Virus Trojan Generic, ¿qué hacer?
Resuelto
mandragores
Mensajes publicados
16
Estado
Miembro
-
juju666 Mensajes publicados 35446 Fecha de registro Estado Colaborador de seguridad Última intervención -
juju666 Mensajes publicados 35446 Fecha de registro Estado Colaborador de seguridad Última intervención -
Hola,
desde hace una semana, un virus troyano genérico ha aparecido en mi computadora, Bitdefender logra eliminar todos los demás pero no este, al menos, no de manera permanente. Su nombre es troyano genérico 7552386.
Estoy desesperado y todo lo que hago fracasa estrepitosamente, ¿tendrían una solución? He oído hablar de varios programas, pero ¿cuáles?
Gracias por sus respuestas.
Configuración: Windows 7 / Firefox 14.0.1
desde hace una semana, un virus troyano genérico ha aparecido en mi computadora, Bitdefender logra eliminar todos los demás pero no este, al menos, no de manera permanente. Su nombre es troyano genérico 7552386.
Estoy desesperado y todo lo que hago fracasa estrepitosamente, ¿tendrían una solución? He oído hablar de varios programas, pero ¿cuáles?
Gracias por sus respuestas.
Configuración: Windows 7 / Firefox 14.0.1
25 respuestas
- 1
- 2
Siguiente
-
Hola,
Trojan Generic .... bueno, es un nombre genérico, no dice mucho :p
¿Tienes informes de Bit Defender que nos muestres para que podamos ver en qué archivos está ocurriendo?
--
.::. Contribuyente Seguridad .::.
-
El archivo se encuentra en C:\Windows\assembly\GAC_32\Desktop.ini, he intentado buscar este archivo pero no lo encuentro, incluso mostrando los archivos protegidos del sistema operativo.
-
Arf, eso es 0access.
desactiva Bit Defender
===================================
Descarga ComboFix en tu escritorio y en ningún otro lugar
https://www.bleepingcomputer.com/download/combofix/
si es posible, cámbiale el nombre antes de guardarlo (clic derecho en el enlace -> guardar destino como -> en ese momento cambias su nombre y pones como destino tu escritorio)
ejecuta ComboFix, deberá reiniciar tu PC
al final publica su informe
--
.::. Contribuidor Seguridad .::.
-
Voici el informe de combofix:
ComboFix 12-07-21.01 - Jeffrey 22/07/2012 17:45:31.1.4 - x64
Microsoft Windows 7 Edición Familiar Premium 6.1.7601.1.1252.33.1036.18.6071.4167 [GMT 2:00]
Lanzado desde: c:\users\Jeffrey\Desktop\Contre.exe
AV: Bitdefender Antivirus *Activado/Desactualizado* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Cortafuegos *Activado* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Activado/Desactualizado* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Desactivado/Desactualizado* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Otras eliminaciones ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Incredibar.com
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\inCRedibar.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibar.crx
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\inCRedibartlbr.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files (x86)\Windows Searchqu Toolbar
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest.alt
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DnsBHO.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Error404BHO.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\NewTabBHO.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\RelatedSearch.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\SearchBHO.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\SettingManager.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml.alt
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf.alt
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\imeshcode.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\Windows... -
```html ght.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\83_day.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\83_night.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\84_day.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\84_night.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\85_day.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\85_night.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\89_day.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\89_night.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\back.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\background.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\background_1.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\background_1days.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\background_2days.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\background_7days.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\backPressed.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\band.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\band_small.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\close.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\closePressed.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\dayPrevisionBackground.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\dayPrevisionClose.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\earth.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\fonds_écran.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\help.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\helpPressed.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\minimise.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\minimisePressed.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\next.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\nextPressed.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\option.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\optionPressed.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\reflet_ecran.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\small_background.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_classic\Thumbs.db
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\67_day.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\67_night.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\69_day.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\69_night.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\70_day.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\70_night.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\78_day.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\78_night.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\82_day.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\82_night.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\83_day.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\83_night.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\84_day.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\84_night.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\85_day.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\85_night.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\89_day.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\89_night.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\about.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\back.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\background.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\background_1.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\background_1days.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\background_2days.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\background_7days.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\backPressed.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\close.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\closePressed.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\dayPrevisionBackground.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\dayPrevisionClose.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\earth.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\fonds_écran.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\help.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\helpPressed.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\minimise.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\minimisePressed.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\next.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\nextPressed.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\option.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\optionPressed.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\reflet_ecran.png
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\Thumbs.db
c:\users\Ornella\AppData\Roaming\eoRezo\EoWeather\images_station_meteo\txt_14x13.png
c:\users\Ornella\AppData\Roaming\eoRezo\host.cyp
c:\users\Ornella\AppData\Roaming\eoRezo\user.cyp
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{ab569ec5-795b-7278-c644-8b19b66b5d5e}
c:\windows\Installer\{ab569ec5-795b-7278-c644-8b19b66b5d5e}\@
c:\windows\Installer\{ab569ec5-795b-7278-c644-8b19b66b5d5e}\L\00000004.@
c:\windows\Installer\{ab569ec5-795b-7278-c644-8b19b66b5d5e}\L\1afb2d56
c:\windows\Installer\{ab569ec5-795b-7278-c644-8b19b66b5d5e}\L\201d3dde
c:\windows\Installer\{ab569ec5-795b-7278-c644-8b19b66b5d5e}\n
c:\windows\Installer\{ab569ec5-795b-7278-c644-8b19b66b5d5e}\U\80000032.@
c:\windows\Installer\{ab569ec5-795b-7278-c644-8b19b66b5d5e}\U\80000064.@
c:\windows\SysWow64\muzapp.exe
.
Une copie infectée de c:\windows\system32\Services.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-06-22 au 2012-07-22 ))))))))))))))))))))))))))))))))))))
.
.
2012-07-22 16:03 . 2012-07-22 16:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-22 16:03 . 2012-07-22 16:03 -------- d-----w- c:\users\Fabiola\AppData\Local\temp
2012-07-22 16:03 . 2012-07-22 16:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-18 11:49 . 2012-07-18 11:49 79952 ------w- c:\windows\system32\drivers\bdsandbox.sys
2012-07-18 10:05 . 2012-07-18 10:05 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\Seik
2012-07-18 06:04 . 2012-07-18 06:04 -------- d-----w- c:\users\Fabiola\AppData\Roaming\Bitdefender
2012-07-17 11:08 . 2012-07-17 11:08 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\liQeNSoft
2012-07-17 11:07 . 2012-07-17 11:11 -------- d-----w- c:\users\Jeffrey\AppData\Local\liQeNSoft
2012-07-17 11:02 . 2012-07-17 11:02 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\Bitdefender
2012-07-17 11:02 . 2012-07-17 11:03 -------- d-----w- c:\programdata\Bitdefender
2012-07-17 10:58 . 2011-10-27 13:07 329800 ------w- c:\windows\system32\drivers\trufos.sys
2012-07-17 10:58 . 2011-08-16 12:59 442088 ------w- c:\windows\system32\drivers\bdfsfltr.sys
2012-07-16 11:00 . 2012-07-16 11:00 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-16 10:50 . 2012-07-17 11:50 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\xsecva
2012-07-12 06:56 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-07 18:40 . 2012-07-07 18:40 -------- d-----w- c:\programdata\Wild Tangent
2012-07-07 18:38 . 2012-07-07 18:38 -------- d-----w- c:\users\Ornella\AppData\Roaming\FloodLightGames
2012-07-07 18:38 . 2012-07-07 18:38 -------- d-----w- c:\programdata\FloodLightGames
2012-07-07 18:31 . 2012-07-07 18:31 -------- d-----w- c:\users\Ornella\AppData\Roaming\WildTangent
2012-06-29 11:20 . 2012-03-15 00:00 2529540 ----a-w- c:\windows\system32\nvcoproc.bin
2012-06-29 11:04 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-29 11:04 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-22 16:58 . 2012-07-15 03:26 -------- d-----w- c:\programdata\Recovery
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 12:43 . 2012-04-01 20:21 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-16 12:43 . 2011-05-16 20:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 06:48 . 2011-05-17 15:29 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 06:55 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 06:55 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 06:56 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 06:55 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 06:55 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 06:55 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 06:55 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 06:55 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 06:55 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-28 22:38 . 2012-05-28 22:38 330240 ------w- c:\windows\MASetupCaller.dll
2012-05-23 16:50 . 2011-08-04 19:02 4659712 ------w- c:\windows\SysWow64\Redemption.dll
2012-05-23 16:49 . 2012-05-23 16:49 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-05-23 16:49 . 2011-08-04 19:02 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-05-21 02:09 . 2012-06-16 15:46 99384 ------w- c:\windows\system32\drivers\ssudbus.sys
2012-05-21 02:09 . 2012-06-16 15:46 203320 ------w- c:\windows\system32\drivers\ssudmdm.sys
2012-05-19 12:17 . 2012-05-19 12:17 27176 ------w- c:\windows\system32\drivers\ggsemc.sys
2012-05-19 12:17 . 2012-05-19 12:17 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-05-19 12:17 . 2012-05-19 12:17 13352 ------w- c:\windows\system32\drivers\ggflt.sys
2012-05-17 10:02 . 2012-05-17 10:02 2577 ----a-w- c:\windows\system32\bdaB38A.tmp
2012-05-15 04:01 . 2012-06-13 06:20 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-13 06:20 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-13 06:20 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 11:06 . 2012-06-13 06:19 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 06:19 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 06:19 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 06:19 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 06:19 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 06:19 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 06:19 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 06:19 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 06:19 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 06:19 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 06:19 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 06:19 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 06:19 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 06:19 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-08-24 130864]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 09:28 1307928 ------w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 16:21 1299248 ------w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
"{3EA8D036-C9E7-4721-BCDF-C13D00C4CC39}"= "c:\program files (x86)\DevNet\Toolbar\DevNet.dll" [2012-05-30 488784]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{3ea8d036-c9e7-4721-bcdf-c13d00c4cc39}]
[HKEY_CLASSES_ROOT\IadahToolbar.IEHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{A26CCE4F-8765-482B-A9F5-7D0A1635C08C}]
[HKEY_CLASSES_ROOT\IadahToolbar.IEHook]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid\Vid.exe" [2010-05-11 6061400]
"Logitech Vid HD"="c:\program files (x86)\Logitech\Vid\vid.exe" [2010-05-11 6061400]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-06-08 958392]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-04-25 61112]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"PMSpeed"="c:\program files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.EXE" [2009-12-04 112464]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2011-12-05 114992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"LogMeIn Hamachi Ui"="j:\logiciel\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
c:\users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dyn Updater Tray Icon.lnk - j:\logiciel\DynDNS Updater\DynTray.exe [2011-11-15 78192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 DhaHelper;DhaHelper;c:\windows\system32\drivers\dhahelper.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-16 136176]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-14 45736]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 250056]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-07-20 36328]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-02-17 545064]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2012-07-18 79952]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-21 99384]
R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-02 16640]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-04-20 21712]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-26 1436424]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-05-19 13352]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-16 136176]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
R3 lvsels64;Logitech Selective Suspend Filter;c:\windows\system32\DRIVERS\lvsels64.sys [2010-05-14 68064]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2011-07-09 421376]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
R3 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-07-18 75384]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-07-20 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-07-20 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-07-20 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-07-20 146920]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-21 203320]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-17 1255736]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-20 691896]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-14 90192]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 103944]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 Dyn Updater;Dyn Updater;j:\logiciel\DynDNS Updater\DynUpSvc.exe [2011-11-15 95608]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;j:\logiciel\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 hcwD3bda_dvbt;Hauppauge MSi2500 DVBT Service;c:\windows\system32\hauppauge\hcwD3dvb\DVBT\DVBService.exe [2010-07-15 2641920]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-14 1052328]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-15 2458944]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-07-18 67904]
S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 258736]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632]
S3 hcwD3bda;Driver for WinTV DVB-T (Model 133xxx);c:\windows\system32\DRIVERS\hcwD3bda64.sys [2010-07-15 116352]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-11-09 187200]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
``` -
OK.
