Demande d'analyse svp [ OK]

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Demande d'analyse svp [ OK]

Messagede kanakryss » 14 Juil 2009, 17:42

Bonjour ,

je viens de récupérer un pc au boulot , il m'est attitré maintenant mais il y a pas mal de merde dedans ...
mon antivirus c est avg gratuit , il détecte des trojans à tout bout de champ .

niveau plantage de l'ordinateur : il y a 1 Go de ram , je n'utilise aucun programme en particulier qui pompe de la mémoire ... j 'utilise internet , office xp , msn , logiciel de gravure cd/dvd , édition audio et video , lecteur audio/video est l'utilisation de la mémoire monte parfois à 800 Mo alors que rien ne tourne presque et la charge processeur monte parfois à 100 %

il y a un logiciel d'édition vidéo , du jour au lendemain il ne reconnait plus les format audios des vidéos ( alors que le film passe sur windows media player , et subitement il plante , et il ferme tout seul .

dans mon dossier mes document , j'ai un dossier mymovie.avi ( qui fut crée après l'encodage d'une vidéo ) , lorsque je passe la souris dessus , il ferme mon dossier mes document , et tout l'affichage de mon bureau disparait totalement et reviens 20 secondes plus tards.

je vais vous envoyer les les rappoerts de Malware bytes et de OTL .

En ce qui concerne les rapports de OTL , j'en ai qu'un seul et en plus le scan ne se termine pas , le message suivant apparaît :
access violation at adress 00005C3A. Read of adress 00005C3A

les rapports sont à suivre ci-dessous .

d'avance merci
kanakryss
 
Messages: 11
Inscription: 14 Juil 2009, 00:14
Localisation: são Paulo

Messagede nickW » 14 Juil 2009, 19:07

Copie du nouveau message de kanakryss.

Pas de nouveau sujet lorsqu'il s'agit d'une suite, sinon personne n'y comprend plus rien. Merci.

Il suffit de cliquer sur le bouton "Répondre" Image pour enregistrer son message à la suite du précédent.


Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2423
Windows 5.1.2600 Service Pack 3

13/7/2009 20:29:26
mbam-log-2009-07-13 (20-29-09).txt

Type de recherche: Examen rapide
Eléments examinés: 87227
Temps écoulé: 3 minute(s), 54 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
C:\WINDOWS\system32\sopidkc.exe (Trojan.Agent) -> No action taken.

Module(s) mémoire infecté(s):
c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msncache (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msncache (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msncache (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sopidkc (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sopidkc (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sopidkc (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pcmstub (Trojan.Agent) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\sopidkc.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\tpsaxyd.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\wiwow64.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\tmp0_843977728021.bk.old (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\txpxr_891110580811.b1k (Backdoor.Bot) -> No action taken.
c:\WINDOWS\system32\wxmsw26_adv_gcc_justsoft.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> No action taken.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\wiawow32.sys (Backdoor.Bot) -> No action taken.
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede nickW » 14 Juil 2009, 19:08

Copie du nouveau message de kanakryss.

Pas de nouveau sujet lorsqu'il s'agit d'une suite, sinon personne n'y comprend plus rien. Merci.

Il suffit de cliquer sur le bouton "Répondre" Image pour enregistrer son message à la suite du précédent.


OTL logfile created on: 14/7/2009 13:14:40 - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\Christophe\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1015,48 Mb Total Physical Memory | 519,49 Mb Available Physical Memory | 51,16% Memory free
2,39 Gb Paging File | 2,00 Gb Available in Paging File | 84,03% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 149,04 Gb Total Space | 58,29 Gb Free Space | 39,11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NSTITUTO-3E2DFB
Current User Name: Christophe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/05/07 18:54:10 | 00,053,120 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe
PRC - [2009/02/25 19:18:14 | 00,425,080 | ---- | M] (Emsi Software GmbH) -- C:\Arquivos de programas\a-squared Free\a2service.exe
PRC - [2009/06/27 11:09:43 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgwdsvc.exe
PRC - [2009/02/20 14:11:26 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe
PRC - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2008/10/20 21:18:26 | 00,071,096 | ---- | M] () -- C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/06/27 11:09:48 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgrsx.exe
PRC - [2009/05/13 09:33:25 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgnsx.exe
PRC - [2008/04/14 09:00:00 | 00,097,792 | ---- | M] (NewYork DVD LTD) -- C:\WINDOWS\System32\sopidkc.exe
PRC - [2009/06/27 11:09:44 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgemc.exe
PRC - [2009/06/27 11:09:47 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
PRC - [2008/04/14 09:00:00 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/11/28 02:55:14 | 00,098,304 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2005/11/28 02:52:00 | 00,077,824 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/11/28 02:55:58 | 00,118,784 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2008/02/13 03:31:34 | 16,857,600 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009/06/27 11:09:45 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgtray.exe
PRC - [2007/01/19 10:49:04 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2007/05/04 09:26:38 | 01,662,976 | ---- | M] (D-Link) -- C:\Arquivos de programas\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
PRC - [2009/02/20 14:11:26 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jusched.exe
PRC - [2009/03/12 14:03:22 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
PRC - [2009/02/06 18:50:38 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
PRC - [2001/10/11 12:11:16 | 00,022,560 | ---- | M] () -- C:\Arquivos de programas\Le Robert\Le Petit Robert\prhyper.exe
PRC - [2009/07/13 20:16:59 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christophe\Desktop\OTL.exe
PRC - [2009/02/06 07:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/02/25 19:18:14 | 00,425,080 | ---- | M] (Emsi Software GmbH) -- C:\Arquivos de programas\a-squared Free\a2service.exe -- (a2free [Auto | Running])
SRV - [2009/04/20 18:17:00 | 00,068,096 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2007/01/19 10:49:26 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService [Auto | Stopped])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/09/27 16:07:26 | 00,093,132 | ---- | M] () -- C:\Arquivos de programas\Justsoft WinPolicy\WPService.exe -- (AutoLock [On_Demand | Stopped])
SRV - [2009/06/27 11:09:44 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/06/27 11:09:43 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/05/07 18:54:10 | 00,053,120 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv [Unknown | Running])
SRV - [2008/07/31 19:16:28 | 00,136,120 | ---- | M] (Google) -- C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 09:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/02/20 14:11:26 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2008/04/14 09:00:00 | 00,045,056 | ---- | M] (X-Ways Software Technology ) -- C:\WINDOWS\System32\msncache.dll -- (msncache [Auto | Running])
SRV - [2008/10/20 21:18:26 | 00,071,096 | ---- | M] () -- C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Auto | Running])
SRV - [2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2008/04/14 09:00:00 | 00,097,792 | ---- | M] (NewYork DVD LTD) -- C:\WINDOWS\System32\sopidkc.exe -- (sopidkc [Auto | Running])
SRV - [2006/11/02 23:31:44 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/12/11 10:55:38 | 00,028,195 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIO.SYS -- (ANIO [Auto | Running])
DRV - [2009/06/27 11:09:48 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/06/27 11:09:47 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/13 09:33:25 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2009/05/07 18:55:24 | 00,026,368 | ---- | M] (GAS Tecnologia) -- C:\WINDOWS\system32\drivers\GbpKm.sys -- (GbpKm [Boot | Running])
DRV - [2009/01/19 10:11:48 | 00,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped])
DRV - [2008/04/14 09:00:00 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/11/28 03:20:20 | 01,353,820 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2008/02/14 06:04:06 | 04,676,096 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008/04/14 09:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/20 16:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/12/21 03:25:20 | 00,429,440 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\DRIVERS\Dr71WU.sys -- (RT73 [On_Demand | Running])
DRV - [2008/01/03 11:10:16 | 00,105,856 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])
DRV - [2008/04/14 09:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/03/20 15:47:58 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.mini20.com
IE - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\S-1-5-21-1715567821-1078081533-1801674531-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8873}:1.0.7.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: pt-BR@dellalibera.sf.net:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff [2009/02/28 15:23:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/12 14:03:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2009/06/18 13:24:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2009/06/12 11:50:27 | 00,000,000 | ---D | M]

