le rapport malwarebyte

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

le rapport malwarebyte

Messagede kanakryss » 14 Juil 2009, 17:43

Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2423
Windows 5.1.2600 Service Pack 3

13/7/2009 20:29:26
mbam-log-2009-07-13 (20-29-09).txt

Type de recherche: Examen rapide
Eléments examinés: 87227
Temps écoulé: 3 minute(s), 54 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
C:\WINDOWS\system32\sopidkc.exe (Trojan.Agent) -> No action taken.

Module(s) mémoire infecté(s):
c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msncache (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msncache (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msncache (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sopidkc (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sopidkc (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sopidkc (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pcmstub (Trojan.Agent) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\sopidkc.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\tpsaxyd.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\wiwow64.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\tmp0_843977728021.bk.old (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\txpxr_891110580811.b1k (Backdoor.Bot) -> No action taken.
c:\WINDOWS\system32\wxmsw26_adv_gcc_justsoft.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> No action taken.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\wiawow32.sys (Backdoor.Bot) -> No action taken.
kanakryss
 
Messages: 11
Inscription: 14 Juil 2009, 00:14
Localisation: são Paulo

Le rapport OTL

Messagede kanakryss » 14 Juil 2009, 17:44

OTL logfile created on: 14/7/2009 13:14:40 - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\Christophe\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1015,48 Mb Total Physical Memory | 519,49 Mb Available Physical Memory | 51,16% Memory free
2,39 Gb Paging File | 2,00 Gb Available in Paging File | 84,03% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 149,04 Gb Total Space | 58,29 Gb Free Space | 39,11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NSTITUTO-3E2DFB
Current User Name: Christophe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/05/07 18:54:10 | 00,053,120 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe
PRC - [2009/02/25 19:18:14 | 00,425,080 | ---- | M] (Emsi Software GmbH) -- C:\Arquivos de programas\a-squared Free\a2service.exe
PRC - [2009/06/27 11:09:43 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgwdsvc.exe
PRC - [2009/02/20 14:11:26 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe
PRC - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2008/10/20 21:18:26 | 00,071,096 | ---- | M] () -- C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/06/27 11:09:48 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgrsx.exe
PRC - [2009/05/13 09:33:25 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgnsx.exe
PRC - [2008/04/14 09:00:00 | 00,097,792 | ---- | M] (NewYork DVD LTD) -- C:\WINDOWS\System32\sopidkc.exe
PRC - [2009/06/27 11:09:44 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgemc.exe
PRC - [2009/06/27 11:09:47 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
PRC - [2008/04/14 09:00:00 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/11/28 02:55:14 | 00,098,304 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2005/11/28 02:52:00 | 00,077,824 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/11/28 02:55:58 | 00,118,784 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2008/02/13 03:31:34 | 16,857,600 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009/06/27 11:09:45 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgtray.exe
PRC - [2007/01/19 10:49:04 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2007/05/04 09:26:38 | 01,662,976 | ---- | M] (D-Link) -- C:\Arquivos de programas\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
