Oxygène PC

Astuces, Sécurité & Aide informatique

fenetres Internet intempestives qui s'ouvrent toutes seules

Votre PC est infecté par un troyen, un virus, un spyware ? Vous souhaitez vous débarasser de barres d'outils indésirables ou venir à bout de la publicité intempestive ? C'est ici que vous devez poster vos logs HijackThis et autres rapports pour analyse.

Modérateurs: Modérateurs, Visiteurs Sécu

fenetres Internet intempestives qui s'ouvrent toutes seules

Messagepar oxygene » Dim 20 Fév 2011 05:05

Bonjour,

J'ai un problème, des fenetres internet de pub s'ouvrent de manière intempestives toutes seules.
Après avoir fait qlqs recherches sur les forums qui traitent le sujet j'ai installé le programme Lop S&D.
Une fois installé sur mon bureau, je l'ai ouvert, choisi la langue et ensuite exécuté l'option 1 "recherche".
Quelqu'un pourrait m'aider pour la suite de la démarche s.v.p?? Merci
Voici le rapport de Lop S&D :

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows 7 Home Premium ( v6.1.7600 )
X86-based PC ( Multiprocessor Free : Pentium(R) Dual-Core CPU T4300 @ 2.10GHz )
BIOS : Phoenix SecureCore(tm) NB Version 05JD.M017.20100325.KSJ
USER : Simone ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:141 Go (Free:102 Go)
D:\ (Local Disk) - NTFS - Total:141 Go (Free:6 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( zo 20/02/2011| 4:03 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[11/10/2010|17:48] C:\Users\Simone\AppData\Local\Adobe
[16/09/2010|02:00] C:\Users\Simone\AppData\Local\Application Data
[03/11/2010|11:58] C:\Users\Simone\AppData\Local\assembly
[19/02/2011|19:55] C:\Users\Simone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[18/01/2011|22:26] C:\Users\Simone\AppData\Local\Diagnostics
[11/10/2010|16:30] C:\Users\Simone\AppData\Local\eMule
[11/10/2010|17:41] C:\Users\Simone\AppData\Local\GDIPFONTCACHEV1.DAT
[16/09/2010|02:00] C:\Users\Simone\AppData\Local\Geschiedenis
[15/09/2010|20:37] C:\Users\Simone\AppData\Local\Google
[11/10/2010|17:42] C:\Users\Simone\AppData\Local\HP
[20/02/2011|03:37] C:\Users\Simone\AppData\Local\IconCache.db
[12/01/2011|15:05] C:\Users\Simone\AppData\Local\Microsoft
[20/10/2010|15:19] C:\Users\Simone\AppData\Local\Microsoft Games
[15/09/2010|20:03] C:\Users\Simone\AppData\Local\Microsoft Help
[19/02/2011|20:17] C:\Users\Simone\AppData\Local\Mozilla
[03/11/2010|11:58] C:\Users\Simone\AppData\Local\networker
[15/09/2010|20:13] C:\Users\Simone\AppData\Local\Power2Go
[20/02/2011|04:01] C:\Users\Simone\AppData\Local\Temp
[16/09/2010|02:00] C:\Users\Simone\AppData\Local\Temporary Internet Files
[16/09/2010|02:00] C:\Users\Simone\AppData\Local\VirtualStore
[3|bestand(en)] C:\Users\Simone\AppData\Local\bytes
[19|map(pen)] C:\Users\Simone\AppData\Local\bytes beschikbaar