[2009/02/28 15:23:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Dados de aplicativos\mozilla\Extensions
[2009/02/28 15:22:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Dados de aplicativos\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/28 15:23:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Dados de aplicativos\mozilla\Extensions\mozswing@mozswing.org
[2009/07/13 12:13:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Dados de aplicativos\mozilla\Firefox\Profiles\8tevvy1f.default\extensions
[2009/02/28 15:14:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Dados de aplicativos\mozilla\Firefox\Profiles\8tevvy1f.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}
[2009/03/27 10:02:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Dados de aplicativos\mozilla\Firefox\Profiles\8tevvy1f.default\extensions\pt-BR@dellalibera.sf.net
[2009/07/13 12:13:02 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions
[2009/06/12 11:50:27 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/28 15:23:05 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/06/12 11:50:22 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 11:50:22 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\brwsrcmp.dll
[2009/02/20 14:11:27 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npdeploytk.dll
[2009/06/12 11:50:22 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Arquivos de programas\mozilla firefox\plugins\npnul32.dll
[2009/04/29 16:47:42 | 00,001,516 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\amazon-france.xml
[2009/04/29 16:47:42 | 00,000,757 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\eBay-france.xml
[2009/04/29 16:47:42 | 00,001,706 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\google.xml
[2009/04/29 16:47:42 | 00,000,748 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2009/04/29 16:47:42 | 00,001,426 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-fr.xml
[2009/04/29 16:47:42 | 00,000,652 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-france.xml
[2009/07/13 10:01:08 | 00,000,783 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (776 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll (Banco Unibanco)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Arquivos de programas\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [D-Link D-Link Wireless G DWA-110] C:\Arquivos de programas\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006..\Run: [Le Petit Robert Hyperappel] C:\Arquivos de programas\Le Robert\Le Petit Robert\prhyper.exe ()
O4 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006..\Run: [msnmsgr] C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-19_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\S-1-5-19_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\S-1-5-19_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\S-1-5-19_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-20_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-20_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\S-1-5-20_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\S-1-5-20_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\S-1-5-20_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} https://clickbanking.unibanco.com.br/Gb ... ginUni.cab (GbPluginObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.0.43 201.6.0.42
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginUni: DllName - C:\ARQUIV~1\GbPlugin\gbiehuni.dll - C:\Arquivos de programas\GbPlugin\gbiehuni.dll (Banco Unibanco)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll (Banco Unibanco)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/19 10:01:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6f6e45ec-e652-11dd-b095-001fd0faaeb2}\Shell - "" = AutoRun
O33 - MountPoints2\{6f6e45ec-e652-11dd-b095-001fd0faaeb2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6faad8b2-61d2-11de-81de-001e58a1a6b6}\Shell\AutoRun\command - "" = RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe
O33 - MountPoints2\{6faad8b2-61d2-11de-81de-001e58a1a6b6}\Shell\open\command - "" = RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe
O33 - MountPoints2\{a7b88dd5-2f3d-11de-81a7-001e58a1a6b6}\Shell - "" = AutoRun
O33 - MountPoints2\{a7b88dd5-2f3d-11de-81a7-001e58a1a6b6}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a7b88dd6-2f3d-11de-81a7-001e58a1a6b6}\Shell - "" = AutoRun
O33 - MountPoints2\{a7b88dd6-2f3d-11de-81a7-001e58a1a6b6}\Shell\Auto\command - "" = MicrosoftPowerPoint.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/07/13 20:29:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Meus documentos\securité
[2009/07/13 20:20:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Dados de aplicativos\Malwarebytes
[2009/07/13 20:20:42 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/13 20:20:40 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 20:20:39 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 20:20:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
[2009/07/13 20:20:39 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware
[2009/07/13 20:17:51 | 03,775,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Christophe\Desktop\mbam-setup.exe
[2009/07/13 20:16:54 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Christophe\Desktop\OTL.exe
[2009/07/13 13:59:34 | 10,284,10368 | ---- | C] () -- C:\Documents and Settings\Christophe\Meus documentos\rede de mentiras 1.avi
[2009/07/13 13:44:22 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/07/13 13:44:21 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/07/13 13:44:21 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/07/13 13:44:20 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/07/13 13:44:20 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/13 13:44:20 | 00,685,056 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2009/07/13 13:44:20 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009/07/13 13:44:20 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/13 13:44:20 | 00,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009/07/13 13:44:19 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/07/13 13:44:19 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/07/13 13:44:18 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\K-Lite Codec Pack
[2009/07/13 13:11:40 | 00,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2009/07/13 13:11:40 | 00,000,745 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\Magic Audio Editor Pro.lnk
[2009/07/13 13:11:39 | 00,403,968 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTWMAFile2.dll
[2009/07/13 13:11:38 | 00,478,208 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioVisualization2.dll
[2009/07/13 13:11:37 | 00,522,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioTransform2.dll
[2009/07/13 13:11:36 | 00,467,968 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioRecord2.dll
[2009/07/13 13:11:35 | 00,467,456 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioPlayer2.dll
[2009/07/13 13:11:33 | 00,966,144 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioInformation2.dll
[2009/07/13 13:11:32 | 00,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioEditor2.dll
[2009/07/13 13:11:32 | 00,877,568 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioFile2.dll
[2009/07/13 13:11:31 | 00,457,728 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioDisplay2.dll
[2009/07/13 13:11:30 | 01,852,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioDesign2.dll
[2009/07/13 13:11:28 | 00,479,744 | ---- | C] (NCT) -- C:\WINDOWS\System32\NCTAudioCDGrabber2.dll
[2009/07/13 13:11:27 | 00,544,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71d.dll
[2009/07/13 13:07:00 | 00,584,851 | ---- | C] (DeskShare ) -- C:\Documents and Settings\Christophe\Meus documentos\mpeg2decoder.exe
[2009/07/13 13:06:14 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Mpeg2Decoder
[2009/07/13 09:53:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/07/11 13:29:52 | 18,108,1088 | ---- | C] () -- C:\Documents and Settings\Christophe\Meus documentos\MyMovie.avi
[2009/07/11 13:02:11 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Magic Audio Editor Pro
[2009/07/11 12:43:53 | 00,000,250 | -H-- | C] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/07/11 12:43:51 | 00,000,294 | -H-- | C] () -- C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
[2009/07/11 12:43:33 | 00,134,144 | ---- | C] () -- C:\WINDOWS\System32\tpsaxyd.exe
[2009/07/11 12:43:33 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\comsa32.sys
[2009/07/11 12:40:18 | 00,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2009/07/11 12:40:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
[2009/07/11 12:40:05 | 00,258,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Unicows.dll
[2009/07/11 12:35:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Meus documentos\.zs4
[2009/07/11 12:35:13 | 00,000,856 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\t@b ZweiStein v0.957 686.lnk
[2009/07/11 12:35:08 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\t@b
[2009/07/10 13:20:18 | 00,000,548 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\Atalho para SCL.lnk
[2009/07/07 16:35:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Dados de aplicativos\AVS4YOU
[2009/07/07 16:35:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVS4YOU
[2009/07/07 16:34:08 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\AVSMedia
[2009/07/07 16:34:02 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2009/07/07 16:34:00 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\AVS4YOU
[2009/07/02 11:40:25 | 10,806,784 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\Portifólio A4.doc
[2009/07/01 12:24:02 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2009/07/01 12:22:08 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\WinZip
[2009/07/01 09:31:49 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2009/07/01 09:31:49 | 00,000,824 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\Free Easy Burner.lnk
[2009/07/01 09:31:46 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/07/01 09:31:46 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Free Easy Burner
[2009/06/30 20:16:48 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\7-Zip
[2009/06/22 12:03:15 | 00,462,848 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\HHActiveX.dll
[2009/06/22 12:03:08 | 01,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2009/06/22 12:03:08 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl71.dll
[2009/06/22 12:03:08 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2009/06/22 12:03:07 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documentos\Droppix DVD Maker
[2009/06/22 12:02:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Droppix
[2009/06/19 17:43:33 | 00,203,884 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\Conviteok.png
[2009/06/18 13:23:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Meus documentos\Native Instruments
[2009/06/17 17:17:17 | 00,000,000 | ---D | C] -- C:\Cakewalk Projects
[2009/06/17 17:15:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Meus documentos\Cakewalk
[2009/06/17 17:15:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Dados de aplicativos\Cakewalk
[2009/06/17 17:14:16 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Native Instruments
[2009/06/17 17:13:58 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Native Instruments
[2009/06/17 17:13:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Identities
[2009/06/17 17:13:38 | 00,118,784 | ---- | C] () -- C:\WINDOWS\dsdxirmv.exe
[2009/06/17 17:04:55 | 01,047,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71u.dll
[2009/06/17 17:04:55 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2009/06/17 17:04:55 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2009/06/17 17:04:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Cakewalk
[2009/06/17 17:04:29 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Cakewalk
[2009/06/17 16:43:11 | 22,257,693 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\Ch.rar
[2009/06/17 16:39:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Desktop\Ch
[2009/06/17 12:46:53 | 00,002,297 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SendBlaster.lnk
[2009/06/17 12:46:46 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\SendBlaster
[2009/06/17 12:28:07 | 00,007,784 | ---- | C] () -- C:\WINDOWS\System32\ssceda.tlx
[2009/06/17 12:28:07 | 00,000,673 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\GroupMail 5.lnk
[2009/06/17 12:28:06 | 00,978,572 | ---- | C] () -- C:\WINDOWS\System32\ssceit2.clx
[2009/06/17 12:28:06 | 00,947,604 | ---- | C] () -- C:\WINDOWS\System32\sscefi2.clx
