PC infected by incredibal toolbar (end)

View previous topic View next topic Go down

PC infected by incredibar toolbar

Post by coucou on Tue 12 Jun 2012, 7:48 am

Until now, I can't remove the incredibar.com toolbar (I use Firefox 12.0).
Trying to remove it, I used SpyHunter4 which found a lot of malwares (lop, trojan.generic,...).
But I scanned my PC with avast or spybot : they found nothing !
So I don't know how much my computer is infected

Thank you very much for your help

Eric

Here are the requested files.

= = = =
OTL Extras logfile created on: 11/06/2012 17:21:56 - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = I:\Téléchargement_Firefox
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 51,84% Memory free
3,85 Gb Paging File | 3,02 Gb Available in Paging File | 78,54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 117,19 Gb Total Space | 48,67 Gb Free Space | 41,53% Space Free | Partition Type: NTFS
Drive D: | 30,64 Gb Total Space | 15,61 Gb Free Space | 50,96% Space Free | Partition Type: NTFS
Drive I: | 146,48 Gb Total Space | 12,65 Gb Free Space | 8,63% Space Free | Partition Type: NTFS
Drive J: | 39,07 Gb Total Space | 10,28 Gb Free Space | 26,31% Space Free | Partition Type: NTFS
Drive K: | 38,31 Gb Total Space | 6,90 Gb Free Space | 18,00% Space Free | Partition Type: NTFS
Drive Z: | 930,82 Gb Total Space | 811,03 Gb Free Space | 87,13% Space Free | Partition Type: NTFS

Computer Name: AMD64 | User Name: eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"16000:TCP" = 16000:TCP:*:Enabled:emule
"16001:UDP" = 16001:UDP:*:Enabled:emule
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"L:\httpd\httpd-x86-windows\apache.exe" = L:\httpd\httpd-x86-windows\apache.exe:127.0.0.1,LocalSubnet:Enabled:Apache web server
"L:\perl\win32\wperl.exe" = L:\perl\win32\wperl.exe:127.0.0.1,LocalSubnet:Enabled:Perl interpreter - part of Stunnix Web Server
"L:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe" = L:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe:127.0.0.1,LocalSubnet:Enabled:Mysql database server

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\Temp\NavBrowser.exe" = C:\WINDOWS\Temp\NavBrowser.exe:*:Disabled:NAVBrowser
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"I:\Cygwin\usr\X11R6\bin\XWin.exe" = I:\Cygwin\usr\X11R6\bin\XWin.exe:*:Enabled:XWin -- ()
"C:\Program Files\Anno 1701\Anno1701.exe" = C:\Program Files\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701 -- (Related Designs Software GmbH)
"Q:\adsltv\vlc.exe" = Q:\adsltv\vlc.exe:*:Enabled:VLC media player
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"I:\Kevin\warhammer\DOW2.exe" = I:\Kevin\warhammer\DOW2.exe:*:Enabled:DOW2 -- (THQ Canada Inc.)
"Q:\adsltv\adsltv.exe" = Q:\adsltv\adsltv.exe:*:Disabled:adsltv
"I:\WoW\World of Warcraft\Launcher.exe" = I:\WoW\World of Warcraft\Launcher.exe:*:Disabled:Blizzard Launcher -- (Blizzard Entertainment)
"I:\WoW\World of Warcraft\WoW-3.2.0-frFR-downloader.exe" = I:\WoW\World of Warcraft\WoW-3.2.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"L:\WD Discovery Software\WD Discovery.exe" = L:\WD Discovery Software\WD Discovery.exe:*:Enabled:WD Discovery Application
"C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe" = C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe:*:Enabled:WD Discovery Application -- ()
"C:\Program Files\StealthNet\stealthnet.exe" = C:\Program Files\StealthNet\stealthnet.exe:*:Enabled:StealthNet -- (The StealthNet Team)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"I:\Logiciels_installes\OneSwarm\OneSwarm.exe" = I:\Logiciels_installes\OneSwarm\OneSwarm.exe:*:Enabled:OneSwarm
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"I:\Cygwin\bin\rsync.exe" = I:\Cygwin\bin\rsync.exe:*:Enabled:rsync -- ()
"I:\Cygwin\bin\[You must be registered and logged in to see this link.] = I:\Cygwin\bin\[You must be registered and logged in to see this link.] -- ()
"I:\WoW\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe" = I:\WoW\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"L:\httpd\httpd-x86-windows\apache.exe" = L:\httpd\httpd-x86-windows\apache.exe:127.0.0.1,LocalSubnet:Enabled:Apache web server
"L:\perl\win32\wperl.exe" = L:\perl\win32\wperl.exe:127.0.0.1,LocalSubnet:Enabled:Perl interpreter - part of Stunnix Web Server
"L:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe" = L:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe:127.0.0.1,LocalSubnet:Enabled:Mysql database server
"C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{006E6A46-8D55-4F10-BBA8-2C9653B4278B}" = Software Update Helper
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.445
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B66765B-8596-4698-A208-E23D11D84AA7}" = Canon Camera WIA Driver
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = PhotoImpression 5
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{6901DD22-527A-41EF-9059-E81FEDE9E494}" = Windows Presentation Foundation Language Pack (FRA)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.1
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8DD0F820-3656-4AB3-A7F4-005CAA2D0897}_is1" = RDesc 2.33
"{9019040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97DF4674-AB43-11D5-91C9-005004F84FA1}" = Dialang V1 Beta
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5D4928E-6B88-40B2-A9BF-E0DD652B43B4}" = Boxore Client
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}" = ABBYY FineReader 6.0
"{B0900CB5-8EC0-43B4-9DAC-A32FE52DC864}" = e-Carte Bleue Banque Populaire
"{B168C59D-5FCF-4EEC-B464-BFA7A8266150}" = Windows Communication Foundation Language Pack - FRA
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B84C141C-9A13-44BE-9A69-301D7B11D836}" = Windows Workflow Foundation FR Language Pack
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}" = Microsoft .NET Framework 3.0 French Language Pack
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FFA98080-B0C6-11D5-91CB-005004F84FA1}" = Sun Java Runtime Environment and JMF
"3BEF1AFDE8303306594E2ADA27520E6E700820AE" = Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"40 polices pour l'école" = 40 polices pour l'école
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional - English, Français, Deutsch_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"CdaC13Ba" = Cda Product Service - shared component
"CLAVIERDESALPHAS" = CLAVIER DES ALPHAS
"CSCLIB" = Canon Camera Support Core Library
"Duplicate Cleaner" = Duplicate Cleaner 2.1b
"eMule" = eMule
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Guide d'utilisation" = Epson Stylus SX210_SX410_TX210_TX410 Manuel
"EPSON SX410 Series" = EPSON SX410 Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.3.4.1
"FindUtils-4.2.20-2_is1" = GnuWin32: FindUtils version 4.2.20-2
"Google Chrome" = Google Chrome
"Gow" = Gow
"Guild Wars" = GUILD WARS
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4B66765B-8596-4698-A208-E23D11D84AA7}" = Canon Camera WIA Driver 6.2.5
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.0 French Language Pack" = Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 13.0 (x86 fr)" = Mozilla Firefox 13.0 (x86 fr)
"Mozilla Thunderbird 10.0.1 (x86 fr)" = Mozilla Thunderbird 10.0.1 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PeerGuardian_is1" = PeerGuardian 2.0
"Perf2480P_2580P Guide de réf." = Perf2480P_2580P Guide de réf.
"Quick Zip_is1" = Quick Zip 4.60.019
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"StealthNet_is1" = StealthNet 0.8.7.8
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"winscp3_is1" = WinSCP 4.1.8
"World of Warcraft" = World of Warcraft
"wxPython2.8-unicode-py26_is1" = wxPython 2.8.10.1 (unicode) for Python 2.6
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 24/08/2008 15:51:50 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =

Error - 26/09/2008 15:02:26 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =

Error - 26/09/2008 15:02:51 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =

Error - 05/03/2009 13:15:40 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =

Error - 21/04/2009 11:18:19 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =

Error - 29/06/2009 11:38:43 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =

Error - 27/08/2009 19:13:48 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =

Error - 07/11/2009 11:44:08 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =

Error - 08/11/2009 10:45:06 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 29/02/2012 07:06:22 | Computer Name = AMD64 | Source = Application Hang | ID = 1002
Description = Application bloquée IDriver.exe, version 8.1.0.293, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 10/03/2012 13:54:33 | Computer Name = AMD64 | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 9.0.0.2823, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 12/03/2012 02:27:11 | Computer Name = AMD64 | Source = Application Hang | ID = 1002
Description = Application bloquée winamp.exe, version 5.5.4.2165, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 15/03/2012 12:34:26 | Computer Name = AMD64 | Source = Application Error | ID = 1000
Description = Application défaillante winword.exe, version 9.0.0.2823, module défaillant
winword.exe, version 9.0.0.2823, adresse de défaillance 0x0037e5cc.

Error - 15/03/2012 12:34:43 | Computer Name = AMD64 | Source = Application Error | ID = 1000
Description = Application défaillante winword.exe, version 9.0.0.2823, module défaillant
winword.exe, version 9.0.0.2823, adresse de défaillance 0x0037e5cc.

Error - 19/03/2012 14:54:07 | Computer Name = AMD64 | Source = Application Hang | ID = 1002
Description = Application bloquée QuickZip.exe, version 0.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 01/04/2012 11:28:39 | Computer Name = AMD64 | Source = Application Hang | ID = 1002
Description = Application bloquée Unlocker.exe, version 0.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 15/04/2012 05:53:45 | Computer Name = AMD64 | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.2.4448, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 04/06/2012 04:48:58 | Computer Name = AMD64 | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
CAB de mise à jour automatique à :
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé.

Error - 04/06/2012 04:48:58 | Computer Name = AMD64 | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
CAB de mise à jour automatique à :
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé.

[ System Events ]
Error - 11/06/2012 10:30:06 | Computer Name = AMD64 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Aavmker4 aswSnx aswSP aswTdi Fips Processor

Error - 11/06/2012 10:33:57 | Computer Name = AMD64 | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
Apple Mobile Device.

Error - 11/06/2012 10:33:57 | Computer Name = AMD64 | Source = Service Control Manager | ID = 7000
Description = Le service Apple Mobile Device n'a pas pu démarrer en raison de l'erreur :
%%1053

Error - 11/06/2012 10:33:57 | Computer Name = AMD64 | Source = Service Control Manager | ID = 7000
Description = Le service NetGroup Packet Filter Driver n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 11/06/2012 10:48:42 | Computer Name = AMD64 | Source = SideBySide | ID = 16842784
Description = L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé.
La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.


Error - 11/06/2012 10:48:42 | Computer Name = AMD64 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC. Message
d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.

Error - 11/06/2012 10:48:42 | Computer Name = AMD64 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
Message
d'erreur de référence : Opération réussie. .

Error - 11/06/2012 10:48:42 | Computer Name = AMD64 | Source = SideBySide | ID = 16842784
Description = L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé.
La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.


Error - 11/06/2012 10:48:42 | Computer Name = AMD64 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC. Message
d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.

Error - 11/06/2012 10:48:42 | Computer Name = AMD64 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
Message
d'erreur de référence : Opération réussie. .