--------------------\\ Tâches planifiées dans C:\windows\tasks

[20/02/2011 03:38][--ah-----] C:\windows\tasks\SA.DAT
[14/02/2011 16:29][--a------] C:\windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[30/12/2009|05:37] C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[30/12/2009|05:36] C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
[30/12/2009|05:33] C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[30/12/2009|05:37] C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
[30/12/2009|05:32] C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[30/12/2009|05:35] C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[16/09/2010|02:01] C:\ProgramData\Adobe
[03/11/2010|11:37] C:\ProgramData\Alwil Software
[14/07/2009|05:53] C:\ProgramData\Application Data
[16/09/2010|20:53] C:\ProgramData\CyberLink
[14/07/2009|05:53] C:\ProgramData\Desktop
[14/07/2009|05:53] C:\ProgramData\Documents
[11/10/2010|15:58] C:\ProgramData\eMule
[10/10/2010|20:38] C:\ProgramData\ezsidmv.dat
[14/07/2009|05:53] C:\ProgramData\Favorites
[17/08/2009|05:56] C:\ProgramData\FullRemove.exe
[20/10/2010|13:59] C:\ProgramData\Go Go Gourmet
[26/01/2011|10:12] C:\ProgramData\HP
[11/10/2010|17:07] C:\ProgramData\HP Product Assistant
[11/10/2010|17:16] C:\ProgramData\hpzinstall.log
[25/10/2010|17:06] C:\ProgramData\Installations
[03/11/2010|11:18] C:\ProgramData\McAfee
[29/09/2010|21:07] C:\ProgramData\Microsoft
[02/10/2010|12:41] C:\ProgramData\Microsoft Help
[01/10/2010|16:09] C:\ProgramData\Office Genuine Advantage
[16/09/2010|15:16] C:\ProgramData\Partner
[20/11/2010|16:36] C:\ProgramData\PC Suite
[30/12/2009|06:00] C:\ProgramData\SAMSUNG
[30/12/2009|05:47] C:\ProgramData\SiteAdvisor
[10/10/2010|20:37] C:\ProgramData\Skype
[19/02/2011|21:43] C:\ProgramData\Spybot - Search & Destroy
[14/07/2009|05:53] C:\ProgramData\Start Menu
[15/09/2010|20:43] C:\ProgramData\Sun
[20/10/2010|14:24] C:\ProgramData\Temp
[14/07/2009|05:53] C:\ProgramData\Templates
[11/10/2010|17:16] C:\ProgramData\WEBREG
[24/09/2010|18:21] C:\ProgramData\WinClon
[9|bestand(en)] C:\ProgramData\bytes
[30|map(pen)] C:\ProgramData\bytes beschikbaar

--------------------\\ Listing des dossiers dans C:\Program Files

[16/09/2010|02:01] C:\Program Files\Adobe
[03/11/2010|11:37] C:\Program Files\Alwil Software
[30/12/2009|05:38] C:\Program Files\AnyPC Client
[30/12/2009|05:29] C:\Program Files\Atheros Client Installation Program
[19/02/2011|21:41] C:\Program Files\Common Files
[15/09/2010|20:11] C:\Program Files\CyberLink
[20/11/2010|16:36] C:\Program Files\DIFX
[17/09/2010|20:57] C:\Program Files\DVD Maker
[11/10/2010|15:58] C:\Program Files\eMule
[06/02/2011|22:47] C:\Program Files\FoxTabVideoConverter
[23/11/2010|07:43] C:\Program Files\HP
[03/11/2010|12:19] C:\Program Files\InstallPedia
[15/09/2010|20:12] C:\Program Files\InstallShield Installation Information
[30/12/2009|05:26] C:\Program Files\Intel
[10/02/2011|20:35] C:\Program Files\Internet Explorer
[15/09/2010|20:44] C:\Program Files\JRE
[30/12/2009|05:27] C:\Program Files\Marvell
[01/10/2010|13:39] C:\Program Files\Microsoft
[30/12/2009|23:00] C:\Program Files\Microsoft Games
[02/10/2010|12:40] C:\Program Files\Microsoft Office
[15/09/2010|20:07] C:\Program Files\Microsoft Office Suite Activation Assistant
[25/12/2010|15:05] C:\Program Files\Microsoft Silverlight
[15/09/2010|20:09] C:\Program Files\Microsoft SQL Server Compact Edition
[16/12/2010|21:55] C:\Program Files\Microsoft Works
[25/10/2010|21:57] C:\Program Files\Microsoft.NET
[19/02/2011|20:17] C:\Program Files\Mozilla Firefox
[14/07/2009|05:52] C:\Program Files\MSBuild
[12/10/2010|21:37] C:\Program Files\MSXML 4.0
[20/11/2010|16:36] C:\Program Files\Nokia
[03/11/2010|12:13] C:\Program Files\OpenOffice.org 3
[20/11/2010|16:36] C:\Program Files\PC Connectivity Solution
[30/12/2009|05:48] C:\Program Files\Phoenix Technologies Ltd
[30/12/2009|05:27] C:\Program Files\Realtek
[14/07/2009|05:52] C:\Program Files\Reference Assemblies
[30/12/2009|05:40] C:\Program Files\Samsung
[19/02/2011|21:43] C:\Program Files\Skype
[19/02/2011|21:30] C:\Program Files\Spybot - Search & Destroy
[30/12/2009|05:29] C:\Program Files\Synaptics
[30/12/2009|05:27] C:\Program Files\Temp
[14/07/2009|05:53] C:\Program Files\Uninstall Information
[13/11/2010|16:00] C:\Program Files\Van Dale
[20/02/2011|01:28] C:\Program Files\VideoLAN
[17/09/2010|20:57] C:\Program Files\Windows Defender
[17/09/2010|20:57] C:\Program Files\Windows Journal
[16/09/2010|20:41] C:\Program Files\Windows Live
[15/09/2010|20:08] C:\Program Files\Windows Live SkyDrive
[16/12/2010|23:17] C:\Program Files\Windows Mail
[13/10/2010|06:09] C:\Program Files\Windows Media Player
[14/07/2009|05:52] C:\Program Files\Windows NT
[17/09/2010|20:57] C:\Program Files\Windows Photo Viewer
[14/07/2009|05:52] C:\Program Files\Windows Portable Devices
[17/09/2010|20:57] C:\Program Files\Windows Sidebar
[20/02/2011|01:17] C:\Program Files\WinRAR
[0|bestand(en)] C:\Program Files\bytes
[55|map(pen)] C:\Program Files\bytes beschikbaar