PRC - [2009/02/20 14:11:26 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jusched.exe
PRC - [2009/03/12 14:03:22 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
PRC - [2009/02/06 18:50:38 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
PRC - [2001/10/11 12:11:16 | 00,022,560 | ---- | M] () -- C:\Arquivos de programas\Le Robert\Le Petit Robert\prhyper.exe
PRC - [2009/07/13 20:16:59 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christophe\Desktop\OTL.exe
PRC - [2009/02/06 07:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/02/25 19:18:14 | 00,425,080 | ---- | M] (Emsi Software GmbH) -- C:\Arquivos de programas\a-squared Free\a2service.exe -- (a2free [Auto | Running])
SRV - [2009/04/20 18:17:00 | 00,068,096 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2007/01/19 10:49:26 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService [Auto | Stopped])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/09/27 16:07:26 | 00,093,132 | ---- | M] () -- C:\Arquivos de programas\Justsoft WinPolicy\WPService.exe -- (AutoLock [On_Demand | Stopped])
SRV - [2009/06/27 11:09:44 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/06/27 11:09:43 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/05/07 18:54:10 | 00,053,120 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv [Unknown | Running])
SRV - [2008/07/31 19:16:28 | 00,136,120 | ---- | M] (Google) -- C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 09:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/02/20 14:11:26 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2008/04/14 09:00:00 | 00,045,056 | ---- | M] (X-Ways Software Technology ) -- C:\WINDOWS\System32\msncache.dll -- (msncache [Auto | Running])
SRV - [2008/10/20 21:18:26 | 00,071,096 | ---- | M] () -- C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Auto | Running])
SRV - [2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2008/04/14 09:00:00 | 00,097,792 | ---- | M] (NewYork DVD LTD) -- C:\WINDOWS\System32\sopidkc.exe -- (sopidkc [Auto | Running])
SRV - [2006/11/02 23:31:44 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/12/11 10:55:38 | 00,028,195 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIO.SYS -- (ANIO [Auto | Running])
DRV - [2009/06/27 11:09:48 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/06/27 11:09:47 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/13 09:33:25 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2009/05/07 18:55:24 | 00,026,368 | ---- | M] (GAS Tecnologia) -- C:\WINDOWS\system32\drivers\GbpKm.sys -- (GbpKm [Boot | Running])
DRV - [2009/01/19 10:11:48 | 00,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped])
DRV - [2008/04/14 09:00:00 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/11/28 03:20:20 | 01,353,820 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2008/02/14 06:04:06 | 04,676,096 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008/04/14 09:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/20 16:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/12/21 03:25:20 | 00,429,440 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\DRIVERS\Dr71WU.sys -- (RT73 [On_Demand | Running])
DRV - [2008/01/03 11:10:16 | 00,105,856 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])
DRV - [2008/04/14 09:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/03/20 15:47:58 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.mini20.com
IE - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\S-1-5-21-1715567821-1078081533-1801674531-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8873}:1.0.7.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: pt-BR@dellalibera.sf.net:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff [2009/02/28 15:23:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/03/12 14:03:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2009/06/18 13:24:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2009/06/12 11:50:27 | 00,000,000 | ---D | M]