Bueno, hay bastantes cosas innecesarias/publicidad/...
Cuidado cuando instales programas de desmarcar las cosas opcionales ...
==============================
Desinstala SweetIM
==============================
__________________________________________________
=>/!\El siguiente script ha sido escrito especialmente para este ordenador/!\ <=
=>¡Está muy desaconsejado trasladarlo a otro ordenador!<=
----------------------------------------------------------------------------
Siempre con todas las protecciones desactivadas, haz esto:
▶ Abre el Bloc de notas (Menú de inicio --> programas --> accesorios --> Bloc de notas)
▶ Copia/pega en el Bloc de notas lo que está entre las líneas a continuación (sin las líneas):
----------------------------------------------------------
KillAll::
ClearJavaCache::
Folder::
c:\windows\SysWow64\%APPDATA%
c:\users\Jeffrey\AppData\Roaming\Seik
c:\users\Jeffrey\AppData\Roaming\xsecva
c:\program files (x86)\SweetIM
File::
c:\windows\system32\bdaB38A.tmp
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
"{3EA8D036-C9E7-4721-BCDF-C13D00C4CC39}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[-HKEY_CLASSES_ROOT\clsid\{3ea8d036-c9e7-4721-bcdf-c13d00c4cc39}]
[-HKEY_CLASSES_ROOT\IadahToolbar.IEHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{A26CCE4F-8765-482B-A9F5-7D0A1635C08C}]
[-HKEY_CLASSES_ROOT\IadahToolbar.IEHook]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"SweetIM"=-
"iTunesHelper"=-
RegLock::
[HKEY_USERS\.Default\Software\SetId\Internal]
[HKEY_USERS\S-1-5-21-3121145043-4052942828-115864558-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-3121145043-4052942828-115864558-1001\Software\SecuROM\License information*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
------------------------------------------------------------------
▶ Guarda este archivo en tu Escritorio (y no en otro lugar) con el nombre CFScript.txt
▶ Cierra el Bloc de notas
▶ Haz un arrastre/drop de este archivo CFScript sobre el archivo combofix así: Ilustración
▶ Espera el tiempo del escaneo. El Escritorio desaparecerá varias veces: ¡es normal! No toques nada hasta que el escaneo no haya terminado.
▶ Una vez que el escaneo haya terminado, un informe se mostrará: publica su contenido.
▶ Si el archivo no se abre, se encuentra aquí => C:\ComboFix.txt
====================================================
Luego
▶ Descarga en esta página: AdwCleaner (de Xplode)
▶ Ejecútalo, haz clic en Eliminación y espera el tiempo de limpieza.
▶ Publica el contenido del informe que encuentres en tu disco duro c:\ADwcleaner[Sx].txt o su contenido si se abre.
--
.::. Contribuyente Seguridad .::.
-
El nuevo escrito se presenta a continuación, me gustaría saber si debo esperar una respuesta con respecto a la información a continuación o si debo iniciar de inmediato el segundo software.
ComboFix 12-07-21.01 - Jeffrey 22/07/2012 19:04:47.2.4 - x64
Microsoft Windows 7 Edición Familiar Premium 6.1.7601.1.1252.33.1036.18.6071.3823 [GMT 2:00]
Iniciado desde: c:\users\Jeffrey\Desktop\Contre.exe
Conmutadores utilizados :: c:\users\Jeffrey\Desktop\CFScript.txt
AV: Bitdefender Antivirus *Desactivado/Actualizado* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Cortafuegos *Desactivado* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Desactivado/Actualizado* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Desactivado/Anticuado* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ARCHIVO ::
"c:\windows\system32\bdaB38A.tmp"
.
.
(((((((((((((((((((((((((((((((((((( Otras eliminaciones ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jeffrey\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\users\Jeffrey\AppData\Roaming\Seik
c:\users\Jeffrey\AppData\Roaming\xsecva
c:\users\Jeffrey\AppData\Roaming\xsecva\xseacc.xse
c:\windows\system32\bdaB38A.tmp
c:\windows\SysWow64\%APPDATA%
.
.
((((((((((((((((((((((((((((( Archivos creados del 2012-06-22 al 2012-07-22 ))))))))))))))))))))))))))))))))))))
.
.
2012-07-22 17:17 . 2012-07-22 17:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-22 17:17 . 2012-07-22 17:17 -------- d-----w- c:\users\Fabiola\AppData\Local\temp
2012-07-22 17:17 . 2012-07-22 17:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 16:59 . 2012-07-22 16:59 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\Yahoo!
