Inactive [A] Sirefef virus (Windows has encountered...)

Status
Not open for further replies.
I thought that computer was doing fine until this morning... Apparently, according to Microsoft Security Essentials, Sirefef.AN/AO/AG...
Click to expand...
Well, it depends where exactly the infection was found.
Possibly some already quarantined file(s).
FRST shows only one leftover.
 
Sorry that I bother you again...

Security Essentials says there are 4 trojans Win32/Sirefef.AO/.AN/.AG.
Then I cleaned up with MSE, but these trojans come back every 5/10 minutes...

ZeroAccess:
C:\Users\Guillaume\AppData\Local\{955b7c99-12db-61e4-d051-b536dcac8f4c}
C:\Users\Guillaume\AppData\Local\{955b7c99-12db-61e4-d051-b536dcac8f4c}\@
C:\Users\Guillaume\AppData\Local\{955b7c99-12db-61e4-d051-b536dcac8f4c}\L
C:\Users\Guillaume\AppData\Local\{955b7c99-12db-61e4-d051-b536dcac8f4c}\n
C:\Users\Guillaume\AppData\Local\{955b7c99-12db-61e4-d051-b536dcac8f4c}\U
C:\Users\Guillaume\AppData\Local\{955b7c99-12db-61e4-d051-b536dcac8f4c}\L\00000004.@
C:\Users\Guillaume\AppData\Local\{955b7c99-12db-61e4-d051-b536dcac8f4c}\U\00000004.@
C:\Users\Guillaume\AppData\Local\{955b7c99-12db-61e4-d051-b536dcac8f4c}\U\00000008.@
C:\Users\Guillaume\AppData\Local\{955b7c99-12db-61e4-d051-b536dcac8f4c}\U\000000cb.@
C:\Users\Guillaume\AppData\Local\{955b7c99-12db-61e4-d051-b536dcac8f4c}\U\80000000.@
C:\Users\Guillaume\AppData\Local\{955b7c99-12db-61e4-d051-b536dcac8f4c}\U\80000032.@
 
ComboFix 12-07-31.03 - Guillaume 02/08/2012 19:51:45.3.4 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1033.18.3326.2253 [GMT 2:00]
Lancé depuis: c:\users\Guillaume\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Guillaume\AppData\Local\{955b7c99-12db-61e4-d051-b536dcac8f4c}
c:\users\Guillaume\AppData\Local\{955b7c99-12db-61e4-d051-b536dcac8f4c}\@
c:\users\Guillaume\AppData\Local\{955b7c99-12db-61e4-d051-b536dcac8f4c}\L\00000004.@
c:\users\Guillaume\AppData\Local\{955b7c99-12db-61e4-d051-b536dcac8f4c}\n
c:\users\Guillaume\AppData\Local\{955b7c99-12db-61e4-d051-b536dcac8f4c}\U\00000004.@
c:\users\Guillaume\AppData\Local\{955b7c99-12db-61e4-d051-b536dcac8f4c}\U\00000008.@
c:\users\Guillaume\AppData\Local\{955b7c99-12db-61e4-d051-b536dcac8f4c}\U\000000cb.@
c:\users\Guillaume\AppData\Local\{955b7c99-12db-61e4-d051-b536dcac8f4c}\U\80000000.@
c:\users\Guillaume\AppData\Local\{955b7c99-12db-61e4-d051-b536dcac8f4c}\U\80000032.@
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-07-02 au 2012-08-02 ))))))))))))))))))))))))))))))))))))
.
.
2012-08-02 17:57 . 2012-08-02 17:58--------d-----w-c:\users\Guillaume\AppData\Local\temp
2012-08-02 17:57 . 2012-08-02 17:57--------d-----w-c:\users\Default\AppData\Local\temp
2012-08-02 17:43 . 2012-08-02 17:44--------d-----w-c:\users\Guillaume\AppData\Roaming\HpUpdate
2012-08-02 17:43 . 2012-08-02 17:43--------d-----w-c:\windows\Hewlett-Packard
2012-08-02 17:33 . 2012-08-02 17:43--------d-----w-c:\users\Guillaume\AppData\Roaming\Systweak
2012-08-02 17:33 . 2012-08-02 17:43--------d-----w-c:\program files\RegClean Pro
2012-08-02 10:30 . 2012-06-28 23:446891424----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6DCB76EA-F14A-4A1C-B00A-BAFDFDA5DA6F}\mpengine.dll
2012-08-02 10:30 . 2012-06-28 23:446891424----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-02 00:43 . 2012-08-02 00:43713784------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE76F6DD-1D22-48C5-BE0D-9CC4CDCF681A}\gapaengine.dll
2012-08-01 21:51 . 2012-08-01 21:52--------d-----w-C:\FRST
2012-08-01 11:07 . 2012-08-01 11:07--------d-----w-c:\program files\Microsoft Security Client
2012-08-01 10:53 . 2012-08-01 10:5314080----a-w-c:\windows\system32\drivers\TrueSight.sys
2012-08-01 10:47 . 2012-08-01 10:47--------d-----w-c:\users\Guillaume\AppData\Local\Wajam
2012-08-01 10:47 . 2012-08-01 10:47--------d-----w-c:\program files\Wajam
2012-08-01 10:19 . 2012-08-01 10:19--------d-sh--w-c:\windows\system32\%APPDATA%
2012-07-30 23:44 . 2012-07-30 23:44--------d-----w-c:\program files\AMD APP
2012-07-30 23:39 . 2012-07-30 23:39--------d-----w-c:\program files\ATI
2012-07-30 21:16 . 2012-06-06 05:05143360----a-w-c:\program files\Common Files\System\ado\msjro.dll
2012-07-30 21:16 . 2012-06-06 05:05212992----a-w-c:\program files\Common Files\System\msadc\msadco.dll
2012-07-30 21:16 . 2012-06-06 05:05372736----a-w-c:\program files\Common Files\System\ado\msadox.dll
2012-07-30 21:16 . 2012-06-06 05:0557344----a-w-c:\program files\Common Files\System\ado\msador15.dll
2012-07-30 21:16 . 2012-06-06 05:05352256----a-w-c:\program files\Common Files\System\ado\msadomd.dll
2012-07-30 21:16 . 2012-06-06 05:051019904----a-w-c:\program files\Common Files\System\ado\msado15.dll
2012-07-30 21:16 . 2012-06-06 05:03805376----a-w-c:\windows\system32\cdosys.dll
2012-07-30 21:07 . 2012-07-30 21:14--------d-----w-c:\users\Guillaume\AppData\Local\Spotify
2012-07-30 21:06 . 2012-07-30 21:15--------d-----w-c:\users\Guillaume\AppData\Roaming\Spotify
2012-07-30 20:52 . 2012-06-12 02:402345984----a-w-c:\windows\system32\win32k.sys
2012-07-30 20:43 . 2012-04-24 04:36140288----a-w-c:\windows\system32\cryptsvc.dll
2012-07-30 20:43 . 2012-04-24 04:361158656----a-w-c:\windows\system32\crypt32.dll
2012-07-30 20:43 . 2012-04-24 04:36103936----a-w-c:\windows\system32\cryptnet.dll
2012-07-16 22:05 . 2012-06-02 04:45134000----a-w-c:\windows\system32\drivers\ksecpkg.sys
2012-07-16 22:05 . 2012-06-02 04:40369336----a-w-c:\windows\system32\drivers\cng.sys
2012-07-16 22:05 . 2012-06-02 04:40225280----a-w-c:\windows\system32\schannel.dll
2012-07-16 22:05 . 2012-06-02 04:39219136----a-w-c:\windows\system32\ncrypt.dll
2012-07-16 22:05 . 2012-06-02 04:4567440----a-w-c:\windows\system32\drivers\ksecdd.sys
2012-07-16 22:05 . 2012-03-30 10:231291632----a-w-c:\windows\system32\drivers\tcpip.sys
2012-07-16 22:05 . 2012-06-06 05:051390080----a-w-c:\windows\system32\msxml6.dll
2012-07-16 22:05 . 2012-06-06 05:051236992----a-w-c:\windows\system32\msxml3.dll
2012-07-16 22:05 . 2010-06-26 03:242048----a-w-c:\windows\system32\msxml3r.dll
2012-07-16 21:15 . 2012-07-16 21:15--------d-----w-c:\programdata\ATI
2012-07-16 21:15 . 2012-07-16 21:15--------d-----w-c:\program files\AMD AVT
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 17:49 . 2012-04-04 02:47426184----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-08-02 17:49 . 2012-03-07 03:4070344----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-02 02:59 . 2012-03-08 00:23409088----a-w-c:\windows\system32\systemcpl.dll
2012-06-25 14:04 . 2012-06-25 14:041394248----a-w-c:\windows\system32\msxml4.dll
2012-06-11 18:58 . 2012-06-11 18:588733696----a-w-c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:3558880----a-w-c:\windows\system32\coinst_8.98.dll
2012-06-11 18:00 . 2012-06-11 18:0020467712----a-w-c:\windows\system32\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25163840----a-w-c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2011-12-06 03:17924160----a-w-c:\windows\system32\aticfx32.dll
2012-06-11 17:20 . 2012-06-11 17:20442368----a-w-c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19468992----a-w-c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19217600----a-w-c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17163840----a-w-c:\windows\system32\atitmmxx.dll
2012-06-11 17:17 . 2012-06-11 17:1720992----a-w-c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:1743520----a-w-c:\windows\system32\ati2edxx.dll
2012-06-11 17:16 . 2011-12-06 03:066301696----a-w-c:\windows\system32\atidxx32.dll
2012-06-11 16:45 . 2012-06-11 16:4546080----a-w-c:\windows\system32\aticalrt.dll
2012-06-11 16:45 . 2011-12-06 02:335480448----a-w-c:\windows\system32\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:4544032----a-w-c:\windows\system32\aticalcl.dll
2012-06-11 16:43 . 2011-12-06 02:284729344----a-w-c:\windows\system32\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:4013277696----a-w-c:\windows\system32\aticaldd.dll
2012-06-11 16:26 . 2012-06-11 16:26368640----a-w-c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:2614848----a-w-c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:2633280----a-w-c:\windows\system32\atigktxx.dll
2012-06-11 16:25 . 2012-06-11 16:25295936----a-w-c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2011-12-06 02:1142496----a-w-c:\windows\system32\atiuxpag.dll
2012-06-11 16:24 . 2011-12-06 02:1132768----a-w-c:\windows\system32\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:2453248----a-w-c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:2356832----a-w-c:\windows\system32\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:2356832----a-w-c:\windows\system32\amdpcom32.dll
2012-06-11 11:50 . 2012-06-11 11:50159232----a-w-c:\windows\system32\clinfo.exe
2012-06-11 11:50 . 2012-06-11 11:5065024----a-w-c:\windows\system32\OpenVideo.dll
2012-06-11 11:50 . 2012-06-11 11:5056320----a-w-c:\windows\system32\OVDecode.dll
2012-06-11 11:49 . 2012-06-11 11:4913008896----a-w-c:\windows\system32\amdocl.dll
2012-06-11 11:48 . 2012-06-11 11:4850176----a-w-c:\windows\system32\OpenCL.dll
2012-06-02 22:19 . 2012-06-21 07:1745080----a-w-c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 07:1753784----a-w-c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 07:1735864----a-w-c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 07:17577048----a-w-c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 07:171933848----a-w-c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 07:172422272----a-w-c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 07:1788576----a-w-c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 07:17171904----a-w-c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 07:1733792----a-w-c:\windows\system32\wuapp.exe
2012-05-10 14:35 . 2012-05-10 14:3529184----a-w-c:\windows\system32\kdbsdk32.dll
2012-06-19 10:57 . 2012-03-07 03:0985472----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-04-04 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3297280]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-01-16 10959464]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"TrayServer"="c:\program files\MAGIX\Video_deluxe_MX_Premium_Version_a_telecharger\TrayServer_fr.exe" [2008-09-01 90112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\users\Guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-6-13 1014112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SEO Soft]
2012-06-27 22:379683456----a-w-c:\users\Guillaume\Desktop\SEO\seosoft.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-07-30 21:071193176----a-w-c:\users\Guillaume\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPServiceREG_MULTI_SZ HPSLPSVC
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 17:23]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1266765766-3627827974-3855528514-1000Core.job
- c:\users\Guillaume\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-07 03:05]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1266765766-3627827974-3855528514-1000UA.job
- c:\users\Guillaume\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-07 03:05]
.
.
------- Examen supplémentaire -------
.
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\7jfiaj5u.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyDtifZCv&loc=IB_TB&I=26&search=
FF - user.js: extensions.incredibar_i.id - 82dd1dd30000000000001c6f652fedc7
FF - user.js: extensions.incredibar_i.instlDay - 15490
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.141:00
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyDtifZCv
FF - user.js: extensions.incredibar_i.upn2n - 92261501500262927
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2012-08-02 19:59:23
ComboFix-quarantined-files.txt 2012-08-02 17:59
ComboFix2.txt 2012-08-02 01:04
.
Avant-CF: 30 966 214 656 octets libres
Après-CF: 31 000 506 368 octets libres
.
- - End Of File - - 1ECE9901D3D77FE499E0319EA99FE374
 
This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle

Latest posts

Back