[2009/02/28 15:23:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Dados de aplicativos\mozilla\Extensions
[2009/02/28 15:22:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Dados de aplicativos\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/28 15:23:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Dados de aplicativos\mozilla\Extensions\mozswing@mozswing.org
[2009/07/13 12:13:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Dados de aplicativos\mozilla\Firefox\Profiles\8tevvy1f.default\extensions
[2009/02/28 15:14:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Dados de aplicativos\mozilla\Firefox\Profiles\8tevvy1f.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}
[2009/03/27 10:02:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christophe\Dados de aplicativos\mozilla\Firefox\Profiles\8tevvy1f.default\extensions\pt-BR@dellalibera.sf.net
[2009/07/13 12:13:02 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions
[2009/06/12 11:50:27 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/28 15:23:05 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/06/12 11:50:22 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 11:50:22 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\brwsrcmp.dll
[2009/02/20 14:11:27 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npdeploytk.dll
[2009/06/12 11:50:22 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Arquivos de programas\mozilla firefox\plugins\npnul32.dll
[2009/04/29 16:47:42 | 00,001,516 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\amazon-france.xml
[2009/04/29 16:47:42 | 00,000,757 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\eBay-france.xml
[2009/04/29 16:47:42 | 00,001,706 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\google.xml
[2009/04/29 16:47:42 | 00,000,748 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2009/04/29 16:47:42 | 00,001,426 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-fr.xml
[2009/04/29 16:47:42 | 00,000,652 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-france.xml
[2009/07/13 10:01:08 | 00,000,783 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (776 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll (Banco Unibanco)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Arquivos de programas\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [D-Link D-Link Wireless G DWA-110] C:\Arquivos de programas\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006..\Run: [Le Petit Robert Hyperappel] C:\Arquivos de programas\Le Robert\Le Petit Robert\prhyper.exe ()
O4 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006..\Run: [msnmsgr] C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-19_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\S-1-5-19_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\S-1-5-19_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\S-1-5-19_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-20_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-20_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\S-1-5-20_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\S-1-5-20_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\S-1-5-20_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0 = winpolicy.exe
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2 = wpservice.exe
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3 = autolock.exe
O7 - HKU\S-1-5-21-1715567821-1078081533-1801674531-1006_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4 = justsoft winpolicy.scr
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} https://clickbanking.unibanco.com.br/Gb ... ginUni.cab (GbPluginObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.0.43 201.6.0.42
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginUni: DllName - C:\ARQUIV~1\GbPlugin\gbiehuni.dll - C:\Arquivos de programas\GbPlugin\gbiehuni.dll (Banco Unibanco)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll (Banco Unibanco)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/19 10:01:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6f6e45ec-e652-11dd-b095-001fd0faaeb2}\Shell - "" = AutoRun
O33 - MountPoints2\{6f6e45ec-e652-11dd-b095-001fd0faaeb2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6faad8b2-61d2-11de-81de-001e58a1a6b6}\Shell\AutoRun\command - "" = RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe
O33 - MountPoints2\{6faad8b2-61d2-11de-81de-001e58a1a6b6}\Shell\open\command - "" = RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe
O33 - MountPoints2\{a7b88dd5-2f3d-11de-81a7-001e58a1a6b6}\Shell - "" = AutoRun
O33 - MountPoints2\{a7b88dd5-2f3d-11de-81a7-001e58a1a6b6}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a7b88dd6-2f3d-11de-81a7-001e58a1a6b6}\Shell - "" = AutoRun
O33 - MountPoints2\{a7b88dd6-2f3d-11de-81a7-001e58a1a6b6}\Shell\Auto\command - "" = MicrosoftPowerPoint.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/07/13 20:29:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Meus documentos\securité
[2009/07/13 20:20:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Dados de aplicativos\Malwarebytes
[2009/07/13 20:20:42 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/13 20:20:40 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 20:20:39 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 20:20:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
[2009/07/13 20:20:39 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware
[2009/07/13 20:17:51 | 03,775,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Christophe\Desktop\mbam-setup.exe
[2009/07/13 20:16:54 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Christophe\Desktop\OTL.exe
[2009/07/13 13:59:34 | 10,284,10368 | ---- | C] () -- C:\Documents and Settings\Christophe\Meus documentos\rede de mentiras 1.avi
[2009/07/13 13:44:22 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/07/13 13:44:21 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/07/13 13:44:21 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/07/13 13:44:20 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/07/13 13:44:20 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/13 13:44:20 | 00,685,056 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2009/07/13 13:44:20 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009/07/13 13:44:20 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/13 13:44:20 | 00,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009/07/13 13:44:19 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/07/13 13:44:19 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/07/13 13:44:18 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\K-Lite Codec Pack
[2009/07/13 13:11:40 | 00,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2009/07/13 13:11:40 | 00,000,745 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\Magic Audio Editor Pro.lnk
[2009/07/13 13:11:39 | 00,403,968 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTWMAFile2.dll
[2009/07/13 13:11:38 | 00,478,208 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioVisualization2.dll
[2009/07/13 13:11:37 | 00,522,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioTransform2.dll
[2009/07/13 13:11:36 | 00,467,968 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioRecord2.dll
[2009/07/13 13:11:35 | 00,467,456 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioPlayer2.dll
[2009/07/13 13:11:33 | 00,966,144 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioInformation2.dll
[2009/07/13 13:11:32 | 00,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioEditor2.dll
[2009/07/13 13:11:32 | 00,877,568 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioFile2.dll
[2009/07/13 13:11:31 | 00,457,728 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioDisplay2.dll
[2009/07/13 13:11:30 | 01,852,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioDesign2.dll
[2009/07/13 13:11:28 | 00,479,744 | ---- | C] (NCT) -- C:\WINDOWS\System32\NCTAudioCDGrabber2.dll
[2009/07/13 13:11:27 | 00,544,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71d.dll
[2009/07/13 13:07:00 | 00,584,851 | ---- | C] (DeskShare ) -- C:\Documents and Settings\Christophe\Meus documentos\mpeg2decoder.exe
[2009/07/13 13:06:14 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Mpeg2Decoder
[2009/07/13 09:53:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/07/11 13:29:52 | 18,108,1088 | ---- | C] () -- C:\Documents and Settings\Christophe\Meus documentos\MyMovie.avi
[2009/07/11 13:02:11 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Magic Audio Editor Pro
[2009/07/11 12:43:53 | 00,000,250 | -H-- | C] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/07/11 12:43:51 | 00,000,294 | -H-- | C] () -- C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