< End of report >
= = = = =
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-11 17:38:57
-----------------------------
17:38:57.921 OS Version: Windows 5.1.2600 Service Pack 3
17:38:57.921 Number of processors: 2 586 0x6B02
17:38:57.921 ComputerName: AMD64 UserName: eric
17:38:59.234 Initialize success
17:39:02.921 AVAST engine defs: 12061100
17:39:32.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:39:32.781 Disk 0 Vendor: Hitachi_HDP725032GLA360 GM3OA52A Size: 305245MB BusType: 3
17:39:32.781 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-1c
17:39:32.781 Disk 1 Vendor: IC35L120AVV207-0 V24OA63A Size: 117800MB BusType: 3
17:39:32.796 Disk 0 MBR read successfully
17:39:32.796 Disk 0 MBR scan
17:39:32.796 Disk 0 unknown MBR code
17:39:32.796 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 120001 MB offset 63
17:39:32.828 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 149997 MB offset 245762370
17:39:32.843 Disk 0 Partition 3 00 83 Linux 35244 MB offset 552957300
17:39:32.843 Disk 0 scanning sectors +625137345
17:39:32.953 Disk 0 scanning C:\WINDOWS\system32\drivers
17:39:43.421 Service scanning
17:39:56.000 Modules scanning
17:40:00.906 Disk 0 trace - called modules:
17:40:00.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:40:00.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a735ab8]
17:40:00.906 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006e[0x8a70bf18]
17:40:00.906 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a70ad98]
17:40:01.468 AVAST engine scan C:\WINDOWS
17:40:10.015 AVAST engine scan C:\WINDOWS\system32
17:41:59.046 AVAST engine scan C:\WINDOWS\system32\drivers
17:42:11.468 AVAST engine scan C:\Documents and Settings\eric
17:44:08.953 Disk 0 MBR has been saved successfully to "I:\Téléchargement_Firefox\MBR.dat"
17:44:08.968 The log file has been saved successfully to "I:\Téléchargement_Firefox\aswMBR.txt"



coucou

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2012-06-12
Operating System : Windows XP

View user profile

Back to top Go down

PC infected by incredible toolbar (continued)

Post by coucou on Tue 12 Jun 2012, 7:54 am

The OLT.report: (Part 1)
= = = =

OTL logfile created on: 11/06/2012 17:21:56 - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = I:\Téléchargement_Firefox
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 51,84% Memory free
3,85 Gb Paging File | 3,02 Gb Available in Paging File | 78,54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 117,19 Gb Total Space | 48,67 Gb Free Space | 41,53% Space Free | Partition Type: NTFS
Drive D: | 30,64 Gb Total Space | 15,61 Gb Free Space | 50,96% Space Free | Partition Type: NTFS
Drive I: | 146,48 Gb Total Space | 12,65 Gb Free Space | 8,63% Space Free | Partition Type: NTFS
Drive J: | 39,07 Gb Total Space | 10,28 Gb Free Space | 26,31% Space Free | Partition Type: NTFS
Drive K: | 38,31 Gb Total Space | 6,90 Gb Free Space | 18,00% Space Free | Partition Type: NTFS
Drive Z: | 930,82 Gb Total Space | 811,03 Gb Free Space | 87,13% Space Free | Partition Type: NTFS

Computer Name: AMD64 | User Name: eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/11 17:01:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- I:\Téléchargement_Firefox\OTL.com
PRC - [2012/06/11 16:55:43 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/30 19:11:06 | 000,596,688 | ---- | M] (Boxore OU) -- C:\Program Files\Boxore\BoxoreClient\boxore.exe
PRC - [2012/05/24 15:23:28 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- I:\Logiciels_installes\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- I:\Logiciels_installes\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/01/18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2011/08/30 13:24:59 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2011/08/15 17:42:57 | 000,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2010/09/18 11:24:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/07/04 21:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/09/08 18:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/08/04 01:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/11 16:55:42 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/11 13:19:20 | 001,768,960 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12061100\algo.dll
MOD - [2012/05/24 15:23:28 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
MOD - [2012/05/07 15:18:38 | 008,797,856 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/18 23:04:08 | 000,296,448 | ---- | M] () -- K:\InstallationLogiciels\notepad++\NppShell_04.dll
MOD - [2010/07/04 23:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/07/04 23:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 21:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2008/08/04 01:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
MOD - [2008/04/14 04:33:31 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/05/11 00:56:54 | 000,921,600 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdistRes.FRA


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %ProgramFiles%\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/06/11 16:55:42 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/09 20:24:22 | 000,138,416 | ---- | M] (Boxore OU.) [Auto | Stopped] -- C:\Program Files\Software\Update\SoftwareUpdate.exe -- (supdate) Software Update Service (supdate)
SRV - [2012/05/24 15:23:28 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012/05/07 15:18:39 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- I:\Logiciels_installes\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/08/15 17:42:57 | 000,039,936 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2010/09/18 11:24:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/08 18:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2008/07/29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/04/14 04:34:25 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008/04/14 04:34:15 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/14 04:34:15 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/14 04:33:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/14 04:33:31 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/14 04:33:30 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/14 04:33:19 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- system32\drivers\npf.sys -- (NPF)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avfsfilter.sys -- (AVFSFilter)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 01:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 01:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/07 00:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/08/15 17:42:38 | 000,008,864 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2010/07/04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2008/09/27 16:50:24 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/09/27 16:50:24 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/04/14 04:09:53 | 000,120,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/14 04:05:07 | 000,800,256 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 21:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 20:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2007/11/01 08:56:00 | 000,035,328 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l150x86.sys -- (AtcL001)
DRV - [2007/08/10 07:52:44 | 004,603,904 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/05 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/05 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{031230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{031230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://Mystart.incredibar.com/mb124"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.12.2.3
FF - prefs.js..extensions.enabledItems: {33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7.0.1426
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 4444


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@[You must be registered and logged in to see this link.] Update;version=8: C:\Program Files\Software\Update\1.2.195.0\npSoftwareOneClick8.dll (Boxore OU.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\eric\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/03/25 15:00:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/06/09 13:52:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/11 16:55:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/09 13:52:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/01/23 19:45:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/11/11 16:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\eric\Application Data\Mozilla\Extensions
[2010/11/11 16:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\eric\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/06/09 15:01:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\k9rgartv.default\extensions
[2012/06/09 15:01:47 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\k9rgartv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/07/23 14:49:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\k9rgartv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/15 16:52:58 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\k9rgartv.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2012/04/14 16:35:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\k9rgartv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/06/09 13:52:14 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\k9rgartv.default\extensions\ffxtlbr@incredibar.com
[2012/04/14 16:35:28 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\k9rgartv.default\extensions\quickstores@quickstores.de
[2012/06/09 14:04:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/01 16:25:02 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
[2012/03/25 15:00:38 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012/02/26 19:26:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/06/09 13:52:04 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012/06/11 16:55:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/26 19:26:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/09 13:52:03 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/06/09 13:52:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/09 13:52:03 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/06/09 13:52:03 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2008/12/18 13:36:16 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2012/06/09 13:52:03 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/06/09 13:52:03 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Documents and Settings\eric\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Documents and Settings\eric\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Documents and Settings\eric\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.1_0\
CHR - Extension: No name found = C:\Documents and Settings\eric\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: No name found = C:\Documents and Settings\eric\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2009/04/24 12:54:49 | 000,305,748 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10526 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ECarteBleueBrowserHelper Class) - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Documents and Settings\eric\Application Data\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {031230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Boxore Client] C:\Program Files\Boxore\BoxoreClient\boxore.exe (Boxore OU)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] I:\Logiciels_installes\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RDesc] File not found
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [EPSON SX410 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Télécharger avec NetTransport - I:\Logiciels_installes\NetTransport 2\NTAddLink.html File not found
O8 - Extra context menu item: Ajouter au fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - I:\Logiciels_installes\NetTransport 2\NTAddList.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F02F960B-84E0-4D09-A96D-58BA8A539D33}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/13 19:45:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/09/24 09:16:10 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4ad1f7df-a05a-11de-9ce8-001fc6a4e463}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{58d847d3-5061-11de-9cd2-001fc6a4e463}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\{f34a5161-c8b0-11df-9d26-001fc6a4e463}\Shell - "" = AutoRun
O33 - MountPoints2\{f34a5161-c8b0-11df-9d26-001fc6a4e463}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NoLimit.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Lecteur Windows Media Microsoft 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)


coucou

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2012-06-12
Operating System : Windows XP

View user profile

Back to top Go down

PC infected by incredibal toolbar (end)

Post by coucou on Tue 12 Jun 2012, 7:57 am

OLT file (Part 2) :


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/11 16:39:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\Application Data\DriverCure
[2012/06/11 16:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\Application Data\SpeedyPC Software
[2012/06/11 16:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/06/11 16:21:11 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/06/10 22:23:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/10 22:20:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Software
[2012/06/10 15:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\clp
[2012/06/09 20:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\Boxore
[2012/06/09 20:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Software
[2012/06/09 20:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Software
[2012/06/09 20:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\Local Settings\Application Data\Software
[2012/06/09 20:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\GridinSoft
[2012/06/09 20:17:44 | 024,227,600 | ---- | C] (GridinSoft, Inc. ) -- C:\Documents and Settings\eric\Bureau\trojankiller2103-setup.exe
[2012/06/09 19:03:33 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/06/09 19:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/06/09 19:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Wise Installation Wizard
[2012/06/09 15:32:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\Application Data\Malwarebytes
[2012/06/09 15:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2012/06/09 15:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/06/09 15:32:33 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/09 14:57:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\Application Data\GetRightToGo
[2012/06/09 13:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/09 13:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/06/09 13:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012/06/09 13:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\eric\Application Data\Eltima Software
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\eric\Mes documents\*.tmp files -> C:\Documents and Settings\eric\Mes documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/11 17:25:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/11 17:22:00 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/11 16:34:07 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/11 16:33:41 | 000,001,066 | ---- | M] () -- C:\WINDOWS\tasks\SoftwareUpdateTaskMachineCore.job
[2012/06/11 16:33:37 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/11 16:32:30 | 000,175,033 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/06/11 16:31:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/11 15:29:00 | 000,001,070 | ---- | M] () -- C:\WINDOWS\tasks\SoftwareUpdateTaskMachineUA.job
[2012/06/09 20:19:31 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\eric\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/09 20:19:01 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Trojan Killer.lnk
[2012/06/09 20:18:23 | 024,227,600 | ---- | M] (GridinSoft, Inc. ) -- C:\Documents and Settings\eric\Bureau\trojankiller2103-setup.exe
[2012/06/09 18:50:29 | 000,002,551 | ---- | M] () -- C:\Documents and Settings\eric\Bureau\Microsoft Word.lnk
[2012/06/09 15:32:39 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2012/06/09 13:52:19 | 000,000,448 | ---- | M] () -- C:\user.js
[2012/06/07 10:33:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/07 07:59:21 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\eric\Bureau\Microsoft Publisher.lnk
[2012/06/06 18:28:54 | 000,125,952 | ---- | M] () -- C:\Documents and Settings\eric\Mes documents\Evaluation terminale PS2.pub
[2012/06/04 19:14:24 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\eric\Mes documents\MATHS MS.pub
[2012/06/04 10:42:39 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\eric\Mes documents\Composition2.pub
[2012/05/31 15:22:03 | 000,606,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/26 18:47:02 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\eric\Mes documents\cahier journal a la semaine matin.pub
[2012/05/24 12:24:41 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk
[2012/05/16 15:20:22 | 000,002,072 | ---- | M] () -- C:\Documents and Settings\eric\Application Data\QuickZip45.ini
[2012/05/14 21:02:28 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\eric\Mes documents\urne pour les stagiaires.pub
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\eric\Mes documents\*.tmp files -> C:\Documents and Settings\eric\Mes documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/09 20:19:35 | 000,001,070 | ---- | C] () -- C:\WINDOWS\tasks\SoftwareUpdateTaskMachineUA.job
[2012/06/09 20:19:35 | 000,001,066 | ---- | C] () -- C:\WINDOWS\tasks\SoftwareUpdateTaskMachineCore.job
[2012/06/09 20:19:01 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Trojan Killer.lnk
[2012/06/09 15:32:39 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2012/06/09 13:52:22 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk
[2012/06/09 13:52:17 | 000,000,448 | ---- | C] () -- C:\user.js
[2012/06/06 18:12:44 | 000,125,952 | ---- | C] () -- C:\Documents and Settings\eric\Mes documents\Evaluation terminale PS2.pub
[2012/02/29 14:02:29 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\psCamDat.dll
[2012/02/15 06:45:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/02 18:37:51 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/11/02 18:37:51 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/11/02 18:37:51 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/11/02 18:37:51 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/11/02 18:37:51 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/11/02 18:37:51 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/11/02 18:37:51 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/11/02 18:37:51 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2011/11/02 18:37:51 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/11/02 18:37:51 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/11/02 18:37:51 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/11/02 18:37:51 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/11/02 18:37:51 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/11/02 18:37:51 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2011/11/02 18:37:51 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2011/11/02 18:37:51 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/08/15 17:42:58 | 000,112,128 | RH-- | C] () -- C:\WINDOWS\CdaC14BA.DLL
[2011/08/15 17:42:58 | 000,030,720 | RH-- | C] () -- C:\WINDOWS\CdaC13BA.EXE
[2011/08/15 17:42:39 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS
[2011/04/03 19:44:58 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\eric\Application Data\{031230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011/04/03 19:44:57 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{031230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/09/09 18:53:42 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\eric\Application Data\winscp.rnd
[2010/09/03 13:56:07 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\eric\Local Settings\Application Data\PUTTY.RND