2012-07-18 11:49 . 2012-07-18 11:49 79952 ------w- c:\windows\system32\drivers\bdsandbox.sys
2012-07-18 06:04 . 2012-07-18 06:04 -------- d-----w- c:\users\Fabiola\AppData\Roaming\Bitdefender
2012-07-17 11:08 . 2012-07-17 11:08 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\liQeNSoft
2012-07-17 11:07 . 2012-07-17 11:11 -------- d-----w- c:\users\Jeffrey\AppData\Local\liQeNSoft
2012-07-17 11:02 . 2012-07-17 11:02 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\Bitdefender
2012-07-17 11:02 . 2012-07-17 11:03 -------- d-----w- c:\programdata\Bitdefender
2012-07-17 10:58 . 2011-10-27 13:07 329800 ------w- c:\windows\system32\drivers\trufos.sys
2012-07-17 10:58 . 2011-08-16 12:59 442088 ------w- c:\windows\system32\drivers\bdfsfltr.sys
2012-07-12 06:56 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-07 18:40 . 2012-07-07 18:40 -------- d-----w- c:\programdata\Wild Tangent
2012-07-07 18:38 . 2012-07-07 18:38 -------- d-----w- c:\users\Ornella\AppData\Roaming\FloodLightGames
2012-07-07 18:38 . 2012-07-07 18:38 -------- d-----w- c:\programdata\FloodLightGames
2012-07-07 18:31 . 2012-07-07 18:31 -------- d-----w- c:\users\Ornella\AppData\Roaming\WildTangent
2012-06-29 11:20 . 2012-03-15 00:00 2529540 ----a-w- c:\windows\system32\nvcoproc.bin
2012-06-29 11:04 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-29 11:04 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((( Informe de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 12:43 . 2012-04-01 20:21 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-16 12:43 . 2011-05-16 20:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 06:48 . 2011-05-17 15:29 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 06:55 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 06:55 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 06:56 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 06:55 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 06:55 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 06:55 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 06:55 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 06:55 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 06:55 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-28 22:38 . 2012-05-28 22:38 330240 ------w- c:\windows\MASetupCaller.dll
2012-05-23 16:50 . 2011-08-04 19:02 4659712 ------w- c:\windows\SysWow64\Redemption.dll
2012-05-23 16:49 . 2012-05-23 16:49 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-05-23 16:49 . 2011-08-04 19:02 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-05-21 02:09 . 2012-06-16 15:46 99384 ------w- c:\windows\system32\drivers\ssudbus.sys
2012-05-21 02:09 . 2012-06-16 15:46 203320 ------w- c:\windows\system32\drivers\ssudmdm.sys
2012-05-19 12:17 . 2012-05-19 12:17 27176 ------w- c:\windows\system32\drivers\ggsemc.sys
2012-05-19 12:17 . 2012-05-19 12:17 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-05-19 12:17 . 2012-05-19 12:17 13352 ------w- c:\windows\system32\drivers\ggflt.sys
2012-05-15 04:01 . 2012-06-13 06:20 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-13 06:20 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-13 06:20 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 11:06 . 2012-06-13 06:19 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 06:19 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 06:19 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 06:19 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 06:19 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 06:19 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 06:19 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 06:19 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 06:19 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 06:19 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 06:19 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 06:19 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 06:19 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 06:19 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-22_16.05.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-22 13:52 . 2012-07-22 16:05 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-07-22 13:52 . 2012-07-22 15:40 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 05:10 . 2012-07-22 17:20 43174 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-18 12:38 . 2012-07-22 17:20 14310 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3121145043-4052942828-115864558-1001_UserData.bin
- 2011-05-17 02:01 . 2012-07-22 16:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-17 02:01 . 2012-07-22 17:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-17 02:01 . 2012-07-22 16:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-17 02:01 . 2012-07-22 17:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-22 16:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-22 17:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-16 18:48 . 2012-07-22 16:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-16 18:48 . 2012-07-22 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-16 18:48 . 2012-07-22 17:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-16 18:48 . 2012-07-22 16:07 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-16 18:48 . 2012-07-22 16:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-16 18:48 . 2012-07-22 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-18 04:44 . 2012-07-22 17:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-18 04:44 . 2012-07-22 16:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-18 04:44 . 2012-07-22 17:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-18 04:44 . 2012-07-22 16:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-22 16:05 . 2012-07-22 16:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-22 17:18 . 2012-07-22 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-22 17:18 . 2012-07-22 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-22 16:05 . 2012-07-22 16:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-07-22 15:40 475136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-22 16:05 475136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-16 18:48 . 2012-07-22 17:20 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-05-16 18:48 . 2012-07-22 16:07 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-07-22 17:17 544520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-22 16:04 544520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-07-22 16:05 1785856 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-22 15:40 1785856 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-18 12:34 . 2012-07-22 17:17 58182120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3121145043-4052942828-115864558-1001-8192.dat
- 2011-05-18 12:34 . 2012-07-22 16:04 58182120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3121145043-4052942828-115864558-1001-8192.dat
+ 2011-05-16 18:54 . 2012-07-22 17:17 19969140 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3121145043-4052942828-115864558-1000-8192.dat
- 2011-05-16 18:54 . 2012-07-20 15:44 19969140 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3121145043-4052942828-115864558-1000-8192.dat
.
((((((((((((((((((((((((((((((((( Puntos de carga Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* los elementos vacíos & los elementos iniciales legítimos no están listados
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 09:28 1307928 ------w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid\Vid.exe" [2010-05-11 6061400]
"Logitech Vid HD"="c:\program files (x86)\Logitech\Vid\vid.exe" [2010-05-11 6061400]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-06-08 958392]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Reconocimiento de voz"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Actualización de software HP"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"Copia de seguridad en línea de Norton"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-04-25 61112]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"PMSpeed"="c:\program files (x86)\NewSoft\Presto! PageManager 9 para EP\PMSpeed.EXE" [2009-12-04 112464]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"LogMeIn Hamachi Ui"="j:\logiciel\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
c:\users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dyn Updater Tray Icon.lnk - j:\logiciel\DynDNS Updater\DynTray.exe [2011-11-15 78192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Paquetes de seguridad REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 DhaHelper;DhaHelper;c:\windows\system32\drivers\dhahelper.sys [x]
R2 BBSvc;Servicio BingBar;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servicio de Actualización de Google (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-16 136176]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-14 45736]
R2 SkypeUpdate;Actualizador de Skype;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 Actualizador de Web Assistant;Actualizador de Web Assistant;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856]
R3 AdobeFlashPlayerUpdateSvc;Servicio de actualización de Adobe Flash Player;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 250056]
R3 androidusb;Controlador de Interfaz de Compuesto ADB de SAMSUNG Android;c:\windows\system32\Drivers\ssadadb.sys [2011-07-20 36328]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-02-17 545064]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2012-07-18 79952]
R3 dg_ssudbus;Controlador de Dispositivo Composite USB de SAMSUNG Mobile (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-21 99384]
R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-02 16640]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-04-20 21712]
R3 FLEXnet Licensing Service 64;Servicio de Licencias FLEXnet 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-26 1436424]
R3 ggflt;Filtro de Controlador de Flash USB de SEMC;c:\windows\system32\DRIVERS\ggflt.sys [2012-05-19 13352]
R3 gupdatem;Servicio de Actualización de Google (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-16 136176]
R3 LVPr2M64;Controlador de Logitech LVPr2M64;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
R3 lvsels64;Filtro de Suspensión Selectiva de Logitech;c:\windows\system32\DRIVERS\lvsels64.sys [2010-05-14 68064]
R3 maconfservice;Servicio Ma-Config;c:\program files\ma-config.com\x64\maconfservice.exe [2011-07-09 421376]
R3 Microsoft SharePoint Workspace Audit Service;Servicio de Auditoría de Microsoft SharePoint Workspace;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Servicio de Mantenimiento de Mozilla;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 ose64;Motor de Fuentes de Office 64;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Plataforma de Protección de Software de Office;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Controlador NT de Realtek 8167;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
R3 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-07-18 75384]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 ssadbus;Controlador de Dispositivo Compuesto USB de SAMSUNG Android (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-07-20 157672]
R3 ssadmdfl;Módem USB de SAMSUNG Android (Filtro);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-07-20 16872]
R3 ssadmdm;Controladores de Módem USB de SAMSUNG Android;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-07-20 177640]
R3 ssadserd;Puerto Serie de Diagnóstico USB de SAMSUNG Android (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-07-20 146920]
R3 ssudmdm;Controladores de Módem USB de SAMSUNG Mobile (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-21 203320]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 Update Server;Servidor de Actualización de BitDefender v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
R3 USBAAPL64;Controlador USB Móvil de Apple;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Servicio de Tecnologías de Activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-17 1255736]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-20 691896]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 BdfNdisf;Filtro NDIS 6 de BitDefender Firewall;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-14 90192]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 103944]
S1 vwififlt;Controlador de Filtro de WiFi Virtual;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Servicio de Actualización de Adobe Acrobat;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Dyn Updater;Actualizador Dyn;j:\logiciel\DynDNS Updater\DynUpSvc.exe [2011-11-15 95608]
S2 EPSON_EB_RPCV4_04;Servicio EPSON V5 4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;Servicio EPSON V3 4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 ezSharedSvc;Servicios de Easybits para Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 Hamachi2Svc;Motor de Túnel de LogMeIn Hamachi;j:\logiciel\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 hcwD3bda_dvbt;Servicio Hauppauge MSi2500 DVBT;c:\windows\system32\hauppauge\hcwD3dvb\DVBT\DVBService.exe [2010-07-15 2641920]
S2 HP Support Assistant Service;Servicio de Asistencia de HP;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;Servicio de Sincronización Rápida de HP;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IAStorDataMgrSvc;Tecnología de Almacenamiento Rápido Intel(R);c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-14 1052328]
S2 NOBU;Copia de seguridad en línea de Norton;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICIO [x]
S2 nvUpdatusService;Demonio del Servicio de Actualización de NVIDIA;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update -
Visto.
-> AdwCleaner
:-)
--
.::. Contribuidor de Seguridad .::.
-
Y aquí está AdwCLeaner.
