFD: 12/19/2009 - 11:18:12 AM - [23063950] ----D- C:\Program Files\Common Files\System
O43 - CFD: 11/20/2009 - 3:12:00 PM - [0] ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 9/3/2010 - 10:07:36 AM - [3607376] ----D- C:\Program Files\Common Files\Xstream
O43 - CFD: 7/24/2010 - 7:15:20 AM - [752] ----D- C:\ProgramData\Adobe
O43 - CFD: 9/3/2010 - 8:31:00 AM - [5717] ----D- C:\ProgramData\Alwil Software
O43 - CFD: 11/12/2009 - 12:40:16 PM - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 11/2/2011 - 7:06:12 PM - [0] ----D- C:\ProgramData\AVAST Software
O43 - CFD: 1/2/2010 - 7:24:44 AM - [5970298] ----D- C:\ProgramData\avg9
O43 - CFD: 10/22/2011 - 1:33:58 PM - [6278656] ----D- C:\ProgramData\Cached Installations
O43 - CFD: 10/24/2011 - 3:48:36 PM - [96] --H-D- C:\ProgramData\Common Files
O43 - CFD: 11/12/2009 - 12:33:36 PM - [35072] ----D- C:\ProgramData\CyberLink
O43 - CFD: 11/12/2009 - 12:40:16 PM - [0] -SH-D- C:\ProgramData\Desktop
O43 - CFD: 11/2/2011 - 7:48:06 AM - [5439527] ----D- C:\ProgramData\DivX
O43 - CFD: 11/12/2009 - 12:40:16 PM - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 11/12/2009 - 12:40:16 PM - [0] -SH-D- C:\ProgramData\Favorites
O43 - CFD: 8/2/2010 - 8:41:10 AM - [0] ----D- C:\ProgramData\FLEXnet
O43 - CFD: 11/12/2009 - 12:55:00 PM - [10570586] ----D- C:\ProgramData\Hewlett-Packard
O43 - CFD: 11/18/2009 - 2:07:02 AM - [0] ----D- C:\ProgramData\HP
O43 - CFD: 12/6/2006 - 10:36:44 PM - [1077] ----D- C:\ProgramData\InstallShield
O43 - CFD: 9/5/2011 - 4:28:18 AM - [271397115] ----D- C:\ProgramData\Lavasoft
O43 - CFD: 12/24/2009 - 9:25:06 AM - [17153332] ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 11/2/2011 - 5:03:58 AM - [213720145] ----D- C:\ProgramData\MFAData
O43 - CFD: 9/1/2011 - 10:47:56 AM - [427163108] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 12/19/2009 - 5:57:44 AM - [55466] ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 12/27/2009 - 4:58:32 AM - [0] ----D- C:\ProgramData\muvee Technologies
O43 - CFD: 7/31/2011 - 12:15:18 PM - [0] ----D- C:\ProgramData\Nitro PDF
O43 - CFD: 11/20/2009 - 3:31:58 PM - [1164] ----D- C:\ProgramData\Office Genuine Advantage
O43 - CFD: 10/22/2011 - 1:34:36 PM - [0] ----D- C:\ProgramData\ParetoLogic
O43 - CFD: 10/23/2011 - 9:50:50 AM - [843] ----D- C:\ProgramData\Real
O43 - CFD: 10/4/2011 - 10:26:42 AM - [17130499] ----D- C:\ProgramData\Roxio