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2012/06/11 16:55:43 | 000,117,728 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2012/06/11 16:55:43 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2012/06/11 16:55:42 | 000,113,120 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\maintenanceservice.exe
[2012/06/11 16:55:42 | 000,157,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe
[2012/06/11 16:55:39 | 000,016,864 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2012/06/11 16:55:39 | 000,265,184 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2008/08/28 18:53:42 | 000,000,000 | ---D | M] -- C:\Program Files\ABBYY
[2011/11/02 18:39:36 | 000,000,000 | ---D | M] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2010/09/18 11:04:08 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/11/16 23:01:48 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2008/09/27 17:06:55 | 000,000,000 | ---D | M] -- C:\Program Files\Anno 1701
[2011/11/02 18:50:36 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2008/08/28 18:52:26 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2008/08/20 15:48:00 | 000,000,000 | ---D | M] -- C:\Program Files\ASUS
[2008/08/13 21:36:51 | 000,000,000 | ---D | M] -- C:\Program Files\Attansic
[2011/10/31 21:36:45 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2012/06/09 20:19:50 | 000,000,000 | ---D | M] -- C:\Program Files\Boxore
[2012/03/29 10:04:02 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2010/02/05 09:07:28 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/10/15 16:52:56 | 000,000,000 | ---D | M] -- C:\Program Files\Complitly
[2008/08/13 19:42:06 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/09/10 19:06:31 | 000,000,000 | ---D | M] -- C:\Program Files\Dialang
[2008/08/13 20:12:12 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2008/09/11 10:50:32 | 000,000,000 | ---D | M] -- C:\Program Files\e-Carte Bleue
[2008/09/11 10:56:01 | 000,000,000 | ---D | M] -- C:\Program Files\e-Carte Bleue Banque Populaire
[2012/06/09 19:03:33 | 000,000,000 | ---D | M] -- C:\Program Files\Enigma Software Group
[2011/11/02 18:39:44 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2011/11/02 18:39:56 | 000,000,000 | ---D | M] -- C:\Program Files\Epson Software
[2011/04/12 22:46:20 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2012/06/11 16:54:22 | 000,000,000 | ---D | M] -- C:\Program Files\Fichiers communs
[2010/09/03 13:53:47 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2009/01/15 21:33:13 | 000,000,000 | ---D | M] -- C:\Program Files\FlashGet
[2012/03/26 16:11:04 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/06/16 17:07:20 | 000,000,000 | ---D | M] -- C:\Program Files\GUILD WARS
[2012/02/29 14:02:56 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2012/04/13 03:01:06 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/03/10 13:27:20 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2012/03/10 13:28:20 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/08/13 15:39:10 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/10/22 19:03:18 | 000,000,000 | ---D | M] -- C:\Program Files\Magic mail monitor
[2008/08/22 19:04:02 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/12/29 23:02:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/09/21 20:14:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/08/28 18:22:02 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/06/07 18:49:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2008/08/28 18:32:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2008/08/28 18:24:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/08/12 03:00:49 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/06/11 16:55:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2012/06/11 16:55:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/11 17:00:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2011/03/20 19:59:01 | 000,000,000 | ---D | M] -- C:\Program Files\mp3DirectCut
[2009/06/07 18:56:21 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/08/13 19:41:02 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/08/13 19:41:47 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/09/21 20:14:12 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/08/22 19:01:28 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2011/03/21 17:14:22 | 000,000,000 | ---D | M] -- C:\Program Files\Notepad++
[2010/09/24 11:09:15 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/12/16 04:00:47 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/12/15 09:09:07 | 000,000,000 | ---D | M] -- C:\Program Files\PeerGuardian2
[2010/12/19 13:22:24 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/08/13 21:34:36 | 000,000,000 | ---D | M] -- C:\Program Files\QuickZip4
[2008/08/13 20:37:28 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/06/07 18:53:17 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/09/21 10:00:10 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2008/12/27 15:59:26 | 000,000,000 | ---D | M] -- C:\Program Files\Skype
[2008/08/28 18:51:42 | 000,000,000 | ---D | M] -- C:\Program Files\Smart Panel
[2012/06/09 20:19:29 | 000,000,000 | ---D | M] -- C:\Program Files\Software
[2009/09/17 08:43:41 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/11 12:56:19 | 000,000,000 | ---D | M] -- C:\Program Files\StealthNet
[2008/08/13 19:48:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2012/04/01 16:25:25 | 000,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2008/08/23 12:53:21 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2011/04/03 20:01:19 | 000,000,000 | ---D | M] -- C:\Program Files\VideoSlurp
[2012/06/09 13:52:05 | 000,000,000 | ---D | M] -- C:\Program Files\Web Assistant
[2009/10/26 13:36:44 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2008/08/23 11:56:33 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2009/12/29 23:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/12/29 23:02:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2008/08/23 11:53:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/08/22 19:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2012/01/01 18:56:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Resource Kits
[2008/08/13 19:44:12 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/08/13 19:45:15 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< MD5 for: AGP440.SYS >
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/22 18:58:42 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/22 18:58:42 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/22 18:58:42 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/22 18:58:42 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/05 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/08/22 18:58:42 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/08/22 18:58:42 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/05 14:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/05 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-06-04 08:42:45

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/11 16:55:39 | 000,869,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/11 16:55:39 | 000,869,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/11 16:55:39 | 000,869,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/06/11 16:55:43 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/11 16:55:43 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/11 16:55:43 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 14:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 14:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 14:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/11 16:55:39 | 000,869,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/11 16:55:39 | 000,869,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/11 16:55:39 | 000,869,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/06/11 16:55:43 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/11 16:55:43 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/11 16:55:43 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 14:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 14:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 14:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< End of report >

coucou

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2012-06-12
Operating System : Windows XP

View user profile

Back to top Go down

PC infected by incredibal toolbar (last file)

Post by coucou on Tue 12 Jun 2012, 8:18 am

Secutity Check report :

Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
HijackThis 2.0.2
CCleaner
Duplicate Cleaner 2.1b
Java(TM) 6 Update 31
Java(TM) 6 Update 7
Sun Java Runtime Environment and JMF
Java version out of date!
Adobe Flash Player 11.2.202.235
Mozilla Firefox (13.0)
Mozilla Thunderbird 10.0.1 Thunderbird out of Date!
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 18% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

coucou

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2012-06-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: PC infected by incredibal toolbar (end)

Post by DragonMaster Jay on Tue 12 Jun 2012, 8:48 am

We need to fix the Master Boot Record using aswMBR now.


  • Double click aswMBR.exe to run it like before
  • Once the scan finishes click FixMBR to remove the infection as illustrated below






  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review


Please download TDSSKiller from here and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: PC infected by incredibal toolbar (end)

Post by coucou on Tue 12 Jun 2012, 5:44 pm

PC Infected by incredibar toolbar :

aswMBR and TSSKiller reports :

= = = = = = = =
aswMBR report :

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-12 08:33:03
-----------------------------
08:33:03.919 OS Version: Windows 5.1.2600 Service Pack 3
08:33:03.919 Number of processors: 2 586 0x6B02
08:33:03.919 ComputerName: AMD64 UserName: eric
08:33:04.309 Initialize success
08:33:07.481 AVAST engine defs: 12061101
08:33:11.044 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:33:11.044 Disk 0 Vendor: Hitachi_HDP725032GLA360 GM3OA52A Size: 305245MB BusType: 3
08:33:11.044 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-1c
08:33:11.044 Disk 1 Vendor: IC35L120AVV207-0 V24OA63A Size: 117800MB BusType: 3
08:33:11.091 Disk 0 MBR read successfully
08:33:11.091 Disk 0 MBR scan
08:33:11.091 Disk 0 unknown MBR code
08:33:11.091 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 120001 MB offset 63
08:33:11.122 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 149997 MB offset 245762370
08:33:11.153 Disk 0 Partition 3 00 83 Linux 35244 MB offset 552957300
08:33:11.169 Disk 0 scanning sectors +625137345
08:33:11.263 Disk 0 scanning C:\WINDOWS\system32\drivers
08:33:22.575 Service scanning
08:33:33.388 Modules scanning
08:33:42.997 Disk 0 trace - called modules:
08:33:43.013 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
08:33:43.013 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a735ab8]
08:33:43.013 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006e[0x8a70bf18]
08:33:43.013 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a70ad98]
08:33:43.403 AVAST engine scan C:\WINDOWS
08:33:58.700 Verifying
08:34:08.700 Disk 0 Windows 501 MBR fixed successfully
08:34:03.794 AVAST engine scan C:\WINDOWS\system32
08:36:56.403 AVAST engine scan C:\WINDOWS\system32\drivers
08:37:10.091 AVAST engine scan C:\Documents and Settings\eric
08:37:47.200 Disk 0 MBR has been saved successfully to "I:\Téléchargement_Firefox\MBR.dat"
08:37:47.200 The log file has been saved successfully to "I:\Téléchargement_Firefox\aswMBR_afterScan.txt"



coucou

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2012-06-12
Operating System : Windows XP

View user profile

Back to top Go down

PC Infected by Incredibar toolbar (continued)

Post by coucou on Tue 12 Jun 2012, 5:48 pm

TDSSKIller Report (Part 1) :

