Jump to content

Request for help on a security check

FrankMW

By FrankMW
in Resolved Malware Removal Logs

 Share

Recommended Posts

FrankMW

FrankMW

Posted
  • Author
Posted

Ok thanks. I ve run the analysis and will post the logs below.

There is something new I would like to pinpoint before: now at startup, I have a programm called _uninst_80213359 running and prompting an error message saying that "Windows can't find '3940463.exe'. Check you ve entered the correct name and retry". I looks like it has something to do with Kapersky (Once I had to cancel a running analysis and it looks like it didn't like it).

 

Please find below the FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2013 01
Ran by Aurélien (administrator) on PC-DE-AURÉLIEN on 23-12-2013 11:27:31
Running from C:\Users\Aurélien\Desktop
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 2 (X86) OS Language: French Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(PGP Corporation) C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe
(PGP Corporation) C:\Windows\System32\PGPserv.exe
(www.shadowexplorer.com) E:\Programmes\ShadowExplorer\sesvc.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproTray.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Hewlett-Packard Company) C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Spotify Ltd) C:\Users\Aurélien\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Core\mchost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [421888 2007-04-16] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [sVPWUTIL] - C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2008-11-21] (TOSHIBA)
HKLM\...\Run: [KeNotify] - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1011712 2009-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [468320 2009-03-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe [503808 2009-03-31] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [729088 2009-03-23] (TOSHIBA Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\TEco.exe [1323008 2009-04-24] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1283384 2009-04-01] (TOSHIBA Corporation)
HKLM\...\Run: [TPCHWMsg] - C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe [570736 2009-04-15] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [299008 2009-05-12] (TOSHIBA CORPORATION)
HKLM\...\Run: [cfFncEnabler.exe] - C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe [16384 2009-03-24] (Toshiba Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files\Toshiba TEMPRO\TemproTray.exe [1045904 2009-03-23] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [96144 2009-03-04] (Toshiba Europe GmbH)
HKLM\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1278064 2013-03-13] (McAfee, Inc.)
HKLM\...\Run: [ToolboxFX] - C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-04-16] (Hewlett-Packard Company)
HKLM\...\Run: [skytel] - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [1833504 2009-03-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7289376 2009-03-30] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-30] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [135680 2008-07-03] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [spotify Web Helper] - C:\Users\Aurélien\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-18] (Spotify Ltd)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe [ 2009-03-16] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe [ 2009-03-16] (TOSHIBA)
Lsa: [Notification Packages] scecli PGPpwflt
Startup: C:\Users\Aurélien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_80213359.lnk
ShortcutTarget: _uninst_80213359.lnk -> C:\Users\Aurélien\AppData\Local\temp\_uninst_80213359.bat ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - E:\Programmes\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
BHO: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\PGPlsp.dll [68728] (PGP Corporation)
Winsock: Catalog9 12 C:\Windows\system32\PGPlsp.dll [68728] (PGP Corporation)
Tcpip\Parameters: [DhcpNameServer] 89.2.0.1 89.2.0.2

FireFox:
========
FF ProfilePath: C:\Users\Aurélien\AppData\Roaming\Mozilla\Firefox\Profiles\xejwguz7.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @mcafee.com/SAFFPlugin - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-france.xml
FF Extension: British English Dictionary - C:\Users\Aurélien\AppData\Roaming\Mozilla\Firefox\Profiles\xejwguz7.default\Extensions\en-GB@dictionaries.addons.mozilla.org
FF Extension: Bitdefender QuickScan - C:\Users\Aurélien\AppData\Roaming\Mozilla\Firefox\Profiles\xejwguz7.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR DefaultSearchKeyword: google.fr
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
CHR Extension: (Docs) - C:\Users\Aurélien\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Aurélien\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Aurélien\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Aurélien\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (SiteAdvisor) - C:\Users\Aurélien\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Aurélien\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR Extension: (Gmail) - C:\Users\Aurélien\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