[2009/06/17 12:28:06 | 00,932,981 | ---- | C] () -- C:\WINDOWS\System32\SSCEGE1.CLX
[2009/06/17 12:28:06 | 00,819,704 | ---- | C] () -- C:\WINDOWS\System32\sscesp2.clx
[2009/06/17 12:28:06 | 00,766,185 | ---- | C] () -- C:\WINDOWS\System32\sscedu2.clx
[2009/06/17 12:28:06 | 00,749,025 | ---- | C] () -- C:\WINDOWS\System32\ssceda2.clx
[2009/06/17 12:28:06 | 00,376,283 | ---- | C] () -- C:\WINDOWS\System32\sscepo2.clx
[2009/06/17 12:28:06 | 00,348,158 | ---- | C] () -- C:\WINDOWS\System32\sscefr2.clx
[2009/06/17 12:28:06 | 00,311,021 | ---- | C] () -- C:\WINDOWS\System32\sscenb2.clx
[2009/06/17 12:28:06 | 00,311,004 | ---- | C] () -- C:\WINDOWS\System32\sscepb2.clx
[2009/06/17 12:28:06 | 00,303,231 | ---- | C] () -- C:\WINDOWS\System32\sscesw2.clx
[2009/06/17 12:28:06 | 00,017,536 | ---- | C] () -- C:\WINDOWS\System32\sscefi.tlx
[2009/06/17 12:28:06 | 00,009,794 | ---- | C] () -- C:\WINDOWS\System32\sscege.tlx
[2009/06/17 12:28:06 | 00,008,385 | ---- | C] () -- C:\WINDOWS\System32\sscepb.tlx
[2009/06/17 12:28:06 | 00,007,895 | ---- | C] () -- C:\WINDOWS\System32\sscedu.tlx
[2009/06/17 12:28:06 | 00,007,747 | ---- | C] () -- C:\WINDOWS\System32\ssceit.tlx
[2009/06/17 12:28:06 | 00,007,150 | ---- | C] () -- C:\WINDOWS\System32\sscenb.tlx
[2009/06/17 12:28:06 | 00,006,232 | ---- | C] () -- C:\WINDOWS\System32\sscepo.tlx
[2009/06/17 12:28:06 | 00,005,538 | ---- | C] () -- C:\WINDOWS\System32\sscefr.tlx
[2009/06/17 12:28:06 | 00,001,756 | ---- | C] () -- C:\WINDOWS\System32\sscesp.tlx
[2009/06/17 12:28:06 | 00,000,878 | ---- | C] () -- C:\WINDOWS\System32\sscesw.tlx
[2009/06/17 12:28:05 | 00,385,592 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedBkp.dll
[2009/06/17 12:28:05 | 00,159,823 | ---- | C] (Quiksoft Corporation) -- C:\WINDOWS\System32\emmsg.dll
[2009/06/17 12:28:05 | 00,159,744 | ---- | C] (Desaware, Inc.) -- C:\WINDOWS\System32\dwStg.dll
[2009/06/17 12:28:05 | 00,151,638 | ---- | C] (Quiksoft Corporation) -- C:\WINDOWS\System32\empop3.dll
[2009/06/17 12:28:04 | 01,208,320 | ---- | C] (Plasmatech Software Design) -- C:\WINDOWS\System32\PTxSCP.ocx
[2009/06/17 12:28:04 | 00,950,272 | ---- | C] (Connected Software, Inc.) -- C:\WINDOWS\System32\MagicCtl.dll
[2009/06/17 12:28:04 | 00,702,232 | ---- | C] (Think Technologies Inc.) -- C:\WINDOWS\System32\ThinkHTMLEditor.ocx
[2009/06/17 12:28:04 | 00,471,040 | ---- | C] (VideoSoft) -- C:\WINDOWS\System32\Vsflex7.ocx
[2009/06/17 12:28:04 | 00,396,288 | ---- | C] () -- C:\WINDOWS\System32\o2DirSpyX.ocx
[2009/06/17 12:28:04 | 00,194,248 | ---- | C] (Infragistics, Inc.) -- C:\WINDOWS\System32\IGScroll40.ocx
[2009/06/17 12:28:04 | 00,151,552 | ---- | C] (Think Technologies Inc.) -- C:\WINDOWS\System32\trkg300.ocx
[2009/06/17 12:28:04 | 00,127,488 | ---- | C] (Teebo Software Solutions) -- C:\WINDOWS\System32\tssTaskPane1a.ocx
[2009/06/17 12:28:04 | 00,057,344 | ---- | C] (Think Technologies Inc.) -- C:\WINDOWS\System32\ThinkFTPCMSUpload.ocx
[2009/06/17 12:28:03 | 00,487,424 | ---- | C] (Sequiter Software Inc.) -- C:\WINDOWS\System32\infCB.dll
[2009/06/17 12:28:03 | 00,368,640 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\gmgrpman.dll
[2009/06/17 12:28:03 | 00,348,160 | ---- | C] (AdminSystem Software Limited) -- C:\WINDOWS\System32\ANPOP.dll
[2009/06/17 12:28:03 | 00,330,192 | ---- | C] () -- C:\WINDOWS\System32\sscebr2.clx
[2009/06/17 12:28:03 | 00,328,670 | ---- | C] () -- C:\WINDOWS\System32\ssceca2.clx
[2009/06/17 12:28:03 | 00,328,061 | ---- | C] () -- C:\WINDOWS\System32\ssceam2.clx
[2009/06/17 12:28:03 | 00,315,400 | ---- | C] (VBGold Software) -- C:\WINDOWS\System32\sprinter.ocx
[2009/06/17 12:28:03 | 00,274,432 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMAccMan.dll
[2009/06/17 12:28:03 | 00,270,336 | ---- | C] (AdminSystem Software Limited) -- C:\WINDOWS\System32\AOSMTP.dll
[2009/06/17 12:28:03 | 00,241,664 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMMailer.dll
[2009/06/17 12:28:03 | 00,208,896 | ---- | C] (infacta Ltd.) -- C:\WINDOWS\System32\infGMUI.ocx
[2009/06/17 12:28:03 | 00,169,216 | ---- | C] (Wintertree Software Inc.) -- C:\WINDOWS\System32\wspell.ocx
[2009/06/17 12:28:03 | 00,167,936 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\infgdbcb.dll
[2009/06/17 12:28:03 | 00,081,920 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\gmnamfld.dll
[2009/06/17 12:28:03 | 00,081,920 | ---- | C] (ADMINSYSTEM) -- C:\WINDOWS\System32\ANSSLPLUS.dll
[2009/06/17 12:28:03 | 00,069,632 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMSigMan.dll
[2009/06/17 12:28:03 | 00,065,536 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMMesCom.dll
[2009/06/17 12:28:03 | 00,045,056 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMPaths.dll
[2009/06/17 12:28:03 | 00,021,529 | ---- | C] () -- C:\WINDOWS\System32\correct.tlx
[2009/06/17 12:28:03 | 00,018,138 | ---- | C] () -- C:\WINDOWS\System32\Wspelldlg.hlp
[2009/06/17 12:28:03 | 00,007,798 | ---- | C] () -- C:\WINDOWS\System32\ssceca.tlx
[2009/06/17 12:28:03 | 00,007,798 | ---- | C] () -- C:\WINDOWS\System32\sscebr.tlx
[2009/06/17 12:28:03 | 00,007,796 | ---- | C] () -- C:\WINDOWS\System32\ssceam.tlx
[2009/06/17 12:28:03 | 00,003,632 | ---- | C] () -- C:\WINDOWS\System32\tech.tlx
[2009/06/17 12:28:03 | 00,002,338 | ---- | C] () -- C:\WINDOWS\System32\accent.tlx
[2009/06/17 12:28:03 | 00,000,232 | ---- | C] () -- C:\WINDOWS\System32\WSpellDlg.cnt
[2009/06/17 12:28:03 | 00,000,089 | ---- | C] () -- C:\WINDOWS\System32\userdic.tlx
[2009/06/17 12:28:02 | 00,673,546 | ---- | C] () -- C:\Documents and Settings\Christophe\Dados de aplicativos\unins000.exe
[2009/06/17 12:28:02 | 00,026,647 | ---- | C] () -- C:\Documents and Settings\Christophe\Dados de aplicativos\unins000.dat
[2009/06/16 13:32:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Meus documentos\Mes Historiques de Conversation
[2009/06/16 11:38:05 | 02,600,150 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\hit the beach.mp3
[2009/06/16 11:28:42 | 06,381,008 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\progressivation.mp3
[2009/06/16 11:25:20 | 70,342,608 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\progressivation.wav
[2009/06/16 11:14:52 | 28,658,128 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\hit the beach.wav
[2009/06/15 15:49:20 | 00,000,659 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\Guitar Pro 5.lnk
[2009/06/15 15:46:37 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Guitar Pro 5
[2009/06/13 09:28:16 | 00,000,029 | ---- | C] () -- C:\WINDOWS\UNWISE.INI
[2009/06/01 14:02:06 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\snEUps.dll
[2009/04/27 11:17:05 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2009/03/26 18:26:44 | 00,000,137 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/03/23 14:25:08 | 00,000,152 | ---- | C] () -- C:\WINDOWS\PR1V2.INI
[2009/03/20 15:47:57 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/01/19 13:49:01 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009/01/19 11:29:46 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/14 09:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/04/14 09:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/04/14 09:00:00 | 00,000,006 | ---- | C] () -- C:\WINDOWS\System32\FInstall.sys
[2006/09/27 16:04:04 | 00,013,848 | ---- | C] () -- C:\WINDOWS\System32\WPHooks.dll
[2006/08/29 15:49:56 | 00,022,985 | ---- | C] () -- C:\WINDOWS\System32\librsatool.dll
[2006/08/29 15:36:50 | 00,264,795 | ---- | C] () -- C:\WINDOWS\System32\libgmp-3.dll
[2006/08/29 15:05:40 | 04,276,273 | ---- | C] () -- C:\WINDOWS\System32\wxmsw26_core_gcc_justsoft.dll
[2006/08/29 15:05:40 | 00,882,059 | ---- | C] () -- C:\WINDOWS\System32\wxmsw26_adv_gcc_justsoft.dll
[2006/08/29 15:05:38 | 01,447,189 | ---- | C] () -- C:\WINDOWS\System32\wxbase26_gcc_justsoft.dll
[2005/10/27 22:09:58 | 00,015,649 | ---- | C] () -- C:\WINDOWS\System32\mingwm10.dll
[2004/11/18 09:16:42 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\nktwab.dll
[2003/04/01 09:58:02 | 00,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[9 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/07/14 13:15:15 | 38,161,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/07/14 13:15:15 | 00,028,327 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/07/14 13:14:27 | 00,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{79390583-3105-4ED4-8537-58A2B54B639E}
[2009/07/14 13:14:22 | 00,000,011 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{79390583-3105-4ED4-8537-58A2B54B639E}
[2009/07/14 13:14:14 | 00,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2009/07/14 13:14:10 | 00,000,294 | -H-- | M] () -- C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
[2009/07/14 13:14:10 | 00,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/07/14 13:13:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/14 13:13:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/13 20:20:42 | 00,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/13 20:18:46 | 03,775,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Christophe\Desktop\mbam-setup.exe
[2009/07/13 20:16:59 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christophe\Desktop\OTL.exe
[2009/07/13 20:08:12 | 00,000,226 | ---- | M] () -- C:\Documents and Settings\Christophe\Meus documentos\NOTEBOOK.DBF
[2009/07/13 20:08:12 | 00,000,152 | ---- | M] () -- C:\WINDOWS\PR1V2.INI
[2009/07/13 15:24:28 | 00,000,534 | ---- | M] () -- C:\hpfr3420.xml
[2009/07/13 14:21:42 | 10,284,10368 | ---- | M] () -- C:\Documents and Settings\Christophe\Meus documentos\rede de mentiras 1.avi
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 13:11:40 | 00,000,745 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\Magic Audio Editor Pro.lnk
[2009/07/13 13:10:14 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Christophe\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/13 13:07:00 | 00,584,851 | ---- | M] (DeskShare ) -- C:\Documents and Settings\Christophe\Meus documentos\mpeg2decoder.exe
[2009/07/13 09:50:17 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/11 13:32:58 | 18,108,1088 | ---- | M] () -- C:\Documents and Settings\Christophe\Meus documentos\MyMovie.avi
[2009/07/11 12:40:18 | 00,356,352 | ---- | M] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2009/07/11 12:35:13 | 00,000,856 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\t@b ZweiStein v0.957 686.lnk
[2009/07/10 13:20:18 | 00,000,548 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\Atalho para SCL.lnk
[2009/07/08 09:25:44 | 00,150,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/06 13:35:50 | 00,036,112 | ---- | M] () -- C:\Documents and Settings\Christophe\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
[2009/07/02 11:40:00 | 10,806,784 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\Portifólio A4.doc
[2009/07/01 12:24:02 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2009/07/01 09:31:50 | 00,000,824 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\Free Easy Burner.lnk
[2009/06/29 16:42:46 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/27 11:09:48 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/27 11:09:48 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/27 11:09:47 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/21 10:22:58 | 00,000,008 | ---- | M] () -- C:\WINDOWS\System32\comsa32.sys
[2009/06/19 17:44:15 | 00,002,297 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SendBlaster.lnk
[2009/06/19 17:43:33 | 00,203,884 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\Conviteok.png
[2009/06/17 17:13:38 | 00,118,784 | ---- | M] () -- C:\WINDOWS\dsdxirmv.exe
[2009/06/17 16:43:23 | 22,257,693 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\Ch.rar
[2009/06/17 12:28:14 | 00,026,647 | ---- | M] () -- C:\Documents and Settings\Christophe\Dados de aplicativos\unins000.dat
[2009/06/17 12:28:07 | 00,000,673 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\GroupMail 5.lnk
[2009/06/17 12:27:55 | 00,673,546 | ---- | M] () -- C:\Documents and Settings\Christophe\Dados de aplicativos\unins000.exe
[2009/06/16 11:38:19 | 02,600,150 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\hit the beach.mp3
[2009/06/16 11:29:11 | 06,381,008 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\progressivation.mp3
[2009/06/16 11:25:21 | 70,342,608 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\progressivation.wav
[2009/06/16 11:14:52 | 28,658,128 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\hit the beach.wav
[2009/06/15 15:49:20 | 00,000,659 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\Guitar Pro 5.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 348 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst
<End>
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede nickW » 15 Juil 2009, 00:14