= = = =
08:38:35.0200 2000 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
08:38:35.0403 2000 ============================================================
08:38:35.0403 2000 Current date / time: 2012/06/12 08:38:35.0403
08:38:35.0403 2000 SystemInfo:
08:38:35.0403 2000
08:38:35.0403 2000 OS Version: 5.1.2600 ServicePack: 3.0
08:38:35.0403 2000 Product type: Workstation
08:38:35.0403 2000 ComputerName: AMD64
08:38:35.0403 2000 UserName: eric
08:38:35.0403 2000 Windows directory: C:\WINDOWS
08:38:35.0403 2000 System windows directory: C:\WINDOWS
08:38:35.0403 2000 Processor architecture: Intel x86
08:38:35.0403 2000 Number of processors: 2
08:38:35.0403 2000 Page size: 0x1000
08:38:35.0403 2000 Boot type: Normal boot
08:38:35.0403 2000 ============================================================
08:38:37.0747 2000 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:38:37.0778 2000 Drive \Device\Harddisk1\DR1 - Size: 0x1CC2828000 (115.04 Gb), SectorSize: 0x200, Cylinders: 0x3AA9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:38:37.0841 2000 ============================================================
08:38:37.0841 2000 \Device\Harddisk0\DR0:
08:38:37.0841 2000 MBR partitions:
08:38:37.0841 2000 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEA60903
08:38:37.0841 2000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xEA60942, BlocksNum 0x124F6C32
08:38:37.0841 2000 \Device\Harddisk1\DR1:
08:38:37.0841 2000 MBR partitions:
08:38:37.0841 2000 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3D48761
08:38:37.0841 2000 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3D487A0, BlocksNum 0x4E22CEC
08:38:37.0841 2000 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x8B6B48C, BlocksNum 0x4C9E849
08:38:37.0872 2000 ============================================================
08:38:37.0997 2000 C: <-> \Device\Harddisk0\DR0\Partition0
08:38:38.0013 2000 D: <-> \Device\Harddisk1\DR1\Partition0
08:38:38.0231 2000 I: <-> \Device\Harddisk0\DR0\Partition1
08:38:38.0341 2000 J: <-> \Device\Harddisk1\DR1\Partition1
08:38:38.0419 2000 K: <-> \Device\Harddisk1\DR1\Partition2
08:38:38.0419 2000 ============================================================
08:38:38.0419 2000 Initialize success
08:38:38.0419 2000 ============================================================
08:38:42.0763 3052 ============================================================
08:38:42.0763 3052 Scan started
08:38:42.0763 3052 Mode: Manual;
08:38:42.0763 3052 ============================================================
08:38:44.0778 3052 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
08:38:44.0794 3052 Aavmker4 - ok
08:38:44.0825 3052 Abiosdsk - ok
08:38:44.0841 3052 abp480n5 - ok
08:38:44.0919 3052 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:38:44.0934 3052 ACPI - ok
08:38:44.0981 3052 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:38:44.0981 3052 ACPIEC - ok
08:38:45.0278 3052 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:38:45.0278 3052 AdobeFlashPlayerUpdateSvc - ok
08:38:45.0294 3052 adpu160m - ok
08:38:45.0497 3052 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:38:45.0512 3052 aec - ok
08:38:45.0622 3052 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:38:45.0622 3052 AFD - ok
08:38:45.0637 3052 Aha154x - ok
08:38:45.0637 3052 aic78u2 - ok
08:38:45.0637 3052 aic78xx - ok
08:38:45.0684 3052 Alerter (758fdc60d41716ef889d849989b4b1cd) C:\WINDOWS\system32\alrsvc.dll
08:38:45.0684 3052 Alerter - ok
08:38:45.0731 3052 ALG (5e9a6658a2a69ae7eb195113b7a2e7a9) C:\WINDOWS\System32\alg.exe
08:38:45.0731 3052 ALG - ok
08:38:45.0747 3052 AliIde - ok
08:38:45.0747 3052 amsint - ok
08:38:46.0028 3052 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:38:46.0059 3052 Apple Mobile Device - ok
08:38:46.0137 3052 AppMgmt (f36c9f78fc902c8dce4d3b576bb0435a) C:\WINDOWS\System32\appmgmts.dll
08:38:46.0137 3052 AppMgmt - ok
08:38:46.0153 3052 asc - ok
08:38:46.0153 3052 asc3350p - ok
08:38:46.0169 3052 asc3550 - ok
08:38:46.0372 3052 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:38:46.0387 3052 aspnet_state - ok
08:38:46.0497 3052 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
08:38:46.0512 3052 aswFsBlk - ok
08:38:46.0794 3052 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
08:38:46.0794 3052 aswMon2 - ok
08:38:46.0856 3052 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
08:38:46.0872 3052 aswRdr - ok
08:38:47.0012 3052 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
08:38:47.0028 3052 aswSnx - ok
08:38:47.0153 3052 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
08:38:47.0153 3052 aswSP - ok
08:38:47.0169 3052 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
08:38:47.0169 3052 aswTdi - ok
08:38:47.0247 3052 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:38:47.0247 3052 AsyncMac - ok
08:38:47.0294 3052 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:38:47.0294 3052 atapi - ok
08:38:47.0341 3052 AtcL001 (8f5813907dafd834db8f6b841f6ea4ad) C:\WINDOWS\system32\DRIVERS\l150x86.sys
08:38:47.0341 3052 AtcL001 - ok
08:38:47.0341 3052 Atdisk - ok
08:38:47.0434 3052 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\WINDOWS\system32\DRIVERS\atksgt.sys
08:38:47.0450 3052 atksgt - ok
08:38:47.0466 3052 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:38:47.0466 3052 Atmarpc - ok
08:38:47.0528 3052 AudioSrv (b4005aef7873144634765b570dac466e) C:\WINDOWS\System32\audiosrv.dll
08:38:47.0528 3052 AudioSrv - ok
08:38:47.0575 3052 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:38:47.0575 3052 audstub - ok
08:38:47.0794 3052 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
08:38:47.0794 3052 avast! Antivirus - ok
08:38:47.0794 3052 AVFSFilter - ok
08:38:47.0825 3052 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:38:47.0825 3052 Beep - ok
08:38:47.0981 3052 BITS (baa0b6e647c1ad593e9bae5cc31bcffb) C:\WINDOWS\system32\qmgr.dll
08:38:48.0028 3052 BITS - ok
08:38:48.0169 3052 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
08:38:48.0184 3052 Bonjour Service - ok
08:38:48.0278 3052 Browser (06b54a7b1ef7cb16bfd0e208d343fa71) C:\WINDOWS\System32\browser.dll
08:38:48.0278 3052 Browser - ok
08:38:48.0325 3052 C-DillaCdaC11BA (3de014dfc14e8530f3a85572e2763446) C:\WINDOWS\system32\drivers\CDAC11BA.EXE
08:38:48.0325 3052 C-DillaCdaC11BA - ok
08:38:48.0403 3052 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:38:48.0403 3052 cbidf2k - ok
08:38:48.0559 3052 CCALib8 (359e5a91d26d0439933bef1c29cedef7) C:\Program Files\Canon\CAL\CALMAIN.exe
08:38:48.0559 3052 CCALib8 - ok
08:38:48.0575 3052 cd20xrnt - ok
08:38:48.0606 3052 CdaC15BA (82c4c6a2343b592c4fd590f625a724a9) C:\WINDOWS\system32\drivers\CDAC15BA.SYS
08:38:48.0606 3052 CdaC15BA - ok
08:38:48.0653 3052 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:38:48.0653 3052 Cdaudio - ok
08:38:48.0716 3052 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:38:48.0731 3052 Cdfs - ok
08:38:48.0778 3052 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:38:48.0809 3052 Cdrom - ok
08:38:48.0809 3052 Changer - ok
08:38:48.0856 3052 CiSvc (793ef38a5fd086c3c8e48a8a861562ed) C:\WINDOWS\system32\cisvc.exe
08:38:48.0856 3052 CiSvc - ok
08:38:48.0887 3052 ClipSrv (8b30cbb0c07d49b2658fb190946b0e7e) C:\WINDOWS\system32\clipsrv.exe
08:38:48.0887 3052 ClipSrv - ok
08:38:49.0434 3052 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:38:49.0669 3052 clr_optimization_v2.0.50727_32 - ok
08:38:49.0669 3052 CmdIde - ok
08:38:49.0684 3052 COMSysApp - ok
08:38:49.0684 3052 Cpqarray - ok
08:38:49.0747 3052 CryptSvc (7a6d0b71035e123fdda2156a25578ad3) C:\WINDOWS\System32\cryptsvc.dll
08:38:49.0747 3052 CryptSvc - ok
08:38:49.0747 3052 dac2w2k - ok
08:38:49.0747 3052 dac960nt - ok
08:38:49.0872 3052 DcomLaunch (0203b1aad358f206cb0a3c1f93cce17a) C:\WINDOWS\system32\rpcss.dll
08:38:49.0887 3052 DcomLaunch - ok
08:38:49.0966 3052 Dhcp (318f535dc05551d96deeb90b6d6904de) C:\WINDOWS\System32\dhcpcsvc.dll
08:38:49.0981 3052 Dhcp - ok
08:38:50.0028 3052 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:38:50.0044 3052 Disk - ok
08:38:50.0059 3052 dmadmin - ok
08:38:50.0169 3052 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
08:38:50.0184 3052 dmboot - ok
08:38:50.0247 3052 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
08:38:50.0262 3052 dmio - ok
08:38:50.0309 3052 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:38:50.0309 3052 dmload - ok
08:38:50.0372 3052 dmserver (6797c23d6b79935482d7f0e8ca5e5b67) C:\WINDOWS\System32\dmserver.dll
08:38:50.0387 3052 dmserver - ok
08:38:50.0403 3052 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:38:50.0403 3052 DMusic - ok
08:38:50.0450 3052 Dnscache (1a1e59377fb6cacd711cc5073c4a7d79) C:\WINDOWS\System32\dnsrslvr.dll
08:38:50.0466 3052 Dnscache - ok
08:38:50.0559 3052 Dot3svc (3fcf86f03d0302443c21ce6e5bbf7a25) C:\WINDOWS\System32\dot3svc.dll
08:38:50.0559 3052 Dot3svc - ok
08:38:50.0559 3052 dpti2o - ok
08:38:50.0591 3052 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:38:50.0591 3052 drmkaud - ok
08:38:50.0637 3052 EapHost (8b5fc9087d2cab110bc2ed5cc5e7b8ac) C:\WINDOWS\System32\eapsvc.dll
08:38:50.0637 3052 EapHost - ok
08:38:50.0731 3052 ERSvc (94f948cb12c4d35483f1e815deb16c7b) C:\WINDOWS\System32\ersvc.dll
08:38:50.0747 3052 ERSvc - ok
08:38:50.0903 3052 esgiguard - ok
08:38:50.0966 3052 Eventlog (c3fb1d70cb88722267949694ba51759e) C:\WINDOWS\system32\services.exe
08:38:50.0981 3052 Eventlog - ok
08:38:51.0247 3052 EventSystem (ec16ae9b37eacf871629227a3f3913fd) C:\WINDOWS\system32\es.dll
08:38:51.0247 3052 EventSystem - ok
08:38:51.0450 3052 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:38:51.0450 3052 Fastfat - ok
08:38:51.0497 3052 FastUserSwitchingCompatibility (1b8542f338cdd86929a084a455837158) C:\WINDOWS\System32\shsvcs.dll
08:38:51.0528 3052 FastUserSwitchingCompatibility - ok
08:38:51.0544 3052 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:38:51.0544 3052 Fdc - ok
08:38:51.0622 3052 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
08:38:51.0637 3052 Fips - ok
08:38:51.0872 3052 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:38:51.0872 3052 FLEXnet Licensing Service - ok
08:38:51.0919 3052 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:38:51.0934 3052 Flpydisk - ok
08:38:52.0059 3052 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:38:52.0059 3052 FltMgr - ok
08:38:52.0278 3052 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:38:52.0294 3052 FontCache3.0.0.0 - ok
08:38:52.0341 3052 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:38:52.0356 3052 Fs_Rec - ok
08:38:52.0434 3052 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:38:52.0434 3052 Ftdisk - ok
08:38:52.0528 3052 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
08:38:52.0528 3052 GEARAspiWDM - ok
08:38:52.0669 3052 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:38:52.0669 3052 Gpc - ok
08:38:52.0903 3052 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:38:52.0903 3052 gupdate - ok
08:38:52.0919 3052 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:38:52.0919 3052 gupdatem - ok
08:38:52.0981 3052 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:38:52.0981 3052 HDAudBus - ok
08:38:53.0153 3052 helpsvc (1247f83b705af0e796330442f7967cf8) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:38:53.0153 3052 helpsvc - ok
08:38:53.0169 3052 HidServ - ok
08:38:53.0231 3052 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:38:53.0231 3052 HidUsb - ok
08:38:53.0309 3052 hkmsvc (17b3c3d40cdba40c2e331d28be4de27f) C:\WINDOWS\System32\kmsvc.dll
08:38:53.0309 3052 hkmsvc - ok
08:38:53.0309 3052 hpn - ok
08:38:53.0387 3052 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:38:53.0403 3052 HTTP - ok
08:38:53.0450 3052 HTTPFilter (bd31cface38d1800abdb43f4260af0d5) C:\WINDOWS\System32\w3ssl.dll
08:38:53.0450 3052 HTTPFilter - ok
08:38:53.0450 3052 i2omgmt - ok
08:38:53.0466 3052 i2omp - ok
08:38:53.0497 3052 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:38:53.0497 3052 i8042prt - ok
08:38:53.0794 3052 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:38:53.0825 3052 idsvc - ok
08:38:53.0934 3052 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:38:53.0934 3052 Imapi - ok
08:38:54.0028 3052 ImapiService (c4221678bbaa55239c23632875759961) C:\WINDOWS\system32\imapi.exe
08:38:54.0028 3052 ImapiService - ok
08:38:54.0044 3052 ini910u - ok
08:38:55.0559 3052 IntcAzAudAddService (8f924588c272fdaa28cf31a9bbc21a72) C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:38:56.0028 3052 IntcAzAudAddService - ok
08:38:56.0544 3052 IntelIde - ok
08:38:56.0653 3052 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:38:56.0669 3052 Ip6Fw - ok
08:38:56.0731 3052 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:38:56.0731 3052 IpFilterDriver - ok
08:38:56.0841 3052 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:38:56.0841 3052 IpInIp - ok
08:38:56.0934 3052 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:38:56.0950 3052 IpNat - ok
08:38:57.0341 3052 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
08:38:57.0372 3052 iPod Service - ok
08:38:57.0403 3052 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:38:57.0403 3052 IPSec - ok
08:38:57.0481 3052 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:38:57.0481 3052 IRENUM - ok
08:38:57.0559 3052 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:38:57.0559 3052 isapnp - ok
08:38:57.0794 3052 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
08:38:57.0794 3052 JavaQuickStarterService - ok
08:38:57.0841 3052 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:38:57.0841 3052 Kbdclass - ok
08:38:57.0887 3052 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:38:57.0887 3052 kmixer - ok
08:38:58.0122 3052 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:38:58.0153 3052 KSecDD - ok
08:38:58.0184 3052 lanmanserver (1db8078a32e03ac8f5eb5e6dcac2aa34) C:\WINDOWS\System32\srvsvc.dll
08:38:58.0216 3052 lanmanserver - ok
08:38:58.0278 3052 lanmanworkstation (ad54ead46d92f413be189aabc1c59490) C:\WINDOWS\System32\wkssvc.dll
08:38:58.0294 3052 lanmanworkstation - ok
08:38:58.0309 3052 lbrtfdc - ok
08:38:58.0387 3052 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
08:38:58.0387 3052 lirsgt - ok
08:38:58.0450 3052 LmHosts (0f357c079ac529a844ab5b18e4eef881) C:\WINDOWS\System32\lmhsvc.dll
08:38:58.0450 3052 LmHosts - ok
08:38:58.0528 3052 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
08:38:58.0544 3052 MBAMProtector - ok
08:38:58.0903 3052 MBAMService (ba400ed640bca1eae5c727ae17c10207) I:\Logiciels_installes\Malwarebytes' Anti-Malware\mbamservice.exe
08:38:58.0934 3052 MBAMService - ok
08:38:59.0028 3052 Messenger (e67a66a3781c1a483f0f8992664cbe0d) C:\WINDOWS\System32\msgsvc.dll
08:38:59.0044 3052 Messenger - ok
08:38:59.0106 3052 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:38:59.0106 3052 mnmdd - ok
08:38:59.0153 3052 mnmsrvc (d3a2870cd96cda7bcff3dc54f64087ad) C:\WINDOWS\system32\mnmsrvc.exe
08:38:59.0169 3052 mnmsrvc - ok
08:38:59.0231 3052 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
08:38:59.0231 3052 Modem - ok
08:38:59.0294 3052 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:38:59.0309 3052 Mouclass - ok
08:38:59.0372 3052 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:38:59.0372 3052 mouhid - ok
08:38:59.0481 3052 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:38:59.0497 3052 MountMgr - ok
08:38:59.0559 3052 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:38:59.0559 3052 MozillaMaintenance - ok
08:38:59.0575 3052 mraid35x - ok
08:38:59.0606 3052 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:38:59.0606 3052 MRxDAV - ok
08:38:59.0794 3052 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:38:59.0825 3052 MRxSmb - ok
08:38:59.0856 3052 MSDTC (8648d670ae0d95c95e7bbb5b80661796) C:\WINDOWS\system32\msdtc.exe
08:38:59.0856 3052 MSDTC - ok
08:38:59.0919 3052 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:38:59.0934 3052 Msfs - ok
08:38:59.0950 3052 MSIServer - ok
08:38:59.0981 3052 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:38:59.0981 3052 MSKSSRV - ok
08:38:59.0997 3052 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:38:59.0997 3052 MSPCLOCK - ok
08:39:00.0075 3052 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:39:00.0091 3052 MSPQM - ok
08:39:00.0169 3052 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:39:00.0184 3052 mssmbios - ok
08:39:00.0247 3052 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
08:39:00.0247 3052 MTsensor - ok
08:39:00.0309 3052 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:39:00.0309 3052 Mup - ok

