Il y a actuellement 220 visiteurs
Jeudi 14 Novembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

[Réglé] rapport infection virus sacem • page 3

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

Re: rapport infection virus sacem

Message le 07 Mai 2012 20:37

c'est bon signe, passe Malwarebyte maintenait stp... :wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 


Re: rapport infection virus sacem

Message le 07 Mai 2012 20:51

OK! enfin un signe positif :)
flore
Apprenti(e)
Apprenti(e)
 
Messages: 31
Inscription: 06 Mai 2012 11:33
 

Re: rapport infection virus sacem

Message le 07 Mai 2012 21:32

C'est fait! A la fin du scan de Malewarebytes, il y avait 266 elements trouvés.Je les ai coché tous et en cliquant " supprimer la selection" une fenetre est apparu me disant "Urgent, l'ordi va se fermer pour suppirmer la selection et va redemarrer ensuite". Je ne pouvais que cliquer "ok", rien d'autre , le rapport a disparu.Il a effectivement redemarre et les icones sont revenues :) .J'ai relancé Malewarbyte quand meme et la , le rapport est celui ci( j'espere que je n'ai pas fait de betises ):

Code: Tout sélectionner
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Version de la base de données: v2012.05.07.04

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 8.0.6001.19088
Usuario :: USUARIO1 [administrateur]

07/05/2012 22:10:03
mbam-log-2012-05-07 (22-10-03).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 211661
Temps écoulé: 9 minute(s), 49 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)
flore
Apprenti(e)
Apprenti(e)
 
Messages: 31
Inscription: 06 Mai 2012 11:33
 

Re: rapport infection virus sacem

Message le 07 Mai 2012 21:38

ok, c'est cool...

J'ai besoin d'un scan pour vérifier si rien d'infectieux ne fait de la résistance, courage c'est bientôt fini :wink:

Même si le PC va mieux ne laisse pas tombé car si le moindre dropper reste sur le PC, c'est rebelotte dans quelques jours pour les problèmes et tout le travail fournis n'auras servis à rien

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

%APPDATA%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon /s
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command /s
%temp%\smtmp\1\*.* /s
%temp%\smtmp\2\*.* /s
%temp%\smtmp\4\*.* /s
nslookup http://www.google.fr /c
SAVEMBR:0
NetSvcs
%systemroot%\system32\drivers\*.sys /lockedfiles
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
netsvcs
/md5start
dwm.exe
taskhost.exe
taskeng.exe
wscntfy.exe
ctfmon.exe
rdpclip.exe
volsnap.sys
sptd.sys
explorer.exe
userinit.exe
winlogon.exe
wininit.exe
tcpip.sys
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles


* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( réduit dans la barre des taches).
* Copie et colle les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: rapport infection virus sacem

Message le 07 Mai 2012 21:42

Heuuuuuuuu tu connais le livre sans fin? :lol:
C'est reparti pour un tour!
flore
Apprenti(e)
Apprenti(e)
 
Messages: 31
Inscription: 06 Mai 2012 11:33
 

Re: rapport infection virus sacem

Message le 07 Mai 2012 22:48

OTL logfile created on: 07/05/2012 23:24:04 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Usuario\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 0000040C | Country: Francia | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 42,51% Memory free
4,ode]23 Gb Paging File | 2,67 Gb Available in Paging File | 63,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 132,22 Gb Free Space | 44,36% Space Free | Partition Type: NTFS

Computer Name: USUARIO1 | User Name: Usuario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Usuario\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
PRC - C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe (Giraffic)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\PROGRA~2\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
PRC - C:\Program Files (x86)\MarkAny\ContentSafer\MaAgent.exe ((주)마크애니)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll ()
MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll ()
MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll ()
MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll ()
MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (NAV) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe (Symantec Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FTRTSVC) -- C:\PROGRA~2\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
SRV - (wlidsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS ()
DRV:64bit: - (ccSet_NAV) -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\ccSetx64.sys ()
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SRTSP64.SYS ()
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SRTSPX64.SYS ()
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SYMEFA64.SYS ()
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SYMTDIV.SYS ()
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SYMDS64.SYS ()
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\Ironx64.SYS ()
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys ()
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys ()
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys ()
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys ()
DRV:64bit: - (AtcL001) -- C:\Windows\SysNative\DRIVERS\l160x64.sys ()
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys ()
DRV:64bit: - (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0) -- C:\Windows\SysNative\DRIVERS\CamDrL64.sys ()
DRV:64bit: - (ati2mpad) -- C:\Windows\SysNative\DRIVERS\ati2mpad.sys ()
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:64bit: - (aswMon2) -- C:\Windows\SysNative\drivers\aswmon2.sys ()
DRV:64bit: - (Aavmker4) -- C:\Windows\SysNative\drivers\aavmker4.sys ()
DRV:64bit: - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\SysNative\drivers\sfsync04.sys ()
DRV:64bit: - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\Windows\SysNative\drivers\sfdrv01a.sys ()
DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys ()
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20110818.021\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20110818.021\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSviA64.sys (Symantec Corporation)
DRV - (secdrv) -- C:\Windows\SysWow64\drivers\SECDRV.SYS (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\..\URLSearchHook: {3d4d238c-9c48-47cd-a95c-53259acf9e56} - SOFTWARE\Classes\CLSID\{3d4d238c-9c48-47cd-a95c-53259acf9e56}\InprocServer32 File not found
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\InprocServer32 File not found
IE - HKLM\..\URLSearchHook: {d1e96ee9-8227-4791-adb9-c3d4bb586a8b} - SOFTWARE\Classes\CLSID\{d1e96ee9-8227-4791-adb9-c3d4bb586a8b}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={D63D4249-D229-11E0-9CBE-001E8C871007}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2653012
IE - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\InprocServer32 File not found
IE - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\InprocServer32 File not found
IE - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}: "URL" = http://www.plusnetwork.com/s/?q={searchTerms}&iesrc={referrer:source?}
IE - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.fr/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_es
IE - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
IE - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}: "URL" = http://www.fissa.com/fr/results/?s=b&c= ... &pid=30&q={searchTerms}
IE - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&st=1&barid={D63D4249-D229-11E0-9CBE-001E8C871007}&q={searchTerms}&barid={D63D4249-D229-11E0-9CBE-001E8C871007}
IE - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\SearchScopes\{F4E59CCF-BDA2-4605-9BA3-B9A92AAD10DA}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=es_FR&apn_ptnrs=U3&apn_dtid=OSJ000YYFR&apn_uid=0F5E029D-BC79-49DB-93A7-F881E6A77814&apn_sauid=146CBE08-67C9-4BDF-BD01-B778E5FE46F8
IE - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Usuario\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.4.21: C:\Users\Usuario\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com: C:\Program Files (x86)\OfferBox\offerboxffx@offerbox.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\IPSFFPlgn\ [2012/05/07 22:49:54 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: SweetIM Search ()
CHR - default_search_provider: search_url = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={D63D4249-D229-11E0-9CBE-001E8C871007}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Interest Recognizer for Freecompressor (Enabled) = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdcfkjjffkboloijgealjeijakofmalg\3.1.1489.132_0\freecompressor_air_chrome.dll
CHR - plugin: OfferboxChromePlugin Dynamic Link Library (Enabled) = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjeikeheijdjdfjbmknpefojickbkmom\2.1.2613.41_0\OfferboxChromePlugin.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files (x86)\DNA\plugins\npbtdna.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Interest Recognizer for Freecompressor = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdcfkjjffkboloijgealjeijakofmalg\3.1.1489.132_0\
CHR - Extension: Offerbox = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjeikeheijdjdfjbmknpefojickbkmom\2.1.2613.41_0\
CHR - Extension: Click to call with Skype = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\

O1 HOSTS File: ([2006/09/18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Archivos de programa\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Aplicación auxiliar de inicio de sesión de Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll File not found
O2 - BHO: (Messenger Plus FR Toolbar) - {3d4d238c-9c48-47cd-a95c-53259acf9e56} - C:\Program Files (x86)\Messenger_Plus_FR\prxtbMess.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.1.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll File not found
O2 - BHO: (MyVideo Toolbar) - {d1e96ee9-8227-4791-adb9-c3d4bb586a8b} - C:\Program Files (x86)\MyVideo\prxtbMyV0.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O2 - BHO: (OfferBox) - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files (x86)\OfferBox\OfferBoxBHO.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll File not found
O3 - HKLM\..\Toolbar: (Messenger Plus FR Toolbar) - {3d4d238c-9c48-47cd-a95c-53259acf9e56} - C:\Program Files (x86)\Messenger_Plus_FR\prxtbMess.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll File not found
O3 - HKLM\..\Toolbar: (MyVideo Toolbar) - {d1e96ee9-8227-4791-adb9-c3d4bb586a8b} - C:\Program Files (x86)\MyVideo\prxtbMyV0.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\Toolbar\WebBrowser: (Messenger Plus FR Toolbar) - {3D4D238C-9C48-47CD-A95C-53259ACF9E56} - C:\Program Files (x86)\Messenger_Plus_FR\prxtbMess.dll File not found
O3 - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll File not found
O3 - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\Toolbar\WebBrowser: (MyVideo Toolbar) - {D1E96EE9-8227-4791-ADB9-C3D4BB586A8B} - C:\Program Files (x86)\MyVideo\prxtbMyV0.dll File not found
O3 - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [comnetwork] "C:\Users\Usuario\AppData\Local\comnetwork\comnetwork.exe" File not found
O4 - HKLM..\Run: [Long Internet Team Stupid] "C:\ProgramData\CAMP WAIT DEAD.0cyyqp" File not found
O4 - HKLM..\Run: [MAAgent] C:\Program Files (x86)\MarkAny\ContentSafer\MAAgent.exe ((주)마크애니)
O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files (x86)\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [PCTuto] "C:\Program Files (x86)\PCTuto\pctuto.exe" File not found
O4 - HKLM..\Run: [Pokestupid] "C:\ProgramData\bike bat bat.axcc1" File not found
O4 - HKLM..\Run: [SMSTray] C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000..\Run: [d31ybB8YFv9cUxg] C:\Users\Usuario\AppData\Roaming\itunes_service01.exe File not found
O4 - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000..\Run: [Facebook Update] C:\Users\Usuario\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000..\Run: [Pokestupid] "C:\ProgramData\bike bat bat.wh2l221" File not found
O4 - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Buscar en la web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Buscar en la web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8417118-004C-464C-928E-E7E0165213AF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/xhtml+xml - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=utf-8 - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml; charset=iso-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml; charset=utf-8 - No CLSID value found
O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000 Winlogon: UserInit - (C:\Users\Usuario\AppData\Roaming\itunes_service01.exe) - File not found
O20 - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000 Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\PROGRA~2\MarkAny\CONTEN~1\MACSMA~1.DLL (MarkAny Cooperation.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cffc56ba-49ad-11dd-b245-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cffc56ba-49ad-11dd-b245-806e6f6e6963}\Shell\AutoRun\command - "" = D:\FileRgn.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll ()


SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll ()
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll ()
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32:64bit: vidc.i420 - lvcod64.dll ()
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.RTV1 - rtvcvfw32.dll File not found
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2012/05/07 23:21:22 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Usuario\Desktop\OTL.exe
[2012/05/07 22:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/05/07 22:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/05/07 22:47:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64
[2012/05/07 22:47:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1301010.003
[2012/05/07 22:47:45 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2012/05/07 22:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus
[2012/05/07 22:36:30 | 111,148,800 | ---- | C] (Symantec Corporation) -- C:\Users\Usuario\Desktop\NAV_19.1.1.3_SYMTB_SOFTONIC_LOEM_MRFTT_287A_6750.exe
[2012/05/07 21:48:06 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\Malwarebytes
[2012/05/07 21:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/07 21:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/07 21:47:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/07 20:50:35 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Desktop\tdsskiller
[2012/05/07 08:21:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/05/07 08:11:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/05/07 08:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012/05/07 08:10:27 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/05/07 08:10:27 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/05/07 08:10:27 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/05/07 08:10:27 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/05/07 08:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/05/07 05:14:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/06 20:41:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/02 17:00:47 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/05/02 17:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/04/25 17:13:20 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\.minecraft
[2012/04/19 15:54:23 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2012/04/19 15:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/04/19 15:54:02 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\ATI
[2012/04/19 15:54:02 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\ATI
[2012/04/19 15:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2012/04/19 15:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/04/19 15:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/04/19 15:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/04/19 15:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/04/19 15:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/04/19 15:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\ATI

========== Files - Modified Within 30 Days ==========

[2012/05/07 23:25:58 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/05/07 23:21:33 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Usuario\Desktop\OTL.exe
[2012/05/07 23:10:12 | 000,000,490 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F77CDD89-6BA4-4D13-80B7-EB7E880C39D0}.job
[2012/05/07 23:07:29 | 000,811,346 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/05/07 23:07:28 | 000,706,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/07 23:07:28 | 000,203,484 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/05/07 23:07:28 | 000,162,848 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/07 23:07:28 | 000,006,908 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/07 23:03:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/07 23:02:56 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/07 23:02:48 | 000,003,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 23:02:48 | 000,003,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 23:02:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/07 23:02:34 | 2146,623,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/07 22:49:36 | 002,577,737 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\Cat.DB
[2012/05/07 22:48:48 | 000,174,200 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/05/07 22:48:48 | 000,007,530 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/05/07 22:48:48 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/05/07 22:48:41 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012/05/07 22:43:55 | 111,148,800 | ---- | M] (Symantec Corporation) -- C:\Users\Usuario\Desktop\NAV_19.1.1.3_SYMTB_SOFTONIC_LOEM_MRFTT_287A_6750.exe
[2012/05/07 22:27:03 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3310583335-1369690124-4160256294-1000UA.job
[2012/05/07 21:52:39 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/07 20:49:31 | 001,280,208 | ---- | M] () -- C:\Users\Usuario\Desktop\tdsskiller.zip
[2012/05/07 08:23:05 | 000,000,912 | ---- | M] () -- C:\Users\Usuario\Desktop\QuickTime Player.lnk
[2012/05/07 08:22:35 | 000,002,009 | ---- | M] () -- C:\Users\Usuario\Desktop\Google Chrome.lnk
[2012/05/07 08:22:14 | 000,000,973 | ---- | M] () -- C:\Users\Usuario\Desktop\Launch Internet Explorer Browser.lnk
[2012/05/07 08:10:04 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/05/07 08:10:04 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/05/07 08:10:04 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/05/07 08:10:03 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/05/07 08:10:03 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/05/04 20:32:10 | 000,033,792 | ---- | M] () -- C:\Windows\SysNative\umstartup.etl
[2012/05/02 19:27:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3310583335-1369690124-4160256294-1000Core.job
[2012/05/01 16:49:08 | 000,000,452 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Usuario.job
[2012/04/25 19:04:42 | 000,278,561 | ---- | M] () -- C:\Users\Usuario\Desktop\Minecraft.exe
[2012/04/19 15:47:58 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/04/19 12:21:03 | 000,001,356 | ---- | M] () -- C:\Users\Usuario\AppData\Local\d3d9caps.dat
[2012/04/19 12:18:16 | 000,001,460 | ---- | M] () -- C:\Users\Usuario\AppData\Local\d3d9caps64.dat

========== Files Created - No Company Name ==========

[2012/05/07 23:25:58 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/05/07 22:48:58 | 002,577,737 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\Cat.DB
[2012/05/07 22:48:48 | 000,174,200 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/05/07 22:48:48 | 000,007,530 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/05/07 22:48:48 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/05/07 22:48:41 | 000,002,194 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012/05/07 22:48:17 | 001,084,536 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SymEFA64.sys
[2012/05/07 22:48:17 | 000,729,720 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\srtsp64.sys
[2012/05/07 22:48:17 | 000,451,192 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SymDS64.sys
[2012/05/07 22:48:17 | 000,445,560 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\symtdiv.sys
[2012/05/07 22:48:17 | 000,401,016 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\symnets.sys
[2012/05/07 22:48:17 | 000,189,560 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\Ironx64.sys
[2012/05/07 22:48:17 | 000,037,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\srtspx64.sys
[2012/05/07 22:48:16 | 000,167,048 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\ccSetx64.sys
[2012/05/07 22:47:57 | 000,003,433 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SymEFA.inf
[2012/05/07 22:47:57 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SymDS.inf
[2012/05/07 22:47:57 | 000,001,468 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SymNetV.inf
[2012/05/07 22:47:57 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SymNet.inf
[2012/05/07 22:47:57 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\srtsp64.inf
[2012/05/07 22:47:57 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\srtspx64.inf
[2012/05/07 22:47:57 | 000,000,854 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\ccSetx64.inf
[2012/05/07 22:47:57 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\Iron.inf
[2012/05/07 22:47:48 | 000,002,801 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SymVTcer.dat
[2012/05/07 22:47:47 | 000,007,877 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\symnetv64.cat
[2012/05/07 22:47:47 | 000,007,510 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\ccSetx64.cat
[2012/05/07 22:47:47 | 000,007,504 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\srtspx64.cat
[2012/05/07 22:47:47 | 000,007,502 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SymEFA64.cat
[2012/05/07 22:47:47 | 000,007,500 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\srtsp64.cat
[2012/05/07 22:47:47 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\SymDS64.cat
[2012/05/07 22:47:47 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\iron.cat
[2012/05/07 22:47:47 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\symnet64.cat
[2012/05/07 22:47:47 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1301010.003\isolate.ini
[2012/05/07 21:47:57 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/07 21:47:55 | 000,024,904 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/07 20:49:26 | 001,280,208 | ---- | C] () -- C:\Users\Usuario\Desktop\tdsskiller.zip
[2012/05/07 08:23:05 | 000,000,912 | ---- | C] () -- C:\Users\Usuario\Desktop\QuickTime Player.lnk
[2012/05/07 08:22:35 | 000,002,009 | ---- | C] () -- C:\Users\Usuario\Desktop\Google Chrome.lnk
[2012/05/07 08:22:14 | 000,000,973 | ---- | C] () -- C:\Users\Usuario\Desktop\Launch Internet Explorer Browser.lnk
[2012/05/04 20:54:34 | 2146,623,488 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/25 19:04:37 | 000,278,561 | ---- | C] () -- C:\Users\Usuario\Desktop\Minecraft.exe
[2012/04/19 15:54:26 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\rtvcvfw32.dll
[2012/04/19 15:47:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/04/19 15:35:24 | 000,111,120 | ---- | C] () -- C:\Windows\SysNative\drivers\AtihdLH6.sys
[2012/04/19 15:33:14 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\ATIDEMGX.dll
[2012/04/19 15:33:14 | 000,150,464 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/04/19 15:33:13 | 000,003,949 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/04/19 15:33:13 | 000,003,949 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2012/04/19 15:33:05 | 000,525,792 | ---- | C] () -- C:\Windows\SysNative\Difxapi.dll
[2012/04/19 15:33:01 | 000,058,880 | ---- | C] () -- C:\Windows\SysNative\coinst.dll
[2012/04/19 15:33:01 | 000,030,831 | ---- | C] () -- C:\Windows\atiogl.xml
[2011/05/12 20:58:59 | 000,001,356 | ---- | C] () -- C:\Users\Usuario\AppData\Local\d3d9caps.dat
[2011/05/11 13:57:54 | 000,000,000 | ---- | C] () -- C:\Users\Usuario\AppData\Local\{9D216F01-172D-4725-B70E-93C52198C79E}
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/09 22:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2010/12/01 17:55:28 | 000,618,496 | ---- | C] () -- C:\Windows\SysWow64\stlpmt45.dll
[2010/12/01 17:55:28 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll
[2010/08/11 13:04:45 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat

========== LOP Check ==========

[2012/05/02 18:23:14 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\.minecraft
[2008/10/31 00:49:52 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\BitTorrent
[2009/10/10 11:10:24 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\DataCast
[2011/11/03 17:50:17 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Delivery
[2008/08/30 13:32:47 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\DNA
[2010/09/11 11:54:01 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\freeCompressor
[2011/09/02 16:01:18 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\go
[2011/12/18 19:57:25 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\gtk-2.0
[2009/12/17 18:42:35 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\PeerNetworking
[2008/10/04 14:05:48 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Sega
[2011/10/21 11:28:21 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Studio-Scrap3
[2012/04/24 19:17:55 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Studio-Scrap4
[2012/05/02 19:27:01 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3310583335-1369690124-4160256294-1000Core.job
[2012/05/07 22:27:03 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3310583335-1369690124-4160256294-1000UA.job
[2012/05/07 22:04:57 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/07 23:10:12 | 000,000,490 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F77CDD89-6BA4-4D13-80B7-EB7E880C39D0}.job

========== Purity Check ==========



========== Custom Scans ==========

< %APPDATA%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\*.* >
[2012/05/07 22:03:28 | 000,065,234 | ---- | M] () -- C:\Users\Usuario\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2012-05-07 (21-54-13).txt
[2012/05/07 22:19:52 | 000,002,120 | ---- | M] () -- C:\Users\Usuario\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2012-05-07 (22-10-03).txt