========================== Services (Whitelisted) =================

R2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [242424 2009-02-11] (WildTangent, Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-20] (Google)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [142336 2010-04-12] (HP)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [172416 2013-02-19] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 PGP RDD Service; C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe [166520 2011-01-12] (PGP Corporation)
R2 PGPserv; C:\Windows\system32\PGPserv.exe [135288 2011-01-12] (PGP Corporation)
R2 sesvc; E:\Programmes\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com)
R2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104 2009-03-23] (Toshiba Europe GmbH)
R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [62776 2009-04-01] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [176128 2009-04-24] (TOSHIBA Corporation)
R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [73728 2009-03-17] (TOSHIBA Corporation)
R2 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [656752 2009-04-15] (TOSHIBA Corporation)

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-19] (McAfee, Inc.)
S3 CrystalSysInfo; E:\Programmes\Media coder\MediaCoder\SysInfo.sys [15152 2007-09-25] ()
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)
S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2010-04-22] (Hewlett Packard)
S3 HPFXFAX; C:\Windows\System32\drivers\hppcfaxio.sys [21528 2010-04-22] (Hewlett Packard)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [25896 2008-05-07] (COMPAL ELECTRONIC INC.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2009-04-30] ()
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [64832 2012-09-14] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-19] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-19] (McAfee, Inc.)
S1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [52136 2006-11-30] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210608 2013-02-19] (McAfee, Inc.)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [130424 2009-07-16] (McAfee, Inc.)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-11-24] ()
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-11] (Realtek Semiconductor Corp.)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-03-20] (TOSHIBA Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\AURLIE~1\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U3 mfeavfk01; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-23 11:27 - 2013-12-23 11:29 - 00027115 _____ C:\Users\Aurélien\Desktop\FRST.txt
2013-12-23 11:27 - 2013-12-23 11:27 - 00000000 ____D C:\FRST
2013-12-23 11:25 - 2013-12-23 11:26 - 01061231 _____ (Farbar) C:\Users\Aurélien\Desktop\FRST.exe
2013-12-22 18:58 - 2013-12-22 18:58 - 00000000 ____D C:\Users\Aurélien\AppData\Local\Macroplant_LLC
2013-12-11 03:44 - 2013-12-11 03:44 - 00000000 ____D C:\Users\Aurélien\AppData\Roaming\www.shadowexplorer.com
2013-12-10 04:23 - 2013-12-10 04:31 - 00000000 ____D C:\Users\Aurélien\AppData\Roaming\tempiphone
2013-12-08 12:23 - 2013-12-08 12:23 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-08 12:19 - 2013-12-08 12:20 - 129430256 _____ C:\Users\Aurélien\Desktop\setup_11.0.1.1245.x01_2013_12_08_13_35.exe
2013-12-08 02:41 - 2013-12-08 02:41 - 00000950 _____ C:\Users\Aurélien\Desktop\131207 ESET scan.txt
2013-12-07 19:37 - 2013-12-07 19:37 - 00000000 ____D C:\Program Files\ESET
2013-12-07 19:36 - 2013-12-07 19:36 - 02347384 _____ (ESET) C:\Users\Aurélien\Desktop\esetsmartinstaller_enu.exe
2013-12-05 23:48 - 2013-12-05 23:48 - 00014441 _____ C:\ComboFix.txt
2013-12-05 23:18 - 2013-12-05 23:48 - 00000000 ____D C:\Qoobox
2013-12-05 23:18 - 2013-12-05 23:48 - 00000000 ____D C:\ComboFix
2013-12-05 23:18 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-05 23:18 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-05 23:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-05 23:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-05 23:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-05 23:18 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-05 23:18 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-05 23:18 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-05 23:17 - 2013-12-05 23:45 - 00000000 ____D C:\Windows\erdnt
2013-12-04 00:24 - 2013-12-04 00:24 - 00006818 _____ C:\Users\Aurélien\Desktop\RKreport[0]_S_12042013_002428.txt
2013-12-04 00:15 - 2013-12-04 00:15 - 03687936 _____ C:\Users\Aurélien\Desktop\RogueKiller.exe
2013-12-03 23:45 - 2013-12-03 23:52 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Aurélien\Desktop\tdsskiller.exe
2013-12-02 22:57 - 2013-12-02 23:22 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-02 22:57 - 2013-12-02 22:57 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-02 22:53 - 2013-12-02 22:53 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-01 16:13 - 2013-12-01 16:13 - 00018153 _____ C:\Users\Aurélien\Desktop\dds.txt
2013-12-01 16:13 - 2013-12-01 16:13 - 00012305 _____ C:\Users\Aurélien\Desktop\attach.txt
2013-12-01 16:00 - 2013-12-01 16:00 - 00688992 ____R (Swearware) C:\Users\Aurélien\Desktop\dds.com
2013-11-25 00:03 - 2013-10-13 10:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-25 00:03 - 2013-10-13 10:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-25 00:03 - 2013-10-13 10:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-25 00:03 - 2013-10-13 10:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-25 00:03 - 2013-10-13 10:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-25 00:03 - 2013-10-13 10:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-25 00:03 - 2013-10-13 10:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-25 00:03 - 2013-10-13 10:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-25 00:03 - 2013-10-13 10:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-25 00:03 - 2013-10-13 10:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-25 00:03 - 2013-10-13 10:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-25 00:03 - 2013-10-13 10:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-25 00:03 - 2013-10-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-25 00:02 - 2013-10-13 11:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-25 00:02 - 2013-10-13 11:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-25 00:02 - 2013-10-13 10:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-24 23:20 - 2013-11-24 23:24 - 00000000 ____D C:\Windows\system32\MRT