O43 - CFD: 11/12/2009 - 1:23:20 PM - [25515873] ----D- C:\ProgramData\Skype
O43 - CFD: 11/19/2009 - 5:25:26 PM - [1301] ----D- C:\ProgramData\Sonic
O43 - CFD: 10/23/2011 - 4:37:28 PM - [454919] ----D- C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 11/12/2009 - 12:40:16 PM - [0] -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 12/21/2009 - 1:47:12 PM - [0] ----D- C:\ProgramData\SUPERAntiSpyware.com
O43 - CFD: 12/21/2009 - 1:04:30 PM - [2362] ----D- C:\ProgramData\Symantec
O43 - CFD: 7/27/2011 - 7:38:34 PM - [142] ---AD- C:\ProgramData\TEMP
O43 - CFD: 11/12/2009 - 12:40:16 PM - [0] -SH-D- C:\ProgramData\Templates
O43 - CFD: 10/15/2010 - 12:41:00 AM - [1036] ----D- C:\ProgramData\Vodafone
O43 - CFD: 12/19/2009 - 6:01:46 AM - [4651710] ----D- C:\ProgramData\WildTangent
O43 - CFD: 12/19/2009 - 3:04:12 PM - [0] ----D- C:\ProgramData\WindowsSearch
O43 - CFD: 12/6/2006 - 11:04:50 PM - [5286241] ----D- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
O43 - CFD: 4/19/2010 - 9:43:32 AM - [8916574] ----D- C:\Users\MAKIS\AppData\Roaming\Adobe
O43 - CFD: 2/17/2010 - 1:58:58 PM - [161176] ----D- C:\Users\MAKIS\AppData\Roaming\Any Video Converter
O43 - CFD: 1/2/2010 - 6:24:12 AM - [6421] ----D- C:\Users\MAKIS\AppData\Roaming\Cool Record Edit Pro
O43 - CFD: 12/1/2009 - 3:38:28 PM - [0] ----D- C:\Users\MAKIS\AppData\Roaming\CyberLink
O43 - CFD: 12/14/2010 - 6:54:04 PM - [185400] ----D- C:\Users\MAKIS\AppData\Roaming\DivX
O43 - CFD: 2/18/2010 - 1:10:16 PM - [0] ----D- C:\Users\MAKIS\AppData\Roaming\EPSON
O43 - CFD: 8/3/2010 - 7:07:28 AM - [249] ----D- C:\Users\MAKIS\AppData\Roaming\FLEXnet
O43 - CFD: 1/2/2010 - 6:22:12 AM - [898] ----D- C:\Users\MAKIS\AppData\Roaming\Free Sound Recorder
O43 - CFD: 11/12/2009 - 12:54:50 PM - [303104] ----D- C:\Users\MAKIS\AppData\Roaming\Hewlett-Packard
O43 - CFD: 11/18/2009 - 2:07:02 AM - [0] ----D- C:\Users\MAKIS\AppData\Roaming\HP
O43 - CFD: 11/12/2009 - 12:53:00 PM - [0] ----D- C:\Users\MAKIS\AppData\Roaming\Identities
O43 - CFD: 10/24/2011 - 2:48:14 PM - [1006] ----D- C:\Users\MAKIS\AppData\Roaming\IObit
O43 - CFD: 11/12/2009 - 12:46:54 PM - [2126122] ----D- C:\Users\MAKIS\AppData\Roaming\Macromedia
O43 - CFD: 12/24/2009 - 9:25:14 AM - [19427] ----D- C:\Users\M
Add comment
Answer
+0
moins plus
Here are the links for the CF log and the ZHP