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon /s >
"Shell" = explorer.exe -- [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)
"Userinit" = userinit.exe,
"VmApplet" = rundll32 shell32,Control_RunDLL "sysdm.cpl"
"ReportBootOk" = 1
"AutoRestartShell" = 1
"LegalNoticeCaption" =
"LegalNoticeText" =
"PowerdownAfterShutdown" = 0
"ShutdownWithoutLogon" = 0
"cachedlogonscount" = 10
"forceunlocklogon" = 0
"passwordexpirywarning" = 14
"Background" = 0 0 0
"DebugServerCommand" = no
"WinStationsDisabled" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"" = Wireless Group Policy
"DisplayName" = @wlgpclnt.dll,-100
"ProcessGroupPolicyEx" = ProcessWLANPolicyEx
"GenerateGroupPolicy" = GenerateWLANPolicy
"DllName" = wlgpclnt.dll -- [2008/01/18 23:36:58 | 000,083,456 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"" = Folder Redirection
"ProcessGroupPolicyEx" = ProcessGroupPolicyEx
"DllName" = fdeploy.dll -- [2008/01/18 23:34:22 | 000,053,760 | ---- | M] (Microsoft Corporation)
"NoMachinePolicy" = 1
"NoSlowLink" = 1
"PerUserLocalSettings" = 1
"NoGPOListChanges" = 0
"NoBackgroundPolicy" = 0
"GenerateGroupPolicy" = GenerateGroupPolicy
"EventSources" = (Folder Redirection,Application) [binary data]
"DisplayName" = @fdeploy.dll,-261
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"" = Microsoft Disk Quota
"DisplayName" = @%SystemRoot%\System32\dskquota.dll,-100
"NoMachinePolicy" = 0
"NoUserPolicy" = 1
"NoSlowLink" = 1
"NoBackgroundPolicy" = 1
"NoGPOListChanges" = 1
"PerUserLocalSettings" = 0
"RequiresSuccessfulRegistry" = 1
"EnableAsynchronousProcessing" = 0
"DllName" = %SystemRoot%\System32\dskquota.dll -- [2008/01/18 23:34:08 | 000,086,528 | ---- | M] (Microsoft Corporation)
"ProcessGroupPolicy" = ProcessGroupPolicy
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"" = QoS Packet Scheduler
"DisplayName" = @gptext.dll,-201
"ProcessGroupPolicy" = ProcessPSCHEDPolicy
"DllName" = gptext.dll -- [2006/11/02 11:46:05 | 000,016,896 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"" = Scripts
"ProcessGroupPolicy" = ProcessScriptsGroupPolicy
"DllName" = gpscript.dll -- [2008/01/18 23:34:26 | 000,028,160 | ---- | M] (Microsoft Corporation)
"GenerateGroupPolicy" = GenerateScriptsGroupPolicy
"NoSlowLink" = 1
"ProcessGroupPolicyEx" = ProcessScriptsGroupPolicyEx
"NoGPOListChanges" = 1
"NotifyLinkTransition" = 1
"DisplayName" = @gpscript.dll,-1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"ProcessGroupPolicy" = ProcessGroupPolicyForZoneMap
"DllName" = C:\Windows\SysWOW64\iedkcs32.dll -- [2011/05/28 08:03:58 | 000,387,584 | ---- | M] (Microsoft Corporation)
"" = Internet Explorer Zonemapping
"NoGPOListChanges" = 1
"DisplayName" = @C:\Windows\SysWOW64\iedkcs32.dll,-3051
"RequiresSuccessfulRegistry" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
"" = Windows Search Group Policy Extension
"DllName" = %SystemRoot%\System32\srchadmin.dll -- [2008/01/18 23:36:36 | 000,258,048 | ---- | M] (Microsoft Corporation)
"EnableAsynchronousProcessing" = 0
"NoBackgroundPolicy" = 0
"NoGPOListChanges" = 1
"NoMachinePolicy" = 0
"NoSlowLink" = 0
"NoUserPolicy" = 1
"PerUserLocalSettings" = 0
"ProcessGroupPolicy" = ProcessGroupPolicy
"RequiresSuccessfulRegistry" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
"" = Internet Explorer User Accelerators
"ProcessGroupPolicy" = ProcessGroupPolicyForActivities
"DllName" = C:\Windows\SysWOW64\iedkcs32.dll -- [2011/05/28 08:03:58 | 000,387,584 | ---- | M] (Microsoft Corporation)
"RequiresSuccessfulRegistry" = 1
"ProcessGroupPolicyEx" = ProcessGroupPolicyForActivitiesEx
"NoGPOListChanges" = 1
"DisplayName" = @C:\Windows\SysWOW64\iedkcs32.dll,-3051
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"" = Security -- [2006/11/02 11:43:08 | 000,005,120 | ---- | M] (Microsoft Corporation)
"DisplayName" = @(runtime.system32)\scecli.dll,-7650
"ProcessGroupPolicy" = SceProcessSecurityPolicyGPO
"GenerateGroupPolicy" = SceGenerateGroupPolicy
"ExtensionRsopPlanningDebugLevel" = 1
"ProcessGroupPolicyEx" = SceProcessSecurityPolicyGPOEx
"ExtensionDebugLevel" = 1
"DllName" = scecli.dll -- [2008/01/18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
"EnableAsynchronousProcessing" = 1
"MaxNoGPOListChangesInterval" = 960
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"ProcessGroupPolicyEx" = ProcessGroupPolicyEx
"GenerateGroupPolicy" = GenerateGroupPolicy
"ProcessGroupPolicy" = ProcessGroupPolicy
"DllName" = C:\Windows\SysWOW64\iedkcs32.dll -- [2011/05/28 08:03:58 | 000,387,584 | ---- | M] (Microsoft Corporation)
"" = Internet Explorer Branding
"NoSlowLink" = 1
"NoBackgroundPolicy" = 0
"NoGPOListChanges" = 1
"NoMachinePolicy" = 1
"DisplayName" = @C:\Windows\SysWOW64\iedkcs32.dll,-3014
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy" = SceProcessEFSRecoveryGPO
"DllName" = scecli.dll -- [2008/01/18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation)
"" = EFS recovery
"DisplayName" = @(runtime.system32)\scecli.dll,-7651
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
"RequiresSuccessfulRegistry" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
"" = 802.3 Group Policy
"DisplayName" = @dot3gpclnt.dll,-100
"ProcessGroupPolicyEx" = ProcessLANPolicyEx
"GenerateGroupPolicy" = GenerateLANPolicy
"DllName" = dot3gpclnt.dll -- [2008/01/18 23:34:06 | 000,043,008 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"" = Microsoft Offline Files
"ProcessGroupPolicy" = ProcessGroupPolicy
"DllName" = %SystemRoot%\System32\cscobj.dll -- [2008/01/18 23:34:02 | 000,131,584 | ---- | M] (Microsoft Corporation)
"RequiresSuccessfulRegistry" = 1
"NoSlowLink" = 0
"NoGPOListChanges" = 0
"NoUserPolicy" = 0
"NoMachinePolicy" = 0
"PerUserLocalSettings" = 0
"EnableAsynchronousProcessing" = 1
"NoBackgroundPolicy" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"" = Software Installation
"RequiresSucessfulRegistry" = 0
"DllName" = appmgmts.dll -- [2008/01/18 23:33:46 | 000,148,992 | ---- | M] (Microsoft Corporation)
"GenerateGroupPolicy" = GenerateGroupPolicy
"NoSlowLink" = 1
"ProcessGroupPolicyEx" = ProcessGroupPolicyObjectsEx
"EventSources" = [Binary data over 100 bytes]
"NoUserPolicy" = 0
"DisplayName" = @appmgmts.dll,-3252
"PerUserLocalSettings" = 1
"NoBackgroundPolicy" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
"" = Internet Explorer Machine Accelerators
"ProcessGroupPolicy" = ProcessGroupPolicyForActivities
"DllName" = C:\Windows\SysWOW64\iedkcs32.dll -- [2011/05/28 08:03:58 | 000,387,584 | ---- | M] (Microsoft Corporation)
"RequiresSuccessfulRegistry" = 1
"ProcessGroupPolicyEx" = ProcessGroupPolicyForActivitiesEx
"NoGPOListChanges" = 1
"DisplayName" = @C:\Windows\SysWOW64\iedkcs32.dll,-3051
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"" = IP Security
"ProcessGroupPolicyEx" = ProcessIPSECPolicyEx
"GenerateGroupPolicy" = GenerateIPSECPolicy
"DllName" = %SystemRoot%\System32\polstore.dll -- [2008/06/19 05:31:51 | 000,272,896 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 0
"DisplayName" = @C:\Windows\SysWOW64\polstore.dll,-5012
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}]
"" = Enterprise QoS
"DisplayName" = @gptext.dll,-203
"ProcessGroupPolicy" = ProcessEQoSPolicy
"DllName" = gptext.dll -- [2006/11/02 11:46:05 | 000,016,896 | ---- | M] (Microsoft Corporation)
"RequiresSuccessfulRegistry" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command /s >
"" = C:\Program Files (x86)\Internet Explorer\iexplore.exe -- [2011/05/28 08:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)

< %temp%\smtmp\1\*.* /s >

< %temp%\smtmp\2\*.* /s >

< %temp%\smtmp\4\*.* /s >

< nslookup http://www.google.fr /c >
Servidor: livebox.home
Address: 192.168.1.1
DNS request timed out.
timeout was 2 seconds.

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012/05/02 18:23:14 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\.minecraft
[2008/08/24 17:02:59 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Adobe
[2008/07/04 13:49:00 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Ahead
[2012/04/19 15:54:02 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\ATI
[2008/10/31 00:49:52 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\BitTorrent
[2009/10/10 11:10:24 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\DataCast
[2011/11/03 17:50:17 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Delivery
[2009/10/10 11:10:55 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\DivX
[2008/08/30 13:32:47 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\DNA
[2010/09/11 11:54:01 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\freeCompressor
[2011/09/02 16:01:18 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\go
[2012/02/03 15:48:05 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Google
[2011/12/18 19:57:25 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\gtk-2.0
[2008/07/04 12:00:31 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Identities
[2009/10/10 11:09:17 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\InstallShield
[2008/08/24 00:33:17 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Macromedia
[2012/05/07 21:48:06 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Malwarebytes
[2006/11/02 17:06:33 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Media Center Programs
[2011/09/19 20:07:48 | 000,000,000 | --SD | M] -- C:\Users\Usuario\AppData\Roaming\Microsoft
[2009/12/17 18:42:35 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\PeerNetworking
[2008/07/07 16:37:35 | 000,000,000 | RH-D | M] -- C:\Users\Usuario\AppData\Roaming\SecuROM
[2008/10/04 14:05:48 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Sega
[2011/12/23 23:08:25 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Skype
[2011/05/28 21:43:33 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\skypePM
[2011/10/21 11:28:21 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Studio-Scrap3
[2012/04/24 19:17:55 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Studio-Scrap4
[2008/09/13 23:33:41 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\vlc
[2012/05/02 17:01:05 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2006/11/02 14:03:16 | 000,062,056 | ---- | M] () MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008/01/19 00:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 00:07:48 | 000,022,584 | ---- | M] () MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\SysNative\drivers\atapi.sys
[2008/01/19 00:07:48 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

< MD5 for: CDROM.SYS >
[2008/01/18 22:29:06 | 000,079,872 | ---- | M] () MD5=3B2FB35363423ED60C8FBF15FC8680BD -- C:\Windows\SysNative\drivers\cdrom.sys
[2008/01/18 22:29:06 | 000,079,872 | ---- | M] (Microsoft Corporation) MD5=3B2FB35363423ED60C8FBF15FC8680BD -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_bbc7f7665c24db80\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 13:16:48 | 000,014,848 | ---- | M] () MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006/11/02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CTFMON.EXE >
[2006/11/02 11:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\Windows\SysWOW64\ctfmon.exe
[2006/11/02 11:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe
[2006/11/02 13:15:47 | 000,009,728 | ---- | M] () MD5=7E370DF3743B39CD375C52F7995783C4 -- C:\Windows\SysNative\ctfmon.exe
[2006/11/02 13:15:47 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=7E370DF3743B39CD375C52F7995783C4 -- C:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_f718665b4c03ea89\ctfmon.exe