[2009/07/11 12:43:33 | 00,134,144 | ---- | C] () -- C:\WINDOWS\System32\tpsaxyd.exe
[2009/07/11 12:43:33 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\comsa32.sys
[2009/07/11 12:40:18 | 00,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2009/07/11 12:40:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
[2009/07/11 12:40:05 | 00,258,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Unicows.dll
[2009/07/11 12:35:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Meus documentos\.zs4
[2009/07/11 12:35:13 | 00,000,856 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\t@b ZweiStein v0.957 686.lnk
[2009/07/11 12:35:08 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\t@b
[2009/07/10 13:20:18 | 00,000,548 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\Atalho para SCL.lnk
[2009/07/07 16:35:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Dados de aplicativos\AVS4YOU
[2009/07/07 16:35:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVS4YOU
[2009/07/07 16:34:08 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\AVSMedia
[2009/07/07 16:34:02 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2009/07/07 16:34:00 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\AVS4YOU
[2009/07/02 11:40:25 | 10,806,784 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\Portifólio A4.doc
[2009/07/01 12:24:02 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2009/07/01 12:22:08 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\WinZip
[2009/07/01 09:31:49 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2009/07/01 09:31:49 | 00,000,824 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\Free Easy Burner.lnk
[2009/07/01 09:31:46 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/07/01 09:31:46 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Free Easy Burner
[2009/06/30 20:16:48 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\7-Zip
[2009/06/22 12:03:15 | 00,462,848 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\HHActiveX.dll
[2009/06/22 12:03:08 | 01,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2009/06/22 12:03:08 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl71.dll
[2009/06/22 12:03:08 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2009/06/22 12:03:07 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documentos\Droppix DVD Maker
[2009/06/22 12:02:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Droppix
[2009/06/19 17:43:33 | 00,203,884 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\Conviteok.png
[2009/06/18 13:23:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Meus documentos\Native Instruments
[2009/06/17 17:17:17 | 00,000,000 | ---D | C] -- C:\Cakewalk Projects
[2009/06/17 17:15:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Meus documentos\Cakewalk
[2009/06/17 17:15:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Dados de aplicativos\Cakewalk
[2009/06/17 17:14:16 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Native Instruments
[2009/06/17 17:13:58 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Native Instruments
[2009/06/17 17:13:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Identities
[2009/06/17 17:13:38 | 00,118,784 | ---- | C] () -- C:\WINDOWS\dsdxirmv.exe
[2009/06/17 17:04:55 | 01,047,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71u.dll
[2009/06/17 17:04:55 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2009/06/17 17:04:55 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2009/06/17 17:04:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Cakewalk
[2009/06/17 17:04:29 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Cakewalk
[2009/06/17 16:43:11 | 22,257,693 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\Ch.rar
[2009/06/17 16:39:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Desktop\Ch
[2009/06/17 12:46:53 | 00,002,297 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SendBlaster.lnk
[2009/06/17 12:46:46 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\SendBlaster
[2009/06/17 12:28:07 | 00,007,784 | ---- | C] () -- C:\WINDOWS\System32\ssceda.tlx
[2009/06/17 12:28:07 | 00,000,673 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\GroupMail 5.lnk
[2009/06/17 12:28:06 | 00,978,572 | ---- | C] () -- C:\WINDOWS\System32\ssceit2.clx
[2009/06/17 12:28:06 | 00,947,604 | ---- | C] () -- C:\WINDOWS\System32\sscefi2.clx
[2009/06/17 12:28:06 | 00,932,981 | ---- | C] () -- C:\WINDOWS\System32\SSCEGE1.CLX