Bonsoir,


Autre recherche:


Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser.



Note préliminaire importante
FindyKill est détecté par certains antivirus comme étant un RiskTool (outil à risque).
Ceci est exact puisque certains de ses composants, s'ils étaient mis entre de mauvaises mains, pourraient effectuer des actions dangereuses.
Dans le cas de FindyKill, il faut les laisser s'exécuter, et, si nécessaire, désactiver temporairement les programmes de protection en temps réel (lors du téléchargement et de l'exécution de l'outil).
Par exemple, il est indispensable d'arrêter la protection en temps réel d'Avira Antivir, Dr.Web et Kaspersky Anti-Virus.




Étape 1: FindyKill (de Chiquitine29), installation
Télécharger FindyKill.exe via un clic droit (suivi de Enregistrer sous....) sur le lien ci-dessous:
http://sd-1.archive-host.com/membres/up ... dyKill.exe
Enregistrer ce fichier sur le Bureau.

Faire un double clic sur le fichier téléchargé FindyKill.exe pour lancer l'installation.
Accepter tous les paramètres par défaut (en cliquant sur Suivant, en cochant "Je suis d'accord...." suivi d'un clic sur Suivant, puis en cliquant sur Suivant, et enfin sur Démarrer). En fin d'installation, si nécessaire, cliquer sur Quitter.


Étape 2: FindyKill (de Chiquitine29), recherche
Brancher les périphériques de stockage externes (clé USB, disque dur externe, etc...).

Faire un double clic sur le raccourci FindyKill situé sur le Bureau.

Choisir la langue française en tapant F et valider en appuyant sur la touche Entrée
Sur le menu principal, choisir l'option 1 (Recherche) et valider en appuyant sur la touche Entrée.
Les icônes du Bureau et le Menu Démarrer vont disparaître: c'est normal.
Lorsque la recherche est terminée, appuyer sur une touche pour provoquer l'ouverture d'une fenêtre du Bloc-notes contenant le résultat de l'analyse. Fermer le Bloc-notes.


Étape 3: Résultat
Envoyer en réponse le contenu du fichier SystemDrive\FindyKill.txt
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede kanakryss » 15 Juil 2009, 13:46

bonjour ,
voici le rapport findykill

############################## | FindyKill V6.006 |

# User : Christophe (Usuários) # NSTITUTO-3E2DFB
# Update on 14/07/09 by Chiquitine29 & C_XX
# Start at: 09:41:57 | 15/7/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]

# A:\ # Unidade de disquete de 3 1/2 polegadas
# C:\ # Disco fixo local # 149,04 Go (67,79 Go free) # NTFS
# D:\ # Disco CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\a-squared Free\a2service.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Arquivos de programas\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Le Robert\Le Petit Robert\prhyper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sopidkc.exe
C:\Arquivos de programas\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
C:\Arquivos de programas\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Registre Startup |

R1 - HKCU\..\Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
R1 - HKCU\..\Main: "Search Page"="http://www.google.com"
R1 - HKCU\..\Main: "Start Page"="http://google.mini20.com"
F2 - HKLM\..\logon:"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
F2 - HKLM\..\logon:"DefaultUserName"="Christophe"
F2 - HKLM\..\logon:"AltDefaultUserName"="Christophe"
F2 - HKLM\..\logon:"LegalNoticeCaption"=""
F2 - HKLM\..\logon:"LegalNoticeText"=""
04 - HKLM\..\Run: igfxtray=C:\WINDOWS\system32\igfxtray.exe
04 - HKLM\..\Run: igfxhkcmd=C:\WINDOWS\system32\hkcmd.exe
04 - HKLM\..\Run: igfxpers=C:\WINDOWS\system32\igfxpers.exe
04 - HKLM\..\Run: RTHDCPL=RTHDCPL.EXE
04 - HKLM\..\Run: Alcmtr=ALCMTR.EXE
04 - HKLM\..\Run: AVG8_TRAY=C:\ARQUIV~1\AVG\AVG8\avgtray.exe
04 - HKLM\..\Run: ANIWZCS2Service=C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe
04 - HKLM\..\Run: D-Link D-Link Wireless G DWA-110=C:\Arquivos de programas\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
04 - HKLM\..\Run: SunJavaUpdateSched="C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
04 - HKLM\..\Run: TkBellExe="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
04 - HKLM\..\Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
04 - HKCU\..\Run: ctfmon.exe#C:\WINDOWS\system32\ctfmon.exe#
04 - HKCU\..\Run: msnmsgr#"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background#
04 - HKCU\..\Run: Le Petit Robert Hyperappel#C:\Arquivos de programas\Le Robert\Le Petit Robert\prhyper.exe#

################## | Fichiers # Dossiers infectieux |


################## | C:\Documents and Settings\Christophe\Temporary Internet Files |


################## | All Drives ... |


################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{6f6e45ec-e652-11dd-b095-001fd0faaeb2}
Shell\AutoRun\command =E:\LaunchU3.exe -a

HKCU\..\..\Explorer\MountPoints2\{6faad8b2-61d2-11de-81de-001e58a1a6b6}
Shell\AutoRun\command =RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe
Shell\open\command =RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe

HKCU\..\..\Explorer\MountPoints2\{a7b88dd5-2f3d-11de-81a7-001e58a1a6b6}
Shell\AutoRun\command =E:\LaunchU3.exe -a

HKCU\..\..\Explorer\MountPoints2\{a7b88dd6-2f3d-11de-81a7-001e58a1a6b6}
Shell\Auto\command =MicrosoftPowerPoint.exe
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

################## | Etat / Services / Informations |

# Affichage des fichiers cachés : OK
# Mode sans echec : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # FindyKill V6.006 ! |
kanakryss
 
Messages: 11
Inscription: 14 Juil 2009, 00:14
Localisation: são Paulo

Messagede nickW » 17 Juil 2009, 00:29

Bonsoir,

La suite:

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).


Étape 1: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image AVG: ouvrir AVG Control Center, double clic sur "AVG Resident Shield", décocher "Turn on AVG Resident Shield"


Étape 2: FindyKill (de Chiquitine29), nettoyage
Brancher les périphériques de stockage externes (clé USB, disque dur externe, etc...).

Faire un double clic sur le raccourci FindyKill situé sur le Bureau.

Sur le menu principal, choisir l'option 2 (Suppression) et valider en appuyant sur la touche Entrée.
Cliquer sur OK dans la fenêtre d'information.
Les icônes du Bureau et le Menu Démarrer vont disparaître: c'est normal.
Le PC va redémarrer deux fois (appuyer sur une touche quand demandé).

Lorsque le nettoyage est terminé, appuyer sur une touche pour provoquer l'ouverture d'une fenêtre du Bloc-notes contenant le résultat. Fermer le Bloc-notes.


Étape 3: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus et celui de l'antispyware.