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[16/09/2010|02:01] C:\Program Files\Common Files\Adobe
[30/12/2009|05:36] C:\Program Files\Common Files\CyberLink
[11/10/2010|17:05] C:\Program Files\Common Files\Hewlett-Packard
[11/10/2010|17:05] C:\Program Files\Common Files\HP
[30/12/2009|05:26] C:\Program Files\Common Files\InstallShield
[03/11/2010|11:18] C:\Program Files\Common Files\McAfee
[02/10/2010|12:40] C:\Program Files\Common Files\microsoft shared
[30/12/2009|05:40] C:\Program Files\Common Files\Samsung
[14/07/2009|03:37] C:\Program Files\Common Files\Services
[10/10/2010|20:37] C:\Program Files\Common Files\Skype
[14/07/2009|03:37] C:\Program Files\Common Files\SpeechEngines
[19/02/2011|21:41] C:\Program Files\Common Files\SWF Studio
[17/09/2010|20:57] C:\Program Files\Common Files\System
[15/09/2010|20:07] C:\Program Files\Common Files\Windows Live
[0|bestand(en)] C:\Program Files\Common Files\bytes
[16|map(pen)] C:\Program Files\Common Files\bytes beschikbaar

--------------------\\ Process

( 79 Processes )

iexplore.exe ~ [PID:4944]
iexplore.exe ~ [PID:4968]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 04:03:21
Windows 6.1.7600 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Simone\Music\Snow Patrol\A Hundred Million Suns\Crack the Shutters.mp3
C:\Users\Simone\Videos\Ma musique\Snow Patrol\A Hundred Million Suns\Crack the Shutters.mp3


[F:1527][D:59]-> C:\Users\Simone\AppData\Local\Temp
[F:108][D:1]-> C:\Users\Simone\AppData\Roaming\MICROS~1\Windows\Cookies
[F:834][D:5]-> C:\Users\Simone\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:20][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - zo 20/02/2011| 4:03 - Option : [1]

--------------------\\ Fin du rapport a 4:03:42
[ UAC => 1 ]
oxygene
 
Messages: 1
Enregistré le: Dim 20 Fév 2011 04:32

Re: fenetres Internet intempestives qui s'ouvrent toutes seu

Messagepar TopXm » Mar 22 Fév 2011 15:49

Salut et bienvenue :)

A première vue ce n'est pas une infection Lop. On va essayer autre chose :)

:arrow: Télécharge Malwarebytes Anti-Malware et enregistre le sur ton disque dur.

  • Installe le. Avant de cliquer sur Terminer veille à ce que les 2 cases Mettre à jour Malwarebytes anti-malware et Exécuter Malwarebytes anti-malware soient bien cochées.
    Le logiciel va se mettre à jour puis la page principale va s'afficher.
  • Coche la case Exécuter un examen rapide puis clique sur Rechercher.
  • A la fin du scan, clique sur Afficher les résultats.
  • Clique alors sur Supprimer la sélection.
  • Le rapport de scan va s'afficher. Copie-colle tout son contenu dans ta prochaine réponse.

    :att: Si le programme te propose de redémarrer l'ordinateur, accepte! Tu pourras ensuite retrouver le rapport dans l'onglet Rapports/Log du logiciel.
    Si au redémarrage Windows te dit qu'il a bloqué certains programmes de démarrage, clique sur la bulle puis sur Exécuter les programmes bloqués/Malwarebytes Anti-Malware.

Puis

:arrow: Télécharge OTL de OldTimer et enregistre le sur ton bureau.
Ferme toutes les fenêtres de tous les logiciels en cours d'exécution.