[2009/06/17 12:28:06 | 00,819,704 | ---- | C] () -- C:\WINDOWS\System32\sscesp2.clx
[2009/06/17 12:28:06 | 00,766,185 | ---- | C] () -- C:\WINDOWS\System32\sscedu2.clx
[2009/06/17 12:28:06 | 00,749,025 | ---- | C] () -- C:\WINDOWS\System32\ssceda2.clx
[2009/06/17 12:28:06 | 00,376,283 | ---- | C] () -- C:\WINDOWS\System32\sscepo2.clx
[2009/06/17 12:28:06 | 00,348,158 | ---- | C] () -- C:\WINDOWS\System32\sscefr2.clx
[2009/06/17 12:28:06 | 00,311,021 | ---- | C] () -- C:\WINDOWS\System32\sscenb2.clx
[2009/06/17 12:28:06 | 00,311,004 | ---- | C] () -- C:\WINDOWS\System32\sscepb2.clx
[2009/06/17 12:28:06 | 00,303,231 | ---- | C] () -- C:\WINDOWS\System32\sscesw2.clx
[2009/06/17 12:28:06 | 00,017,536 | ---- | C] () -- C:\WINDOWS\System32\sscefi.tlx
[2009/06/17 12:28:06 | 00,009,794 | ---- | C] () -- C:\WINDOWS\System32\sscege.tlx
[2009/06/17 12:28:06 | 00,008,385 | ---- | C] () -- C:\WINDOWS\System32\sscepb.tlx
[2009/06/17 12:28:06 | 00,007,895 | ---- | C] () -- C:\WINDOWS\System32\sscedu.tlx
[2009/06/17 12:28:06 | 00,007,747 | ---- | C] () -- C:\WINDOWS\System32\ssceit.tlx
[2009/06/17 12:28:06 | 00,007,150 | ---- | C] () -- C:\WINDOWS\System32\sscenb.tlx
[2009/06/17 12:28:06 | 00,006,232 | ---- | C] () -- C:\WINDOWS\System32\sscepo.tlx
[2009/06/17 12:28:06 | 00,005,538 | ---- | C] () -- C:\WINDOWS\System32\sscefr.tlx
[2009/06/17 12:28:06 | 00,001,756 | ---- | C] () -- C:\WINDOWS\System32\sscesp.tlx
[2009/06/17 12:28:06 | 00,000,878 | ---- | C] () -- C:\WINDOWS\System32\sscesw.tlx
[2009/06/17 12:28:05 | 00,385,592 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedBkp.dll
[2009/06/17 12:28:05 | 00,159,823 | ---- | C] (Quiksoft Corporation) -- C:\WINDOWS\System32\emmsg.dll
[2009/06/17 12:28:05 | 00,159,744 | ---- | C] (Desaware, Inc.) -- C:\WINDOWS\System32\dwStg.dll
[2009/06/17 12:28:05 | 00,151,638 | ---- | C] (Quiksoft Corporation) -- C:\WINDOWS\System32\empop3.dll
[2009/06/17 12:28:04 | 01,208,320 | ---- | C] (Plasmatech Software Design) -- C:\WINDOWS\System32\PTxSCP.ocx
[2009/06/17 12:28:04 | 00,950,272 | ---- | C] (Connected Software, Inc.) -- C:\WINDOWS\System32\MagicCtl.dll
[2009/06/17 12:28:04 | 00,702,232 | ---- | C] (Think Technologies Inc.) -- C:\WINDOWS\System32\ThinkHTMLEditor.ocx
[2009/06/17 12:28:04 | 00,471,040 | ---- | C] (VideoSoft) -- C:\WINDOWS\System32\Vsflex7.ocx
[2009/06/17 12:28:04 | 00,396,288 | ---- | C] () -- C:\WINDOWS\System32\o2DirSpyX.ocx
[2009/06/17 12:28:04 | 00,194,248 | ---- | C] (Infragistics, Inc.) -- C:\WINDOWS\System32\IGScroll40.ocx
[2009/06/17 12:28:04 | 00,151,552 | ---- | C] (Think Technologies Inc.) -- C:\WINDOWS\System32\trkg300.ocx
[2009/06/17 12:28:04 | 00,127,488 | ---- | C] (Teebo Software Solutions) -- C:\WINDOWS\System32\tssTaskPane1a.ocx
[2009/06/17 12:28:04 | 00,057,344 | ---- | C] (Think Technologies Inc.) -- C:\WINDOWS\System32\ThinkFTPCMSUpload.ocx
[2009/06/17 12:28:03 | 00,487,424 | ---- | C] (Sequiter Software Inc.) -- C:\WINDOWS\System32\infCB.dll
[2009/06/17 12:28:03 | 00,368,640 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\gmgrpman.dll
[2009/06/17 12:28:03 | 00,348,160 | ---- | C] (AdminSystem Software Limited) -- C:\WINDOWS\System32\ANPOP.dll
[2009/06/17 12:28:03 | 00,330,192 | ---- | C] () -- C:\WINDOWS\System32\sscebr2.clx
[2009/06/17 12:28:03 | 00,328,670 | ---- | C] () -- C:\WINDOWS\System32\ssceca2.clx
[2009/06/17 12:28:03 | 00,328,061 | ---- | C] () -- C:\WINDOWS\System32\ssceam2.clx
[2009/06/17 12:28:03 | 00,315,400 | ---- | C] (VBGold Software) -- C:\WINDOWS\System32\sprinter.ocx
[2009/06/17 12:28:03 | 00,274,432 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMAccMan.dll
[2009/06/17 12:28:03 | 00,270,336 | ---- | C] (AdminSystem Software Limited) -- C:\WINDOWS\System32\AOSMTP.dll
[2009/06/17 12:28:03 | 00,241,664 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMMailer.dll
[2009/06/17 12:28:03 | 00,208,896 | ---- | C] (infacta Ltd.) -- C:\WINDOWS\System32\infGMUI.ocx
[2009/06/17 12:28:03 | 00,169,216 | ---- | C] (Wintertree Software Inc.) -- C:\WINDOWS\System32\wspell.ocx
[2009/06/17 12:28:03 | 00,167,936 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\infgdbcb.dll
[2009/06/17 12:28:03 | 00,081,920 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\gmnamfld.dll
[2009/06/17 12:28:03 | 00,081,920 | ---- | C] (ADMINSYSTEM) -- C:\WINDOWS\System32\ANSSLPLUS.dll
[2009/06/17 12:28:03 | 00,069,632 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMSigMan.dll