http://speedy.sh/ErYCK/log.txt

http://speedy.sh/M3aYV/ZHPDiag.txt
Add comment
Answer
+0
moins plus
However, i still have two issues:
1st. My internet connection is active but i can't access internet
2nd. Rebooting takes much more time now since the black window-screen (launched after the welcome) stays more than 1-1.5 minute and seems like frozen...This didn't use to happen before
angelo- Nov 6, 2011 11:27AM
i guess the last option that you need to do, and i honestly too, is just to give up and format our units, because its the only hope to use it again properly, and also try to buy or use original AV like Norton,Mcafe, Kaspersky, or other AV that is capable of protecting our units....

better to say bye bye to may files and games, my laptop is attack by trojan backdoor, avg free cant remove that problem right.
Reply
Add comment
Answer
+0
moins plus
Please run combofix once again and upload the log.

Also download this

http://www.snapfiles.com/get/winsockxpfix.html

Copy to your PC,run it,restart.Let me know if internet issue remains.

We could work on slowness issues after you have run combofix
Add comment
Answer
+0
moins plus
I did the run in normal mode this time.
Here is the CF log
http://speedy.sh/cKyW2/log2.txt

Moreover, i tried to run the other winsockpfix but i got a message
"Illegal operation attempted on a registry that has been marked for deletion"
I just rebooted, try to run the program again.
I got a window stating that there maybe compatibility issues etc. I overcome it, did the run.
I got the message registry restore information not found. Then i clicked on Regback up. Then i clicked registry completed please reboot. And i got the message Run time error 53 Registry not found and i rebooted...

Long story short: I DON'T THINK IT WORKED
Add comment
Answer
+0
moins plus
go to run and type

cmd and click ok

Now run this commands and press enter

cd\
dir /s kernel32.dll
dir /s afd.sys
dir /s netbt.sys
dir /s tcpip.sys

Right click on the results>>>select all

open a notepad>>>copy it there..Please paste the contents of notepad here

uninstall these antiviruses

Avast and trend micro using removal tools

http://files.avast.com/files/eng/aswclear.exe

http://solutionfile.trendmicro.com/solutionfile/EN-1037161/32bit.exe

After uninstalling them

Do this also

Download this

http://download.bleepingcomputer.com/farbar/MiniToolBox.exe

select all the boxes and run it>> a text file should pop up.Copy the contents and post it here

Let me know
Add comment
Answer
+0
moins plus
Here is the first txt. file from the command window.
I will send the rest in ~3hrs time since i have been called back to work

http://speedy.sh/AuS4w/Fant.txt
Add comment
Answer
+0
moins plus
@loukas

I could not see results for this

dir /s kernel32.dll


Also go to device manager-click on ''network adapters''

Uninstall your network drivers,restart and allow windows to install them

Can you browse now?


go to command prompt,and run these,let me know if you face issues

net start afd
net start "netbios over tcpip"
net start "tcp/ip protocol driver"
net start "dhcp client"
Add comment
Answer
+0
moins plus
Hello You both

Here are two tools to remove zero access rootkits, they have proven themselves:

A restart is necessary after running the first


http://forum.malekal.com/mcafee-rootkit-remover-t34542.html

puis : http://www.malekal.com/2011/08/22/zeroaccesssirefef-remover/

Good luck
Anonymous User - Nov 4, 2011 06:36PM
Ambucias

This tool is just like tdsskiller

infection jumps to different drivers on every reboot,these tools fail to remove it completely,thats why i did not try any of the basic tools
Reply
Add comment
Answer
+0
moins plus
Here are the report for the kernel command and the minitoolbox log files

http://speedy.sh/6cMXk/Fanto.txt

http://speedy.sh/m8Hct/Fant-2.txt

I've got a Q. Since i can't access internet with my laptop i am using another laptop (no.2) to contact you. I usually download the programs you ask through laptop 2 on the usb. Then i use the usb to transfer the exe files to the infected laptop. Is there any chance the sticker will get affected or laptop 2 as well???

Moreover, i STILL CAN'T BROWSE and i got this message from command window

http://speedy.sh/3YwYy/Netst.txt
Add comment
Answer
+0
moins plus
Thanks for your patience.I'm bit busy with my work.I'm analyzing your logs too

Step 1:

I could not see results for this

dir /s kernel32.dll


Step 2:

Also go to device manager-click on ''network adapters''

Uninstall your network drivers,restart and allow windows to install them

Can you browse now?


Step 3:

Previously you didnot run these commands as a administrator

GO to startmenu and type cmd

Right click on cmd icon>>> run as admin,now run this


net start afd
net start "netbios over tcpip"
net start "tcp/ip protocol driver"
net start "dhcp client"


Step 4:

Now download this

http://jpshortstuff.247fixes.com/SystemLook.exe,paste the blow script in the box and click on look.Post the contents of notepad


:reg
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netbt
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tcpip
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\afd
Add comment
1 2 3 4 Next
This document entitled « Trojan Virus affecting my anti-virus » from CCM (ccm.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.

Not a member yet?

sign-up, it takes less than a minute and it's free!

Members get more answers than anonymous users.

Being a member gives you detailed monitoring of your requests.

Being a member gives you additional options.