  • Si tu es sous Seven ou Vista, Clique droit sur OTL.exe et choisis Exécuter en tant qu'administrateur.
    Si tu es sous XP, Double-clique sur OTL.exe

  • Paramètre le logiciel de la façon suivante:

    1. Tout en haut de la fenêtre, coche Tous les utilisateurs.
    2. Sous Rapport, coche Rapport Standard
    3. Sous Registre approfondi, coche Avec liste blanche
    4. Enfin coche la case Recherche Lop

      Image


  • Clique ensuite sur Analyse. Laisse l'outil travailler sans l'interrompre.

  • A la fin du scan un rapport va s'ouvrir à l'écran: OTL.txt.
    Sélectionne tout son contenu et copie-colle le dans ta prochaine réponse.

    Un autre rapport se nommant Extras.txt sera visible dans ta barre des tâches. Poste le en pièce jointe dans ta prochaine réponse.

Image
Avatar de l’utilisateur
TopXm
Modérateur
 
Messages: 379
Enregistré le: Lun 8 Sep 2008 12:29

Re: fenetres Internet intempestives qui s'ouvrent toutes seu

Messagepar TopXm » Mar 1 Mar 2011 09:24

Réponse envoyé via Mail :

Bonjour,

J'ai suivi ce que vous disiez sur l'un des forums: Malwarebytes'
Anti-Malware + OTL. et voici les différents posts. Que dois-je faire maintenant svp?

---------------------------------------------------------

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Version de la base de données: 5883

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26/02/2011 14:18:48
mbam-log-2011-02-26 (14-18-48).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 166273
Temps écoulé: 5 minute(s), 2 seconde(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 24

Processus mémoire infecté(s):
c:\Users\Margot\AppData\Local\Temp\Bqz.exe (Trojan.Agent) -> 3244 -> Unloaded process successfully.
c:\Users\Margot\AppData\Local\Temp\Bq2.exe (Trojan.Agent) -> 2244 -> Unloaded process successfully.

Module(s) mémoire infecté(s):
c:\Users\Margot\AppData\Local\helpila.dll (Trojan.Hiloti.Gen) -> Delete on reboot.

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754}
(Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
(Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HLTCDMS83A
(Trojan.Agent) -> Value: HLTCDMS83A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mdivoletu
(Trojan.Hiloti.Gen) -> Value: Mdivoletu -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CE8SIIFGSU
(Trojan.Agent) -> Value: CE8SIIFGSU -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\Users\Margot\AppData\Local\Temp\Bqz.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Margot\AppData\Local\helpila.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
c:\Users\Margot\AppData\Local\Temp\Bq2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Margot\AppData\Local\Temp\Bq5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\BAR192A.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\BAR1D49.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\BAR2F8D.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\BAR40D3.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\BAR48E1.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\BAR4AD7.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\BAR4AE4.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\BAR4C3.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\BAR6144.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\BAR6BAA.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\BAR7B3B.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\BARAFC1.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\BARDFB4.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\BARE33A.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\BARE472.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\BARF119.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
c:\Users\Margot\local settings\helpila.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
c:\Users\Margot\local settings\application data\helpila.dll
(Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job
(Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job
(Trojan.FakeAlert) -> Quarantined and deleted successfully.

-------------------------------------------------------------

OTL logfile created on: 26/02/2011 14:23:59 - Run 1
OTL by OldTimer - Version 3.2.22.0 Folder = C:\Users\Margot\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format:
dd/MM/yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 104,53 Gb Free Space | 44,89% Space Free
| Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 225,85 Gb Free Space | 97,14% Space Free
| Partition Type: NTFS

Computer Name: MON_TOSH | User Name: Margot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name
Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/26 14:23:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Margot\Desktop\OTL.exe PRC - [2011/01/10 17:06:40 | 000,491,992 | ---- | M] (TomTom) -- C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe PRC - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/11/03 01:24:58 | 000,257,440 | R--- | M] (Adobe Systems, Inc.)
-- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\msksrver.exe PRC - [2009/08/11 11:37:50 | 002,446,648 | ---- | M] (TOSHIBA CORPORATION.)
-- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION)
-- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 19:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION)
-- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/07/13 15:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION)
-- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION)
-- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking
Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/23 09:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/01/13 20:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION)
-- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe


========== Modules (SafeList) ==========

MOD - [2011/02/26 14:23:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Margot\Desktop\OTL.exe MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft
Corporation) --
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/01/23 09:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL
Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV:64bit: - [2009/11/25 00:51:21 | 000,254,040 | ---- | M] (ALWIL
Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV:64bit: - [2009/11/25 00:48:48 | 000,352,920 | ---- | M] (ALWIL
Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV:64bit: - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL
Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV:64bit: - [2009/08/27 13:38:22 | 000,251,760 | ---- | M] (TOSHIBA
Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2009/08/05 14:20:12 | 000,488,800 | ---- | M] (TOSHIBA
Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2009/08/04 11:15:06 | 000,826,224 | ---- | M] (TOSHIBA
Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2009/08/03 17:17:56 | 000,137,560 | ---- | M] (TOSHIBA
Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2009/07/29 23:54:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/07/28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA
Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe --
(TODDSrv)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2010/09/30 22:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft
Corporation) [Auto | Stopped] --
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe --
(clr_optimization_v4.0.30319_32)
SRV - [2009/11/04 16:47:32 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe --
(McShield)
SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon) SRV - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2009/10/28 11:50:32 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe -- (McODS) SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe --
(MSK80Service)
SRV - [2009/08/17 10:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2009/08/10 19:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2009/08/06 15:02:50 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe --
(TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) SRV - [2009/07/14 19:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service) SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
-- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe --
(McNASvc)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft
Corporation) [Disabled | Stopped] --
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe --
(clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking
Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2009/01/23 09:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/11/25 00:50:05 | 000,022,096 | ---- | M] (ALWIL
Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2009/11/25 00:49:56 | 000,065,616 | ---- | M] (ALWIL
Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2009/11/04 16:54:06 | 000,308,296 | ---- | M] (McAfee,
Inc.) [Kernel | System | Running] --
C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2009/11/04 16:54:06 | 000,102,472 | ---- | M] (McAfee,
Inc.) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2009/11/04 16:54:06 | 000,049,480 | ---- | M] (McAfee,
Inc.) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk) DRV:64bit: - [2009/11/04 16:47:38 | 000,040,904 | ---- | M] (McAfee,
Inc.) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk) DRV:64bit: - [2009/08/26 18:11:12 | 000,942,080 | ---- | M] (Realtek
Semiconductor Corporation ) [Kernel | On_Demand |
Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se) DRV:64bit: - [2009/07/30 20:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA
Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009/07/30 17:46:22 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/07/30 12:07:12 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/07/24 15:57:08 | 000,482,384 | ---- | M] (TOSHIBA
Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2009/07/20 17:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA
Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI
Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise
Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA
Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009/06/20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/06/19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA
Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof
-- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/04 17:54:36 | 000,408,600 | ---- | M] (Intel
Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/05/22 21:52:30 | 000,215,040 | ---- | M] (Realtek
) [Kernel | On_Demand | Running]
-- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/05/20 18:04:56 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009/04/09 13:23:02 | 000,176,144 | ---- | M] (McAfee,
Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys
-- (MPFP)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings: "ProxyEnable" = 0



IE -
HKU\S-1-5-21-2688541955-1582566888-2182100360-1000\SOFTWARE\Microsoft\Internet
Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\S-1-5-21-2688541955-1582566888-2182100360-1000\..\URLSearchHook:
{a65e491f-a436-4952-b49a-b24ed99a0f67} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-2688541955-1582566888-2182100360-1000\Software\Microsoft\Windows\CurrentVersion\Internet
Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Tom's Guide France Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "Tom's Guide France Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems:
{B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems:
{a65e491f-a436-4952-b49a-b24ed99a0f67}:3.3.0.19

FF -
HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}:
C:\Program Files (x86)\McAfee\SiteAdvisor [2010/03/14 17:14:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components:
C:\Program Files (x86)\Mozilla Firefox\components [2010/04/11 22:35:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins:
C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/04 21:44:46 | 000,000,000 | ---D | M]