coucou

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2012-06-12
Operating System : Windows XP

View user profile

Back to top Go down

PC infected by incredibal toolbar (end)

Post by coucou on Tue 12 Jun 2012, 5:49 pm

TDSSKiller Report (Part 2) :

= = = = =
08:39:00.0356 3052 napagent (69e4fbbabaeee1bff422e091da3171da) C:\WINDOWS\System32\qagentrt.dll
08:39:00.0387 3052 napagent - ok
08:39:00.0497 3052 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:39:00.0512 3052 NDIS - ok
08:39:00.0591 3052 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:39:00.0591 3052 NdisTapi - ok
08:39:00.0669 3052 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:39:00.0684 3052 Ndisuio - ok
08:39:00.0700 3052 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:39:00.0700 3052 NdisWan - ok
08:39:00.0809 3052 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:39:00.0809 3052 NDProxy - ok
08:39:00.0887 3052 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:39:00.0903 3052 NetBIOS - ok
08:39:01.0028 3052 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:39:01.0044 3052 NetBT - ok
08:39:01.0075 3052 NetDDE (5c9b1d83755b36237b70f95df3d46a52) C:\WINDOWS\system32\netdde.exe
08:39:01.0091 3052 NetDDE - ok
08:39:01.0122 3052 NetDDEdsdm (5c9b1d83755b36237b70f95df3d46a52) C:\WINDOWS\system32\netdde.exe
08:39:01.0122 3052 NetDDEdsdm - ok
08:39:01.0153 3052 Netlogon (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
08:39:01.0153 3052 Netlogon - ok
08:39:01.0216 3052 Netman (be0cb143fa427d93440ded18db8c918b) C:\WINDOWS\System32\netman.dll
08:39:01.0231 3052 Netman - ok
08:39:01.0497 3052 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:39:01.0497 3052 NetTcpPortSharing - ok
08:39:01.0606 3052 Nla (6f5f546a92c7b6ae45db1d6910781eb0) C:\WINDOWS\System32\mswsock.dll
08:39:01.0606 3052 Nla - ok
08:39:01.0606 3052 NPF - ok
08:39:01.0700 3052 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:39:01.0700 3052 Npfs - ok
08:39:01.0887 3052 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:39:01.0887 3052 Ntfs - ok
08:39:01.0887 3052 NtLmSsp (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
08:39:01.0903 3052 NtLmSsp - ok
08:39:02.0012 3052 NtmsSvc (037d92b3a7853a183fcab77fb1d13d6c) C:\WINDOWS\system32\ntmssvc.dll
08:39:02.0028 3052 NtmsSvc - ok
08:39:02.0091 3052 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:39:02.0091 3052 Null - ok
08:39:04.0544 3052 nv (5975814e3749b49d1dd4ca87a4b2d6a2) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:39:05.0216 3052 nv - ok
08:39:05.0528 3052 NVSvc (dfd4eeee83edaf7ffe6c26d8b8f566c2) C:\WINDOWS\system32\nvsvc32.exe
08:39:05.0544 3052 NVSvc - ok
08:39:05.0669 3052 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:39:05.0684 3052 NwlnkFlt - ok
08:39:05.0747 3052 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:39:05.0747 3052 NwlnkFwd - ok
08:39:05.0841 3052 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys
08:39:05.0841 3052 Parport - ok
08:39:05.0887 3052 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:39:05.0903 3052 PartMgr - ok
08:39:05.0966 3052 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
08:39:05.0966 3052 ParVdm - ok
08:39:06.0028 3052 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
08:39:06.0059 3052 PCI - ok
08:39:06.0075 3052 PCIDump - ok
08:39:06.0122 3052 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:39:06.0122 3052 PCIIde - ok
08:39:06.0153 3052 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:39:06.0153 3052 Pcmcia - ok
08:39:06.0169 3052 PDCOMP - ok
08:39:06.0184 3052 PDFRAME - ok
08:39:06.0200 3052 PDRELI - ok
08:39:06.0200 3052 PDRFRAME - ok
08:39:06.0216 3052 perc2 - ok
08:39:06.0216 3052 perc2hib - ok
08:39:06.0325 3052 PlugPlay (c3fb1d70cb88722267949694ba51759e) C:\WINDOWS\system32\services.exe
08:39:06.0341 3052 PlugPlay - ok
08:39:06.0403 3052 PolicyAgent (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
08:39:06.0403 3052 PolicyAgent - ok
08:39:06.0434 3052 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:39:06.0450 3052 PptpMiniport - ok
08:39:06.0544 3052 Processor (e19c9632ac828f6f214391e2bdda11cb) C:\WINDOWS\system32\DRIVERS\processr.sys
08:39:06.0559 3052 Processor - ok
08:39:06.0559 3052 ProtectedStorage (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
08:39:06.0575 3052 ProtectedStorage - ok
08:39:06.0606 3052 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:39:06.0606 3052 PSched - ok
08:39:06.0700 3052 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:39:06.0700 3052 Ptilink - ok
08:39:06.0825 3052 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:39:06.0825 3052 PxHelp20 - ok
08:39:06.0841 3052 ql1080 - ok
08:39:06.0856 3052 Ql10wnt - ok
08:39:06.0856 3052 ql12160 - ok
08:39:06.0856 3052 ql1240 - ok
08:39:06.0872 3052 ql1280 - ok
08:39:06.0887 3052 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:39:06.0887 3052 RasAcd - ok
08:39:07.0091 3052 RasAuto (78da9ccdac683ef5aa87d1c919f6d221) C:\WINDOWS\System32\rasauto.dll
08:39:07.0091 3052 RasAuto - ok
08:39:07.0106 3052 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:39:07.0106 3052 Rasl2tp - ok
08:39:07.0419 3052 RasMan (0a48df90b4784f9b90a2671af992c914) C:\WINDOWS\System32\rasmans.dll
08:39:07.0466 3052 RasMan - ok
08:39:07.0512 3052 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:39:07.0512 3052 RasPppoe - ok
08:39:07.0544 3052 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:39:07.0544 3052 Raspti - ok
08:39:07.0747 3052 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:39:07.0762 3052 Rdbss - ok
08:39:07.0794 3052 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:39:07.0794 3052 RDPCDD - ok
08:39:08.0216 3052 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:39:08.0231 3052 rdpdr - ok
08:39:08.0372 3052 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
08:39:08.0387 3052 RDPWD - ok
08:39:08.0434 3052 RDSessMgr (9f63d9c5b238ed1c375d417eff3d5be7) C:\WINDOWS\system32\sessmgr.exe
08:39:08.0481 3052 RDSessMgr - ok
08:39:08.0559 3052 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:39:08.0559 3052 redbook - ok
08:39:08.0622 3052 RemoteAccess (7da370c31673c99497bd07068ee6e354) C:\WINDOWS\System32\mprdim.dll
08:39:08.0637 3052 RemoteAccess - ok
08:39:08.0700 3052 RemoteRegistry (e598d81197e2e0ec42a0c55772bb00e8) C:\WINDOWS\system32\regsvc.dll
08:39:08.0716 3052 RemoteRegistry - ok
08:39:08.0778 3052 rpcapd - ok
08:39:08.0841 3052 RpcLocator (499c59a2584f6d4ea41e944da571d993) C:\WINDOWS\system32\locator.exe
08:39:08.0841 3052 RpcLocator - ok
08:39:09.0200 3052 RpcSs (0203b1aad358f206cb0a3c1f93cce17a) C:\WINDOWS\system32\rpcss.dll
08:39:09.0216 3052 RpcSs - ok
08:39:09.0247 3052 RSVP (414964844f4793acb868d057e8ed997e) C:\WINDOWS\system32\rsvp.exe
08:39:09.0278 3052 RSVP - ok
08:39:09.0325 3052 SamSs (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
08:39:09.0325 3052 SamSs - ok
08:39:09.0466 3052 SCardSvr (67949cc8a865296c1333c96a4e1a2d66) C:\WINDOWS\System32\SCardSvr.exe
08:39:09.0481 3052 SCardSvr - ok
08:39:09.0591 3052 Schedule (55f5c5c1be1a78e285033e432ba01597) C:\WINDOWS\system32\schedsvc.dll
08:39:09.0622 3052 Schedule - ok
08:39:09.0669 3052 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:39:09.0669 3052 Secdrv - ok
08:39:09.0716 3052 seclogon (5ac311c0af2af5ec221670bb8dc479d3) C:\WINDOWS\System32\seclogon.dll
08:39:09.0731 3052 seclogon - ok
08:39:09.0841 3052 SENS (3531366f38f453d08fe72e7b32dfe786) C:\WINDOWS\system32\sens.dll
08:39:09.0841 3052 SENS - ok
08:39:09.0887 3052 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:39:09.0887 3052 serenum - ok
08:39:09.0950 3052 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
08:39:09.0966 3052 Serial - ok
08:39:10.0028 3052 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:39:10.0028 3052 Sfloppy - ok