# AdwCleaner v1.703 - Informe creado el 22/07/2012 a las 19:59:06
# Actualizado el 20/07/2012 por Xplode
# Sistema operativo: Windows 7 Home Premium Service Pack 1 (64 bits)
# Nombre de usuario: Jeffrey - FABIOLA-HP
# Ejecutado desde: C:\Users\Jeffrey\Desktop\adwcleaner.exe
# Opción [Eliminación]
***** [Servicios] *****
Detenido y eliminado: Web Assistant Updater
***** [Archivos / Carpetas] *****
Carpeta eliminada: C:\Users\Fabiola\AppData\Local\Babylon
Carpeta eliminada: C:\Users\Jeffrey\AppData\Local\APN
Carpeta eliminada: C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Carpeta eliminada: C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Carpeta eliminada: C:\Users\Ornella\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Carpeta eliminada: C:\Users\Ornella\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Carpeta eliminada: C:\Users\Fabiola\AppData\LocalLow\Incredibar.com
Carpeta eliminada: C:\Users\Fabiola\AppData\LocalLow\PriceGong
Carpeta eliminada: C:\Users\Fabiola\AppData\LocalLow\searchquband
Carpeta eliminada: C:\Users\Fabiola\AppData\LocalLow\Searchqutoolbar
Carpeta eliminada: C:\Users\Fabiola\AppData\LocalLow\SweetIM
Carpeta eliminada: C:\Users\Jeffrey\AppData\LocalLow\Incredibar.com
Carpeta eliminada: C:\Users\Jeffrey\AppData\LocalLow\PriceGong
Carpeta eliminada: C:\Users\Jeffrey\AppData\LocalLow\searchquband
Carpeta eliminada: C:\Users\Jeffrey\AppData\LocalLow\Searchqutoolbar
Carpeta eliminada: C:\Users\Ornella\AppData\LocalLow\Incredibar.com
Carpeta eliminada: C:\Users\Fabiola\AppData\Roaming\Babylon
Carpeta eliminada: C:\Users\Jeffrey\AppData\Roaming\QuickStoresToolbar
Carpeta eliminada: C:\Users\Fabiola\AppData\Roaming\Mozilla\Firefox\Profiles\p5voqpxg.default\Searchqutoolbar
Carpeta eliminada: C:\Users\Fabiola\AppData\Roaming\Mozilla\Firefox\Profiles\p5voqpxg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Carpeta eliminada: C:\Users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\854l2f03.default\Searchqutoolbar
Carpeta eliminada: C:\Users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\854l2f03.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Carpeta eliminada: C:\Users\Ornella\AppData\Roaming\Mozilla\Firefox\Profiles\98llqt6g.default\Searchqutoolbar
Carpeta eliminada: C:\Users\Ornella\AppData\Roaming\Mozilla\Firefox\Profiles\98llqt6g.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
Carpeta eliminada: C:\Users\Ornella\AppData\Roaming\Mozilla\Firefox\Profiles\98llqt6g.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Carpeta eliminada: C:\Users\Ornella\AppData\Roaming\Mozilla\Firefox\Profiles\98llqt6g.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Carpeta eliminada: C:\Users\Ornella\AppData\Roaming\Mozilla\Firefox\Profiles\98llqt6g.default\extensions\ffxtlbr@incredibar.com
Carpeta eliminada: C:\ProgramData\Babylon
Carpeta eliminada: C:\ProgramData\boost_interprocess
Carpeta eliminada: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Carpeta eliminada: C:\Program Files\Web Assistant
Carpeta eliminada: C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Carpeta eliminada: C:\Program Files (x86)\PriceGong
Carpeta eliminada: C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Archivo eliminado: C:\Users\Jeffrey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Archivo eliminado: C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Archivo eliminado: C:\Users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\854l2f03.default\searchplugins\Search_Results.xml
Archivo eliminado: C:\Users\Ornella\AppData\Roaming\Mozilla\Firefox\Profiles\98llqt6g.default\searchplugins\MyStart Search.xml
Archivo eliminado: C:\Users\Ornella\AppData\Roaming\Mozilla\Firefox\Profiles\98llqt6g.default\searchplugins\SweetIm.xml
Archivo eliminado: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Archivo eliminado: C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
***** [Registro] *****
Clave eliminada: HKCU\Software\AppDataLow\Software\PriceGong
Clave eliminada: HKCU\Software\AppDataLow\Software\searchqutoolbar
Clave eliminada: HKCU\Software\DataMngr_Toolbar
Clave eliminada: HKCU\Software\Incredibar.com
Clave eliminada: HKCU\Software\Softonic
Clave eliminada: HKCU\Software\SweetIM
Clave eliminada: HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clave eliminada: HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Clave eliminada: HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Clave eliminada: HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Clave eliminada: HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clave eliminada: HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Clave eliminada: HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Clave eliminada: HKLM\SOFTWARE\Classes\escort.escortIEPane
Clave eliminada: HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Clave eliminada: HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Clave eliminada: HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Clave eliminada: HKLM\SOFTWARE\Classes\I
Clave eliminada: HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Clave eliminada: HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Clave eliminada: HKLM\SOFTWARE\Conduit
Clave eliminada: HKLM\SOFTWARE\DT Soft
Clave eliminada: HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Clave eliminada: HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Clave eliminada: HKLM\SOFTWARE\Incredibar.com
Clave eliminada: HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Clave eliminada: HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Clave eliminada: HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Clave eliminada: HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASAPI32
Clave eliminada: HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASMANCS
Clave eliminada: HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Clave eliminada: HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Clave eliminada: HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Clave eliminada: HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Clave eliminada: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Clave eliminada: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Clave eliminada: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
Clave eliminada: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar
Clave eliminada: HKLM\SOFTWARE\SweetIM
Clave eliminada: HKLM\SOFTWARE\Web Assistant
Valor eliminado: HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Clave eliminada: HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Clave eliminada: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[x64] Clave eliminada: HKLM\SOFTWARE\Web Assistant
***** [Registro - GUID] *****
Clave eliminada: HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clave eliminada: HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clave eliminada: HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Clave eliminada: HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Clave eliminada: HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Clave eliminada: HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Clave eliminada: HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Clave eliminada: HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clave eliminada: HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Clave eliminada: HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Clave eliminada: HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Clave eliminada: HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Clave eliminada: HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Clave eliminada: HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Clave eliminada: HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Clave eliminada: HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Clave eliminada: HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clave eliminada: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Clave eliminada: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Clave eliminada: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Clave eliminada: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Clave eliminada: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Clave eliminada: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Clave eliminada: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Clave eliminada: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clave eliminada: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Clave eliminada: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Clave eliminada: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Clave eliminada: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clave eliminada: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Valor eliminado: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Valor eliminado: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valor eliminado: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
[x64] Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
[x64] Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
[x64] Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
[x64] Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
[x64] Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[x64] Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
[x64] Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
[x64] Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[x64] Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[x64] Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
[x64] Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
[x64] Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
[x64] Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[x64] Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
[x64] Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
[x64] Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
[x64] Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
[x64] Clave eliminada: HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
[x64] Clave eliminada: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
***** [Navegadores] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] El registro no contiene ninguna entrada ilegítima.
-\\ Mozilla Firefox v14.0.1 (fr)
Nombre del perfil: default
Archivo: C:\Users\Fabiola\AppData\Roaming\Mozilla\Firefox\Profiles\p5voqpxg.default\prefs.js
C:\Users\Fabiola\AppData\Roaming\Mozilla\Firefox\Profiles\p5voqpxg.default\user.js ... ¡Eliminado!
Eliminado: user_pref("browser.search.defaultengine", "Ask.com");
Eliminado: user_pref("browser.search.defaultenginename", "Ask.com");
Eliminado: user_pref("browser.search.order.1", "Ask.com");
Eliminado: user_pref("extensions.asktb.ff-original-keyword-url", "");
Eliminado: user_pref("quickstores.toolbar.affid", "2006");
Eliminado: user_pref("quickstores.toolbar.guid", "{35F41068-F214-E41B-12E9-2E7E53077DB3}");
Nombre del perfil: default
Archivo: C:\Users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\854l2f03.default\prefs.js
Eliminado: user_pref("browser.search.order.1", "Search Results");
Eliminado: user_pref("extensions.enabledAddons", "{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6,cookiemgr@jayapa[...]
Eliminado: user_pref("quickstores.toolbar.affid", "2006");
Eliminado: user_pref("quickstores.toolbar.guid", "{12A86162-E7FC-C4B3-4218-2DDB6ED2C7D4}");
Nombre del perfil: default
Archivo: C:\Users\Ornella\AppData\Roaming\Mozilla\Firefox\Profiles\98llqt6g.default\prefs.js
C:\Users\Ornella\AppData\Roaming\Mozilla\Firefox\Profiles\98llqt6g.default\user.js ... ¡Eliminado!
Eliminado: user_pref("browser.search.defaultenginename", "MyStart Search");
Eliminado: user_pref("extensions.enabledAddons", "quickstores@quickstores.de:1.0.0,{972ce4c6-7e08-4474-a285-320[...]
Eliminado: user_pref("extensions.incredibar_i.aflt", "orgnl");
Eliminado: user_pref("extensions.incredibar_i.dfltLng", "");
Eliminado: user_pref("extensions.incredibar_i.did", "10665");
Eliminado: user_pref("extensions.incredibar_i.excTlbr", false);
Eliminado: user_pref("extensions.incredibar_i.id", "80bdbb570000000000001c659d8a742c");
Eliminado: user_pref("extensions.incredibar_i.installerproductid", "26");
Eliminado: user_pref("extensions.incredibar_i.instlDay", "15504");
Eliminado: user_pref("extensions.incredibar_i.instlRef", "");
Eliminado: user_pref("extensions.incredibar_i.ms_url_id", "");
Eliminado: user_pref("extensions.incredibar_i.newTab", false);
Eliminado: user_pref("extensions.incredibar_i.ppd", "");
Eliminado: user_pref("extensions.incredibar_i.prdct", "incredibar");
Eliminado: user_pref("extensions.incredibar_i.productid", "26");
Eliminado: user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Eliminado: user_pref("extensions.incredibar_i.smplGrp", "none");
Eliminado: user_pref("extensions.incredibar_i.tlbrId", "base");
Eliminado: user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8vSuyuxz&loc=IB[...]
Eliminado: user_pref("extensions.incredibar_i.upn2", "6R8vSuyuxz");
Eliminado: user_pref("extensions.incredibar_i.upn2n", "92824528520417129");
Eliminado: user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Eliminado: user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1415:35:23");
Eliminado: user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Eliminado: user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6R8vSuyuxz&&i=26&search="[...]