[2010/04/11 22:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Margot\AppData\Roaming\mozilla\Extensions
[2011/02/25 23:20:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Margot\AppData\Roaming\mozilla\Firefox\Profiles\glh9zkyt.default\extensions
[2011/02/04 21:40:26 | 000,000,000 | ---D | M] (Tom's Guide France Community Toolbar) -- C:\Users\Margot\AppData\Roaming\mozilla\Firefox\Profiles\glh9zkyt.default\extensions\{a65e491f-a436-4952-b49a-b24ed99a0f67}
[2011/02/04 21:44:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/14 17:14:17 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2010/04/01 18:07:29 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/01 18:07:29 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/01 18:07:29 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/01 18:07:29 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/01 18:07:29 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll () O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll (McAfee, Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB}
- c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) -
{53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF}
- c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll () O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 -
HKU\S-1-5-21-2688541955-1582566888-2182100360-1000\..\Toolbar\WebBrowser:
(no name) - {A65E491F-A436-4952-B49A-B24ED99A0F67} - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe
(TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices,
Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA
Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2688541955-1582566888-2182100360-1000..\Run: [Gsrbad] C:\Users\Margot\AppData\Local\Temp\12520850L.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2688541955-1582566888-2182100360-1000..\Run:
[MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-21-2688541955-1582566888-2182100360-1000..\Run: [Oohgyuwcd] C:\Users\Margot\AppData\Roaming\12520850L.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:
ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:
ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebook.com/controls/200 ... ader55.cab
(Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key
error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll () O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll () O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet -
(SystemPropertiesPerformance.exe) -
C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft
Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/26 14:23:01 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Margot\Desktop\OTL.exe
[2011/02/26 14:13:08 | 000,000,000 | ---D | C] -- C:\Users\Margot\AppData\Roaming\Malwarebytes
[2011/02/26 14:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes'
Anti-Malware
[2011/02/26 14:13:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
-- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/02/26 14:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/26 14:13:01 | 000,024,152 | ---- | C] (Malwarebytes Corporation)
-- C:\Windows\SysNative\drivers\mbam.sys
[2011/02/26 14:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/02/22 21:21:34 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/02/22 21:21:34 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/22 21:21:34 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/02/22 21:21:34 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/02/21 23:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Remover
[2011/02/21 23:20:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/02/21 07:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/02/21 07:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/02/21 07:24:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011/02/20 19:04:38 | 000,076,288 | RHS- | C] (Microsoft Corporation) -- C:\Users\Margot\AppData\Roaming\12520850L.dll
[2011/02/18 22:23:23 | 000,000,000 | ---D | C] -- C:\Users\Margot\AppData\Roaming\WebcamMax
[2011/02/18 22:22:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebcamMax
[2011/02/13 19:08:50 | 000,000,000 | ---D | C] -- C:\Users\Margot\AppData\Local\TomTom
[2011/02/13 19:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2011/02/13 19:08:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V
[2011/02/13 19:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyTomTom 3
[2011/02/09 22:37:15 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/02/09 22:37:14 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/02/09 22:37:14 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/02/09 22:37:14 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/02/09 22:37:14 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/02/09 22:37:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/02/09 22:37:14 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/02/09 22:37:13 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/02/09 22:37:13 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/02/09 22:37:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/02/09 22:37:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/02/09 22:37:13 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/02/09 22:36:40 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011/02/09 22:36:40 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011/02/09 22:36:39 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011/02/09 22:36:38 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011/02/09 22:36:38 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011/02/09 22:36:38 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011/02/09 22:36:38 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011/02/09 22:36:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011/02/09 22:36:35 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/02/09 22:36:33 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/02/09 22:36:32 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/02/09 22:36:31 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/02/09 22:36:30 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/02/09 22:36:28 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/02/09 22:36:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/02/09 22:36:28 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/02/09 22:36:26 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/02/09 22:36:26 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/02/09 22:36:22 | 000,366,080 | ---- | C] (Adobe Systems Incorporated)
-- C:\Windows\SysNative\atmfd.dll
[2011/02/09 22:36:22 | 000,294,400 | ---- | C] (Adobe Systems Incorporated)
-- C:\Windows\SysWow64\atmfd.dll
[2011/02/09 22:36:22 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/02/09 22:36:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/02/04 11:11:40 | 000,000,000 | ---D | C] -- C:\Users\Margot\AppData\Local\Microsoft Help
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/26 14:28:00 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/26 14:28:00 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/26 14:27:31 | 001,549,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/26 14:27:31 | 000,704,480 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011/02/26 14:27:31 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/26 14:27:31 | 000,130,754 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011/02/26 14:27:31 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/26 14:23:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Margot\Desktop\OTL.exe
[2011/02/26 14:22:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/26 14:21:31 | 000,026,035 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2011/02/26 14:20:45 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/26 14:20:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/26 14:20:20 | 3193,602,048 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/26 14:13:05 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/21 23:50:42 | 000,001,902 | ---- | M] () -- C:\Users\Margot\Desktop\AD-R.lnk
[2011/02/21 07:25:02 | 000,001,293 | ---- | M] () -- C:\Users\Margot\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/21 07:25:02 | 000,001,269 | ---- | M] () -- C:\Users\Margot\Desktop\Spybot - Search & Destroy.lnk [2011/02/20 19:04:38 | 000,076,288 | RHS- | M] (Microsoft Corporation) -- C:\Users\Margot\AppData\Roaming\12520850L.dll
[2011/02/15 01:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2011/02/11 12:44:15 | 000,000,538 | ---- | M] () -- C:\Users\Margot\AppData\Roaming\wklnhst.dat
[2011/02/10 07:47:57 | 000,343,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/26 14:13:05 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/21 23:50:42 | 000,001,902 | ---- | C] () -- C:\Users\Margot\Desktop\AD-R.lnk
[2011/02/21 07:25:02 | 000,001,293 | ---- | C] () -- C:\Users\Margot\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/21 07:25:02 | 000,001,269 | ---- | C] () -- C:\Users\Margot\Desktop\Spybot - Search & Destroy.lnk
[2010/03/19 20:20:35 | 000,000,538 | ---- | C] () -- C:\Users\Margot\AppData\Roaming\wklnhst.dat
[2010/01/07 20:57:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/25 23:34:22 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/09/04 14:01:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/28 03:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll

========== LOP Check ==========

[2010/04/11 22:31:05 | 000,000,000 | ---D | M] -- C:\Users\Margot\AppData\Roaming\Capturino
[2010/01/03 22:10:02 | 000,000,000 | ---D | M] -- C:\Users\Margot\AppData\Roaming\FloodLightGames
[2010/01/03 12:37:00 | 000,000,000 | ---D | M] -- C:\Users\Margot\AppData\Roaming\PlayFirst
[2010/03/19 20:20:36 | 000,000,000 | ---D | M] -- C:\Users\Margot\AppData\Roaming\Template
[2010/01/03 11:16:28 | 000,000,000 | ---D | M] -- C:\Users\Margot\AppData\Roaming\Toshiba
[2011/02/18 22:23:23 | 000,000,000 | ---D | M] -- C:\Users\Margot\AppData\Roaming\WebcamMax
[2010/01/03 12:15:04 | 000,000,000 | ---D | M] -- C:\Users\Margot\AppData\Roaming\WildTangent
[2011/02/15 01:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/02/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/12/17 19:50:20 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

< End of report >
Image
Avatar de l’utilisateur
TopXm
Modérateur
 
Messages: 379
Enregistré le: Lun 8 Sep 2008 12:29

Re: fenetres Internet intempestives qui s'ouvrent toutes seu

Messagepar TopXm » Mar 1 Mar 2011 11:38

Salut,

Hum, j'ai galéré avec ton rapport les retours à la ligne étaient n'importe où.

Dans le bloc-notes il faut décocher l'option retour automatique à la ligne (menu bloc-notes / Format).

Bon, MBAM a pas mal fait le boulot mais je voudrais contrôler quelque chose :

O4 - HKU\S-1-5-21-2688541955-1582566888-2182100360-1000..\Run: [Gsrbad] C:\Users\Margot\AppData\Local\Temp\12520850L.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2688541955-1582566888-2182100360-1000..\Run: [Oohgyuwcd] C:\Users\Margot\AppData\Roaming\12520850L.dll (Microsoft Corporation)


Pour ces deux fichiers, avant de les dégager on va les analyser (au besoin je les récupérerai selon la détection)

:arrow: Nous allons rechercher dans ta base de registre une clé et en afficher une autre, pour cela :

  • Télécharge XmRegSeek.exe de TopXm et enregistre le sur ton bureau.
  • Double-clique sur le fichier que tu viens de télécharger pour lancer l'installation.
  • A la fin de l'installation l'interface de l'outil va s'afficher.
  • Clique l'onglet Options puis coches Ouvrir le rapport dans le bloc-notes

  • Recherche 1 :
    1. Dans l'onglet Clés à traiter , tu colles la clé suivante :
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

    2. Clique alors sur le bouton Exécuter
    3. Le traitement s'effectue et un rapport s'ouvre avec le résultat de la recherche, copies / colles le dans ta prochaine réponse
    4. Supprime la clé que tu as ajouté au dessus dans l'onglet Clés à traiter (ligne n° 1)

  • Recherche 2 :
    1. Sélectionne à nouveau l'onglet Options
    2. Clique sur la ligne Options de recherche par valeur de clés.
    3. Dans la zone de recherche copie-colle le texte suivant:

      12520850L.dll


    4. Clique enfin sur le bouton Exécuter

      Image

    5. Patiente le temps de la recherche. Lorsqu'elle sera terminée un rapport va s'afficher dans le bloc-notes
    6. Copie-colle tout son contenu dans ta prochaine réponse.