[2009/06/17 12:28:03 | 00,065,536 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMMesCom.dll
[2009/06/17 12:28:03 | 00,045,056 | ---- | C] (Infacta Ltd.) -- C:\WINDOWS\System32\GMPaths.dll
[2009/06/17 12:28:03 | 00,021,529 | ---- | C] () -- C:\WINDOWS\System32\correct.tlx
[2009/06/17 12:28:03 | 00,018,138 | ---- | C] () -- C:\WINDOWS\System32\Wspelldlg.hlp
[2009/06/17 12:28:03 | 00,007,798 | ---- | C] () -- C:\WINDOWS\System32\ssceca.tlx
[2009/06/17 12:28:03 | 00,007,798 | ---- | C] () -- C:\WINDOWS\System32\sscebr.tlx
[2009/06/17 12:28:03 | 00,007,796 | ---- | C] () -- C:\WINDOWS\System32\ssceam.tlx
[2009/06/17 12:28:03 | 00,003,632 | ---- | C] () -- C:\WINDOWS\System32\tech.tlx
[2009/06/17 12:28:03 | 00,002,338 | ---- | C] () -- C:\WINDOWS\System32\accent.tlx
[2009/06/17 12:28:03 | 00,000,232 | ---- | C] () -- C:\WINDOWS\System32\WSpellDlg.cnt
[2009/06/17 12:28:03 | 00,000,089 | ---- | C] () -- C:\WINDOWS\System32\userdic.tlx
[2009/06/17 12:28:02 | 00,673,546 | ---- | C] () -- C:\Documents and Settings\Christophe\Dados de aplicativos\unins000.exe
[2009/06/17 12:28:02 | 00,026,647 | ---- | C] () -- C:\Documents and Settings\Christophe\Dados de aplicativos\unins000.dat
[2009/06/16 13:32:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christophe\Meus documentos\Mes Historiques de Conversation
[2009/06/16 11:38:05 | 02,600,150 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\hit the beach.mp3
[2009/06/16 11:28:42 | 06,381,008 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\progressivation.mp3
[2009/06/16 11:25:20 | 70,342,608 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\progressivation.wav
[2009/06/16 11:14:52 | 28,658,128 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\hit the beach.wav
[2009/06/15 15:49:20 | 00,000,659 | ---- | C] () -- C:\Documents and Settings\Christophe\Desktop\Guitar Pro 5.lnk
[2009/06/15 15:46:37 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Guitar Pro 5
[2009/06/13 09:28:16 | 00,000,029 | ---- | C] () -- C:\WINDOWS\UNWISE.INI
[2009/06/01 14:02:06 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\snEUps.dll
[2009/04/27 11:17:05 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2009/03/26 18:26:44 | 00,000,137 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/03/23 14:25:08 | 00,000,152 | ---- | C] () -- C:\WINDOWS\PR1V2.INI
[2009/03/20 15:47:57 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/01/19 13:49:01 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009/01/19 11:29:46 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/14 09:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/04/14 09:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/04/14 09:00:00 | 00,000,006 | ---- | C] () -- C:\WINDOWS\System32\FInstall.sys
[2006/09/27 16:04:04 | 00,013,848 | ---- | C] () -- C:\WINDOWS\System32\WPHooks.dll
[2006/08/29 15:49:56 | 00,022,985 | ---- | C] () -- C:\WINDOWS\System32\librsatool.dll
[2006/08/29 15:36:50 | 00,264,795 | ---- | C] () -- C:\WINDOWS\System32\libgmp-3.dll
[2006/08/29 15:05:40 | 04,276,273 | ---- | C] () -- C:\WINDOWS\System32\wxmsw26_core_gcc_justsoft.dll
[2006/08/29 15:05:40 | 00,882,059 | ---- | C] () -- C:\WINDOWS\System32\wxmsw26_adv_gcc_justsoft.dll
[2006/08/29 15:05:38 | 01,447,189 | ---- | C] () -- C:\WINDOWS\System32\wxbase26_gcc_justsoft.dll
[2005/10/27 22:09:58 | 00,015,649 | ---- | C] () -- C:\WINDOWS\System32\mingwm10.dll
[2004/11/18 09:16:42 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\nktwab.dll
[2003/04/01 09:58:02 | 00,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[9 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/07/14 13:15:15 | 38,161,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/07/14 13:15:15 | 00,028,327 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/07/14 13:14:27 | 00,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{79390583-3105-4ED4-8537-58A2B54B639E}
[2009/07/14 13:14:22 | 00,000,011 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{79390583-3105-4ED4-8537-58A2B54B639E}
[2009/07/14 13:14:14 | 00,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2009/07/14 13:14:10 | 00,000,294 | -H-- | M] () -- C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
[2009/07/14 13:14:10 | 00,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/07/14 13:13:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/14 13:13:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/13 20:20:42 | 00,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/13 20:18:46 | 03,775,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Christophe\Desktop\mbam-setup.exe
[2009/07/13 20:16:59 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christophe\Desktop\OTL.exe
[2009/07/13 20:08:12 | 00,000,226 | ---- | M] () -- C:\Documents and Settings\Christophe\Meus documentos\NOTEBOOK.DBF
[2009/07/13 20:08:12 | 00,000,152 | ---- | M] () -- C:\WINDOWS\PR1V2.INI
[2009/07/13 15:24:28 | 00,000,534 | ---- | M] () -- C:\hpfr3420.xml
[2009/07/13 14:21:42 | 10,284,10368 | ---- | M] () -- C:\Documents and Settings\Christophe\Meus documentos\rede de mentiras 1.avi
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 13:11:40 | 00,000,745 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\Magic Audio Editor Pro.lnk
[2009/07/13 13:10:14 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Christophe\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/13 13:07:00 | 00,584,851 | ---- | M] (DeskShare ) -- C:\Documents and Settings\Christophe\Meus documentos\mpeg2decoder.exe
[2009/07/13 09:50:17 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/11 13:32:58 | 18,108,1088 | ---- | M] () -- C:\Documents and Settings\Christophe\Meus documentos\MyMovie.avi
[2009/07/11 12:40:18 | 00,356,352 | ---- | M] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2009/07/11 12:35:13 | 00,000,856 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\t@b ZweiStein v0.957 686.lnk
[2009/07/10 13:20:18 | 00,000,548 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\Atalho para SCL.lnk
[2009/07/08 09:25:44 | 00,150,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/06 13:35:50 | 00,036,112 | ---- | M] () -- C:\Documents and Settings\Christophe\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
[2009/07/02 11:40:00 | 10,806,784 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\Portifólio A4.doc
[2009/07/01 12:24:02 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2009/07/01 09:31:50 | 00,000,824 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\Free Easy Burner.lnk
[2009/06/29 16:42:46 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/27 11:09:48 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/27 11:09:48 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/27 11:09:47 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/21 10:22:58 | 00,000,008 | ---- | M] () -- C:\WINDOWS\System32\comsa32.sys
[2009/06/19 17:44:15 | 00,002,297 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SendBlaster.lnk
[2009/06/19 17:43:33 | 00,203,884 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\Conviteok.png
[2009/06/17 17:13:38 | 00,118,784 | ---- | M] () -- C:\WINDOWS\dsdxirmv.exe
[2009/06/17 16:43:23 | 22,257,693 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\Ch.rar
[2009/06/17 12:28:14 | 00,026,647 | ---- | M] () -- C:\Documents and Settings\Christophe\Dados de aplicativos\unins000.dat
[2009/06/17 12:28:07 | 00,000,673 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\GroupMail 5.lnk
[2009/06/17 12:27:55 | 00,673,546 | ---- | M] () -- C:\Documents and Settings\Christophe\Dados de aplicativos\unins000.exe
[2009/06/16 11:38:19 | 02,600,150 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\hit the beach.mp3
[2009/06/16 11:29:11 | 06,381,008 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\progressivation.mp3
[2009/06/16 11:25:21 | 70,342,608 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\progressivation.wav
[2009/06/16 11:14:52 | 28,658,128 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\hit the beach.wav
[2009/06/15 15:49:20 | 00,000,659 | ---- | M] () -- C:\Documents and Settings\Christophe\Desktop\Guitar Pro 5.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 348 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst
<End>
kanakryss
 
Messages: 11
Inscription: 14 Juil 2009, 00:14
Localisation: são Paulo

Messagede nickW » 14 Juil 2009, 19:11

Bonsoir,


Pas de nouveau sujet lorsqu'il s'agit d'une suite, sinon personne n'y comprend plus rien. Merci.

Il suffit de cliquer sur le bouton "Répondre" Image pour enregistrer son message à la suite du précédent.


Il fallait rester dans ton sujet initial: http://assiste.forum.free.fr/viewtopic.php?t=24416

J'y ai recopié tes deux derniers messages.


Verrouillé.
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 30 invités