Eliminado: user_pref("quickstores.toolbar.affid", "2006");
Eliminado: user_pref("quickstores.toolbar.guid", "{2AC63BBC-D3FB-7445-3651-C848C97F56D6}");
-\\ Google Chrome v20.0.1132.57
Archivo: C:\Users\Fabiola\AppData\Local\Google\Chrome\User Data\Default\Preferences
Eliminado: "update_url": "hxxp://inst.pricegong.com/update/sweetim/-/update.xml",
Archivo: C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Preferences
Eliminado: "update_url": "hxxp://inst.pricegong.com/update/sweetim/-/update.xml",
Archivo: C:\Users\Ornella\AppData\Local\Google\Chrome\User Data\Default\Preferences
Eliminado: "icon_url": "hxxp://mystart.incredibar.com/mb165/favicon.ico",
Eliminado: "keyword": "mystart.incredibar.com/mb165",
Eliminado: "name": "MyStart Search",
Eliminado: "search_url": "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&search={searchTerms}&a=6R8vSuyux[...]
Eliminado: "update_url": "hxxp://inst.pricegong.com/update/sweetim/-/update.xml",
*************************
AdwCleaner[S1].txt - [18462 bytes] - [22/07/2012 19:59:06]
########## EOF - C:\AdwCleaner[S1].txt - [18591 bytes] ########## -
poco a poco, vamos borrando todo :-)
reinicia adwcleaner, haz clic en Desinstalar
===============================
▶ Descarga e instala Malwarebytes' Anti-Malware (MBAM).
▶ Ejecútalo. Acepta la actualización.
● Solo en caso de problemas con la actualización:
● Descargar actualizaciones manuales de MBAM
● Ejecuta el archivo después de la instalación de MBAM
▶ Selecciona "Ejecutar un análisis completo"
▶ Haz clic en "Buscar"
▶ El análisis comienza, el escaneo es relativamente largo, es normal.
Al final del análisis, aparecerá un mensaje:
Cita:
El examen ha terminado normalmente. Haz clic en 'Mostrar resultados' para ver todos los objetos encontrados.
▶ Haz clic en "Ok" para continuar. Si MBAM no encontró nada, también te lo dirá.
▶ Cierra tus navegadores.
▶ Si se han detectado malware, haz clic en Mostrar resultados.
▶ Selecciona todo (o deja marcado) y haz clic en Eliminar la selección, MBAM destruirá los archivos y claves de registro y pondrá una copia en cuarentena.
MBAM abrirá el Bloc de notas y copiará el informe de análisis en él: ciérralo.
Si MBAM solicita reiniciar el pc: ▶ hazlo.
Al reiniciar, vuelve a iniciar MBAM, pestaña "Informe/Registros", copia/pega el que corresponde al análisis realizado.
--
.::. Contribuyente Seguridad .::.
-
Aquí está el informe después de 2 horas de análisis, siento que estamos casi al final :)
Malwarebytes Anti-Malware (Prueba) 1.62.0.1300
www.malwarebytes.org
Versión de la base de datos: v2012.07.22.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jeffrey :: FABIOLA-HP [administrador]
Protección: Activada
22/07/2012 20:15:27
mbam-log-2012-07-22 (20-15-27).txt
Tipo de examen: Examen completo (C:\|D:\|J:\|O:\|)
Opciones de examen activadas: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de examen desactivadas: P2P
Elemento(s) analizado(s): 965699
Tiempo transcurrido: 2 hora(s), 18 minuto(s), 23 segundo(s)
Proceso(s) de memoria detectado(s): 0
(Ningún elemento malicioso detectado)
Módulo(s) de memoria detectado(s): 0
(Ningún elemento malicioso detectado)
Clave(s) del Registro detectada(s): 0
(Ningún elemento malicioso detectado)
Valor(es) del Registro detectado(s): 0
(Ningún elemento malicioso detectado)
Elemento(s) de datos del Registro detectado(s): 0
(Ningún elemento malicioso detectado)
Carpeta(s) detectada(s): 0
(Ningún elemento malicioso detectado)
Archivo(s) detectado(s): 5
C:\Qoobox\Quarantine\C\Users\Jeffrey\AppData\Local\{ab569ec5-795b-7278-c644-8b19b66b5d5e}\n.vir (Rootkit.0Access) -> Puesta en cuarentena y eliminada con éxito.
C:\Qoobox\Quarantine\C\Users\Jeffrey\AppData\Local\{ab569ec5-795b-7278-c644-8b19b66b5d5e}\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> Puesta en cuarentena y eliminada con éxito.
C:\Qoobox\Quarantine\C\Users\Jeffrey\AppData\Local\{ab569ec5-795b-7278-c644-8b19b66b5d5e}\U\80000032.@.vir (Rootkit.0Access) -> Puesta en cuarentena y eliminada con éxito.
C:\Qoobox\Quarantine\C\Windows\Installer\{ab569ec5-795b-7278-c644-8b19b66b5d5e}\n.vir (Rootkit.0Access) -> Puesta en cuarentena y eliminada con éxito.
C:\Users\Fabiola\Downloads\setup_eoweather_eo.exe (Adware.EoRezo) -> Puesta en cuarentena y eliminada con éxito.
(fin) -
ouep :-)
vamos a hacer un diagnóstico completo del PC :)
evita descargar las cosas eorezo y pctuto... ¿viste que MBAM ha puesto en cuarentena el instalador de eorezo...? no soy yo quien lo inventa :p
▶ Descarga ZHPDiag (de Nicolas Coolman)
o: ZHPDiag
▶ Guárdalo en tu Escritorio.
Una vez finalizada la descarga,
▶ Instala y ejecuta ZHPDiag.exe ( Si estás en Vista o 7, una vez que abras el software haz clic en el botón "UAC")
▶ Haz clic en el destornillador y luego en Todos para marcar todas las casillas de las opciones.
▶ Haz clic en la lupa para iniciar el análisis.
Al final del análisis,
▶ Para transmitirme tu informe utiliza el sitio http://pjjoint.malekal.com
▶ Haz clic en Examinar y busca el archivo C:\ZHP\ZHPDiag.txt
▶ Haz clic en Abrir.
▶ Haz clic en "Enviar el archivo".
Un enlace de esta forma:
https://pjjoint.malekal.com/files.php?id=ZHPDiag_20120312_q15b11x7g11u5
se añade en la página.
▶ Copia este enlace en tu respuesta.
--
.::. Contribuidor Seguridad .::.
-
En el futuro, prestaré más atención.
Aquí está el archivo ZHP: https://pjjoint.malekal.com/files.php?id=ZHPDiag_20120723_m12d14i12u11b15 -
Hola,
Mmmmh, quiero asegurarme de una cosa.
Haz un uso de tdsskiller como se explicó aquí: https://forum.malekal.com/viewtopic.php?t=28637&start=
--
.::. Contribuyente de Seguridad .::.
-
He realizado el escaneo y aquí están los resultados:
19:47:48.0486 7864 Herramienta de eliminación de rootkit TDSS 2.7.47.0 Jul 20 2012 20:36:30
19:47:48.0573 7864 ============================================================
19:47:48.0573 7864 Fecha y hora actuales: 2012/07/23 19:47:48.0573
19:47:48.0573 7864 SystemInfo:
19:47:48.0573 7864
19:47:48.0573 7864 Versión del OS: 6.1.7601 ServicePack: 1.0
19:47:48.0573 7864 Tipo de producto: Estación de trabajo
19:47:48.0573 7864 Nombre del equipo: FABIOLA-HP
19:47:48.0573 7864 Nombre de usuario: Jeffrey
19:47:48.0573 7864 Directorio de Windows: C:\Windows
19:47:48.0573 7864 Directorio de sistema de Windows: C:\Windows
19:47:48.0573 7864 Ejecutándose bajo WOW64
19:47:48.0573 7864 Arquitectura del procesador: Intel x64
19:47:48.0573 7864 Número de procesadores: 4
19:47:48.0573 7864 Tamaño de página: 0x1000
19:47:48.0573 7864 Tipo de inicio: Inicio normal
19:47:48.0573 7864 ============================================================
19:47:49.0609 7864 Unidad \Device\Harddisk0\DR0 - Tamaño: 0xE8E0DB6000 (931.51 Gb), Tamaño de sector: 0x200, Cilindros: 0x1DB01, Sectores por pista: 0x3F, Pistas por cilindro: 0xFF, Tipo 'K0', Flags 0x00000040
19:47:49.0631 7864 ============================================================
19:47:49.0631 7864 \Device\Harddisk0\DR0:
19:47:49.0631 7864 Particiones MBR:
19:47:49.0631 7864 \Device\Harddisk0\DR0\Partition0: MBR, Tipo 0x7, StartLBA 0x800, BlocksNum 0x32000
19:47:49.0631 7864 \Device\Harddisk0\DR0\Partition1: MBR, Tipo 0x7, StartLBA 0x32800, BlocksNum 0x4E15F800
19:47:49.0653 7864 \Device\Harddisk0\DR0\Partition2: MBR, Tipo 0x7, StartLBA 0x4E193000, BlocksNum 0x124F8000
19:47:49.0664 7864 \Device\Harddisk0\DR0\Partition3: MBR, Tipo 0x7, StartLBA 0x6068B800, BlocksNum 0x124F7000
19:47:49.0664 7864 \Device\Harddisk0\DR0\Partition4: MBR, Tipo 0x7, StartLBA 0x72B82800, BlocksNum 0x1B83800
19:47:49.0664 7864 ============================================================
19:47:49.0755 7864 C: <-> \Device\Harddisk0\DR0\Partition1
19:47:49.0973 7864 D: <-> \Device\Harddisk0\DR0\Partition4
19:47:50.0353 7864 O: <-> \Device\Harddisk0\DR0\Partition2
19:47:50.0542 7864 J: <-> \Device\Harddisk0\DR0\Partition3
19:47:50.0542 7864 ============================================================
19:47:50.0542 7864 Inicialización exitosa
19:47:50.0542 7864 ============================================================
19:48:30.0804 4372 ============================================================
19:48:30.0804 4372 Escaneo iniciado
19:48:30.0804 4372 Modo: Manual;
19:48:30.0804 4372 ============================================================
19:48:32.0602 4372 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:48:32.0618 4372 1394ohci - ok
19:48:32.0673 4372 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:48:32.0678 4372 ACPI - ok
19:48:32.0715 4372 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:48:32.0716 4372 AcpiPmi - ok
19:48:32.0831 4372 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:48:32.0833 4372 AdobeARMservice - ok
19:48:32.0983 4372 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:48:32.0985 4372 AdobeFlashPlayerUpdateSvc - ok
19:48:33.0037 4372 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:48:33.0065 4372 adp94xx - ok
19:48:33.0115 4372 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:48:33.0123 4372 adpahci - ok
19:48:33.0170 4372 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:48:33.0174 4372 adpu320 - ok
19:48:33.0205 4372 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:48:33.0206 4372 AeLookupSvc - ok
19:48:33.0270 4372 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:48:33.0278 4372 AFD - ok
19:48:33.0322 4372 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:48:33.0324 4372 agp440 - ok
19:48:33.0353 4372 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:48:33.0355 4372 ALG - ok
19:48:33.0385 4372 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:48:33.0386 4372 aliide - ok
19:48:33.0404 4372 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:48:33.0406 4372 amdide - ok
19:48:33.0441 4372 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:48:33.0443 4372 AmdK8 - ok
19:48:33.0468 4372 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:48:33.0469 4372 AmdPPM - ok
19:48:33.0525 4372 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:48:33.0527 4372 amdsata - ok
19:48:33.0577 4372 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:48:33.0580 4372 amdsbs - ok
19:48:33.0622 4372 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:48:33.0624 4372 amdxata - ok
19:48:33.0658 4372 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
19:48:33.0660 4372 androidusb - ok
19:48:33.0689 4372 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:48:33.0691 4372 AppID - ok
19:48:33.0717 4372 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:48:33.0719 4372 AppIDSvc - ok
19:48:33.0755 4372 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:48:33.0756 4372 Appinfo - ok
19:48:33.0912 4372 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:48:33.0915 4372 Apple Mobile Device - ok
19:48:33.0972 4372 arc (c484f8ceb1717c540242531db7845c4) C:\Windows\system32\DRIVERS\arc.sys
19:48:33.0974 4372 arc - ok
19:48:33.0988 4372 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:48:33.0990 4372 arcsas - ok
19:48:34.0093 4372 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:48:34.0106 4372 aspnet_state - ok
19:48:34.0142 4372 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:48:34.0144 4372 AsyncMac - ok
19:48:34.0178 4372 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:48:34.0180 4372 atapi - ok
19:48:34.0245 4372 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:48:34.0258 4372 AudioEndpointBuilder - ok
19:48:34.0267 4372 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:48:34.0274 4372 AudioSrv - ok
19:48:34.0341 4372 avc3 (f57de310bf3bd9df0f7d301c1d7f5432) C:\Windows\system32\DRIVERS\avc3.sys
19:48:34.0355 4372 avc3 - ok
19:48:34.0398 4372 avchv (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys
19:48:34.0402 4372 avchv - ok
19:48:34.0442 4372 avckf (6dc4cca415bbf2fc629beb532aa0e6cd) C:\Windows\system32\DRIVERS\avckf.sys
19:48:34.0461 4372 avckf - ok
19:48:34.0504 4372 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:48:34.0507 4372 AxInstSV - ok
19:48:34.0558 4372 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:48:34.0565 4372 b06bdrv - ok
19:48:34.0614 4372 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:48:34.0643 4372 b57nd60a - ok
19:48:34.0821 4372 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
19:48:34.0824 4372 BBSvc - ok
19:48:34.0896 4372 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
19:48:34.0899 4372 BBUpdate - ok
19:48:34.0931 4372 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:48:34.0934 4372 BDESVC - ok
19:48:35.0040 4372 BdfNdisf (707ac68f86f97c17c30498aaf3c7e27e) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
19:48:35.0042 4372 BdfNdisf - ok
19:48:35.0101 4372 bdfsfltr (ea195950fa5dd4a8f7bc00822213a363) C:\Windows\system32\DRIVERS\bdfsfltr.sys
19:48:35.0114 4372 bdfsfltr - ok
19:48:35.0137 4372 bdfwfpf (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
19:48:35.0139 4372 bdfwfpf - ok
19:48:35.0172 4372 bdsandbox (31571d77c6186ad228f52ee4ebdf8ee9) C:\Windows\system32\drivers\bdsandbox.sys
19:48:35.0174 4372 bdsandbox - ok
19:48:35.0183 4372 BDVEDISK (b89deff4817b4cc6fc2bcd8f83b4e75d) C:\Windows\system32\DRIVERS\bdvedisk.sys
19:48:35.0185 4372 BDVEDISK - ok
19:48:35.0228 4372 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:48:35.0229 4372 Beep - ok
19:48:35.0299 4372 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:48:35.0311 4372 BFE - ok
19:48:35.0372 4372 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
19:48:35.0385 4372 BITS - ok
19:48:35.0420 4372 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:48:35.0422 4372 blbdrive - ok
19:48:35.0520 4372 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:48:35.0529 4372 Bonjour Service - ok
19:48:35.0558 4372 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:48:35.0560 4372 bowser - ok
19:48:35.0580 4372 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:48:35.0582 4372 BrFiltLo - ok
19:48:35.0598 4372 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:48:35.0599 4372 BrFiltUp - ok
19:48:35.0632 4372 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:48:35.0634 4372 BridgeMP - ok
19:48:35.0676 4372 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:48:35.0679 4372 Browser - ok
19:48:35.0705 4372 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:48:35.0710 4372 Brserid - ok
19:48:35.0768 4372 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:48:35.0792 4372 BrSerWdm - ok
19:48:35.0945 4372 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:48:35.0987 4372 BrUsbMdm - ok
19:48:36.0036 4372 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:48:36.0038 4372 BrUsbSer - ok
19:48:36.0083 4372 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:48:36.0105 4372 BTHMODEM - ok
19:48:36.0570 4372 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:48:36.0594 4372 bthserv - ok
19:48:36.0769 4372 catchme - ok
19:48:37.0114 4372 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:48:37.0137 4372 cdfs - ok
19:48:37.0204 4372 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:48:37.0207 4372 cdrom - ok
19:48:37.0313 4372 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:48:37.0315 4372 CertPropSvc - ok
19:48:37.0649 4372 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:48:37.0674 4372 circlass - ok
19:48:38.0060 4372 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:48:38.0066 4372 CLFS - ok
19:48:38.0122 4372 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:48:38.0124 4372 clr_optimization_v2.0.50727_32 - ok
19:48:38.0782 4372 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:48:38.0808 4372 clr_optimization_v2.0.50727_64 - ok
19:48:39.0069 4372 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:48:39.0072 4372 clr_optimization_v4.0.30319_32 - ok
19:48:39.0118 4372 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:48:39.0121 4372 clr_optimization_v4.0.30319_64 - ok
19:48:39.0214 4372 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:48:39.0216 4372 CmBatt - ok
19:48:39.0329 4372 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:48:39.0331 4372 cmdide - ok
19:48:39.0405 4372 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
19:48:39.0413 4372 CNG - ok
19:48:39.0525 4372 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:48:39.0550 4372 Compbatt - ok
19:48:39.0808 4372 CompFilter64 (59d203c3f46f3ca536ecac0e084cd887) C:\Windows\system32\DRIVERS\lvbflt64.sys
19:48:39.0809 4372 CompFilter64 - ok
19:48:40.0098 4372 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:48:40.0123 4372 CompositeBus - ok
19:48:40.0147 4372 COMSysApp - ok
19:48:40.0320 4372 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:48:40.0345 4372 crcdisk - ok
19:48:41.0245 4372 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:48:41.0262 4372 CryptSvc - ok
19:48:41.0787 4372 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:48:41.0797 4372 DcomLaunch - ok
19:48:41.0848 4372 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:48:41.0878 4372 defragsvc - ok
19:48:42.0238 4372 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:48:42.0259 4372 DfsC - ok
19:48:42.0352 4372 dg_ssudbus (6060106ce00f32f63f1a73160e46e9d2) C:\Windows\system32\DRIVERS\ssudbus.sys
19:48:42.0354 4372 dg_ssudbus - ok
19:48:42.0398 4372 DhaHelper - ok
19:48:42.0639 4372 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:48:42.0664 4372 Dhcp - ok
19:48:42.0802 4372 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:48:42.0810 4372 discache - ok
19:48:42.0938 4372 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:48:42.0959 4372 Disk - ok
19:48:43.0255 4372 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:48:43.0280 4372 Dnscache - ok
19:48:43.0343 4372 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:48:43.0347 4372 dot3svc - ok
19:48:43.0867 4372 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:48:43.0897 4372 DPS - ok
19:48:44.0254 4372 driverhardwarev2x64 (b28c853770c995552b9f5760d8245f44) C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys
19:48:44.0256 4372 driverhardwarev2x64 - ok
19:48:44.0307 4372 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:48:44.0308 4372 drmkaud - ok
19:48:44.0503 4372 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
19:48:44.0505 4372 DrvAgent64 - ok
19:48:44.0571 4372 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:48:44.0575 4372 DXGKrnl - ok
19:48:44.0994 4372 Dyn Updater (c3cdc19b715514200f5cec8be5b9c9a8) J:\Logiciel\DynDNS Updater\DynUpSvc.exe
19:48:45.0025 4372 Dyn Updater - ok
19:48:45.0074 4372 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:48:45.0076 4372 EapHost - ok
19:48:45.0357 4372 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:48:45.0393 4372 ebdrv - ok
19:48:45.0500 4372 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:48:45.0503 4372 EFS - ok
19:48:45.0598 4372 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:48:45.0605 4372 ehRecvr - ok
19:48:45.0645 4372 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:48:45.0647 4372 ehSched - ok
19:48:45.0715 4372 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:48:45.0739 4372 elxstor - ok
19:48:45.0817 4372 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
19:48:45.0818 4372 EpsonBidirectionalService - ok
19:48:45.0884 4372 EPSON_EB_RPCV4_04 (7db097f4f6786307168c0dddec43a565) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
19:48:45.0886 4372 EPSON_EB_RPCV4_04 - ok
19:48:45.0918 4372 EPSON_PM_RPCV4_04 (258aa65a0862e19b7de6981fda3758ad) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
19:48:45.0919 4372 EPSON_PM_RPCV4_04 - ok
19:48:45.0939 4372 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:48:45.0940 4372 ErrDev - ok
19:48:45.0982 4372 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:48:45.0986 4372 EventSystem - ok
19:48:46.0021 4372 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:48:46.0024 4372 exfat - ok
19:48:46.0036 4372 ezSharedSvc - ok
19:48:46.0062 4372 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:48:46.0065 4372 fastfat - ok
19:48:46.0122 4372 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:48:46.0129 4372 Fax - ok
19:48:46.0145 4372 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:48:46.0147 4372 fdc - ok
19:48:46.0157 4372 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:48:46.0159 4372 fdPHost - ok
19:48:46.0169 4372 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:48:46.0171 4372 FDResPub - ok
19:48:46.0187 4372 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:48:46.0188 4372 FileInfo - ok
19:48:46.0197 4372 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:48:46.0199 4372 Filetrace - ok
19:48:46.0348 4372 FLEXnet Licensing Service 64 (a4297244d4f817278a6ae45b1899ca9c) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
19:48:46.0374 4372 FLEXnet Licensing Service 64 - ok
19:48:46.0441 4372 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:48:46.0443 4372 flpydisk - ok
19:48:46.0480 4372 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:48:46.0491 4372 FltMgr - ok
19:48:46.0572 4372 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:48:46.0594 4372 FontCache - ok
19:48:46.0653 4372 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:48:46.0654 4372 FontCache3.0.0.0 - ok
19:48:46.0674 4372 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:48:46.0676 4372 FsDepends - ok
19:48:46.0712 4372 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:48:46.0714 4372 Fs_Rec - ok
19:48:46.0751 4372 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:48:46.0755 4372 fvevol - ok
19:48:46.0781 4372 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:48:46.0783 4372 gagp30kx - ok
19:48:46.0850 4372 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
19:48:46.0855 4372 GameConsoleService - ok
19:48:46.0902 4372 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:48:46.0903 4372 GEARAspiWDM - ok
19:48:46.0945 4372 ggflt (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
19:48:46.0947 4372 ggflt - ok
19:48:46.0981 4372 ggsemc (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
19:48:46.0983 4372 ggsemc - ok
19:48:47.0034 4372 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:48:47.0062 4372 gpsvc - ok
19:48:47.0111 4372 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:48:47.0114 4372 gupdate - ok
19:48:47.0119 4372 gupdatem -
19:48:55.0198 4372 NetBT - ok
19:48:55.0235 4372 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:48:55.0237 4372 Netlogon - ok
19:48:55.0287 4372 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:48:55.0303 4372 Netman - ok
19:48:55.0411 4372 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:48:55.0415 4372 NetMsmqActivator - ok
19:48:55.0420 4372 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:48:55.0421 4372 NetPipeActivator - ok
19:48:55.0462 4372 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:48:55.0483 4372 netprofm - ok
19:48:55.0559 4372 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys
19:48:55.0567 4372 netr28x - ok
19:48:55.0580 4372 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:48:55.0582 4372 NetTcpActivator - ok
19:48:55.0586 4372 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:48:55.0588 4372 NetTcpPortSharing - ok
19:48:55.0620 4372 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:48:55.0622 4372 nfrd960 - ok
19:48:55.0656 4372 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:48:55.0675 4372 NlaSvc - ok
19:48:55.0709 4372 nmwcd (907b5e1e4a592e5edc5e4ccbde4863c2) C:\Windows\system32\drivers\ccdcmbx64.sys
19:48:55.0710 4372 nmwcd - ok
19:48:55.0736 4372 nmwcdc (41c1ac1f3613435eb32d67bcb80a5fa5) C:\Windows\system32\drivers\ccdcmbox64.sys
19:48:55.0737 4372 nmwcdc - ok
19:48:55.0891 4372 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
19:48:55.0935 4372 NOBU - ok
19:48:56.0035 4372 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:48:56.0038 4372 Npfs - ok
19:48:56.0058 4372 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:48:56.0061 4372 nsi - ok
19:48:56.0075 4372 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:48:56.0076 4372 nsiproxy - ok
19:48:56.0195 4372 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:48:56.0221 4372 Ntfs - ok
19:48:56.0258 4372 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:48:56.0259 4372 Null - ok
19:48:56.0302 4372 NVHDA (dd743dc997f26eddfdcebe7146b458b8) C:\Windows\system32\drivers\nvhda64v.sys
19:48:56.0305 4372 NVHDA - ok
19:48:57.0233 4372 nvlddmkm (c013e857695d231e9e02088e4cd0982b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:48:57.0291 4372 nvlddmkm - ok
19:48:57.0425 4372 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:48:57.0429 4372 nvraid - ok
19:48:57.0467 4372 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:48:57.0471 4372 nvstor - ok
19:48:57.0539 4372 nvsvc (39f24315f99cdb2c9997140f31d44d08) C:\Windows\system32\nvvsvc.exe
19:48:57.0552 4372 nvsvc - ok
19:48:57.0784 4372 nvUpdatusService (f3537a1dbffdb81b169c482b7030c6ca) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:48:57.0817 4372 nvUpdatusService - ok
19:48:57.0888 4372 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:48:57.0891 4372 nv_agp - ok
19:48:57.0921 4372 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:48:57.0924 4372 ohci1394 - ok
19:48:58.0052 4372 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:48:58.0070 4372 ose64 - ok
19:48:58.0459 4372 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:48:58.0518 4372 osppsvc - ok
19:48:58.0573 4372 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:48:58.0577 4372 p2pimsvc - ok
19:48:58.0662 4372 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:48:58.0685 4372 p2psvc - ok
19:48:58.0739 4372 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:48:58.0797 4372 Parport - ok
19:48:58.0831 4372 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:48:58.0833 4372 partmgr - ok
19:48:58.0865 4372 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:48:58.0870 4372 PcaSvc - ok
19:48:58.0901 4372 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
19:48:58.0903 4372 pccsmcfd - ok
19:48:58.0936 4372 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:48:58.0940 4372 pci - ok
19:48:58.0962 4372 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:48:58.0964 4372 pciide - ok
19:48:58.0991 4372 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:48:58.0995 4372 pcmcia - ok
19:48:59.0026 4372 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:48:59.0028 4372 pcw - ok
19:48:59.0057 4372 pdfcDispatcher - ok
19:48:59.0105 4372 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:48:59.0121 4372 PEAUTH - ok
19:48:59.0209 4372 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:48:59.0212 4372 PerfHost - ok
19:48:59.0386 4372 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:48:59.0449 4372 pla - ok
19:48:59.0519 4372 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:48:59.0533 4372 PlugPlay - ok
19:48:59.0552 4372 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:48:59.0555 4372 PNRPAutoReg - ok
19:48:59.0603 4372 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:48:59.0608 4372 PNRPsvc - ok
19:48:59.0687 4372 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:48:59.0696 4372 PolicyAgent - ok
19:48:59.0722 4372 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:48:59.0725 4372 Power - ok
19:48:59.0767 4372 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:48:59.0768 4372 PptpMiniport - ok
19:48:59.0788 4372 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:48:59.0790 4372 Processor - ok
19:48:59.0851 4372 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:48:59.0866 4372 ProfSvc - ok
19:48:59.0910 4372 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:48:59.0912 4372 ProtectedStorage - ok
19:48:59.0939 4372 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:48:59.0942 4372 Psched - ok
19:49:00.0044 4372 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:49:00.0097 4372 ql2300 - ok
19:49:00.0202 4372 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:49:00.0204 4372 ql40xx - ok
19:49:00.0238 4372 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:49:00.0242 4372 QWAVE - ok
19:49:00.0253 4372 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:49:00.0255 4372 QWAVEdrv - ok