08:39:10.0122 3052 SharedAccess (f4ce708a7d17a625de6c0fd746d50e88) C:\WINDOWS\System32\ipnathlp.dll
08:39:10.0137 3052 SharedAccess - ok
08:39:10.0247 3052 ShellHWDetection (1b8542f338cdd86929a084a455837158) C:\WINDOWS\System32\shsvcs.dll
08:39:10.0262 3052 ShellHWDetection - ok
08:39:10.0278 3052 Simbad - ok
08:39:10.0294 3052 Sparrow - ok
08:39:10.0309 3052 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:39:10.0341 3052 splitter - ok
08:39:10.0450 3052 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:39:10.0450 3052 Spooler - ok
08:39:10.0512 3052 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
08:39:10.0512 3052 sr - ok
08:39:10.0684 3052 srservice (6ed29124a1c83bd0cf6b26bd01ca6f6f) C:\WINDOWS\system32\srsvc.dll
08:39:10.0716 3052 srservice - ok
08:39:10.0887 3052 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:39:10.0887 3052 Srv - ok
08:39:10.0934 3052 SSDPSRV (ea9e0db8684cef2fd3badd671df5a112) C:\WINDOWS\System32\ssdpsrv.dll
08:39:10.0966 3052 SSDPSRV - ok
08:39:11.0309 3052 stisvc (d76b0e8a4ecad1adcc75fd14a7acc54c) C:\WINDOWS\system32\wiaservc.dll
08:39:11.0341 3052 stisvc - ok
08:39:11.0481 3052 supdate (03f853fcb8535930bdcbfe2a160ab669) C:\Program Files\Software\Update\SoftwareUpdate.exe
08:39:11.0497 3052 supdate - ok
08:39:11.0544 3052 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:39:11.0575 3052 swenum - ok
08:39:11.0637 3052 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:39:11.0653 3052 swmidi - ok
08:39:11.0669 3052 SwPrv - ok
08:39:11.0669 3052 symc810 - ok
08:39:11.0684 3052 symc8xx - ok
08:39:11.0684 3052 sym_hi - ok
08:39:11.0700 3052 sym_u3 - ok
08:39:11.0731 3052 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:39:11.0731 3052 sysaudio - ok
08:39:11.0794 3052 SysmonLog (0899061318a6b1d9596aabfc77f45e44) C:\WINDOWS\system32\smlogsvc.exe
08:39:11.0809 3052 SysmonLog - ok
08:39:11.0919 3052 TapiSrv (8e5231171ad6595ff002e848cc54fcd7) C:\WINDOWS\System32\tapisrv.dll
08:39:11.0981 3052 TapiSrv - ok
08:39:12.0200 3052 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:39:12.0200 3052 Tcpip - ok
08:39:12.0262 3052 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:39:12.0294 3052 TDPIPE - ok
08:39:12.0372 3052 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:39:12.0372 3052 TDTCP - ok
08:39:12.0481 3052 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:39:12.0481 3052 TermDD - ok
08:39:12.0528 3052 TermService (710bc85a8c22626ee094439e3ea0d38c) C:\WINDOWS\System32\termsrv.dll
08:39:12.0575 3052 TermService - ok
08:39:12.0637 3052 Themes (1b8542f338cdd86929a084a455837158) C:\WINDOWS\System32\shsvcs.dll
08:39:12.0653 3052 Themes - ok
08:39:12.0684 3052 TlntSvr (d859a9d2f026ce5804485068ffd6eaf2) C:\WINDOWS\system32\tlntsvr.exe
08:39:12.0700 3052 TlntSvr - ok
08:39:12.0700 3052 TosIde - ok
08:39:12.0778 3052 TrkWks (e1a84a5067627407a53c2c4f8d8a1d2e) C:\WINDOWS\system32\trkwks.dll
08:39:12.0794 3052 TrkWks - ok
08:39:12.0841 3052 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:39:12.0841 3052 Udfs - ok
08:39:12.0856 3052 ultra - ok
08:39:12.0903 3052 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
08:39:12.0950 3052 UMWdf - ok
08:39:13.0075 3052 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
08:39:13.0091 3052 UnlockerDriver5 - ok
08:39:13.0278 3052 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:39:13.0294 3052 Update - ok
08:39:13.0497 3052 upnphost (bd8166a495b02308f364b36249475f22) C:\WINDOWS\System32\upnphost.dll
08:39:13.0512 3052 upnphost - ok
08:39:13.0544 3052 UPS (1edc93d7bd731b5ca6248ae245099b60) C:\WINDOWS\System32\ups.exe
08:39:13.0559 3052 UPS - ok
08:39:13.0637 3052 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:39:13.0637 3052 USBAAPL - ok
08:39:13.0700 3052 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:39:13.0700 3052 usbccgp - ok
08:39:13.0778 3052 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:39:13.0778 3052 usbehci - ok
08:39:13.0841 3052 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:39:13.0841 3052 usbhub - ok
08:39:13.0903 3052 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:39:13.0903 3052 usbohci - ok
08:39:13.0950 3052 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:39:13.0966 3052 usbprint - ok
08:39:13.0997 3052 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:39:13.0997 3052 usbscan - ok
08:39:14.0028 3052 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:39:14.0028 3052 usbstor - ok
08:39:14.0106 3052 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:39:14.0106 3052 VgaSave - ok
08:39:14.0106 3052 ViaIde - ok
08:39:14.0184 3052 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
08:39:14.0200 3052 VolSnap - ok
08:39:14.0341 3052 VSS (5a4da252b2c0550ab83d129c02cf6c19) C:\WINDOWS\System32\vssvc.exe
08:39:14.0372 3052 VSS - ok
08:39:14.0606 3052 W32Time (c1f726ee0b043b074a68992bc4aef8fd) C:\WINDOWS\system32\w32time.dll
08:39:14.0653 3052 W32Time - ok
08:39:14.0762 3052 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:39:14.0762 3052 Wanarp - ok
08:39:14.0778 3052 WDICA - ok
08:39:14.0934 3052 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:39:14.0981 3052 wdmaud - ok
08:39:15.0356 3052 Web Assistant Updater (cc86d2867eb393f1360beb6e7e1bf9dc) C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
08:39:15.0356 3052 Web Assistant Updater - ok
08:39:15.0419 3052 WebClient (714670e64fbe6d28d99871ed9a52a334) C:\WINDOWS\System32\webclnt.dll
08:39:15.0419 3052 WebClient - ok
08:39:15.0606 3052 winmgmt (5e9deae9980ff34bcd6dde2e9e2bf911) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:39:15.0606 3052 winmgmt - ok
08:39:15.0684 3052 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
08:39:15.0684 3052 WmdmPmSN - ok
08:39:15.0762 3052 Wmi (31c1fd0bbdc5b81c21edba4331edae55) C:\WINDOWS\System32\advapi32.dll
08:39:15.0778 3052 Wmi - ok
08:39:15.0841 3052 WmiApSrv (4e8e8a58f56b25d0795f484e5eb7f898) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:39:15.0856 3052 WmiApSrv - ok
08:39:15.0966 3052 wscsvc (c1fd85db4a80a98d60ecb7a828e77fe0) C:\WINDOWS\system32\wscsvc.dll
08:39:15.0981 3052 wscsvc - ok
08:39:16.0028 3052 wuauserv (75d6c5c3d2c93b1f9931e5dfb693ae2a) C:\WINDOWS\system32\wuauserv.dll
08:39:16.0028 3052 wuauserv - ok
08:39:16.0231 3052 WZCSVC (c336e54ee0c291a02f004667db1e66cb) C:\WINDOWS\System32\wzcsvc.dll
08:39:16.0247 3052 WZCSVC - ok
08:39:16.0309 3052 xmlprov (f92a87fdda0c11c8604fbc2b864fa726) C:\WINDOWS\System32\xmlprov.dll
08:39:16.0341 3052 xmlprov - ok
08:39:16.0372 3052 MBR (0x1B8) (7370eff8bd65e523a48a0c9ff9e4722a) \Device\Harddisk0\DR0
08:39:16.0919 3052 \Device\Harddisk0\DR0 - ok
08:39:16.0950 3052 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk1\DR1
08:39:17.0341 3052 \Device\Harddisk1\DR1 - ok
08:39:17.0372 3052 Boot (0x1200) (dd76c8c9c9310630824ddad7355ccd4a) \Device\Harddisk0\DR0\Partition0
08:39:17.0372 3052 \Device\Harddisk0\DR0\Partition0 - ok
08:39:17.0387 3052 Boot (0x1200) (90759710b5c7605c817bda3f89fe7ee3) \Device\Harddisk0\DR0\Partition1
08:39:17.0403 3052 \Device\Harddisk0\DR0\Partition1 - ok
08:39:17.0434 3052 Boot (0x1200) (7bf4199e7c10a57cc5005f6cc44cd9b2) \Device\Harddisk1\DR1\Partition0
08:39:17.0434 3052 \Device\Harddisk1\DR1\Partition0 - ok
08:39:17.0450 3052 Boot (0x1200) (7365e32e0013d18f6c8a088233ea0460) \Device\Harddisk1\DR1\Partition1
08:39:17.0450 3052 \Device\Harddisk1\DR1\Partition1 - ok
08:39:17.0466 3052 Boot (0x1200) (430d75f251fc3e7922ef35cdf99986b4) \Device\Harddisk1\DR1\Partition2
08:39:17.0466 3052 \Device\Harddisk1\DR1\Partition2 - ok
08:39:17.0481 3052 ============================================================
08:39:17.0481 3052 Scan finished
08:39:17.0481 3052 ============================================================
08:39:17.0497 3784 Detected object count: 0
08:39:17.0497 3784 Actual detected object count: 0
08:39:30.0387 3468 Deinitialize success