Étape 5: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Si ce n'est déjà fait, dans le paragraphe Extra Registry, cocher le bouton-radio Use SafeList:
Image

Cocher (en haut) la case située devant Scan All Users:
Image

Puis cliquer sur le bouton Run Scan:
Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 6: Résultat
Envoyer en réponse:
*- le rapport de FindyKill (contenu du fichier SystemDrive\FindyKill.txt).
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-*-**-**** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs / *-**-**** (**-**-**) représente la date [mois-jour-année] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans deux messages distincts (à cause de la longueur des logs):
*- les deux rapports de OTL (contenu des fichiers OTL.Txt et Extras.Txt situés sur le Bureau).
Les rapports envoyés sur le forum doivent se terminer par une ligne contenant <End>. Si ce n'est pas le cas, ils sont incomplets, et doivent alors être découpés en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede kanakryss » 17 Juil 2009, 13:58

Bonjour ,

le rapport findykill :

############################## | FindyKill V6.006 |

# User : Christophe (Usuários) # NSTITUTO-3E2DFB
# Update on 14/07/09 by Chiquitine29 & C_XX
# Start at: 09:25:56 | 17/7/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : AVG Anti-Virus Free 8.5 [ (!) Disabled | Updated ]

# A:\ # Unidade de disquete de 3 1/2 polegadas
# C:\ # Disco fixo local # 149,04 Go (65,33 Go free) # NTFS
# D:\ # Disco CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\a-squared Free\a2service.exe
C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\sopidkc.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\WINDOWS\Prefetch\KEYGEN.EXE-326D2372.pf

################## | C:\Documents and Settings\Christophe\Temporary Internet Files |


################## | All Drives ... |

################## | Autres ... |


################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{6f6e45ec-e652-11dd-b095-001fd0faaeb2}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{6faad8b2-61d2-11de-81de-001e58a1a6b6}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{a7b88dd5-2f3d-11de-81a7-001e58a1a6b6}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{a7b88dd6-2f3d-11de-81a7-001e58a1a6b6}\Shell\Auto\Command

################## | Listing des fichiers présent |

[12/05/2009 10:22|--a------|32256] - C:\aaaa.doc
[19/01/2009 10:01|--a------|0] - C:\AUTOEXEC.BAT
[19/01/2009 09:56|---hs----|211] - C:\boot.ini
[14/04/2008 09:00|-rahs----|4952] - C:\Bootfont.bin
[22/04/2009 17:18|--a------|11186176] - C:\Charles Baudelaire.avi
[22/04/2009 18:18|--a------|18725] - C:\colopaq3.gif
[19/01/2009 10:01|--a------|0] - C:\CONFIG.SYS
[19/01/2009 10:12|--a------|25] - C:\csb.log
[17/07/2009 09:32|--a------|3158] - C:\FindyKill.txt
[16/07/2009 18:50|--a------|253385] - C:\hpfr3420.log
[16/07/2009 18:50|--a------|534] - C:\hpfr3420.xml
[19/01/2009 10:01|-rahs----|0] - C:\IO.SYS
[22/04/2009 16:12|--a------|9219584] - C:\Movie1.avi
[19/01/2009 10:01|-rahs----|0] - C:\MSDOS.SYS
[14/04/2008 09:00|-rahs----|47564] - C:\NTDETECT.COM
[14/04/2008 09:00|-rahs----|251696] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[19/01/2009 10:10|--a------|437] - C:\RHDSetup.log
[09/05/2009 09:44|--a------|80503] - C:\sarkozylependevilliers4mm.jpg
[19/01/2009 11:55|--ah-----|268] - C:\sqmdata00.sqm
[19/01/2009 12:07|--ah-----|268] - C:\sqmdata01.sqm
[19/01/2009 12:11|--ah-----|268] - C:\sqmdata02.sqm
[19/01/2009 13:51|--ah-----|268] - C:\sqmdata03.sqm
[19/01/2009 13:52|--ah-----|268] - C:\sqmdata04.sqm
[19/01/2009 16:19|--ah-----|268] - C:\sqmdata05.sqm
[20/01/2009 11:15|--ah-----|268] - C:\sqmdata06.sqm
[20/01/2009 11:26|--ah-----|268] - C:\sqmdata07.sqm
[28/02/2009 15:08|--ah-----|268] - C:\sqmdata08.sqm
[28/02/2009 15:19|--ah-----|268] - C:\sqmdata09.sqm
[19/01/2009 11:55|--ah-----|244] - C:\sqmnoopt00.sqm
[19/01/2009 12:07|--ah-----|244] - C:\sqmnoopt01.sqm
[19/01/2009 12:11|--ah-----|244] - C:\sqmnoopt02.sqm
[19/01/2009 13:51|--ah-----|244] - C:\sqmnoopt03.sqm
[19/01/2009 13:52|--ah-----|244] - C:\sqmnoopt04.sqm
[19/01/2009 16:19|--ah-----|244] - C:\sqmnoopt05.sqm
[20/01/2009 11:15|--ah-----|244] - C:\sqmnoopt06.sqm
[20/01/2009 11:26|--ah-----|244] - C:\sqmnoopt07.sqm
[28/02/2009 15:08|--ah-----|244] - C:\sqmnoopt08.sqm
[28/02/2009 15:19|--ah-----|244] - C:\sqmnoopt09.sqm

################## | Vaccination |

# C:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.

################## | Etat / Services / Informations |

# Mode sans echec : OK


# Affichage des fichiers cachés : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | PEH ... |


################## | Cracks / Keygens / Serials |

"C:\Documents and Settings\Christophe\Meus documentos\CHRISTOPHE\Nova pasta\migration\Adobe Premiere Elements 7.0 by MarcioD UV\Keygen\keygen.exe"
06/10/2008 12:55 |Size : 73728 |Crc32 : 34835460 |Md5 : 3913d9ce5b98c2aa1ca4d6b228aaf4c6


################## | ! Fin du rapport # FindyKill V6.006 ! |
kanakryss
 
Messages: 11
Inscription: 14 Juil 2009, 00:14
Localisation: são Paulo

Messagede kanakryss » 17 Juil 2009, 14:00

Le rapport de malware malbytes ...



Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2423
Windows 5.1.2600 Service Pack 3

17/7/2009 09:42:44
mbam-log-2009-07-17 (09-42-44).txt

Type de recherche: Examen rapide
Eléments examinés: 87335
Temps écoulé: 3 minute(s), 31 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
C:\WINDOWS\system32\sopidkc.exe (Trojan.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sopidkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sopidkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sopidkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pcmstub (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\sopidkc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wxmsw26_adv_gcc_justsoft.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wiwow64.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wiawow32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
kanakryss
 
Messages: 11
Inscription: 14 Juil 2009, 00:14
Localisation: são Paulo

Messagede kanakryss » 17 Juil 2009, 14:01

le rapport OTL

OTL logfile created on: 17/7/2009 09:50:13 - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\Christophe\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1015,48 Mb Total Physical Memory | 406,39 Mb Available Physical Memory | 40,02% Memory free
2,39 Gb Paging File | 1,87 Gb Available in Paging File | 78,61% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 149,04 Gb Total Space | 66,06 Gb Free Space | 44,32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NSTITUTO-3E2DFB
Current User Name: Christophe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/05/07 18:54:10 | 00,053,120 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe
PRC - [2009/02/25 19:18:14 | 00,425,080 | ---- | M] (Emsi Software GmbH) -- C:\Arquivos de programas\a-squared Free\a2service.exe
PRC - [2009/06/27 11:09:43 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgwdsvc.exe
PRC - [2009/02/20 14:11:26 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe
PRC - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2008/10/20 21:18:26 | 00,071,096 | ---- | M] () -- C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/06/27 11:09:48 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgrsx.exe
PRC - [2009/05/13 09:33:25 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgnsx.exe
PRC - [2009/06/27 11:09:44 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgemc.exe
PRC - [2009/06/27 11:09:47 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
PRC - [2009/02/06 07:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/04/14 09:00:00 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/11/28 02:55:14 | 00,098,304 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2005/11/28 02:52:00 | 00,077,824 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/11/28 02:55:58 | 00,118,784 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2008/02/13 03:31:34 | 16,857,600 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009/06/27 11:09:45 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgtray.exe
PRC - [2007/01/19 10:49:04 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2007/05/04 09:26:38 | 01,662,976 | ---- | M] (D-Link) -- C:\Arquivos de programas\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
PRC - [2009/02/20 14:11:26 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jusched.exe
PRC - [2009/03/12 14:03:22 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
PRC - [2009/02/06 18:50:38 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
PRC - [2001/10/11 12:11:16 | 00,022,560 | ---- | M] () -- C:\Arquivos de programas\Le Robert\Le Petit Robert\prhyper.exe
PRC - [2009/04/21 22:34:24 | 12,314,456 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/06/27 11:09:47 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
PRC - [2008/11/13 09:33:54 | 00,097,128 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de programas\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2009/06/12 11:50:22 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
PRC - [2009/07/13 20:16:59 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christophe\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/02/25 19:18:14 | 00,425,080 | ---- | M] (Emsi Software GmbH) -- C:\Arquivos de programas\a-squared Free\a2service.exe -- (a2free [Auto | Running])
SRV - [2009/04/20 18:17:00 | 00,068,096 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2007/01/19 10:49:26 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService [Auto | Stopped])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/09/27 16:07:26 | 00,093,132 | ---- | M] () -- C:\Arquivos de programas\Justsoft WinPolicy\WPService.exe -- (AutoLock [On_Demand | Stopped])
SRV - [2009/06/27 11:09:44 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/06/27 11:09:43 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/07/15 20:23:46 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2009/05/07 18:54:10 | 00,053,120 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv [Unknown | Running])
SRV - [2008/07/31 19:16:28 | 00,136,120 | ---- | M] (Google) -- C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 09:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/02/20 14:11:26 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2008/10/20 21:18:26 | 00,071,096 | ---- | M] () -- C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Auto | Running])
SRV - [2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2006/11/02 23:31:44 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/12/11 10:55:38 | 00,028,195 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIO.SYS -- (ANIO [Auto | Running])
DRV - [2009/06/27 11:09:48 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/06/27 11:09:47 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/13 09:33:25 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2009/05/07 18:55:24 | 00,026,368 | ---- | M] (GAS Tecnologia) -- C:\WINDOWS\system32\drivers\GbpKm.sys -- (GbpKm [Boot | Running])
DRV - [2009/01/19 10:11:48 | 00,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped])
DRV - [2008/04/14 09:00:00 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/11/28 03:20:20 | 01,353,820 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2008/02/14 06:04:06 | 04,676,096 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008/04/14 09:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/20 16:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/12/21 03:25:20 | 00,429,440 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\DRIVERS\Dr71WU.sys -- (RT73 [On_Demand | Running])
DRV - [2008/01/03 11:10:16 | 00,105,856 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])
DRV - [2008/04/14 09:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/03/20 15:47:58 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\S-1-5-21-1715567821-1078081533-1801674531-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8873}:1.0.7.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: pt-BR@dellalibera.sf.net:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff [2009/02/28 15:23:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/12 14:03:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2009/06/18 13:24:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2009/06/12 11:50:27 | 00,000,000 | ---D | M]