19:49:00.0274 4372 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:49:00.0276 4372 RasAcd - ok
19:49:00.0296 4372 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:49:00.0298 4372 RasAgileVpn - ok
19:49:00.0313 4372 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:49:00.0317 4372 RasAuto - ok
19:49:00.0335 4372 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:49:00.0337 4372 Rasl2tp - ok
19:49:00.0367 4372 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:49:00.0373 4372 RasMan - ok
19:49:00.0407 4372 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:49:00.0409 4372 RasPppoe - ok
19:49:00.0424 4372 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:49:00.0426 4372 RasSstp - ok
19:49:00.0459 4372 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:49:00.0477 4372 rdbss - ok
19:49:00.0490 4372 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:49:00.0491 4372 rdpbus - ok
19:49:00.0503 4372 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:49:00.0504 4372 RDPCDD - ok
19:49:00.0526 4372 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:49:00.0527 4372 RDPENCDD - ok
19:49:00.0539 4372 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:49:00.0540 4372 RDPREFMP - ok
19:49:00.0570 4372 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:49:00.0574 4372 RDPWD - ok
19:49:00.0609 4372 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:49:00.0612 4372 rdyboost - ok
19:49:00.0645 4372 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:49:00.0649 4372 RemoteAccess - ok
19:49:00.0667 4372 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:49:00.0672 4372 RemoteRegistry - ok
19:49:00.0682 4372 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:49:00.0685 4372 RpcEptMapper - ok
19:49:00.0705 4372 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:49:00.0707 4372 RpcLocator - ok
19:49:00.0751 4372 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:49:00.0757 4372 RpcSs - ok
19:49:00.0784 4372 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:49:00.0785 4372 rspndr - ok
19:49:00.0831 4372 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:49:00.0848 4372 RTL8167 - ok
19:49:00.0977 4372 SafeBox (2dca3c6faad8cd097c2261b3bd06a5ea) C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
19:49:00.0980 4372 SafeBox - ok
19:49:01.0017 4372 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:49:01.0019 4372 SamSs - ok
19:49:01.0055 4372 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:49:01.0075 4372 sbp2port - ok
19:49:01.0104 4372 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:49:01.0108 4372 SCardSvr - ok
19:49:01.0127 4372 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:49:01.0128 4372 scfilter - ok
19:49:01.0207 4372 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:49:01.0227 4372 Schedule - ok
19:49:01.0255 4372 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:49:01.0256 4372 SCPolicySvc - ok
19:49:01.0288 4372 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:49:01.0292 4372 SDRSVC - ok
19:49:01.0328 4372 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:49:01.0329 4372 secdrv - ok
19:49:01.0360 4372 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:49:01.0363 4372 seclogon - ok
19:49:01.0376 4372 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:49:01.0379 4372 SENS - ok
19:49:01.0384 4372 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:49:01.0387 4372 SensrSvc - ok
19:49:01.0403 4372 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:49:01.0405 4372 Serenum - ok
19:49:01.0423 4372 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:49:01.0425 4372 Serial - ok
19:49:01.0468 4372 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:49:01.0470 4372 sermouse - ok
19:49:01.0573 4372 ServiceLayer (668043f192ab9659761a349a4703600d) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
19:49:01.0582 4372 ServiceLayer - ok
19:49:01.0617 4372 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:49:01.0621 4372 SessionEnv - ok
19:49:01.0634 4372 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:49:01.0636 4372 sffdisk - ok
19:49:01.0640 4372 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:49:01.0641 4372 sffp_mmc - ok
19:49:01.0652 4372 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:49:01.0654 4372 sffp_sd - ok
19:49:01.0678 4372 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:49:01.0680 4372 sfloppy - ok
19:49:01.0728 4372 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:49:01.0736 4372 SharedAccess - ok
19:49:01.0758 4372 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:49:01.0765 4372 ShellHWDetection - ok
19:49:01.0784 4372 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:49:01.0785 4372 SiSRaid2 - ok
19:49:01.0809 4372 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:49:01.0811 4372 SiSRaid4 - ok
19:49:01.0874 4372 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:49:01.0876 4372 SkypeUpdate - ok
19:49:01.0893 4372 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:49:01.0895 4372 Smb - ok
19:49:01.0907 4372 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:49:01.0910 4372 SNMPTRAP - ok
19:49:02.0028 4372 Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
19:49:02.0032 4372 Sony PC Companion - ok
19:49:02.0058 4372 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:49:02.0060 4372 spldr - ok
19:49:02.0104 4372 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:49:02.0110 4372 Spooler - ok
19:49:02.0333 4372 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:49:02.0392 4372 sppsvc - ok
19:49:02.0453 4372 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:49:02.0457 4372 sppuinotify - ok
19:49:02.0533 4372 sptd (a6cff1af7664627a296b6a0a96cf876e) C:\Windows\System32\Drivers\sptd.sys
19:49:02.0533 4372 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: a6cff1af7664627a296b6a0a96cf876e
19:49:02.0534 4372 sptd ( LockedFile.Multi.Generic ) - warning
19:49:02.0534 4372 sptd - detected LockedFile.Multi.Generic (1)
19:49:02.0594 4372 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:49:02.0599 4372 srv - ok
19:49:02.0665 4372 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:49:02.0678 4372 srv2 - ok
19:49:02.0693 4372 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:49:02.0695 4372 srvnet - ok
19:49:02.0727 4372 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
19:49:02.0729 4372 ssadbus - ok
19:49:02.0757 4372 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
19:49:02.0758 4372 ssadmdfl - ok
19:49:02.0795 4372 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
19:49:02.0799 4372 ssadmdm - ok
19:49:02.0830 4372 ssadserd (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
19:49:02.0833 4372 ssadserd - ok
19:49:02.0876 4372 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:49:02.0881 4372 SSDPSRV - ok
19:49:02.0898 4372 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:49:02.0902 4372 SstpSvc - ok
19:49:02.0946 4372 ssudmdm (855335bf5792e56164f98c012e3d92dd) C:\Windows\system32\DRIVERS\ssudmdm.sys
19:49:02.0949 4372 ssudmdm - ok
19:49:02.0966 4372 StarOpen - ok
19:49:03.0087 4372 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
19:49:03.0093 4372 StarWindServiceAE - ok
19:49:03.0124 4372 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:49:03.0125 4372 stexstor - ok
19:49:03.0179 4372 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:49:03.0196 4372 stisvc - ok
19:49:03.0216 4372 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:49:03.0217 4372 swenum - ok
19:49:03.0361 4372 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:49:03.0369 4372 SwitchBoard - ok
19:49:03.0406 4372 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:49:03.0418 4372 swprv - ok
19:49:03.0521 4372 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:49:03.0557 4372 SysMain - ok
19:49:03.0638 4372 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:49:03.0643 4372 TabletInputService - ok
19:49:03.0671 4372 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:49:03.0680 4372 TapiSrv - ok
19:49:03.0692 4372 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:49:03.0695 4372 TBS - ok
19:49:03.0822 4372 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:49:03.0859 4372 Tcpip - ok
19:49:04.0007 4372 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:49:04.0023 4372 TCPIP6 - ok
19:49:04.0069 4372 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:49:04.0071 4372 tcpipreg - ok
19:49:04.0099 4372 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:49:04.0100 4372 TDPIPE - ok
19:49:04.0132 4372 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:49:04.0133 4372 TDTCP - ok
19:49:04.0156 4372 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:49:04.0158 4372 tdx - ok
19:49:04.0169 4372 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:49:04.0170 4372 TermDD - ok
19:49:04.0222 4372 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:49:04.0231 4372 TermService - ok
19:49:04.0249 4372 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:49:04.0252 4372 Themes - ok
19:49:04.0271 4372 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:49:04.0272 4372 THREADORDER - ok
19:49:04.0328 4372 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
19:49:04.0331 4372 TIEHDUSB - ok
19:49:04.0354 4372 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:49:04.0358 4372 TrkWks - ok
19:49:04.0408 4372 trufos (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys
19:49:04.0417 4372 trufos - ok
19:49:04.0474 4372 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:49:04.0477 4372 TrustedInstaller - ok
19:49:04.0502 4372 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:49:04.0504 4372 tssecsrv - ok
19:49:04.0542 4372 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:49:04.0544 4372 TsUsbFlt - ok
19:49:04.0587 4372 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:49:04.0590 4372 tunnel - ok
19:49:04.0607 4372 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:49:04.0608 4372 uagp35 - ok
19:49:04.0640 4372 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:49:04.0649 4372 udfs - ok
19:49:04.0667 4372 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:49:04.0670 4372 -
Re
Copia estas líneas:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Aplicación: Modificado
O43 - CFD: 04/10/2011 - 10:42:06 - [0,001] ----D C:\ProgramData\Media Get LLC
O81 - IFC: Controles de Función de Internet [HKCU] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Controles de Función de Internet [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Controles de Función de Internet [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O8 - Elemento adicional del menú contextual: Buscar en la Web - (.not file.) - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
EMPTYTEMP
EMPTYCLSID
Abre ZHPFIX con clic derecho => ejecutar como administrador
Haz clic en H y luego en GO
Publica el informe.
--
.::. Contribuyente Seguridad .::.
-
Ah... no había pensado en eso. Aquí está:
https://pjjoint.malekal.com/files.php?id=20120723_v12k13c5n15u14 -
¡Bien :)
¿Sin preocupaciones, finalizamos?
--
.::. Contribuyente Seguridad .::.
-
¿Hay un último análisis por hacer o el tema está resuelto?
- 1
- 2
Siguiente