:arrow: Pour analyser les fichiers :

  • 1ère analyse :

    • Change les options de dossiers
    • Ouvre la page suivante => http://virscan.org/report/ <=
    • Clique sur le bouton Parcourir puis sélectionne le fichier
      C:\Users\Margot\AppData\Local\Temp\12520850L.dll
    • Clique sur envoyer pour lancer l'analyse. Le résultat de l'analyse s'affiche, copie alors le lien de la page et colle le dans ta prochaine réponse.
    • Fais de même avec le fichier suivant :
      C:\Users\Margot\AppData\Roaming\12520850L.dll
    • Il y a de fortes chances que ce soit le même que le 1er mais attendu qu'il est dans un autre dossier autant vérifier.
  • 2ème analyse :

    • Ouvre cette page cette fois ci : http://www.threatexpert.com/submit.aspx (même principe qu'au dessus)
    • Clique sur le bouton Parcourir puis sélectionne le fichier
      C:\Users\Margot\AppData\Local\Temp\12520850L.dll
    • Renseigne ton adresse mail / coche I agree ...
    • Clique sur le bouton Submit
    • Fais la même chose pour le second fichier :
      C:\Users\Margot\AppData\Roaming\12520850L.dll

      NB : Si les 2 premiers rapports (ceux de VirusTotal) indiquent que les fichiers sont identiques (voir le MD5), ce n'est pas la peine de scanner le second fichier :)
    • Le scan dure quelques temps, tu recevras un mail dans ta boite quand ce sera finalisé. Il faudra alors copier / coller le lien proposé. Exemple de mail TE :
      TE a écrit:Your submission was processed successfully and the analysis report is attached (password "threatexpert"). You can also view the results of your submission on our website at:
      http://www.threatexpert.com/report.aspx ... 413127fe48



    :arrow: Relance OTL et dans le cadre personnalisation tu colles les lignes suivantes :
    Code: Tout sélectionner
    :OTL
    IE - HKU\S-1-5-21-2688541955-1582566888-2182100360-1000\..\URLSearchHook: {a65e491f-a436-4952-b49a-b24ed99a0f67} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\S-1-5-21-2688541955-1582566888-2182100360-1000\..\Toolbar\WebBrowser: (no name) - {A65E491F-A436-4952-B49A-B24ED99A0F67} - No CLSID value found.
    O4 - HKU\S-1-5-21-2688541955-1582566888-2182100360-1000..\Run: [Gsrbad] C:\Users\Margot\AppData\Local\Temp\12520850L.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2688541955-1582566888-2182100360-1000..\Run: [Oohgyuwcd] C:\Users\Margot\AppData\Roaming\12520850L.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin]  File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin]  File not found


    Clique sur le bouton Correction, un rapport va s'ouvrir, copie / colle sont contenu dans ta prochaine réponse.

    :arrow: Il va falloir tenter de tenir tes logiciels plus à jour, c'est important niveau sécurité.

    La version actuelle est Avast 6 et chez toi ce n'est pas le cas. Il faut mettre à jour le produit et passer en version 6.

    De plus Avast + McAfee fait double emploi et peut poser quelques soucis. Il faut complétement désinstaller McAfee

    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)


    :arrow: Mais aussi, désinstaller :
    => SpyBot qui est devenuj obsolète
    => Tout ce qui concerne McAfee (car c'est redondant avec Avast)

    Mémo pour moi : Il y aura aussi Java à mettre à jour mais on le fera à la fin ...


    Donc pour résumer :
    1. Recherche dans le registre (XmRegistrySeek) =/= Attendu 2 rapports
    2. Analyser les fichiers (Page VirusTotal & ThreatExpert) =/= Attendu entre 3 et 4 rapports
    3. Désactiver pour l'instant les clés runs (outil OTL) =/= Attendu 1 rapport
    4. Désinstaller toute trace de McAfee / Redémarrer
    5. Mettre à jour la version d'Avast / scanner le PC / Poster le résultat =/= Attendu 1 rapport
    6. Refaire un rapport OTL comme indiqué dans mon 1er message
Image
Avatar de l’utilisateur
TopXm
Modérateur
 
Messages: 379
Enregistré le: Lun 8 Sep 2008 12:29


Retourner vers Désinfection de virus & nettoyage des nuisances

 


  • Articles en relation
    Réponses
    Vus
    Dernier message

Qui est en ligne

Utilisateurs parcourant ce forum : Aucun utilisateur enregistré et 0 invités