==================== One Month Modified Files and Folders =======

2013-12-23 11:29 - 2013-12-23 11:27 - 00027115 _____ C:\Users\Aurélien\Desktop\FRST.txt
2013-12-23 11:27 - 2013-12-23 11:27 - 00000000 ____D C:\FRST
2013-12-23 11:26 - 2013-12-23 11:25 - 01061231 _____ (Farbar) C:\Users\Aurélien\Desktop\FRST.exe
2013-12-23 11:26 - 2009-08-26 10:59 - 01102167 _____ C:\Windows\WindowsUpdate.log
2013-12-23 11:10 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-23 11:10 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-23 11:08 - 2013-11-16 14:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-23 10:59 - 2013-09-16 14:33 - 00001740 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-12-23 10:59 - 2008-01-21 09:41 - 01616760 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-23 10:56 - 2006-11-02 13:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-23 10:51 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-23 10:51 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool
2013-12-22 22:45 - 2006-11-02 14:01 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-22 22:39 - 2010-01-30 16:33 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-22 22:38 - 2012-10-05 16:19 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-22 22:35 - 2009-12-09 22:57 - 00000000 ____D C:\Users\Aurélien\AppData\Roaming\Spotify
2013-12-22 20:58 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-22 20:50 - 2009-12-09 22:57 - 00000000 ____D C:\Users\Aurélien\AppData\Local\Spotify
2013-12-22 18:58 - 2013-12-22 18:58 - 00000000 ____D C:\Users\Aurélien\AppData\Local\Macroplant_LLC
2013-12-22 18:39 - 2011-03-20 22:34 - 00000000 ____D C:\Users\Aurélien\AppData\Roaming\vlc
2013-12-21 18:07 - 2010-01-30 16:33 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-20 14:29 - 2012-08-05 22:30 - 00000000 ____D C:\Users\Aurélien\AppData\Local\CrashDumps
2013-12-19 10:40 - 2009-06-08 14:00 - 00000000 ____D C:\Program Files\Google
2013-12-16 00:06 - 2012-04-18 12:14 - 00283353 _____ C:\Users\Aurélien\Documents\Sans titre (5).wma
2013-12-16 00:06 - 2012-04-18 12:12 - 00337233 _____ C:\Users\Aurélien\Documents\Sans titre (3).wma
2013-12-16 00:06 - 2012-04-18 12:09 - 00359683 _____ C:\Users\Aurélien\Documents\Sans titre (2).wma
2013-12-15 13:36 - 2012-12-13 23:27 - 00262144 _____ C:\Windows\system32\config\ELAM
2013-12-15 13:26 - 2013-10-12 16:17 - 00000844 _____ C:\Windows\setupact.log
2013-12-14 14:38 - 2012-10-05 16:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-14 14:38 - 2011-09-20 15:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 03:44 - 2013-12-11 03:44 - 00000000 ____D C:\Users\Aurélien\AppData\Roaming\www.shadowexplorer.com
2013-12-10 04:31 - 2013-12-10 04:23 - 00000000 ____D C:\Users\Aurélien\AppData\Roaming\tempiphone
2013-12-08 23:21 - 2010-12-25 19:46 - 00002004 _____ C:\Users\Aurélien\Desktop\Info connexion.txt
2013-12-08 12:23 - 2013-12-08 12:23 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-08 12:20 - 2013-12-08 12:19 - 129430256 _____ C:\Users\Aurélien\Desktop\setup_11.0.1.1245.x01_2013_12_08_13_35.exe