[2009/02/28 15:23:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Dados de aplicativos\mozilla\Extensions
[2009/02/28 15:22:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Dados de aplicativos\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/28 15:23:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Dados de aplicativos\mozilla\Extensions\mozswing@mozswing.org
[2009/07/16 10:24:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Dados de aplicativos\mozilla\Firefox\Profiles\8tevvy1f.default\extensions
[2009/02/28 15:14:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Dados de aplicativos\mozilla\Firefox\Profiles\8tevvy1f.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}
[2009/03/27 10:02:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Dados de aplicativos\mozilla\Firefox\Profiles\8tevvy1f.default\extensions\pt-BR@dellalibera.sf.net
[2009/07/16 10:24:05 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions
[2009/06/12 11:50:27 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/28 15:23:05 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/06/12 11:50:22 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 11:50:22 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\brwsrcmp.dll
[2009/02/20 14:11:27 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npdeploytk.dll
[2009/06/12 11:50:22 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Arquivos de programas\mozilla firefox\plugins\npnul32.dll
[2009/04/29 16:47:42 | 00,001,516 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\amazon-france.xml
[2009/04/29 16:47:42 | 00,000,757 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\eBay-france.xml
[2009/04/29 16:47:42 | 00,001,706 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\google.xml
[2009/04/29 16:47:42 | 00,000,748 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2009/04/29 16:47:42 | 00,001,426 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-fr.xml
[2009/04/29 16:47:42 | 00,000,652 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-france.xml
[2009/07/13 10:01:08 | 00,000,783 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (776 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll (Banco Unibanco)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Arquivos de programas\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [D-Link D-Link Wireless G DWA-110] C:\Arquivos de programas\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006..\Run: [Le Petit Robert Hyperappel] C:\Arquivos de programas\Le Robert\Le Petit Robert\prhyper.exe ()
O4 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006..\Run: [msnmsgr] C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-19_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\S-1-5-19_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\S-1-5-19_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\S-1-5-19_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-20_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-20_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\S-1-5-20_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\S-1-5-20_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\S-1-5-20_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} https://clickbanking.unibanco.com.br/Gb ... ginUni.cab (GbPluginObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.0.43 201.6.0.42
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginUni: DllName - C:\ARQUIV~1\GbPlugin\gbiehuni.dll - C:\Arquivos de programas\GbPlugin\gbiehuni.dll (Banco Unibanco)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll (Banco Unibanco)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/19 10:01:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/17 09:32:59 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/07/17 09:32:59 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/07/16 14:53:30 | 00,122,037 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\stef maternelle.jpg
[2009/07/16 13:26:47 | 00,001,871 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\Windows Live Messenger .lnk
[2009/07/16 10:21:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet
[2009/07/16 10:20:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Meus documentos\Adobe
[2009/07/16 03:00:41 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/07/15 20:23:46 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared
[2009/07/15 20:23:30 | 00,001,922 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Premiere Elements 7.0.lnk
[2009/07/15 20:18:58 | 00,116,472 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2009/07/15 20:18:58 | 00,064,760 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2009/07/15 20:18:57 | 00,118,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2009/07/15 20:18:57 | 00,064,760 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2009/07/15 20:18:56 | 00,129,784 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2009/07/15 20:18:55 | 01,628,920 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2009/07/15 09:55:29 | 00,117,937 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\lycée 2nde.jpg
[2009/07/15 09:54:13 | 00,018,060 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\lycée 2nde.htm
[2009/07/15 09:40:31 | 00,001,388 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\FindyKill.lnk
[2009/07/15 09:40:29 | 00,000,000 | ---D | C] -- C:\FindyKill
[2009/07/14 21:22:14 | 01,426,320 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\FindyKill.exe
[2009/07/13 20:29:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Meus documentos\securité
[2009/07/13 20:20:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Dados de aplicativos\Malwarebytes
[2009/07/13 20:20:42 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/13 20:20:40 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 20:20:39 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 20:20:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
[2009/07/13 20:20:39 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware
[2009/07/13 20:17:51 | 03,775,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Christophe\Desktop\mbam-setup.exe
[2009/07/13 20:16:54 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Christophe\Desktop\OTL.exe
[2009/07/13 13:59:34 | 10,284,10368 | ---- | C] () -- C:\Documents and Settings\Christophe\Meus documentos\rede de mentiras 1.avi
[2009/07/13 13:44:22 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/07/13 13:44:21 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/07/13 13:44:21 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/07/13 13:44:20 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/07/13 13:44:20 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/13 13:44:20 | 00,685,056 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2009/07/13 13:44:20 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009/07/13 13:44:20 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/13 13:44:20 | 00,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009/07/13 13:44:19 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/07/13 13:44:19 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/07/13 13:44:18 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\K-Lite Codec Pack
[2009/07/13 13:11:40 | 00,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2009/07/13 13:11:40 | 00,000,745 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\Magic Audio Editor Pro.lnk
[2009/07/13 13:11:39 | 00,403,968 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTWMAFile2.dll
[2009/07/13 13:11:38 | 00,478,208 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioVisualization2.dll
[2009/07/13 13:11:37 | 00,522,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioTransform2.dll
[2009/07/13 13:11:36 | 00,467,968 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioRecord2.dll
[2009/07/13 13:11:35 | 00,467,456 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioPlayer2.dll
[2009/07/13 13:11:33 | 00,966,144 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioInformation2.dll
[2009/07/13 13:11:32 | 00,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioEditor2.dll
[2009/07/13 13:11:32 | 00,877,568 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioFile2.dll
[2009/07/13 13:11:31 | 00,457,728 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioDisplay2.dll
[2009/07/13 13:11:30 | 01,852,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioDesign2.dll
[2009/07/13 13:11:28 | 00,479,744 | ---- | C] (NCT) -- C:\WINDOWS\System32\NCTAudioCDGrabber2.dll
[2009/07/13 13:11:27 | 00,544,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71d.dll
[2009/07/13 13:07:00 | 00,584,851 | ---- | C] (DeskShare ) -- C:\Documents and Settings\Christophe\Meus documentos\mpeg2decoder.exe
[2009/07/13 13:06:14 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Mpeg2Decoder
[2009/07/13 09:53:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/07/11 13:29:52 | 18,108,1088 | ---- | C] () -- C:\Documents and Settings\Christophe\Meus documentos\MyMovie.avi
[2009/07/11 13:02:11 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Magic Audio Editor Pro
[2009/07/11 12:40:18 | 00,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2009/07/11 12:40:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
[2009/07/11 12:40:05 | 00,258,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Unicows.dll
[2009/07/11 12:35:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Meus documentos\.zs4
[2009/07/11 12:35:13 | 00,000,856 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\t@b ZweiStein v0.957 686.lnk
[2009/07/11 12:35:08 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\t@b
[2009/07/07 16:35:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Dados de aplicativos\AVS4YOU
[2009/07/07 16:35:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVS4YOU
[2009/07/07 16:34:08 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\AVSMedia
[2009/07/07 16:34:02 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2009/07/07 16:34:00 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\AVS4YOU
[2009/07/01 12:24:02 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2009/07/01 12:22:08 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\WinZip
[2009/07/01 09:31:49 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2009/07/01 09:31:49 | 00,000,824 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\Free Easy Burner.lnk
[2009/07/01 09:31:46 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/07/01 09:31:46 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Free Easy Burner
[2009/06/30 20:16:48 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\7-Zip
[2009/06/22 12:03:15 | 00,462,848 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\HHActiveX.dll
[2009/06/22 12:03:08 | 01,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2009/06/22 12:03:08 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl71.dll
[2009/06/22 12:03:08 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2009/06/22 12:03:07 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documentos\Droppix DVD Maker
[2009/06/22 12:02:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Droppix
[2009/06/19 17:43:33 | 00,203,884 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\Conviteok.png
[2009/06/18 13:23:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Meus documentos\Native Instruments
[2009/06/17 17:17:17 | 00,000,000 | ---D | C] -- C:\Cakewalk Projects
[2009/06/17 17:15:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Meus documentos\Cakewalk
[2009/06/17 17:15:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Dados de aplicativos\Cakewalk
[2009/06/17 17:14:16 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Native Instruments
[2009/06/17 17:13:58 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Native Instruments
[2009/06/17 17:13:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Identities
[2009/06/17 17:13:38 | 00,118,784 | ---- | C] () -- C:\WINDOWS\dsdxirmv.exe
[2009/06/17 17:04:55 | 01,047,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71u.dll
[2009/06/17 17:04:55 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2009/06/17 17:04:55 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2009/06/17 17:04:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Cakewalk
[2009/06/17 17:04:29 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Cakewalk
[2009/06/17 16:43:11 | 22,257,693 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\Ch.rar
[2009/06/17 12:46:53 | 00,002,297 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SendBlaster.lnk
[2009/06/17 12:46:46 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\SendBlaster
[2009/06/17 12:28:07 | 00,007,784 | ---- | C] () -- C:\WINDOWS\System32\ssceda.tlx
[2009/06/17 12:28:07 | 00,000,673 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\GroupMail 5.lnk
[2009/06/17 12:28:06 | 00,978,572 | ---- | C] () -- C:\WINDOWS\System32\ssceit2.clx
[2009/06/17 12:28:06 | 00,947,604 | ---- | C] () -- C:\WINDOWS\System32\sscefi2.clx
[2009/06/17 12:28:06 | 00,932,981 | ---- | C] () -- C:\WINDOWS\System32\SSCEGE1.CLX
[2009/06/17 12:28:06 | 00,819,704 | ---- | C] () -- C:\WINDOWS\System32\sscesp2.clx
[2009/06/17 12:28:06 | 00,766,185 | ---- | C] () -- C:\WINDOWS\System32\sscedu2.clx
[2009/06/17 12:28:06 | 00,749,025 | ---- | C] () -- C:\WINDOWS\System32\ssceda2.clx
[2009/06/17 12:28:06 | 00,376,283 | ---- | C] () -- C:\WINDOWS\System32\sscepo2.clx
[2009/06/17 12:28:06 | 00,348,158 | ---- | C] () -- C:\WINDOWS\System32\sscefr2.clx
[2009/06/17 12:28:06 | 00,311,021 | ---- | C] () -- C:\WINDOWS\System32\sscenb2.clx
[2009/06/17 12:28:06 | 00,311,004 | ---- | C] () -- C:\WINDOWS\System32\sscepb2.clx
[2009/06/17 12:28:06 | 00,303,231 | ---- | C] () -- C:\WINDOWS\System32\sscesw2.clx
[2009/06/17 12:28:06 | 00,017,536 | ---- | C] () -- C:\WINDOWS\System32\sscefi.tlx
[2009/06/17 12:28:06 | 00,009,794 | ---- | C] () -- C:\WINDOWS\System32\sscege.tlx
[2009/06/17 12:28:06 | 00,008,385 | ---- | C] () -- C:\WINDOWS\System32\sscepb.tlx
[2009/06/17 12:28:06 | 00,007,895 | ---- | C] () -- C:\WINDOWS\System32\sscedu.tlx
[2009/06/17 12:28:06 | 00,007,747 | ---- | C] () -- C:\WINDOWS\System32\ssceit.tlx
[2009/06/17 12:28:06 | 00,007,150 | ---- | C] () -- C:\WINDOWS\System32\sscenb.tlx
[2009/06/17 12:28:06 | 00,006,232 | ---- | C] () -- C:\WINDOWS\System32\sscepo.tlx
[2009/06/17 12:28:06 | 00,005,538 | ---- | C] () -- C:\WINDOWS\System32\sscefr.tlx
[2009/06/17 12:28:06 | 00,001,756 | ---- | C] () -- C:\WINDOWS\System32\sscesp.tlx
[2009/06/17 12:28:06 | 00,000,878 | ---- | C] () -- C:\WINDOWS\System32\sscesw.tlx
[2009/06/17 12:28:05 | 00,385,592 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedBkp.dll
[2009/06/17 12:28:05 | 00,159,823 | ---- | C] (Quiksoft Corporation) -- C:\WINDOWS\System32\emmsg.dll
[2009/06/17 12:28:05 | 00,159,744 | ---- | C] (Desaware, Inc.) -- C:\WINDOWS\System32\dwStg.dll
[2009/06/17 12:28:05 | 00,151,638 | ---- | C] (Quiksoft Corporation) -- C:\WINDOWS\System32\empop3.dll
[2009/06/17 12:28:04 | 01,208,320 | ---- | C] (Plasmatech Software Design) -- C:\WINDOWS\System32\PTxSCP.ocx
[2009/06/17 12:28:04 | 00,950,272 | ---- | C] (Connected Software, Inc.) -- C:\WINDOWS\System32\MagicCtl.dll
[2009/06/17 12:28:04 | 00,702,232 | ---- | C] (Think Technologies Inc.) -- C:\WINDOWS\System32\ThinkHTMLEditor.ocx
[2009/06/17 12:28:04 | 00,471,040 | ---- | C] (VideoSoft) -- C:\WINDOWS\System32\Vsflex7.ocx
[2009/06/17 12:28:04 | 00,396,288 | ---- | C] () -- C:\WINDOWS\System32\o2DirSpyX.ocx
[2009/06/17 12:28:04 | 00,194,248 | ---- | C] (Infragistics, Inc.) -- C:\WINDOWS\System32\IGScroll40.ocx
[2009/06/17 12:28:04 | 00,151,552 | ---- | C] (Think Technologies Inc.) -- C:\WINDOWS\System32\trkg300.ocx
[2009/06/17 12:28:04 | 00,127,488 | ---- | C] (Teebo Software Solutions) -- C:\WINDOWS\System32\tssTaskPane1a.ocx
[2009/06/17 12:28:04 | 00,057,344 | ---- | C] (Think Technologies Inc.) -- C:\WINDOWS\System32\ThinkFTPCMSUpload.ocx
[2009/06/17 12:28:03 | 00,487,424 | ---- | C] (Sequiter Software Inc.) -- C:\WINDOWS\System32\infCB.dll
[2009/06/17 12:28:03 | 00,368,640 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\gmgrpman.dll
[2009/06/17 12:28:03 | 00,348,160 | ---- | C] (AdminSystem Software Limited) -- C:\WINDOWS\System32\ANPOP.dll
[2009/06/17 12:28:03 | 00,330,192 | ---- | C] () -- C:\WINDOWS\System32\sscebr2.clx
[2009/06/17 12:28:03 | 00,328,670 | ---- | C] () -- C:\WINDOWS\System32\ssceca2.clx
[2009/06/17 12:28:03 | 00,328,061 | ---- | C] () -- C:\WINDOWS\System32\ssceam2.clx
[2009/06/17 12:28:03 | 00,315,400 | ---- | C] (VBGold Software) -- C:\WINDOWS\System32\sprinter.ocx
[2009/06/17 12:28:03 | 00,274,432 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMAccMan.dll
[2009/06/17 12:28:03 | 00,270,336 | ---- | C] (AdminSystem Software Limited) -- C:\WINDOWS\System32\AOSMTP.dll
[2009/06/17 12:28:03 | 00,241,664 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMMailer.dll
[2009/06/17 12:28:03 | 00,208,896 | ---- | C] (infacta Ltd.) -- C:\WINDOWS\System32\infGMUI.ocx
[2009/06/17 12:28:03 | 00,169,216 | ---- | C] (Wintertree Software Inc.) -- C:\WINDOWS\System32\wspell.ocx
[2009/06/17 12:28:03 | 00,167,936 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\infgdbcb.dll
[2009/06/17 12:28:03 | 00,081,920 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\gmnamfld.dll
[2009/06/17 12:28:03 | 00,081,920 | ---- | C] (ADMINSYSTEM) -- C:\WINDOWS\System32\ANSSLPLUS.dll
[2009/06/17 12:28:03 | 00,069,632 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMSigMan.dll
[2009/06/17 12:28:03 | 00,065,536 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMMesCom.dll
[2009/06/17 12:28:03 | 00,045,056 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMPaths.dll
[2009/06/17 12:28:03 | 00,021,529 | ---- | C] () -- C:\WINDOWS\System32\correct.tlx
[2009/06/17 12:28:03 | 00,018,138 | ---- | C] () -- C:\WINDOWS\System32\Wspelldlg.hlp
[2009/06/17 12:28:03 | 00,007,798 | ---- | C] () -- C:\WINDOWS\System32\ssceca.tlx
[2009/06/17 12:28:03 | 00,007,798 | ---- | C] () -- C:\WINDOWS\System32\sscebr.tlx
[2009/06/17 12:28:03 | 00,007,796 | ---- | C] () -- C:\WINDOWS\System32\ssceam.tlx
[2009/06/17 12:28:03 | 00,003,632 | ---- | C] () -- C:\WINDOWS\System32\tech.tlx
[2009/06/17 12:28:03 | 00,002,338 | ---- | C] () -- C:\WINDOWS\System32\accent.tlx
[2009/06/17 12:28:03 | 00,000,232 | ---- | C] () -- C:\WINDOWS\System32\WSpellDlg.cnt
[2009/06/17 12:28:03 | 00,000,089 | ---- | C] () -- C:\WINDOWS\System32\userdic.tlx
[2009/06/17 12:28:02 | 00,673,546 | ---- | C] () -- C:\Documents and Settings\Christophe\Dados de aplicativos\unins000.exe
[2009/06/17 12:28:02 | 00,026,647 | ---- | C] () -- C:\Documents and Settings\Christophe\Dados de aplicativos\unins000.dat
[2009/06/13 09:28:16 | 00,000,029 | ---- | C] () -- C:\WINDOWS\UNWISE.INI
[2009/06/01 14:02:06 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\snEUps.dll
[2009/04/27 11:17:05 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2009/03/26 18:26:44 | 00,000,137 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/03/23 14:25:08 | 00,000,152 | ---- | C] () -- C:\WINDOWS\PR1V2.INI
[2009/03/20 15:47:57 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/01/19 13:49:01 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009/01/19 11:29:46 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/14 09:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/04/14 09:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/09/27 16:04:04 | 00,013,848 | ---- | C] () -- C:\WINDOWS\System32\WPHooks.dll
[2006/08/29 15:49:56 | 00,022,985 | ---- | C] () -- C:\WINDOWS\System32\librsatool.dll
[2006/08/29 15:36:50 | 00,264,795 | ---- | C] () -- C:\WINDOWS\System32\libgmp-3.dll
[2006/08/29 15:05:40 | 04,276,273 | ---- | C] () -- C:\WINDOWS\System32\wxmsw26_core_gcc_justsoft.dll
[2006/08/29 15:05:38 | 01,447,189 | ---- | C] () -- C:\WINDOWS\System32\wxbase26_gcc_justsoft.dll
[2005/10/27 22:09:58 | 00,015,649 | ---- | C] () -- C:\WINDOWS\System32\mingwm10.dll
[2004/11/18 09:16:42 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\nktwab.dll
[2003/04/01 09:58:02 | 00,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[9 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/07/17 09:45:57 | 00,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{79390583-3105-4ED4-8537-58A2B54B639E}
[2009/07/17 09:45:51 | 00,000,011 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{79390583-3105-4ED4-8537-58A2B54B639E}
[2009/07/17 09:45:44 | 00,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2009/07/17 09:45:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/17 09:44:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/17 09:34:38 | 00,966,298 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/17 09:34:38 | 00,429,726 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2009/07/17 09:34:38 | 00,396,224 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/17 09:34:38 | 00,068,962 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2009/07/17 09:34:38 | 00,060,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/17 09:20:38 | 00,034,071 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/07/17 09:20:37 | 38,260,694 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/07/16 18:50:04 | 00,000,534 | ---- | M] () -- C:\hpfr3420.xml
[2009/07/16 14:53:30 | 00,122,037 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\stef maternelle.jpg
[2009/07/16 13:26:47 | 00,001,871 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\Windows Live Messenger .lnk
[2009/07/16 03:02:50 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/15 22:22:32 | 00,036,896 | ---- | M] () -- C:\Documents and Settings\Christophe\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
[2009/07/15 22:20:51 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/15 22:20:46 | 00,156,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/15 20:23:30 | 00,001,922 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Premiere Elements 7.0.lnk
[2009/07/15 20:17:00 | 01,628,920 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2009/07/15 20:17:00 | 00,118,520 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2009/07/15 20:17:00 | 00,116,472 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2009/07/15 20:17:00 | 00,064,760 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2009/07/15 20:16:59 | 00,129,784 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2009/07/15 20:16:59 | 00,064,760 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2009/07/15 09:55:30 | 00,117,937 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\lycée 2nde.jpg
[2009/07/15 09:54:14 | 00,018,060 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\lycée 2nde.htm
[2009/07/15 09:40:31 | 00,001,388 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\FindyKill.lnk
[2009/07/14 21:22:49 | 01,426,320 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\FindyKill.exe
[2009/07/13 20:20:42 | 00,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/13 20:18:46 | 03,775,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Christophe\Desktop\mbam-setup.exe
[2009/07/13 20:16:59 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christophe\Desktop\OTL.exe
[2009/07/13 20:08:12 | 00,000,226 | ---- | M] () -- C:\Documents and Settings\Christophe\Meus documentos\NOTEBOOK.DBF
[2009/07/13 20:08:12 | 00,000,152 | ---- | M] () -- C:\WINDOWS\PR1V2.INI
[2009/07/13 14:21:42 | 10,284,10368 | ---- | M] () -- C:\Documents and Settings\Christophe\Meus documentos\rede de mentiras 1.avi
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 13:11:40 | 00,000,745 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\Magic Audio Editor Pro.lnk
[2009/07/13 13:10:14 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Christophe\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/13 13:07:00 | 00,584,851 | ---- | M] (DeskShare ) -- C:\Documents and Settings\Christophe\Meus documentos\mpeg2decoder.exe
[2009/07/11 13:32:58 | 18,108,1088 | ---- | M] () -- C:\Documents and Settings\Christophe\Meus documentos\MyMovie.avi
[2009/07/11 12:40:18 | 00,356,352 | ---- | M] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2009/07/11 12:35:13 | 00,000,856 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\t@b ZweiStein v0.957 686.lnk
[2009/07/07 12:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/01 12:24:02 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2009/07/01 09:31:50 | 00,000,824 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\Free Easy Burner.lnk
[2009/06/29 16:42:46 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/27 11:09:48 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/27 11:09:48 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/27 11:09:47 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/19 17:44:15 | 00,002,297 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SendBlaster.lnk
[2009/06/19 17:43:33 | 00,203,884 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\Conviteok.png
[2009/06/17 17:13:38 | 00,118,784 | ---- | M] () -- C:\WINDOWS\dsdxirmv.exe
[2009/06/17 16:43:23 | 22,257,693 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\Ch.rar
[2009/06/17 12:28:14 | 00,026,647 | ---- | M] () -- C:\Documents and Settings\Christophe\Dados de aplicativos\unins000.dat
[2009/06/17 12:28:07 | 00,000,673 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\GroupMail 5.lnk
[2009/06/17 12:27:55 | 00,673,546 | ---- | M] () -- C:\Documents and Settings\Christophe\Dados de aplicativos\unins000.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 348 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst
<End>
kanakryss
 
Messages: 11
Inscription: 14 Juil 2009, 00:14
Localisation: são Paulo

Messagede kanakryss » 17 Juil 2009, 14:02

le rapport extra OTL

OTL Extras logfile created on: 17/7/2009 09:50:13 - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\Christophe\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1015,48 Mb Total Physical Memory | 406,39 Mb Available Physical Memory | 40,02% Memory free
2,39 Gb Paging File | 1,87 Gb Available in Paging File | 78,61% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 149,04 Gb Total Space | 66,06 Gb Free Space | 44,32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NSTITUTO-3E2DFB
Current User Name: Christophe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 09:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2009/02/06 18:50:38 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 09:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2009/06/27 11:08:46 | 01,085,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2009/06/27 11:09:44 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
File not found -- C:\Documents and Settings\Christophe\Meus documentos\CHRISTOPHE\MOODLE\MoodleWindowsInstaller-latest-18\server\mysql\bin\mysqld.exe:*:Enabled:mysqld
[2009/02/22 16:15:14 | 05,668,864 | ---- | M] (http://www.emule-project.net) -- C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule
[2009/02/06 18:50:38 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2009/05/22 11:57:15 | 00,139,776 | ---- | M] (Lime Wire, LLC) -- C:\Arquivos de programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2009/06/12 11:50:22 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2008/04/14 09:00:00 | 00,769,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistência Remota - Windows Messenger e Voz
File not found -- C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows
[2009/03/12 14:03:25 | 00,214,536 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call
"{32EF3D9D-B626-497C-8E93-EC4B24E20EDA}" = Windows Live Writer
"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B96F4EA-CD82-4C57-B86A-646A017CAF18}" = Windows Live Essentials
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{50D918C3-1FAD-4BE0-89D1-7B7AAA2AF710}" = Windows Live Galeria de Fotos
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5F753314-628E-4C13-B8AE-BFA7FD514CBE}" = D-Link Wireless G DWA-110
"{624DEAA0-B27D-444B-8BFE-70622B318A4A}" = Windows Live Toolbar
"{6C6E880E-FFD4-47C4-A5CE-DFE225662995}" = SendBlaster
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72FC0445-FE6D-4E12-815B-3A8C5E3704DA}_is1" = GroupMail :: Business Edition
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{852E74A9-74F1-4F71-BE3E-991A48EF232D}" = Windows Live Mail
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9112040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AC76BA86-7AD7-1046-7B44-A80000000000}" = Adobe Reader 8 - Português
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C8DD4EAD-674B-461B-94D5-4C80CCFB8401}" = Windows Live Messenger
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{D7A88CAC-67C3-4435-898E-2B7245F3E4BB}" = Windows Live Sync
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"40 polices pour l'école" = 40 polices pour l'école
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AmazingMIDI" = AmazingMIDI
"AnalogX Proxy" = AnalogX Proxy
"Antares Filter VST DX v1.01" = Antares Filter VST DX v1.01
"Arturia Minimoog V v1.0" = Arturia Minimoog V v1.0
"a-squared Free_is1" = a-squared Free 4.0
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG Free 8.5
"CCleaner" = CCleaner (remove only)
"DreamStation DXi2" = DreamStation DXi2
"eMule" = eMule
"FindyKill" = FindyKill
"Free Easy Burner_is1" = Free Easy Burner V 3.8
"Group Mail" = Group Mail
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HijackThis" = HijackThis 2.0.2
"hp deskjet 3420 series" = hp deskjet 3420 series (Remover somente)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IsoBuster_is1" = IsoBuster 2.5
"Justsoft WinPolicy" = Justsoft WinPolicy 3.1.5 Freeware
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.0 (Full)
"Le Petit Robert" = Désinstaller Le Petit Robert de la langue française
"LimeWire" = LimeWire 5.1.3
"Live 7.0.3" = Live 7.0.3
"Magic Audio Editor Pro_is1" = Magic Audio Editor Pro v7.4.0.10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"Mpeg2Decoder_is1" = Mpeg2Decoder 1.3
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"PremElem70" = Adobe Premiere Elements 7.0
"RealPlayer 6.0" = RealPlayer
"reFX Vanguard_is1" = reFX Vanguard VSTi RTAS v1.8.0
"Steinberg VoiceMachine v1.0" = Steinberg VoiceMachine v1.0
"t@b ZS4 Video Editor_is1" = t@b ZS4 Video Editor v0.957-686
"Tone2 Firebird VSTi v1.2.1" = Tone2 Firebird VSTi v1.2.1
"Voxengo Analogflux Suite" = Voxengo Analogflux Suite 1.5.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 16/7/2009 12:21:35 | Computer Name = NSTITUTO-3E2DFB | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.

Error - 16/7/2009 12:22:56 | Computer Name = NSTITUTO-3E2DFB | Source = Service Control Manager | ID = 7023
Description = O serviço 6to4 terminou com o erro: %%126

Error - 16/7/2009 12:24:35 | Computer Name = NSTITUTO-3E2DFB | Source = BROWSER | ID = 8032
Description = O serviço localizador não pôde recuperar a lista de backup muitas
vezes no transporte \Device\NetBT_Tcpip_{79390583-3105-4ED4-8537-58A2B54B639E}. O
localizador reserva está finalizando.

Error - 17/7/2009 08:18:53 | Computer Name = NSTITUTO-3E2DFB | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.

Error - 17/7/2009 08:20:34 | Computer Name = NSTITUTO-3E2DFB | Source = Service Control Manager | ID = 7023
Description = O serviço 6to4 terminou com o erro: %%126

Error - 17/7/2009 08:25:53 | Computer Name = NSTITUTO-3E2DFB | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.

Error - 17/7/2009 08:27:19 | Computer Name = NSTITUTO-3E2DFB | Source = Service Control Manager | ID = 7023
Description = O serviço 6to4 terminou com o erro: %%126

Error - 17/7/2009 08:42:44 | Computer Name = NSTITUTO-3E2DFB | Source = Service Control Manager | ID = 7034
Description = O serviço sopidkc Service foi encerrado inesperadamente. Isso aconteceu
1 vez(es).

Error - 17/7/2009 08:45:10 | Computer Name = NSTITUTO-3E2DFB | Source = sr | ID = 1
Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'
ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume
foi interrompido.

Error - 17/7/2009 08:45:15 | Computer Name = NSTITUTO-3E2DFB | Source = Service Control Manager | ID = 7023
Description = O serviço 6to4 terminou com o erro: %%126


<End>
kanakryss
 
Messages: 11
Inscription: 14 Juil 2009, 00:14
Localisation: são Paulo

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 30 invités