coucou

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2012-06-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: PC infected by incredibal toolbar (end)

Post by DragonMaster Jay on Wed 13 Jun 2012, 3:55 am

Hi

Were you able to get ComboFix to run as suggested?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: PC infected by incredibal toolbar (end)

Post by coucou on Wed 13 Jun 2012, 8:50 am

I read how to use ComboFix.

Now, I wait your suggestions to use appropriately this software.

coucou

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2012-06-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: PC infected by incredibal toolbar (end)

Post by DragonMaster Jay on Wed 13 Jun 2012, 10:04 am

Download ComboFix from here: [You must be registered and logged in to see this link.]

Run the program by double-clicking on it.

Once done, it will launch a log. Please post that.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: PC infected by incredibal toolbar (end)

Post by coucou on Wed 13 Jun 2012, 5:35 pm

ComboFix 12-06-12.03 - eric 13/06/2012 8:12.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.863 [GMT 2:00]
Lancé depuis: i:\túlúchargement_firefox\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\eric\Mes documents\pub353.tmp
c:\program files\Complitly
c:\program files\Complitly\chrome\ComplitlyChrome.crx
c:\program files\Complitly\FireFoxExtension.exe
c:\program files\Complitly\InstTracker.exe
c:\program files\Complitly\support@Complitly.com\chrome.manifest
c:\program files\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files\Complitly\support@Complitly.com\install.rdf
c:\program files\Complitly\unins000.dat
c:\program files\Complitly\unins000.exe
c:\program files\Mozilla Firefox\components\AskHPRFF.js
c:\program files\Web Assistant\ExTEnsion32.dll
c:\windows\CdaC13BA.EXE
c:\windows\CdaC14BA.DLL
c:\windows\jestertb.dll
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-05-13 au 2012-06-13 ))))))))))))))))))))))))))))))))))))
.
.
2012-06-11 14:55 . 2012-06-11 14:55 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-11 14:55 . 2012-06-11 14:55 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-11 14:39 . 2012-06-11 14:39 -------- d-----w- c:\documents and settings\eric\Application Data\DriverCure
2012-06-11 14:39 . 2012-06-11 14:39 -------- d-----w- c:\documents and settings\eric\Application Data\SpeedyPC Software
2012-06-11 14:38 . 2012-06-11 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-06-11 14:30 . 2012-06-11 14:30 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla
2012-06-10 20:20 . 2012-06-10 20:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Software
2012-06-10 13:28 . 2012-06-11 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\clp
2012-06-09 18:19 . 2012-06-09 18:19 -------- d-----w- c:\program files\Boxore
2012-06-09 18:19 . 2012-06-09 18:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Software
2012-06-09 18:19 . 2012-06-09 18:24 -------- d-----w- c:\documents and settings\eric\Local Settings\Application Data\Software
2012-06-09 18:19 . 2012-06-09 18:19 -------- d-----w- c:\program files\Software
2012-06-09 17:03 . 2012-06-10 20:23 -------- d-----w- C:\sh4ldr
2012-06-09 17:03 . 2012-06-09 17:03 -------- d-----w- c:\program files\Enigma Software Group
2012-06-09 17:03 . 2012-06-10 20:23 -------- d-----w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
2012-06-09 17:03 . 2012-06-09 17:03 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2012-06-09 13:32 . 2012-06-09 13:32 -------- d-----w- c:\documents and settings\eric\Application Data\Malwarebytes
2012-06-09 13:32 . 2012-06-09 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-09 13:32 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-09 12:57 . 2012-06-09 13:27 -------- d-----w- c:\documents and settings\eric\Application Data\GetRightToGo
2012-06-09 11:51 . 2012-06-09 12:09 -------- d-----w- c:\documents and settings\eric\Application Data\Eltima Software
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2004-08-05 12:00 606208 ----a-w- c:\windows\system32\crypt32.dll
2012-05-07 13:18 . 2012-05-07 13:18 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-07 13:18 . 2011-05-18 20:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:51 . 2004-08-04 00:49 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2004-08-05 12:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:51 . 2004-08-05 12:00 1862400 ----a-w- c:\windows\system32\win32k.sys
2012-06-11 14:55 . 2012-06-09 11:52 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-24 13524992]
"nwiz"="nwiz.exe" [2008-03-24 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-24 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Malwarebytes' Anti-Malware"="i:\logiciels_installes\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Boxore Client"="c:\program files\Boxore\BoxoreClient\boxore.exe" [2012-05-30 596688]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"i:\\Cygwin\\usr\\X11R6\\bin\\XWin.exe"=
"c:\\Program Files\\Anno 1701\\Anno1701.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"i:\\Kevin\\warhammer\\DOW2.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"i:\\WoW\\World of Warcraft\\Launcher.exe"=
"i:\\WoW\\World of Warcraft\\WoW-3.2.0-frFR-downloader.exe"=
"c:\\Program Files\\Western Digital\\WD Discovery Software\\WD Discovery.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\StealthNet\\stealthnet.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"i:\\Cygwin\\bin\\rsync.exe"=
"i:\\Cygwin\\bin\\[You must be registered and logged in to see this link.]
"i:\\WoW\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16000:TCP"= 16000:TCP:emule
"16001:UDP"= 16001:UDP:emule
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [15/09/2011 07:35 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/08/2008 10:59 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/08/2008 10:59 20696]
R2 MBAMService;MBAMService;i:\logiciels_installes\Malwarebytes' Anti-Malware\mbamservice.exe [09/06/2012 15:32 654408]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [09/06/2012 13:52 185856]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l150x86.sys [13/08/2008 21:43 35328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [09/06/2012 15:32 22344]
S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/07/2010 20:35 136176]
S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [05/08/2004 14:00 14336]
S2 supdate;Software Update Service (supdate);c:\program files\Software\Update\SoftwareUpdate.exe [09/06/2012 20:19 140080]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [07/05/2012 15:18 257696]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [06/07/2010 20:35 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [09/06/2012 13:52 113120]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [05/08/2004 14:00 14336]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - IPHLPSVC
*NewlyCreated* - WS2IFSL
.
Contenu du dossier 'Tâches planifiées'
.
2012-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 13:18]
.
2012-06-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 18:35]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 18:35]
.
2012-06-13 c:\windows\Tasks\SoftwareUpdateTaskMachineCore.job
- c:\program files\Software\Update\SoftwareUpdate.exe [2012-06-09 22:29]
.
2012-06-13 c:\windows\Tasks\SoftwareUpdateTaskMachineUA.job
- c:\program files\Software\Update\SoftwareUpdate.exe [2012-06-09 22:29]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Télécharger avec NetTransport - i:\logiciels_installes\NetTransport 2\NTAddLink.html
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Tout t&élécharger avec NetTransport - i:\logiciels_installes\NetTransport 2\NTAddList.html
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\k9rgartv.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - [You must be registered and logged in to see this link.]
FF - user.js: extensions.incredibar_i.id - 3c305281000000000000001fc6a4e463
FF - user.js: extensions.incredibar_i.instlDay - 15500
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:52
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8vtjjGlH
FF - user.js: extensions.incredibar_i.upn2n - 92824505451027105
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{336D0C35-8A85-403a-B9D2-65C292C39087} - (no file)
BHO-{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-RDesc - (no file)
AddRemove-CdaC13Ba - c:\windows\CdaC13BA.EXE
AddRemove-HijackThis - c:\docume~1\eric\LOCALS~1\Temp\01net\HijackThis.exe
AddRemove-Uninstall Presto! BizCard Fre - c:\program files\NewSoft\Presto! BizCard Fre\Uninst.isu
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files\Complitly\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-06-13 08:24
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(2432)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Heure de fin: 2012-06-13 08:29:27 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-06-13 06:29
.
Avant-CF: 51 769 249 792 octets libres
Après-CF: 53 286 440 960 octets libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="windows XP Professionnel" /default
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 413B2FF80B8F86BBC090FC760C6687D4

coucou

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2012-06-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: PC infected by incredibal toolbar (end)

Post by DragonMaster Jay on Thu 14 Jun 2012, 1:20 am

1. ComboFix re-run
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the box below into it:
    Code:
    killall::

    File::
    C:\Documents and Settings\eric\Bureau\trojankiller2103-setup.exe

    Folder::
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\GridinSoft

    DDS::
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q=
    FF - prefs.js: browser.startup.homepage - hxxp://Mystart.incredibar.com/mb124
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8vtjjGlH&loc=IB_TB&i=26&search=
    FF - user.js: extensions.incredibar_i.id - 3c305281000000000000001fc6a4e463
    FF - user.js: extensions.incredibar_i.instlDay - 15500
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:52
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6R8vtjjGlH
    FF - user.js: extensions.incredibar_i.upn2n - 92824505451027105
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10643
    FF - user.js: extensions.incredibar_i.ppd - 1

    Reboot::
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

2. Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

3. Post logs

Make sure to post these logs for my review:
  • ComboFix log
  • ESET Scan log

Also, let me know how your computer is running. Are you still using SpyHunter? DriverCure? SpeedUpMyPC?

Thanks!