2013-12-08 12:03 - 2013-05-27 20:53 - 00012518 _____ C:\Windows\PFRO.log
2013-12-08 12:03 - 2011-11-10 11:53 - 00000000 ____D C:\Program Files\McAfee
2013-12-08 02:41 - 2013-12-08 02:41 - 00000950 _____ C:\Users\Aurélien\Desktop\131207 ESET scan.txt
2013-12-07 19:40 - 2013-02-05 19:33 - 00001974 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-07 19:37 - 2013-12-07 19:37 - 00000000 ____D C:\Program Files\ESET
2013-12-07 19:36 - 2013-12-07 19:36 - 02347384 _____ (ESET) C:\Users\Aurélien\Desktop\esetsmartinstaller_enu.exe
2013-12-05 23:48 - 2013-12-05 23:48 - 00014441 _____ C:\ComboFix.txt
2013-12-05 23:48 - 2013-12-05 23:18 - 00000000 ____D C:\Qoobox
2013-12-05 23:48 - 2013-12-05 23:18 - 00000000 ____D C:\ComboFix
2013-12-05 23:48 - 2006-11-02 12:18 - 00000000 __RHD C:\Users\Default
2013-12-05 23:48 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2013-12-05 23:45 - 2013-12-05 23:17 - 00000000 ____D C:\Windows\erdnt
2013-12-05 23:43 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini
2013-12-04 01:03 - 2011-09-20 15:48 - 00000000 ____D C:\Users\Aurélien\Desktop\RK_Quarantine
2013-12-04 00:24 - 2013-12-04 00:24 - 00006818 _____ C:\Users\Aurélien\Desktop\RKreport[0]_S_12042013_002428.txt
2013-12-04 00:15 - 2013-12-04 00:15 - 03687936 _____ C:\Users\Aurélien\Desktop\RogueKiller.exe
2013-12-03 23:52 - 2013-12-03 23:45 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Aurélien\Desktop\tdsskiller.exe
2013-12-02 23:22 - 2013-12-02 22:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-02 22:57 - 2013-12-02 22:57 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-02 22:53 - 2013-12-02 22:53 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-01 16:13 - 2013-12-01 16:13 - 00018153 _____ C:\Users\Aurélien\Desktop\dds.txt
2013-12-01 16:13 - 2013-12-01 16:13 - 00012305 _____ C:\Users\Aurélien\Desktop\attach.txt
2013-12-01 16:00 - 2013-12-01 16:00 - 00688992 ____R (Swearware) C:\Users\Aurélien\Desktop\dds.com
2013-11-26 23:09 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-11-26 00:41 - 2006-11-02 13:47 - 00408912 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-26 00:36 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\fr-FR
2013-11-26 00:31 - 2012-05-17 20:12 - 00008370 _____ C:\Windows\system32\lvcoinst.log
2013-11-26 00:31 - 2012-05-17 20:03 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2013-11-26 00:24 - 2011-09-10 16:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-25 00:02 - 2009-06-08 14:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-24 23:24 - 2013-11-24 23:20 - 00000000 ____D C:\Windows\system32\MRT
2013-11-23 18:31 - 2012-05-13 22:12 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

Files to move or delete:
====================
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Users\Aurélien\AppData\Roaming\desktop.ini
C:\Users\Aurélien\FLRegkey.Reg


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-23 11:01

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.