< MD5 for: DISK.SYS >
[2008/01/19 00:09:18 | 000,068,664 | ---- | M] () MD5=2DC415FC05FB8A079F896CBBACB19324 -- C:\Windows\SysNative\drivers\disk.sys
[2008/01/19 00:09:18 | 000,068,664 | ---- | M] (Microsoft Corporation) MD5=2DC415FC05FB8A079F896CBBACB19324 -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_55e51d682c89f490\disk.sys

< MD5 for: DWM.EXE >
[2006/11/02 13:15:50 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=8395319C8E91D82230DE1F0F7854718B -- C:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6000.16386_none_e78b6d9c78a45b99\dwm.exe
[2008/01/19 00:00:16 | 000,098,816 | ---- | M] () MD5=BD5DEBBE43A492CC75D25AF43E686D17 -- C:\Windows\SysNative\dwm.exe
[2008/01/19 00:00:16 | 000,098,816 | ---- | M] (Microsoft Corporation) MD5=BD5DEBBE43A492CC75D25AF43E686D17 -- C:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6001.18000_none_e9c22f98758f6c6d\dwm.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2006/11/02 13:15:52 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=5D768BEB711FF67ADC8FAD4E2F6ABB02 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_ab9c809a352ecf21\explorer.exe
[2008/10/28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\explorer.exe
[2008/10/29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2008/10/30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/19 00:00:16 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2006/11/02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_b5f12aec698f911c\explorer.exe
[2008/01/18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: IASTORV.SYS >
[2008/01/19 00:11:32 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2006/11/02 13:51:48 | 000,280,680 | ---- | M] () MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys

< MD5 for: NDIS.SYS >
[2008/01/19 00:12:10 | 000,739,384 | ---- | M] () MD5=2A2EE457AF36C5C9A6808C768BD3A12B -- C:\Windows\SysNative\drivers\ndis.sys
[2008/01/19 00:12:10 | 000,739,384 | ---- | M] (Microsoft Corporation) MD5=2A2EE457AF36C5C9A6808C768BD3A12B -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_03e5c74ad46c7e4e\ndis.sys
[2006/11/02 13:52:20 | 000,641,128 | ---- | M] (Microsoft Corporation) MD5=CCA69C9493A13AF86DCF0AE272AFBB72 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_01af054ed7816d7a\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/01/19 00:03:02 | 000,716,800 | ---- | M] () MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\SysNative\netlogon.dll
[2008/01/19 00:03:02 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2006/11/02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll
[2008/01/18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2006/11/02 13:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 14:02:51 | 000,048,232 | ---- | M] () MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys
[2008/01/19 00:08:52 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: RASACD.SYS >
[2008/01/18 22:37:32 | 000,014,848 | ---- | M] () MD5=1013B3B663A56D3DDD784F581C1BD005 -- C:\Windows\SysNative\drivers\rasacd.sys
[2008/01/18 22:37:32 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=1013B3B663A56D3DDD784F581C1BD005 -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_6bf89a3a1db09099\rasacd.sys
[2006/11/02 11:47:34 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=88E0A5690F4829D9360623E92CABEEE6 -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6000.16386_none_69c1d83e20c57fc5\rasacd.sys

< MD5 for: RDPCLIP.EXE >
[2008/01/19 00:00:32 | 000,191,488 | ---- | M] () MD5=BDD9C2C16DCAB6A29D2DDF95001874C2 -- C:\Windows\SysNative\rdpclip.exe
[2008/01/19 00:00:32 | 000,191,488 | ---- | M] (Microsoft Corporation) MD5=BDD9C2C16DCAB6A29D2DDF95001874C2 -- C:\Windows\winsxs\amd64_microsoft-windows-t..lipboardredirection_31bf3856ad364e35_6.0.6001.18000_none_5df4ac26c37f9beb\rdpclip.exe
[2006/11/02 17:03:59 | 000,173,568 | ---- | M] (Microsoft Corporation) MD5=DCFE3252C7EC2FC361283635855717FB -- C:\Windows\winsxs\amd64_microsoft-windows-t..lipboardredirection_31bf3856ad364e35_6.0.6000.16386_none_5bbdea2ac6948b17\rdpclip.exe

< MD5 for: RDPWD.SYS >
[2008/01/18 22:42:22 | 000,210,432 | ---- | M] () MD5=7747082F672AA2846235C9CEA42E2E72 -- C:\Windows\SysNative\drivers\rdpwd.sys
[2008/01/18 22:42:22 | 000,210,432 | ---- | M] (Microsoft Corporation) MD5=7747082F672AA2846235C9CEA42E2E72 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.0.6001.18000_none_a79423cb8d5ff990\rdpwd.sys
[2006/11/02 11:52:30 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=D289A455FC34395720F2FCDC35DDBB79 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.0.6000.16386_none_a55d61cf9074e8bc\rdpwd.sys

< MD5 for: SCECLI.DLL >
[2008/01/18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2006/11/02 13:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll
[2008/01/19 00:03:56 | 000,235,520 | ---- | M] () MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\SysNative\scecli.dll
[2008/01/19 00:03:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2006/11/02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll

< MD5 for: SFLOPPY.SYS >
[2008/01/18 22:29:06 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=40567781F0785C4A69411D1B40DA8987 -- C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.0.6001.18000_none_4328abb132d93079\sfloppy.sys
[2006/11/02 11:38:24 | 000,016,384 | ---- | M] () MD5=6B7838C94135768BD455CBDC23E39E5F -- C:\Windows\SysNative\drivers\sfloppy.sys

< MD5 for: TASKENG.EXE >
[2010/11/04 18:54:37 | 000,267,776 | ---- | M] (Microsoft Corporation) MD5=05CF042843679117363EA98AF20A49E6 -- C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.22791_none_41f441df909d8211\taskeng.exe
[2010/11/05 15:43:51 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=110B5E5AFA79DD8A45A2F6ED738469B9 -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.22791_none_e5d5a65bd84010db\taskeng.exe
[2006/11/02 11:45:48 | 000,166,400 | ---- | M] (Microsoft Corporation) MD5=1226E9FAE5B8508801EC974E3C9D9C14 -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6000.16386_none_e3758b32c1ef5c83\taskeng.exe
[2010/11/04 18:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=3D50C4B10352367D5CB20ED1F50F8DA2 -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.18342_none_e7698b5ebc1f53d7\taskeng.exe
[2008/01/19 00:00:42 | 000,265,216 | ---- | M] (Microsoft Corporation) MD5=436E26D2E64EC4AABDC82EFBD3B92692 -- C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.18000_none_41cae8b27737de8d\taskeng.exe
[2008/01/18 23:33:34 | 000,169,472 | ---- | M] (Microsoft Corporation) MD5=5F109032CE46B7184ED9E50F9FE8489E -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.18000_none_e5ac4d2ebeda6d57\taskeng.exe
[2010/11/05 00:15:29 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=9AF3E523E39FD8C10EDFA3ABA702DC9B -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.22519_none_e81a9bd9d51e4e56\taskeng.exe
[2010/11/04 19:44:12 | 000,267,776 | ---- | M] (Microsoft Corporation) MD5=A7BB4FA098A6365D92A07D702926F957 -- C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.22519_none_4439375d8d7bbf8c\taskeng.exe
[2010/11/04 23:16:05 | 000,267,776 | ---- | M] () MD5=DE4217BAE504F982A9C8A88CC3D4A9E8 -- C:\Windows\SysNative\taskeng.exe
[2010/11/04 23:16:05 | 000,267,776 | ---- | M] (Microsoft Corporation) MD5=DE4217BAE504F982A9C8A88CC3D4A9E8 -- C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.18551_none_4195e2de775f755c\taskeng.exe
[2006/11/02 13:16:14 | 000,262,144 | ---- | M] (Microsoft Corporation) MD5=DE61E65990B3B3F87B8B8013018D5706 -- C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6000.16386_none_3f9426b67a4ccdb9\taskeng.exe
[2010/11/05 01:58:17 | 000,267,776 | ---- | M] (Microsoft Corporation) MD5=EA85B96A8BFB435749C9004BC7340347 -- C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.18342_none_438826e2747cc50d\taskeng.exe
[2010/11/05 02:53:47 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=EAFB5897AC9CD84890171AC38862320F -- C:\Windows\SysWOW64\taskeng.exe
[2010/11/05 02:53:47 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=EAFB5897AC9CD84890171AC38862320F -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.18551_none_e577475abf020426\taskeng.exe

< MD5 for: TCPIP.SYS >
[2010/06/16 19:14:29 | 001,424,264 | ---- | M] (Microsoft Corporation) MD5=0011810B5211FDACD784DE585262ECFE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_119c298735134c99\tcpip.sys
[2009/12/08 20:22:57 | 001,199,616 | ---- | M] (Microsoft Corporation) MD5=2F822AF5E70467F827F5B4010A7FD57F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_bb7549d64ac6920e\tcpip.sys
[2010/02/18 17:01:57 | 001,420,688 | ---- | M] (Microsoft Corporation) MD5=30C4ABC8075DEA44D7E775D434AF1753 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_0f2e179c1ecd900b\tcpip.sys
[2009/08/14 16:44:27 | 001,200,640 | ---- | M] (Microsoft Corporation) MD5=34B30202AECCB530FDDC6C6CCFA2FB46 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_bbc5fabc4a894d2a\tcpip.sys
[2010/02/18 14:25:21 | 001,200,640 | ---- | M] (Microsoft Corporation) MD5=396CF3FD8D2A4FDF55570C01894DB9DF -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_bba931004aa006ed\tcpip.sys
[2009/08/14 20:05:16 | 001,418,840 | ---- | M] (Microsoft Corporation) MD5=3BCD46BE9988B09D3510A0EF54F0D65B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_0f32e3e61ecadee9\tcpip.sys
[2010/02/18 17:04:06 | 001,414,032 | ---- | M] (Microsoft Corporation) MD5=4680D08A2E8A2509CD9B751D7AF59606 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys
[2010/02/18 16:22:15 | 001,423,752 | ---- | M] (Microsoft Corporation) MD5=4AD4600DF1F09EE7462152C061B683C8 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_118286a1352721f8\tcpip.sys
[2009/08/14 18:42:31 | 001,413,208 | ---- | M] (Microsoft Corporation) MD5=74B776CA1B328095FE23A3306B1613A3 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_0f6c030d3823f645\tcpip.sys
[2008/01/19 00:12:16 | 001,421,368 | ---- | M] (Microsoft Corporation) MD5=7A1183FBB802F5ABAD7FA18BC67E0858 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys
[2010/02/18 14:27:40 | 001,198,080 | ---- | M] (Microsoft Corporation) MD5=7B0B928E318CADC23C87226BE0A1097D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_bc37d12363b92291\tcpip.sys
[2010/06/16 18:40:37 | 001,420,176 | ---- | M] () MD5=7D86275FB640011B372FD566C0EAFA8D -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/06/16 18:40:37 | 001,420,176 | ---- | M] (Microsoft Corporation) MD5=7D86275FB640011B372FD566C0EAFA8D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_0ede67001f09ee46\tcpip.sys
[2009/12/08 22:59:37 | 001,418,840 | ---- | M] (Microsoft Corporation) MD5=8C94F5E4F9DE14A495BAA86F643CF31D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_0ef8061a1ef61e99\tcpip.sys
[2008/04/26 10:55:25 | 001,421,368 | ---- | M] (Microsoft Corporation) MD5=8E041924441FF8755E5B4F135C8C3767 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_0efecf2c1ef1a5d7\tcpip.sys
[2010/06/16 19:11:35 | 001,426,816 | ---- | M] (Microsoft Corporation) MD5=973658A2EA9C06B2976884B9046DFC6C -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_10d97a5c1c20ef58\tcpip.sys
[2009/08/14 18:39:38 | 001,425,992 | ---- | M] (Microsoft Corporation) MD5=A7BFF59C2F610F62E6C292074FF36A1E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_10c2d66e1c321395\tcpip.sys
[2010/02/18 16:28:06 | 001,427,336 | ---- | M] (Microsoft Corporation) MD5=B4B7B375FDD672AF79B0CBE9B9A48B47 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_112c2bd61be1dd22\tcpip.sys
[2009/12/08 20:21:46 | 001,196,032 | ---- | M] (Microsoft Corporation) MD5=BB6FB43B431CCAD6FC367648C87205C0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_bc00bf5763e297c8\tcpip.sys
[2009/12/08 23:13:33 | 001,411,656 | ---- | M] (Microsoft Corporation) MD5=D1A6D398865E0686533E13DD2558D64B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_0f81a4cb3813bb8a\tcpip.sys
[2010/06/17 01:28:33 | 001,414,544 | ---- | M] (Microsoft Corporation) MD5=D43D5336BE9DD93E02EE124297295713 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys
[2009/08/14 18:32:21 | 001,424,952 | ---- | M] (Microsoft Corporation) MD5=D45D67A18C9FD4CC637BC9D4585C0646 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_11acc42135079bb6\tcpip.sys
[2009/08/16 00:55:23 | 001,196,032 | ---- | M] (Microsoft Corporation) MD5=D4E30E6BADFF21865C3A075457CF9C00 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_bc4f6fa963a72036\tcpip.sys
[2006/11/02 11:48:29 | 001,193,472 | ---- | M] (Microsoft Corporation) MD5=DB08D7CB8D64A07E4D59F8983CD13758 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_bb6d6f644acc0b1a\tcpip.sys
[2009/12/08 22:22:19 | 001,425,480 | ---- | M] (Microsoft Corporation) MD5=E52F99B1160A1A1DE83223379D2C1828 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_10e247ce1c1aa392\tcpip.sys
[2009/12/08 22:04:59 | 001,423,944 | ---- | M] (Microsoft Corporation) MD5=EE84432AD7DCADE2931528C319C55097 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_1159459f3545c743\tcpip.sys
[2008/04/26 10:47:15 | 001,421,368 | ---- | M] (Microsoft Corporation) MD5=F10A60005FB50698E33A1940C6EBB010 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_0f8c6d1f380baafd\tcpip.sys

< MD5 for: TDPIPE.SYS >
[2008/01/18 22:42:04 | 000,016,384 | ---- | M] () MD5=1D8BF4AAA5FB7A2761475781DC1195BC -- C:\Windows\SysNative\drivers\tdpipe.sys
[2008/01/18 22:42:04 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=1D8BF4AAA5FB7A2761475781DC1195BC -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.0.6001.18000_none_37cad2effd14b40d\tdpipe.sys
[2006/11/02 11:52:08 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=1E06142D972C24BF7669588F78A43048 -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.0.6000.16386_none_359410f40029a339\tdpipe.sys

< MD5 for: TDTCP.SYS >
[2006/11/02 11:52:08 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=38B3AF56EC954458D478C988C9D602FA -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.0.6000.16386_none_359410f40029a339\tdtcp.sys
[2008/01/18 22:42:04 | 000,029,696 | ---- | M] () MD5=7F7E00CDF609DF657F4CDA02DD1C9BB1 -- C:\Windows\SysNative\drivers\tdtcp.sys
[2008/01/18 22:42:04 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=7F7E00CDF609DF657F4CDA02DD1C9BB1 -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.0.6001.18000_none_37cad2effd14b40d\tdtcp.sys

< MD5 for: USBPRINT.SYS >
[2008/01/18 23:10:58 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=28B693B6D31E7B9332C1BDCEFEF228C1 -- C:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.0.6001.18000_none_8f185dee79c76c54\usbprint.sys
[2006/11/02 12:27:53 | 000,024,064 | ---- | M] () MD5=ACFEE697AF477021BB3EC78C5431FED2 -- C:\Windows\SysNative\drivers\usbprint.sys

< MD5 for: USBSCAN.SYS >
[2008/01/18 23:09:58 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=EA0BF666868964FBE8CB10E50C97B9F1 -- C:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.0.6001.18000_none_b5fd6cec99241209\usbscan.sys

< MD5 for: USERINIT.EXE >
[2008/01/18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006/11/02 13:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe
[2008/01/19 00:00:42 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/19 00:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/01/19 00:11:28 | 000,271,416 | ---- | M] () MD5=DE4307412D98050239026E56A7DFF3C0 -- C:\Windows\SysNative\drivers\volsnap.sys
[2008/01/19 00:11:28 | 000,271,416 | ---- | M] (Microsoft Corporation) MD5=DE4307412D98050239026E56A7DFF3C0 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_71d55304b4726c03\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008/01/18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008/01/19 00:00:46 | 000,123,904 | ---- | M] () MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008/01/19 00:00:46 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
[2006/11/02 13:16:20 | 000,122,368 | ---- | M] (Microsoft Corporation) MD5=6F92CE5B50283B0C0A7A539ED552039A -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_8ada9256bfc30704\wininit.exe
[2006/11/02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/19 00:00:46 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe
[2008/01/19 00:00:46 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2006/11/02 13:16:20 | 000,397,312 | ---- | M] (Microsoft Corporation) MD5=9642EED809219A2F914DD8E40A09C48B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57\winlogon.exe
[2006/11/02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe
[2008/01/18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009/03/08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2011/05/28 08:04:02 | 011,081,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< >

< >

< End of report >
flore
Apprenti(e)
Apprenti(e)
 
Messages: 31
Inscription: 06 Mai 2012 11:33
 

Re: rapport infection virus sacem

Message le 07 Mai 2012 22:55

Code: Tout sélectionner
OTL Extras logfile created on: 07/05/2012 23:24:04 - Run 1
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\Usuario\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 0000040C | Country: Francia | Language: FRA | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 42,51% Memory free
4,23 Gb Paging File | 2,67 Gb Available in Paging File | 63,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 132,22 Gb Free Space | 44,36% Space Free | Partition Type: NTFS
 
Computer Name: USUARIO1 | User Name: Usuario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-3310583335-1369690124-4160256294-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = CA 0D 44 25 CB DD C8 01  [binary data]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3310583335-1369690124-4160256294-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files (x86)\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe" = C:\Program Files (x86)\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files (x86)\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe" = C:\Program Files (x86)\Orange\Connexion Internet Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10D3F809-3DF4-4422-9E05-1A79E9C37D6F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{142CCD74-5F80-410D-BC6F-F6C97E2A0628}" = rport=10243 | protocol=6 | dir=out | app=system |
"{20ED4033-EA4C-4E0F-9C40-D2E515E2CF6A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{35405922-40B8-4404-9271-831D8E1902A5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B09ABF4-8015-44AA-A23E-7750D77D1EA9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5265BB8F-2FBC-479D-AE6C-46C946667581}" = lport=2869 | protocol=6 | dir=in | app=system |
"{54A23A40-3F76-469D-977A-72F447110C21}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5E458B0C-C49F-4B87-BCDF-6A09CE1C6584}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E6E5607-D31E-46E9-8174-ED03B2E77E96}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{63586E31-A361-45C8-98AD-A8053D916010}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{B1C408A1-9B67-4FA0-895E-D08905D561CC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FE5F9A8B-5AB7-48AF-88CC-169D3261F422}" = lport=2869 | protocol=6 | dir=in | app=system |
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BA98FF0-6927-431C-AFBD-08D1703BA8E7}" = protocol=17 | dir=in | app=c:\users\usuario\desktop\sweetimsetup.exe |
"{11212857-EF30-431F-A902-EE70E5DFDB99}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lara croft and the guardian of light\lcgol_demo.exe |
"{1329E5D6-CF29-4DB0-BAC9-82629307B65E}" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe |
"{1BCF6D68-C7EA-4F0A-809B-67606A81752F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D76F91E-7D46-4FDA-8170-354C07FF1D82}" = protocol=6 | dir=in | app=c:\users\usuario\desktop\sweetimsetup.exe |
"{27065517-27DA-4DD3-99B1-A3D7816ADB23}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2CC45162-3D57-4392-93D5-0FE450B477B0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2DDEDD1C-571E-4B38-A942-BF1FEA0C5988}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{32BDA2E4-BB1F-455A-A14D-8E083D9B014E}" = protocol=17 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{331DE26D-5EE3-47BF-BAFF-745E0B116480}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3422E44E-65C3-4E1C-A554-4EFF07F913FB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3C82D5FE-0133-4F8C-BB93-CFACBEA8E594}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{446AE274-666F-4E29-89FC-4AAC4EA499EE}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{45957AA6-435D-475D-B5B1-53BC90F47EA6}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{4646BA70-1756-43B3-B6A5-FB8BC5696892}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe |
"{4E86C968-9607-413D-BF02-CA72CBD20E16}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{51A66331-074F-441D-900D-952F42EAC58C}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{52E0A022-BD74-46F1-8ACF-469430D40AE6}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{536263D0-A0C7-46E7-85E3-2A347F833D0A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{58A77D6C-2BDB-487B-AFC9-F500575AF7E2}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{598423AC-3225-447B-8B2B-CCEEE19E1101}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5D834C00-74BE-4EBC-8E82-0B7976EF4A1C}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe |
"{60BE2E7B-238A-4C81-832F-75D64A2B879B}" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe |
"{67C6136F-73C8-435A-A01E-6D76B692B289}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6FAC9FB7-0E5B-4A94-9393-D55B5EBA3A91}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{703B1361-7D0F-4DAC-B34E-5E1BBCC16BD0}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{70E6CD58-0395-42BB-9129-F183414E99E0}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{758E0B86-72AC-468E-98E0-1709FCCF09AF}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{79D18F8E-58E0-4D0D-BC0A-4B7B587561CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7A30E6A2-8410-4180-845B-36E62FA1958E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81F14539-B630-42C7-8B3A-9B7C52255B3F}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{874B1096-05C4-4A03-84D0-05A05F098098}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{8D0A306A-4830-4A91-88FE-3C75C9F916AF}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{91B36AEC-789C-4D9F-8DC9-632C10760788}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{96B40179-F8AD-4A59-BCAD-C66A97067749}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{99F7C323-BCD3-4C00-A407-E4D5DAE3DD0C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{A4E37063-81E1-4B68-9ED2-36E2E1F21C03}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A6C04CC5-CDAA-435C-8B27-09651B45F12A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7A31739-4DEF-46EC-BBAF-FCA0D67180F2}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{AD6C0337-577B-4F5D-A63E-4AC9FF31383D}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{B6560612-DAC5-4E03-B24A-3F8A498BEB38}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{BD2935B5-BEDE-445F-AF25-FF3F4CFD30AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C5E49CF4-0B9A-4629-9B62-CC2B3719632E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE23ABDD-1E49-46B1-AB5E-8D161752D7C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lara croft and the guardian of light\lcgol_demo.exe |
"{CE3C3E4A-E291-4A5E-9D1A-F4F5D48332A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D01AC038-2A62-4FAF-8E0D-6C86CAE71925}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{D048859E-13B9-49C5-97B6-4E8831F8857B}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{D0959619-4072-4217-BD18-63941A0660E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D34AE4EE-6706-47E2-A61F-25CE44A41E7E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D5A6445E-54D4-4EEE-B317-28011086B248}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D81038CC-C113-417F-8F60-C86D983B1B82}" = dir=in | app=c:\users\usuario\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{D94842CC-BEF2-4F41-8005-2615E64406B8}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe |
"{D9B47EE1-CDF1-4154-A0CC-20053DF0E83F}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{E3837C2C-1A83-4E5F-9AD2-F91AFADC587F}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe |
"{E389B564-03D0-4859-81D8-9F6D16C33E3E}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{E7E847C0-968B-452E-847E-F7C8E3493873}" = protocol=6 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{E93036A0-9BCE-43FA-971E-ABCB6C353048}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{EF7BD034-CD0B-4E5A-BE87-29CEF0B4173F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFAA603B-AB3E-4703-BF3F-BF392A9D1054}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F2D24A39-4276-4DB2-A265-C2472B72E694}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8598A68-9B15-42F8-AE9C-D282E79C9A03}" = protocol=6 | dir=out | app=system |
"{FD26C6D3-4748-4FF5-B7B9-093352AB124F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{12FAB922-D503-43D2-922C-907D26647EE7}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{16D4BFB6-B7BE-4B7E-8363-55BD062FB254}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{20CEDC55-6B7F-4D3F-B4D1-AA25CF917DA7}C:\program files (x86)\techland\xpand rally xtreme\xrx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\techland\xpand rally xtreme\xrx.exe |
"TCP Query User{2842A4A1-FF06-45B9-A8CA-CEEC30D74F95}C:\program files (x86)\steam\steamapps\xd_matrix\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xd_matrix\counter-strike\hl.exe |
"TCP Query User{2EB1131F-C210-43DE-A3A3-7F2B76EA0A6A}C:\program files (x86)\trackmania united forever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trackmania united forever\tmforever.exe |
"TCP Query User{31DAB8B1-437B-4364-A458-B098388288CC}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{53AF8D9A-5862-4BBB-8A85-9925CA4F3EB9}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{5C820239-7039-44EA-B692-240547E7B268}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{5FE3B2B0-6AAE-4F68-9599-D18196A9C86E}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{66E1AE83-4386-4A68-9B2C-6D1A8FF1A2FE}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{85DF983D-88E7-4699-B643-DA14EE74D255}C:\program files (x86)\steam\steamapps\xd_matrix\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xd_matrix\half-life 2 deathmatch\hl2.exe |
"TCP Query User{8CAA04EA-4A8B-4680-AC0A-E83C3DA36B25}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{936E6C46-C850-4739-9EE0-AF0A1AA3730C}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{9792B898-4EDB-4C74-B65B-23ABE31F8214}C:\program files (x86)\thq\motogp 2007\motogp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\motogp 2007\motogp.exe |
"TCP Query User{9CF00B3F-E1CA-48CF-8D6A-3A5BBB848BB1}C:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\warcraft iii\war3.exe |
"TCP Query User{A27EE1B3-8D0D-43C7-A2B4-3C94A29DD98C}C:\program files (x86)\techland\xpand rally xtreme\xrx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\techland\xpand rally xtreme\xrx.exe |
"TCP Query User{B947AECC-1EF7-4C71-B43F-5E24E214FB3C}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe |
"TCP Query User{E769D7C8-F23B-4A0D-A9F4-F3456E7836A6}C:\program files (x86)\trackmania united forever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trackmania united forever\tmforever.exe |
"UDP Query User{0448FDD1-C7D7-4424-8EA6-509ACC3FB522}C:\program files (x86)\thq\motogp 2007\motogp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\motogp 2007\motogp.exe |
"UDP Query User{09FB3310-7879-463B-945A-A1247E6E36FE}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{0B13FE68-5595-4AF1-A022-037E77F53644}C:\program files (x86)\techland\xpand rally xtreme\xrx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\techland\xpand rally xtreme\xrx.exe |
"UDP Query User{0D1D81C7-CF09-489D-8A8E-0004BC80D37F}C:\program files (x86)\trackmania united forever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trackmania united forever\tmforever.exe |
"UDP Query User{0E446C03-1A89-4200-9D63-00D8E7D07621}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{11FD77E0-E506-478F-8B2E-48DFA6422041}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{19C3A55A-673C-4C14-95F7-743C7EA2244A}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{2C8B4E9D-F487-4CF0-9B3B-8ACB8CFC48EC}C:\program files (x86)\techland\xpand rally xtreme\xrx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\techland\xpand rally xtreme\xrx.exe |
"UDP Query User{68F622D1-0D18-4B70-91A1-DE941E63E745}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{6C90302F-1F7F-47D9-9874-9A2D855F4D15}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |
"UDP Query User{7E5FE9EE-7E71-4895-AB30-6D0E84EFC187}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{B1A622C3-4C2A-4CD8-BDB4-5068ED47044D}C:\program files (x86)\steam\steamapps\xd_matrix\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xd_matrix\half-life 2 deathmatch\hl2.exe |
"UDP Query User{B5332FCB-1784-4C58-B01C-857E284EEF23}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{B55B9637-BC18-40A6-A37D-1FDFCDE03C05}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{BD2A6F6D-05DA-4C7A-A367-CBE0EDD2BC9A}C:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\warcraft iii\war3.exe |
"UDP Query User{C0BFB342-6495-4BAD-ABBC-92DBBF78BC4E}C:\program files (x86)\trackmania united forever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trackmania united forever\tmforever.exe |
"UDP Query User{CFDB23AB-0EB4-4A2E-9F1E-A3CB5C178764}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe |
"UDP Query User{F78821A6-C72B-4A33-BD3D-0262252274BE}C:\program files (x86)\steam\steamapps\xd_matrix\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xd_matrix\counter-strike\hl.exe |
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2CD8B38F-729E-8594-D0B9-84A97648DCA0}" = ATI Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6090DF46-8BA4-54AA-F60C-4647AE1016A4}" = ATI AVIVO64 Codecs
"{6B07864C-B270-82D3-443B-5901EDB9E41A}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{92E4A65F-7007-3357-A69A-167F71A337BD}" = Microsoft .NET Framework 3.5 Language Pack SP1 - esn
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Ayudante para el inicio de sesión de Windows Live ID
"{A3CF0A66-D88F-4F51-9B32-21DA8B6BA3AF}" = Windows Live Contrôle parental
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3C912BB-BF4B-3788-8A19-DA5B999CE0C6}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 Language Pack SP1 - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""Coeur"_is1" = Coeur
"{00B3F965-1344-C16B-D865-7600B8A6B26E}" = CCC Help English
"{025D4907-5D2E-4146-95F7-54E18BE087DA}" = Xpand Rally Xtreme
"{03B8CE84-7338-472A-18D7-2E63E7E925DE}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0DC3D670-34F3-49B5-80B2-E006C7A5E4FC}" = Démo Mission-G
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Les Sims Deluxe
"{111E336D-30BF-4CD4-8D69-4541732AFB27}" = Rayman Raving Rabbids
"{1292B4A7-C072-413A-B1D0-A1BE7FB516B9}" = Google SketchUp 8
"{15F52B39-04CB-4EDB-9A8C-496C4A5588E2}" = Rayman 3
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{1767EB45-F1E9-2444-2433-A1A94F626026}" = CCC Help Italian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1A96B1A9-3D8B-4E41-ADB8-8CACCD14CA14}" = Dino Island
"{1BB0E97A-1371-6B9D-E1CB-D5CACF3668C8}" = CCC Help German
"{1DB7D9D1-CC2D-D8BB-4F8A-1FC0BF98DC2C}" = CCC Help Chinese Standard
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2C8574B5-6935-4FCE-860E-F4E8602378FF}" = OfferBox
"{2E636AA0-43EB-D218-79D4-BD3B0847545C}" = CCC Help Czech
"{2F603A45-D956-496B-81B5-50D782424976}" = SweetPacks Toolbar for Internet Explorer 4.4
"{32F3741C-2921-4A89-9FCC-6CDA56901650}_is1" = Simclimat 1.0c
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{355FBF6C-31EB-C660-F07A-1CC93975A5CA}" = HydraVision
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BC8D2F1-8CA2-4AF9-99C7-8598AFFDEF8F}" = Thrillville(TM): '07
"{3D1654FA-58EF-6DF0-8B70-E16B7B6C445C}" = Catalyst Control Center InstallProxy
"{3F50AF3B-8997-4916-0095-99D63DDB785A}" = Harry Potter TM
"{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}" = Worms 4 Mayhem
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46471745-D135-ADF9-D313-ED5AA9F8B8B4}" = CCC Help Chinese Traditional
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{485841AB-3FA9-AC9A-FAD8-95113AF834A3}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4C3560-6D96-F947-D7FF-F42A60631554}" = CCC Help Norwegian
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{504D471B-E518-EE37-703F-2E35E72D08A7}" = CCC Help Dutch
"{53B20C18-D8D4-4588-8737-9BBFE303C354}" = Windows Live Movie Maker
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{653C2740-4688-6E67-F57D-4D99C573613D}" = CCC Help Portuguese
"{6833245E-DD86-479A-882A-8360D62C8194}" = NVIDIA PhysX
"{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{724D1F61-D823-48E2-8DB6-BD07AE03D6E3}" = CCC Help Greek
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE95C72-3470-4367-C030-DE66B8887E37}" = CCC Help Japanese
"{7BF68B83-5057-4D4B-0093-28285EEB9EE3}" = Harry Potter II
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_ENTERPRISE_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_ENTERPRISE_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_ENTERPRISE_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0C0A-1000-0000000FF1CE}_ENTERPRISE_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007
"{90120000-0044-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_ENTERPRISE_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-0122-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9799BD05-5F89-484C-008E-F50592F53440}" = Harry Potter et la Coupe de Feu™
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA899EE-D9D1-1BEA-861A-85715F6BB06C}" = Catalyst Control Center Localization All
"{A190B778-588E-33EF-4408-CC0F9674C7B3}" = CCC Help Turkish
"{A4CBCF09-0C7E-40AA-0080-34B8A5CFE7FA}" = Harry Potter et le prisonnier d'Azkaban(TM)
"{A8D8547C-7679-DA67-09F9-EC282B8F3649}" = CCC Help Finnish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1034-7B44-A81000000003}" = Adobe Reader 8.1.0 - Español
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5483174-C4FC-D248-1B3F-3848DD2606C8}" = CCC Help Polish
"{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter et l'Ordre du Phénix™
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D61395-20E7-1682-A56B-D5759D6A6135}" = CCC Help Russian
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B85C4CB2-B352-4BD8-818C-BCE353599107}" = SweetIM for Messenger 3.6
"{B8B61C0D-6DE8-6B79-11AA-6745FE2D30AE}" = CCC Help Swedish
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD9233C7-8D5C-8A4F-F979-44653BE36972}" = CCC Help Danish
"{BDE1289F-4025-41A5-AD17-101DB4D82CA7}" = TRS2004
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio
"{C648A7DE-A784-6D55-2655-28E4B28B75C5}" = CCC Help Korean
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1513FC-273F-4744-8934-A6E5B1741E98}" = Star Wars JK II Jedi Outcast Demo
"{D3941722-C4DD-4509-88C4-0E87F675A859}_is1" = Freeplane
"{D6782F44-58DB-4DE5-A65C-890320CF3F99}" = Prince of Persia The Two Thrones
"{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"{DD8C5170-C98D-0FAB-083B-122F7BEFCCB9}" = Catalyst Control Center
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E247DE03-5A8A-47FB-A836-84D503161A7A}_is1" = Studio-Scrap 4 - Version découverte
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E525C33E-008E-4814-BBB5-CBB9FD913EB9}_is1" = Studio-Scrap 3 - Version découverte
"{ECAAC00F-74C7-4F1C-A110-F526ED630044}" = SpongeBob SquarePants - Nighty Nightmare
"{EE5A5FC0-FCBF-BDD4-F96A-D1DACC4B1210}" = Catalyst Control Center Graphics Previews Common
"{EE9BD325-3BCC-D3E7-D5AC-85ED719004FF}" = CCC Help Spanish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F554C262-F87E-183C-1765-3F2F8B27EAC5}" = CCC Help Hungarian
"{FD1B1980-8CAB-4474-89F8-1245AF657AD1}" = Harry Potter y el Misterio del Príncipe™
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{ORAHSS}.UninstallSuite" = Connexion Internet Orange
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Afterburner" = MSI Afterburner 2.1.0
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II : The Conquerors Expansion
"Ask.com Search Assistant" = Ask.com Search Assistant 1.0.2
"BFGC" = Big Fish Games: Game Manager
"cgcgb" = Favorit
"conduitEngine" = Conduit Engine
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fissa" = Fissa
"GeoGebra" = GeoGebra
"Giraffic" = Veoh Giraffic Video Accelerator
"Google Chrome" = Google Chrome
"InstallShield_{025D4907-5D2E-4146-95F7-54E18BE087DA}" = Xpand Rally Xtreme
"InstallShield_{3BC8D2F1-8CA2-4AF9-99C7-8598AFFDEF8F}" = Thrillville(TM): '07
"InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"La cellule 3D_is1" = La cellule 3D version 1.03
"La couleur_is1" = La couleur 1.4.0.b
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"LEGO Racers" = LEGO Racers
"lignee_humaine_is1" = lignee_humaine version 1.2
"L'oeil et la vision_is1" = L'oeil et la vision version 1.03a.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Messenger Plus!" = Messenger Plus! 5
"Messenger_Plus_FR Toolbar" = Messenger Plus FR Toolbar
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mini Ninjas" = Mini Ninjas 1.0
"MotoGP 2007_is1" = MotoGP 2007
"MyVideo Toolbar" = MyVideo Toolbar
"NAV" = Norton AntiVirus
"Navy Moves" = Navy Moves
"Nero7_is1" = Nero 7.10.1.0
"NSS" = Norton Security Scan
"OpenAL" = OpenAL
"PCTuto Avast_is1" = PCTuto Avast 2.0
"PCTuto Maj_is1" = PCTuto Maj 1.0
"PCTuto_is1" = PCTuto 2.0
"Planètes 3D_is1" = Planètes 3D version 1.02
"QuickTime" = QuickTime
"Rayman_is1" = Rayman
"SimCity 3000" = SimCity 3000
"Ski-Doo X-Team Racing" = Ski-Doo X-Team Racing
"SONICADVDX" = SONIC ADVENTURE DX-Director's Cut
"SONICHEROES" = SONIC HEROES
"ST6UNST #1" = KWare Erupt3
"Steam App 35150" = Lara Croft and the Guardian of Light Demo
"Subduction et magmatisme_is1" = Subduction et magmatisme
"TmUnited_is1" = TrackMania United 0.2.0.0
"Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0
"Tomb Raider: Legend" = Tomb Raider: Legend 1.0
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.0
"TrackMania United Forever" = TrackMania United Forever
"UpdatePCTuto_is1" = UpdatePCTuto 2.0
"Veoh Web Player Beta" = Veoh Web Player
"Veoh_Web_Player Toolbar" = Veoh Web Player Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"XviD_is1" = XviD MPEG-4 Video Codec
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-3310583335-1369690124-4160256294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"BitTorrent DNA" = DNA
"Game Organizer" = EasyBits GO
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
flore
Apprenti(e)
Apprenti(e)
 
Messages: 31
Inscription: 06 Mai 2012 11:33
 

Re: rapport infection virus sacem

Message le 07 Mai 2012 23:01

Excuse moi pour le premier rapport, impossible de le mettre avec les codes
flore
Apprenti(e)
Apprenti(e)
 
Messages: 31
Inscription: 06 Mai 2012 11:33
 

Re: rapport infection virus sacem

Message le 07 Mai 2012 23:19

Bonsoir
flore a écrit:Excuse moi pour le premier rapport, impossible de le mettre avec les codes


Y'a pas a t'excuser, en effet certains rapports sont trop long pour être digérer par les balise code :wink:

dans ce cas, la bonne méthode est de les héberger par exemple chez "1fichier.com" comme c'est expliquer dans la procédure de "préparation à la demande d'aide à la désinfection" crée par jeanmimigab

je te copie le passage en question ci-dessous, afin qu'une prochaine fois tu héberges le rapport et que tu poste le lien permettant de le télécharger

Rendez vous sur 1fichier.com puis:
  • 1.Cliquez sur "Parcourir" afin de sélectionner le rapport "OTL.txt"
  • 2.Cliquez sur "Envoyer"

Image

  • 3.Patienter quelques seconde, et copier le lien de partage qui apparait sous "Lien de téléchargement" afin de le coller dans votre réponse.

Image



c'est pas très compliqué et ça évite une pleine page de rapport 8)
Avatar de l'utilisateur
EinsteinZero
Moderateur
Moderateur
 
Messages: 18405
Inscription: 27 Déc 2009 16:22
Localisation: Normandie
 

Re: rapport infection virus sacem

Message le 08 Mai 2012 07:59

Coucou EinsteinZero et merci :wink:

Salut Flore,

Comme je le pensais il en reste, fais cela stp...

* Fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateu pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:OTL
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com => Toolbar.SweetIM
IE - HKLM\..\URLSearchHook: {3d4d238c-9c48-47cd-a95c-53259acf9e56} - SOFTWARE\Classes\CLSID\{3d4d238c-9c48-47cd-a95c-53259acf9e56}\InprocServer32 File not found
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={D63D4249-D229-11E0-9CBE-001E8C871007}
IE - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2653012
IE - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}: "URL" = http://www.plusnetwork.com/s/?q={searchTerms}&iesrc={referrer:source?}
IE - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
IE - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}: "URL" = http://www.fissa.com/fr/results/?s=b&c= ... &pid=30&q={searchTerms}
IE - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&st=1&barid={D63D4249-D229-11E0-9CBE-001E8C871007}&q={searchTerms}&barid={D63D4249-D229-11E0-
IE - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\SearchScopes\{F4E59CCF-BDA2-4605-9BA3-B9A92AAD10DA}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=es_FR&apn_ptnrs=U3&apn_dtid=OSJ000YYFR&apn_uid=0F5E029D-BC79
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com: C:\Program Files (x86)\OfferBox\offerboxffx@offerbox.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin
CHR - default_search_provider: search_url = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={D63D4249-D229-11E0-9CBE-001E8C871007}
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - Extension: Offerbox = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjeikeheijdjdfjbmknpefojickbkmom\2.1.2613.41_0\
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll File not found
O2 - BHO: (Messenger Plus FR Toolbar) - {3d4d238c-9c48-47cd-a95c-53259acf9e56} - C:\Program Files (x86)\Messenger_Plus_FR\prxtbMess.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (OfferBox) - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files (x86)\OfferBox\OfferBoxBHO.dll File not found
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll File not found
O3 - HKLM\..\Toolbar: (Messenger Plus FR Toolbar) - {3d4d238c-9c48-47cd-a95c-53259acf9e56} - C:\Program Files (x86)\Messenger_Plus_FR\prxtbMess.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\Toolbar\WebBrowser: (Messenger Plus FR Toolbar) - {3D4D238C-9C48-47CD-A95C-53259ACF9E56} - C:\Program Files (x86)\Messenger_Plus_FR\prxtbMess.dll File not found
O4 - HKLM\..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM\..\Run: [Long Internet Team Stupid] "C:\ProgramData\CAMP WAIT DEAD.0cyyqp" File not found
O4 - HKLM\..\Run: [PCTuto] "C:\Program Files (x86)\PCTuto\pctuto.exe" File not found
O4 - HKLM\..\Run: [Pokestupid] "C:\ProgramData\bike bat bat.axcc1" File not found
O4 - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\..\Run: [Pokestupid] "C:\ProgramData\bike bat bat.wh2l221" File not found
O8 - Extra context menu item: Buscar en la web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Buscar en la web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O20 - HKU\S-1-5-21-3310583335-1369690124-4160256294-1000 Winlogon: UserInit - (C:\Users\Usuario\AppData\Roaming\itunes_service01.exe) - File not found
O33 - MountPoints2\{cffc56ba-49ad-11dd-b245-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cffc56ba-49ad-11dd-b245-806e6f6e6963}\Shell\AutoRun\command - "" = D:\FileRgn.exe

:Files
C:\ProgramData\bike bat bat.wh2l221
C:\ProgramData\bike bat bat.*
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\MyWebSearch
C:\Program Files (x86)\OfferBox
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
C:\Program Files (x86)\SweetIM
C:\Program Files (x86)\Messenger_Plus_FR\prxtbMess.dll
C:\ProgramData\CAMP WAIT DEAD.0cyyqp
:Commands
[emptytemp]


Retient bien la suite pour OTL car tu va devoir impérativement fermer tous tes navigateurs web avant de cliquer sur "Correction".

* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir
* Copie et colle le rapports dans ta réponse stp...

et enfin....

Télécharge AdwCleaner(Par Xplode) sur ton bureau.
Installe-le et cliques sur "Suppression".
à la fin du scan, un rapport s'ouvre. Poste son contenu dans ta prochaine réponse stp
Au cas où tu ne le trouverais pas, le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: rapport infection virus sacem

Message le 08 Mai 2012 09:17

Bonjour(Pour einsteinzéro Merci!),

Pffffffffff il m'aime ce virus :evil: .Je vais faire la manip tout à l'heure et je te mettrai les rapports en espérant que cela va être bon! :roll: .
Merci encore une fois !
Flore
flore
Apprenti(e)
Apprenti(e)
 
Messages: 31
Inscription: 06 Mai 2012 11:33
 

Re: rapport infection virus sacem

Message le 08 Mai 2012 09:24

t'inquiètes pas, on tient le bon bout ( ton PC reviens de loin :lol: )
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: rapport infection virus sacem

Message le 08 Mai 2012 11:40

Code: Tout sélectionner
All processes killed
========== OTL ==========
No active process named Program Files was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{3d4d238c-9c48-47cd-a95c-53259acf9e56} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d4d238c-9c48-47cd-a95c-53259acf9e56}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-3310583335-1369690124-4160256294-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3310583335-1369690124-4160256294-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_USERS\S-1-5-21-3310583335-1369690124-4160256294-1000\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}\ not found.
Registry key HKEY_USERS\S-1-5-21-3310583335-1369690124-4160256294-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-3310583335-1369690124-4160256294-1000\Software\Microsoft\Internet Explorer\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3310583335-1369690124-4160256294-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_USERS\S-1-5-21-3310583335-1369690124-4160256294-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F4E59CCF-BDA2-4605-9BA3-B9A92AAD10DA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E59CCF-BDA2-4605-9BA3-B9A92AAD10DA}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com: C:\Program Files (x86)\OfferBox\offerboxffx@offerbox.com not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin not found.
Unable to fix default_search_provider items.
File C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll not found.
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjeikeheijdjdfjbmknpefojickbkmom\2.1.2613.41_0\_locales\it folder moved successfully.
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjeikeheijdjdfjbmknpefojickbkmom\2.1.2613.41_0\_locales\fr folder moved successfully.
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjeikeheijdjdfjbmknpefojickbkmom\2.1.2613.41_0\_locales\es folder moved successfully.
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjeikeheijdjdfjbmknpefojickbkmom\2.1.2613.41_0\_locales\en folder moved successfully.
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjeikeheijdjdfjbmknpefojickbkmom\2.1.2613.41_0\_locales\de folder moved successfully.
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjeikeheijdjdfjbmknpefojickbkmom\2.1.2613.41_0\_locales folder moved successfully.
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjeikeheijdjdfjbmknpefojickbkmom\2.1.2613.41_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3d4d238c-9c48-47cd-a95c-53259acf9e56}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d4d238c-9c48-47cd-a95c-53259acf9e56}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3d4d238c-9c48-47cd-a95c-53259acf9e56} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d4d238c-9c48-47cd-a95c-53259acf9e56}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3310583335-1369690124-4160256294-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3D4D238C-9C48-47CD-A95C-53259ACF9E56} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D4D238C-9C48-47CD-A95C-53259ACF9E56}\ not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_USERS\S-1-5-21-3310583335-1369690124-4160256294-1000\\Software\Microsoft\Windows\CurrentVersion\Run\\Pokestupid deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Buscar en la web\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Buscar en la web\ not found.
Registry value HKEY_USERS\S-1-5-21-3310583335-1369690124-4160256294-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\Usuario\AppData\Roaming\itunes_service01.exe deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cffc56ba-49ad-11dd-b245-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cffc56ba-49ad-11dd-b245-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cffc56ba-49ad-11dd-b245-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cffc56ba-49ad-11dd-b245-806e6f6e6963}\ not found.
File D:\FileRgn.exe not found.
========== FILES ==========
File\Folder C:\ProgramData\bike bat bat.wh2l221 not found.
File\Folder C:\ProgramData\bike bat bat.* not found.
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
File\Folder C:\Program Files (x86)\MyWebSearch not found.
File\Folder C:\Program Files (x86)\OfferBox not found.
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjeikeheijdjdfjbmknpefojickbkmom folder moved successfully.
File\Folder C:\Program Files (x86)\SweetIM not found.
File\Folder C:\Program Files (x86)\Messenger_Plus_FR\prxtbMess.dll not found.
File\Folder C:\ProgramData\CAMP WAIT DEAD.0cyyqp not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Usuario
->Temp folder emptied: 4416545 bytes
->Temporary Internet Files folder emptied: 50661396 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1041 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 141880 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1515242 bytes
 
Total Files Cleaned = 54,00 mb
 
 
OTL by OldTimer - Version 3.2.42.3 log created on 05082012_122511

Files\Folders moved on Reboot...
C:\Users\Usuario\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y9FQHYMC\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I2E0KP73\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\84SWO9WN\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AY5JO3Q\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...
flore
Apprenti(e)
Apprenti(e)
 
Messages: 31
Inscription: 06 Mai 2012 11:33
 

Re: rapport infection virus sacem

Message le 08 Mai 2012 11:55

Deuxieme rapport!

Code: Tout sélectionner
# AdwCleaner v1.605 - Logfile created 05/08/2012 at 12:46:26
# Updated 05/05/2012 by Xplode
# Operating system : Windows (TM) Vista Ultimate Service Pack 1 (64 bits)
# User : Usuario - USUARIO1
# Running from : C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UYXEXW79\2-adwcleaner[1].exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : MAJTuto

***** [Files / Folders] *****

Deleted on reboot : C:\Users\Usuario\AppData\Local\Conduit
Deleted on reboot : C:\Users\Usuario\AppData\Local\EoJet
Deleted on reboot : C:\Users\Usuario\AppData\Local\PCtuto
Deleted on reboot : C:\Users\Usuario\AppData\LocalLow\AskToolbar
Deleted on reboot : C:\Users\Usuario\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\Usuario\AppData\LocalLow\ConduitEngine
Deleted on reboot : C:\Users\Usuario\AppData\LocalLow\FunWebProducts
Deleted on reboot : C:\Users\Usuario\AppData\LocalLow\MyWebSearch
Deleted on reboot : C:\Users\Usuario\AppData\LocalLow\PriceGong
Deleted on reboot : C:\Users\Usuario\AppData\LocalLow\ShoppingReport2
Deleted on reboot : C:\Users\Usuario\AppData\LocalLow\SweetIM
Deleted on reboot : C:\Users\Usuario\AppData\Roaming\FreeCompressor
Deleted on reboot : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ask Search Assistant
Deleted on reboot : C:\ProgramData\Ask
Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCtuto
Deleted on reboot : C:\Program Files (x86)\Ask Search Assistant
Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\FreeCompressor
Deleted on reboot : C:\Program Files (x86)\Viewpoint
Deleted on reboot : C:\Program Files (x86)\Viewpoint
Deleted on reboot : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2508583
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2905330
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskSearchAsst
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\FissaSearch
Key Deleted : HKCU\Software\PCTuto
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Spointer
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\PCTuto
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PCTutoBHO.DLL
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\PriceGong
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C8574B5-6935-4FCE-860E-F4E8602378FF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask.com Search Assistant
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fissa
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PcTuto_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [comnetwork]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [PcTuto]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [offerboxffx@offerbox.com]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\5B4758C25396ECF468E04F8E063287FF
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\5B4758C25396ECF468E04F8E063287FF
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\5B4758C25396ECF468E04F8E063287FF

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{759F1421-4D31-4C1F-8C51-E4956A037676}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0BF73E27-2734-4F7B-925A-4BBB1457F5FA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

-\\ Google Chrome v18.0.1025.168

File : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted :       "name": "SweetIM Search",
Deleted :       "search_url": "hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={D63D4249-D229[...]
Deleted :    "homepage": "hxxp://home.sweetim.com/?barid={D63D4249-D229-11E0-9CBE-001E8C871007}",
Deleted :          "name": "My Web Search Plugin Stub",
Deleted :          "path": "C:\\Program Files (x86)\\MyWebSearch\\bar\\1.bin\\NPMyWebS.dll",
Deleted :          "name": "My Web Search Plugin Stub"

*************************

AdwCleaner[R1].txt - [22357 octets] - [08/05/2012 12:46:07]
AdwCleaner[S1].txt - [14440 octets] - [08/05/2012 12:46:26]

########## EOF - C:\AdwCleaner[S1].txt - [14569 octets] ##########
flore
Apprenti(e)
Apprenti(e)
 
Messages: 31
Inscription: 06 Mai 2012 11:33
 

Re: rapport infection virus sacem

Message le 08 Mai 2012 15:37

c'est nickel,

une dernière chose pour ma culture perso stp..je voudrais voir ce qu'a fait Malwarebytes

* Fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur" pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"
type C:\Users\Usuario\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2012-05-07 (21-54-13).txt /c


* Cliques Cliques sur la case "Aucuns" (sous analyse rapide) et sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan "OTL.Txt" s'ouvre, poste son contenu.

ensuite on désinstallera tous les outils utilisés :wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

PrécédenteSuivante


Sujets similaires

Message [Réglé] Mauvaise performance SSD NVME
Bonjour, j'ai un WDC PC SN530 SDBPNPZ-512G, et quand je fais des benchmark où je ne comprends rien, ils m'indiquent dès résultat pas terrible, y a t'il moyen d'arranger ça ?https://www.userbenchmark.com/UserRun/68904129Merci de votre aide.
Réponses: 9

Message [Réglé] Mini PC pour la 4k HDR
Bonjour (et bonne année a tous ),Actuellement, j'ai mon bon vieux mini PC (I5-4210U) , fonctionnel mais hélas devenu trop limité en performance pour la 4K (j'arrive à lire des fichiers en H264 avec très peu voir pas de lags tout dépend le lecteur) et on parle même pas avec du H265 (saccadé à mort) ...
Réponses: 6

Message [Réglé] android auto
Bonjour Je possede un tel. samsung S7 . Je viens d'intaller android auto et chaque fois que je branche mon tel. sur mon vehicule , mon telephone me dit de mettre android à jour. En fouillant un peu sur le net j'ai cru voir que samsung avait arreté les mises à jour sur les S7 . Est ce vrai , sinon co ...
Réponses: 3

Message [Réglè] HELP
Bonjour a tous,j'ai voulu désinstaller les pilotes AMD high définition audio device dans le gestionnaire croyant que les pilotes realtek prendraient la place j'ai redémarré mon PC et depuis je n'ai plus de son l?icône est affublée d'une belle croix rouge (aucun haut parleur ou casque n'est branché) ...
Réponses: 7

Message Son 5.1 [Réglé]
Bonjour,J'ouvre un autre post concernant mon souci de sortie son qui est désespérément figé sur "Stéréo". Mon PC Assemblé par mes soins possède une Carte Mère Gigabyte B550M DS3H "affublée" d'une carte Graphique AMD RX6600 Pulse. Mon PC est relié de ma carte graphique à mon TV à ...
Réponses: 3

Message [Réglé] Fenêtre intempestive Powershell au démarrage
Bonjour,Je m'ajoute à la longue liste des victimes de la fenêtre pop-up bleue qui s'ouvre et qui se ferme à chaque connexion de session, et quelques fois après.J'ai passé les antimalware et ESET... mais rien à faire.Je possède un Lenovo TrigKey AZW S3 en AMD Ryzen 7 qui tourne sur W11 64bits.je vous ...
Réponses: 11

Message [Réglé] Suite de mon sujet Démarrage PC parfois difficile
Bonjour,j'avais ouvert un sujet suite au démarrage très lent de mon PC. Votre aide m'a permis d'améliorer la situation mais ce n'est pas parfait (plus de 2 minutes avant la fenêtre de saisie du code d'accès Windows).On m'a conseillé de demander une désinfection. J'ai suivi la procédure et je joins l ...
Réponses: 12


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 11 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.