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: PC infected by incredibal toolbar (end)

Post by coucou on Tue 19 Jun 2012, 12:13 am

Two days ago, I had to reboot my computer. The reboot was impossible because the file boot.ini was modified (I don't know the cause): the computer always restarted using the wrong operating system. I succeeded to fix the problem (Thanks Linux CD Live!).

Now, the PC seems to run fine.

About your questions :
I used only once SpyHunter but I don't like this software because I don't know the reliability of its analysis and it doesn't give any (free) help to remove threads.

I don't know DriverCure, SpeedUpMyPC.

Combofix Report :
= = = =
ComboFix 12-06-16.02 - eric 18/06/2012 13:12:46.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1231 [GMT 2:00]
Lancé depuis: i:\téléchargement_firefox\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-05-18 au 2012-06-18 ))))))))))))))))))))))))))))))))))))
.
.
2012-06-11 14:55 . 2012-06-11 14:55 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-11 14:55 . 2012-06-11 14:55 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-11 14:39 . 2012-06-11 14:39 -------- d-----w- c:\documents and settings\eric\Application Data\DriverCure
2012-06-11 14:39 . 2012-06-11 14:39 -------- d-----w- c:\documents and settings\eric\Application Data\SpeedyPC Software
2012-06-11 14:38 . 2012-06-11 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-06-11 14:30 . 2012-06-11 14:30 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla
2012-06-10 20:20 . 2012-06-10 20:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Software
2012-06-10 13:28 . 2012-06-11 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\clp
2012-06-09 18:19 . 2012-06-09 18:19 -------- d-----w- c:\program files\Boxore
2012-06-09 18:19 . 2012-06-09 18:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Software
2012-06-09 18:19 . 2012-06-09 18:24 -------- d-----w- c:\documents and settings\eric\Local Settings\Application Data\Software
2012-06-09 18:19 . 2012-06-09 18:19 -------- d-----w- c:\program files\Software
2012-06-09 17:03 . 2012-06-10 20:23 -------- d-----w- C:\sh4ldr
2012-06-09 17:03 . 2012-06-09 17:03 -------- d-----w- c:\program files\Enigma Software Group
2012-06-09 17:03 . 2012-06-10 20:23 -------- d-----w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
2012-06-09 17:03 . 2012-06-09 17:03 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2012-06-09 13:32 . 2012-06-09 13:32 -------- d-----w- c:\documents and settings\eric\Application Data\Malwarebytes
2012-06-09 13:32 . 2012-06-09 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-09 13:32 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-09 12:57 . 2012-06-09 13:27 -------- d-----w- c:\documents and settings\eric\Application Data\GetRightToGo
2012-06-09 11:51 . 2012-06-09 12:09 -------- d-----w- c:\documents and settings\eric\Application Data\Eltima Software
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 15:59 . 2012-05-07 13:18 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 15:59 . 2011-05-18 20:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 13:22 . 2004-08-05 12:00 606208 ----a-w- c:\windows\system32\crypt32.dll
2012-04-11 13:51 . 2004-08-04 00:49 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2004-08-05 12:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:51 . 2004-08-05 12:00 1862400 ----a-w- c:\windows\system32\win32k.sys
2012-06-11 14:55 . 2012-06-09 11:52 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-18 11:20 . 2012-06-18 11:20 16384 c:\windows\Temp\Perflib_Perfdata_250.dat
+ 2012-06-14 15:59 . 2012-06-14 15:59 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe
+ 2012-05-07 13:18 . 2012-06-14 15:59 257224 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-06-14 15:59 . 2012-06-14 15:59 9459912 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-24 13524992]
"nwiz"="nwiz.exe" [2008-03-24 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-24 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Malwarebytes' Anti-Malware"="i:\logiciels_installes\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Boxore Client"="c:\program files\Boxore\BoxoreClient\boxore.exe" [2012-05-30 596688]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"i:\\Cygwin\\usr\\X11R6\\bin\\XWin.exe"=
"c:\\Program Files\\Anno 1701\\Anno1701.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"i:\\Kevin\\warhammer\\DOW2.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"i:\\WoW\\World of Warcraft\\Launcher.exe"=
"i:\\WoW\\World of Warcraft\\WoW-3.2.0-frFR-downloader.exe"=
"c:\\Program Files\\Western Digital\\WD Discovery Software\\WD Discovery.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\StealthNet\\stealthnet.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"i:\\Cygwin\\bin\\rsync.exe"=
"i:\\Cygwin\\bin\\[You must be registered and logged in to see this link.]
"i:\\WoW\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16000:TCP"= 16000:TCP:emule
"16001:UDP"= 16001:UDP:emule
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [15/09/2011 07:35 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/08/2008 10:59 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/08/2008 10:59 20696]
R2 MBAMService;MBAMService;i:\logiciels_installes\Malwarebytes' Anti-Malware\mbamservice.exe [09/06/2012 15:32 654408]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [09/06/2012 13:52 185856]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l150x86.sys [13/08/2008 21:43 35328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [09/06/2012 15:32 22344]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/07/2010 20:35 136176]
S2 supdate;Software Update Service (supdate);c:\program files\Software\Update\SoftwareUpdate.exe [09/06/2012 20:19 140080]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [07/05/2012 15:18 257224]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [06/07/2010 20:35 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [09/06/2012 13:52 113120]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [05/08/2004 14:00 14336]
.
Contenu du dossier 'Tâches planifiées'
.
2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 15:59]
.
2012-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 18:35]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 18:35]
.
2012-06-18 c:\windows\Tasks\SoftwareUpdateTaskMachineCore.job
- c:\program files\Software\Update\SoftwareUpdate.exe [2012-06-09 22:29]
.
2012-06-18 c:\windows\Tasks\SoftwareUpdateTaskMachineUA.job
- c:\program files\Software\Update\SoftwareUpdate.exe [2012-06-09 22:29]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Télécharger avec NetTransport - i:\logiciels_installes\NetTransport 2\NTAddLink.html
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Tout t&élécharger avec NetTransport - i:\logiciels_installes\NetTransport 2\NTAddList.html
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\eric\Application Data\Mozilla\Firefox\Profiles\11x7qntj.default-1339665467390\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{336D0C35-8A85-403a-B9D2-65C292C39087} - (no file)
BHO-{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-06-18 13:21
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(2200)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Heure de fin: 2012-06-18 13:28:00 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-06-18 11:27
ComboFix2.txt 2012-06-13 06:29
.
Avant-CF: 50 449 068 032 octets libres
Après-CF: 50 269 515 776 octets libres
.
- - End Of File - - E764ECFABBCCD7F93BC42B85F6160AB8

= = = =
ESET Report :

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=abf2d70b3a436e4ea6a839e8da77cff1
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-12 10:19:06
# local_time=2011-04-13 12:19:06 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1036
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 12703572 12703572 0 0
# compatibility_mode=8192 67108863 100 0 100 100 0 0
# scanned=430202
# found=1
# cleaned=1
# scan_time=5471
I:\Logiciels_installes\VDownloader\vdownloader_setup.exe une variante probable de Win32/Agent.ILZCTEN cheval de troie (supprimé - mis en quarantaine) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=abf2d70b3a436e4ea6a839e8da77cff1
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-13 01:29:06
# local_time=2011-04-13 03:29:06 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1036
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 12758310 12758310 0 0
# compatibility_mode=8192 67108863 100 0 54838 54838 0 0
# scanned=430285
# found=0
# cleaned=0
# scan_time=5370
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=abf2d70b3a436e4ea6a839e8da77cff1
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-04 10:07:06
# local_time=2012-06-04 12:07:06 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 48862137 48862137 0 0
# compatibility_mode=8192 67108863 100 0 36155065 36155065 0 0
# scanned=291739
# found=1
# cleaned=1
# scan_time=4583
I:\Téléchargement_Firefox\unlocker_unlocker_1.9.1_32_bits_francais_20237.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=abf2d70b3a436e4ea6a839e8da77cff1
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-09 02:31:23
# local_time=2012-06-09 04:31:23 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 49305701 49305701 0 0
# compatibility_mode=8192 67108863 100 0 36602229 36602229 0 0
# scanned=291782
# found=0
# cleaned=0
# scan_time=5277
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=abf2d70b3a436e4ea6a839e8da77cff1
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-18 12:53:24
# local_time=2012-06-18 02:53:24 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 50078239 50078239 0 0
# compatibility_mode=8192 67108863 100 0 37378367 37378367 0 0
# scanned=297451
# found=5
# cleaned=5
# scan_time=4459
C:\Documents and Settings\eric\Bureau\trojankiller2103-setup.exe a variant of Win32/1AntiVirus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C5E20A3C-C1E7-4A3D-A449-2EA9606AC7CB}\RP1511\A0132592.exe a variant of Win32/1AntiVirus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
I:\Logiciels_installes\GridinSoft Trojan Killer\trojankiller.exe a variant of Win32/1AntiVirus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
I:\Téléchargement_Firefox\gtk2121-setup.exe a variant of Win32/1AntiVirus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
I:\Téléchargement_Firefox\SoftonicDownloader_pour_trojan-killer.exe Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

coucou

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2012-06-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: PC infected by incredibal toolbar (end)

Post by DragonMaster Jay on Tue 19 Jun 2012, 2:04 am

Let's see what we can find with this, please:

Please run Panda ActiveScan online scan.

  • Choose Quick Scan then click the big green Scan now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Once the scan is completed, please hit the notepad icon next to the text Export to:
  • Save it to a convenient location such as your Desktop
  • Post the contents of the ActiveScan.txt in your next reply


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: PC infected by incredibal toolbar (end)

Post by coucou on Tue 19 Jun 2012, 7:08 am

When Panda Active Scan (portable version) finished, I didn' find "export to".
It said that it found 5 malwares and 1 suspicious, it cleaned them but didn't give me their names.
I expected that a log was created but it displayed no other information.

coucou

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2012-06-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: PC infected by incredibal toolbar (end)

Post by DragonMaster Jay on Tue 19 Jun 2012, 8:47 pm

How is the computer running overall?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: PC infected by incredibal toolbar (end)

Post by coucou on Tue 19 Jun 2012, 10:14 pm

The computer runs fine even though I don't understand why: every time you tell me to launch a new software, this one finds new threats (as Panda).

Thank you for your help.

If you need other information or other experimentations, you're welcome.

coucou

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2012-06-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: PC infected by incredibal toolbar (end)

Post by DragonMaster Jay on Thu 21 Jun 2012, 10:44 pm

If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran TFC
  • Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: PC infected by incredibal toolbar (end)

Post by DragonMaster Jay on Sun 01 Jul 2012, 7:00 am

Are you still with us? Please update us on your situation.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: PC infected by incredibal toolbar (end)

Post by coucou on Wed 01 Aug 2012, 2:30 am

I hope you will excuse my lateness (too much work!)

I made a Cleaned System Restore, ran OTC/TFC/Security Check.

The Security Check report is here :
= = = =
Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
CCleaner
Duplicate Cleaner 2.1b
Java(TM) 6 Update 33
Java(TM) 6 Update 7
Sun Java Runtime Environment and JMF
Java version out of Date!
Adobe Flash Player 11.3.300.268
Mozilla Firefox (14.0.1)
Mozilla Thunderbird (14.0.)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 17% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

My computer seems to run fine.

Thank you


coucou

Newbie Surfer
Newbie Surfer

Posts : 13
Joined : 2012-06-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: PC infected by incredibal toolbar (end)

Post by DragonMaster Jay on Thu 02 Aug 2012, 5:18 am

Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: PC infected by incredibal toolbar (end)

Post by Sponsored content Today at 4:40 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum