Demande aide pour une desinfection
Fermé
cortex70
Messages postés
41
Date d'inscription
jeudi 28 juin 2012
Statut
Membre
Dernière intervention
11 juillet 2012
-
29 juin 2012 à 20:43
Utilisateur anonyme - 8 juil. 2012 à 23:12
Utilisateur anonyme - 8 juil. 2012 à 23:12
A voir également:
- Demande aide pour une desinfection
- Demande de desinfection ✓ - Forum Virus
- Demande de désinfection! - Forum Virus
- Pour désinfecter un ordinateur, il est recommandé de le redémarrer depuis un cd-rom ou une clef usb; pourquoi ? ✓ - Forum Antivirus
- Désinfecter une clef usb avec norton 360 ✓ - Forum Virus
- Desinfection ✓ - Forum Pare-feu / Firewall
55 réponses
Utilisateur anonyme
30 juin 2012 à 04:26
30 juin 2012 à 04:26
salut
Attention : cet outil peut etre détecté à tort comme virus
tous les processus "non vitaux de windows" vont être coupés , enregistre ton travail.
Désactive toutes tes protections si possible , antivirus , sandbox , etc....
telecharge et enregistre Pre_Scan sur ton bureau :
http://forums-fec.be/gen-hackman/Pre_Scan.exe
http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan
Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.
une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.
si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"
si l'outil est bloqué par l'infection utilise cette version avec extension .pif :
http://forums-fec.be/gen-hackman/Pre_Scan.pif
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler
Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan
NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)
Heberge le rapport sur http://pjjoint.malekal.com puis donne le lien obtenu en echange sur le forum où tu te fais aider
Si possible , confirme ou infirme l'utilisation de Defogger par Pre_Scan
Attention : cet outil peut etre détecté à tort comme virus
tous les processus "non vitaux de windows" vont être coupés , enregistre ton travail.
Désactive toutes tes protections si possible , antivirus , sandbox , etc....
telecharge et enregistre Pre_Scan sur ton bureau :
http://forums-fec.be/gen-hackman/Pre_Scan.exe
http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan
Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.
une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.
si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"
si l'outil est bloqué par l'infection utilise cette version avec extension .pif :
http://forums-fec.be/gen-hackman/Pre_Scan.pif
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler
Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan
NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)
Heberge le rapport sur http://pjjoint.malekal.com puis donne le lien obtenu en echange sur le forum où tu te fais aider
Si possible , confirme ou infirme l'utilisation de Defogger par Pre_Scan
Utilisateur anonyme
8 juil. 2012 à 23:12
8 juil. 2012 à 23:12
oui comodo est bien mais pas à mettre dans les mains d'un novice , il serait capable de bloquer le systeme dans l'ignorance :)
Utilisateur anonyme
29 juin 2012 à 20:57
29 juin 2012 à 20:57
Salut
Il faut attendre l'arrivé d'un Helper, ou d'un connaisseur, pour qu'il puisse t'aider...
ne t'inquiète donc pas, ca va viendre
@+
Il faut attendre l'arrivé d'un Helper, ou d'un connaisseur, pour qu'il puisse t'aider...
ne t'inquiète donc pas, ca va viendre
@+
cortex70
Messages postés
41
Date d'inscription
jeudi 28 juin 2012
Statut
Membre
Dernière intervention
11 juillet 2012
1
30 juin 2012 à 04:22
30 juin 2012 à 04:22
Merci captain,je crois en effet que c'est ce que je vais faire en esperant que se soit une situation gerable
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Salut a toi g3n,
Depuis 3 jour impossible de terminer le scan,il reste bloquer a "extension firefox" j'ai même essayer sous les 2 extensions diferentes et en mode sans echec mais pareil.il y aurait il une solution alternative ?
Cordialement
Depuis 3 jour impossible de terminer le scan,il reste bloquer a "extension firefox" j'ai même essayer sous les 2 extensions diferentes et en mode sans echec mais pareil.il y aurait il une solution alternative ?
Cordialement
cortex70
Messages postés
41
Date d'inscription
jeudi 28 juin 2012
Statut
Membre
Dernière intervention
11 juillet 2012
1
4 juil. 2012 à 12:02
4 juil. 2012 à 12:02
Bonjour,
toujours la même chose après avoir supprimer les version précédentes et télécharger a nouveau puis exécuter sous les 2 extensions différentes.je poste le rapport incomplet quand même pour que tu puisse constater :https://pjjoint.malekal.com/files.php?id=20120704_v13i14c8m13y15
je précise entre autres que j'ai désinstallé Deamon tool et redémarré avant de lancer le scan
toujours la même chose après avoir supprimer les version précédentes et télécharger a nouveau puis exécuter sous les 2 extensions différentes.je poste le rapport incomplet quand même pour que tu puisse constater :https://pjjoint.malekal.com/files.php?id=20120704_v13i14c8m13y15
je précise entre autres que j'ai désinstallé Deamon tool et redémarré avant de lancer le scan
Utilisateur anonyme
4 juil. 2012 à 12:30
4 juil. 2012 à 12:30
/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\
__________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================
▶ Surtout , à l'enregistrement change le nom de Combofix en "cequetuveux" avant qu'il soit enregistré sur ton disque dur
clique droit sur ce lien : Combofix =>enregistrer la cible sous....=> sur ton bureau => du nom que tu veux
Avant d'utiliser ComboFix :
Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
La simple désactivation du résident n'est pas suffisante.
Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
Choisis la version adéquate (32 ou 64 bits)/!\
Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :
▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau
▶ Lance le
Une fenêtre apparait : clique sur "Disable"
▶ Fais redémarrer l'ordinateur si l'outil te le demande
Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"
_________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur combofix renommé
¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤
▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!
▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
▶▶▶ Si, après le redémarrage de votre pc par combofix, vous avez des erreurs "Clé marquée pour suppression" ou des soucis de connexion internet, redémarrez à nouveau votre ordinateur
cortex70
Messages postés
41
Date d'inscription
jeudi 28 juin 2012
Statut
Membre
Dernière intervention
11 juillet 2012
1
4 juil. 2012 à 15:03
4 juil. 2012 à 15:03
voila :
ComboFix 12-07-04.01 - MUSTANG 04/07/2012 12:39:52.2.4 - x64
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.1.1033.18.6051.3777 [GMT 0:00]
Running from: c:\users\MUSTANG\Desktop\cequetuveux.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 20:01 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\fr
2012-07-04 20:01 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\en
2012-07-04 20:00 . 2012-07-04 20:00 -------- d-----w- c:\windows\SysWow64\XPSViewer
2012-07-04 20:00 . 2012-07-04 20:00 -------- d-----w- c:\windows\SysWow64\LogFiles
2012-07-04 19:59 . 2012-07-04 19:59 -------- d-----w- c:\windows\SysWow64\winrm
2012-07-04 19:58 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\WCN
2012-07-04 19:56 . 2012-07-04 19:56 -------- d-----w- c:\windows\SysWow64\restore
2012-07-04 19:55 . 2012-07-04 19:55 -------- d-----w- c:\windows\SysWow64\slmgr
2012-07-04 19:52 . 2012-07-04 19:52 -------- d-----w- c:\windows\SysWow64\Printing_Admin_Scripts
2012-07-04 19:40 . 2012-07-04 19:42 -------- d-----w- c:\windows\SysWow64\Dism
2012-07-04 19:38 . 2012-07-04 19:49 -------- d-----w- c:\windows\SysWow64\zh-TW
2012-07-04 19:37 . 2012-07-04 19:37 -------- d-----w- c:\windows\SysWow64\spp
2012-07-04 19:35 . 2012-07-04 19:56 -------- d-----w- c:\windows\SysWow64\Speech
2012-07-04 19:34 . 2012-07-04 19:57 -------- d-----w- c:\windows\SysWow64\setup
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- c:\windows\SysWow64\ras
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- c:\windows\SysWow64\Tasks
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- C:\PerfLogs
2012-07-04 19:33 . 2012-07-04 19:33 -------- d-----w- c:\windows\SysWow64\networklist
2012-07-04 19:33 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\MUI
2012-07-04 19:33 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\drivers\fr-FR
2012-07-04 19:33 . 2012-07-04 12:46 -------- d-----w- c:\windows\SysWow64\Drivers
2012-07-04 19:33 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\MigWiz
2012-07-04 19:31 . 2012-07-04 19:32 -------- d-----w- c:\windows\SysWow64\InstallShield
2012-07-04 19:31 . 2012-07-04 19:31 -------- d-----w- c:\windows\SysWow64\GroupPolicy
2012-07-04 19:31 . 2012-07-04 19:31 -------- d-----w- c:\windows\SysWow64\FxsTmp
2012-07-04 19:30 . 2012-07-04 19:53 -------- d-----w- c:\windows\SysWow64\DriverStore
2012-07-04 19:30 . 2012-07-04 19:53 -------- d-----w- c:\windows\SysWow64\config
2012-07-04 19:30 . 2012-07-04 19:38 -------- d-----w- c:\windows\SysWow64\Com
2012-07-04 19:30 . 2012-07-04 19:59 -------- d-----w- c:\windows\SysWow64\migration
2012-07-04 19:30 . 2012-07-04 12:36 -------- d-----w- c:\windows\SysWow64\wbem
2012-07-04 19:30 . 2012-07-04 19:30 -------- d-----w- c:\windows\SysWow64\wdi
2012-07-04 19:30 . 2012-07-04 19:30 -------- d-----w- c:\windows\SysWow64\manifeststore
2012-07-04 19:30 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\fr-FR
2012-07-04 19:30 . 2012-07-04 12:46 -------- d-----w- c:\windows\SysWOW64
2012-07-04 12:49 . 2012-07-04 12:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-04 12:36 . 2012-07-04 12:37 -------- d-----w- C:\ComboFix
2012-07-04 12:26 . 2012-07-04 12:26 39184 ----a-w- c:\windows\SysWow64\Partizan.exe
2012-07-04 12:26 . 2012-07-04 12:26 35816 ----a-w- c:\windows\SysWow64\drivers\Partizan.sys
2012-07-03 21:27 . 2012-07-03 21:46 -------- d-----w- C:\RmFix
2012-07-03 21:23 . 2012-07-04 10:19 -------- d-----w- C:\Telechargements
2012-07-03 20:16 . 2012-07-03 20:16 -------- d-----w- c:\program files\Unlocker
2012-07-03 19:14 . 2012-07-04 08:55 -------- d-----w- C:\Pre_Scan
2012-07-03 15:19 . 2012-07-03 15:19 332288 ----a-w- c:\windows\system32\uxtheme.new
2012-07-03 15:03 . 2012-07-03 21:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-02 22:44 . 2012-07-02 22:46 -------- d-----w- c:\users\Guest
2012-06-29 15:21 . 2012-06-29 15:21 -------- d-----w- c:\users\MUSTANG\DoctorWeb
2012-06-29 01:06 . 2012-06-29 01:07 -------- d-----w- c:\program files (x86)\ZebHelpProcess
2012-06-28 20:41 . 2012-06-28 20:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-28 20:13 . 2012-06-29 02:30 -------- d-----w- c:\program files\HitmanPro
2012-06-28 20:13 . 2012-06-28 20:42 -------- d-----w- c:\programdata\HitmanPro
2012-06-28 13:40 . 2012-06-28 13:40 -------- d-----w- C:\bd_logs
2012-06-28 13:03 . 2012-06-28 13:03 -------- d-----w- c:\users\MUSTANG\Pavark
2012-06-28 07:06 . 2012-06-28 07:06 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-06-28 06:58 . 2012-07-04 12:26 -------- d-----w- c:\programdata\RegRun
2012-06-28 06:58 . 2012-07-03 15:05 -------- d-----w- c:\program files (x86)\UnHackMe.del
2012-06-27 21:58 . 2012-07-04 09:31 -------- d-----w- C:\DLTools
2012-06-27 21:57 . 2012-06-27 21:57 -------- d-----w- C:\img
2012-06-27 21:53 . 2012-06-27 21:53 486224 ----a-w- C:\HelpSecurity.exe
2012-06-27 20:33 . 2012-06-27 20:33 -------- d-----w- c:\program files (x86)\Common Files\Borland Shared
2012-06-27 17:24 . 2012-06-29 02:28 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-06-27 14:42 . 2012-06-27 14:42 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\SUPERAntiSpyware.com
2012-06-27 10:31 . 2012-06-27 10:31 -------- d-----w- c:\programdata\Sophos
2012-06-27 02:26 . 2009-06-18 12:54 6144 ------w- c:\windows\system32\F9C9.tmp
2012-06-27 02:26 . 2012-06-29 12:35 -------- d-----w- c:\program files (x86)\Sophos
2012-06-27 01:05 . 2012-06-27 01:06 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Sony
2012-06-26 13:47 . 2012-06-26 17:26 -------- d-----w- c:\programdata\eSellerate
2012-06-24 10:52 . 2012-06-24 10:52 708960 ----a-w- C:\GetSystemInfo.exe
2012-06-24 09:05 . 2012-06-24 09:10 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-22 23:10 . 2012-06-22 23:10 -------- d-----w- c:\users\MUSTANG\VirtualBox VMs
2012-06-22 23:04 . 2012-06-24 18:32 -------- d-----w- c:\users\MUSTANG\.VirtualBox
2012-06-22 22:54 . 2012-04-03 14:19 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-06-22 22:53 . 2012-04-03 14:19 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-06-22 02:00 . 2012-06-22 05:21 -------- d-----w- c:\program files\WMV9_VCM
2012-06-21 23:34 . 2012-06-23 13:49 -------- d-----w- c:\program files (x86)\Sony
2012-06-21 15:44 . 2012-06-21 15:44 -------- d-----w- c:\program files (x86)\Common Files\eSellerate
2012-06-21 15:44 . 1913-11-26 07:04 -------- d-----w- c:\program files\NewBlue
2012-06-21 15:43 . 2050-01-01 13:32 -------- d-----w- c:\program files (x86)\NewBlue
2012-06-21 10:33 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 10:33 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 10:33 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 10:33 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 10:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 10:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 10:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 10:32 . 2012-06-02 15:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 10:32 . 2012-06-02 15:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 21:44 . 2012-06-20 21:44 -------- d-----w- c:\programdata\Camel Audio
2012-06-20 21:44 . 2012-06-20 21:44 -------- d-----w- c:\program files\Camel Audio
2012-06-20 20:07 . 2012-06-20 20:07 -------- d-----w- c:\program files\Common Files\OFX
2012-06-20 19:54 . 2012-06-20 19:54 -------- d-----w- c:\program files\Magic Bullet Looks Vegas
2012-06-20 19:14 . 2012-06-27 12:40 -------- d-----w- c:\program files (x86)\MAGIX
2012-06-20 19:13 . 2012-06-20 19:14 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2012-06-20 18:29 . 2012-06-27 12:42 -------- d-----w- c:\users\MUSTANG\AppData\Local\Xara
2012-06-20 18:29 . 2012-06-27 12:59 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\MAGIX
2012-06-20 18:28 . 2012-06-22 02:00 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Shared
2012-06-20 18:21 . 2012-06-27 12:40 -------- d-----w- c:\programdata\MAGIX
2012-06-17 15:00 . 2012-06-17 15:00 -------- d-----w- C:\HOSTCS5PLUGINPATH
2012-06-17 15:00 . 2012-06-17 15:00 -------- d-----w- C:\HOSTCS5DEST
2012-06-17 02:41 . 2012-06-17 02:42 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\mresreg
2012-06-17 02:41 . 2012-06-17 02:50 -------- d-----w- c:\program files (x86)\Slideshow XL
2012-06-17 02:41 . 2012-06-17 02:41 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\IN-MEDIAKG
2012-06-17 02:40 . 2012-06-17 02:40 -------- d-----w- c:\program files (x86)\mresreg
2012-06-17 02:24 . 2012-06-17 02:24 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Ashampoo Slideshow Studio HD 2
2012-06-17 00:48 . 2012-06-17 00:48 -------- d-----w- c:\program files (x86)\Selteco
2012-06-16 17:24 . 2012-06-16 17:24 -------- d-----w- C:\bblast20
2012-06-16 12:42 . 2012-06-16 12:44 -------- d-----w- c:\users\MUSTANG\AppData\Local\LooksBuilder
2012-06-16 12:39 . 2012-06-16 16:19 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Red Giant Link
2012-06-16 12:15 . 2012-06-16 12:15 -------- d-----w- c:\program files (x86)\LooksBuilder
2012-06-16 12:15 . 2012-06-16 12:15 -------- d-----w- c:\program files (x86)\Red Giant Link
2012-06-16 12:00 . 2012-06-16 12:00 -------- d-----w- c:\programdata\RedGiant
2012-06-15 11:09 . 2012-06-15 11:09 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\IndigoRose
2012-06-15 10:13 . 2012-06-15 10:13 -------- d-----w- c:\program files (x86)\FEC for AVX
2012-06-15 07:06 . 2012-06-15 07:15 -------- d-----w- c:\program files (x86)\ElcomSoft
2012-06-15 02:54 . 2012-06-15 02:54 -------- d-----w- C:\HOSTCS6DEST
2012-06-15 02:41 . 2012-06-15 02:41 -------- d-----w- C:\HOSTPRCS5DEST
2012-06-15 02:37 . 2012-06-15 02:41 -------- d-----w- C:\CUSTOMDESTINATION64
2012-06-15 01:32 . 2012-06-15 01:32 -------- d-----w- c:\users\MUSTANG\AppData\Local\Intel WiDi
2012-06-14 23:57 . 2012-06-14 23:58 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-06-14 23:57 . 2012-06-14 23:57 -------- d-----w- c:\program files (x86)\Intel Corporation
2012-06-14 23:50 . 2012-06-14 23:50 -------- d-----w- c:\users\MUSTANG\.idlerc
2012-06-14 23:44 . 2012-06-14 23:44 -------- d-----w- c:\program files (x86)\Oracle
2012-06-14 23:23 . 2012-06-14 23:24 -------- d-----w- C:\Python32
2012-06-14 22:41 . 2012-06-14 22:41 -------- d-----w- c:\users\MUSTANG\AppData\Local\Macromedia
2012-06-14 20:10 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-14 20:10 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 15:28 . 2012-05-07 15:28 10504192 ----a-w- c:\windows\system32\BCC8_3DObjects_AE.dll
2012-05-05 16:49 . 2012-05-05 16:49 35248640 ----a-w- c:\windows\system32\BCC8_AE_Float.dll
2012-05-05 16:38 . 2012-05-05 16:38 34864640 ----a-w- c:\windows\system32\BCC8_AE_8Bit.dll
2012-05-05 16:27 . 2012-05-05 16:27 34906112 ----a-w- c:\windows\system32\BCC8_AE_16Bit.dll
2012-05-05 16:21 . 2012-05-05 16:21 1027072 ----a-w- c:\windows\system32\BCC8_Common_AE.dll
2012-04-29 21:51 . 2012-04-16 21:09 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-29 21:51 . 2012-04-16 21:09 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-16 22:47 . 2012-04-16 22:47 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-11 07:12 . 2012-04-11 07:12 2884096 ----a-w- c:\windows\system32\python32.dll
2012-04-06 11:45 . 2012-04-06 11:45 22948352 ----a-w- c:\windows\system32\FEC_FOR_RED5_8Bit.dll
2012-04-06 11:36 . 2012-04-06 11:36 13209600 ----a-w- c:\windows\system32\FEC_FOR_RED5_Common.dll
2012-04-06 11:36 . 2012-04-06 11:36 22987264 ----a-w- c:\windows\system32\FEC_FOR_RED5_16Bit.dll
2012-04-06 10:07 . 2012-04-06 10:07 28227072 ----a-w- c:\windows\system32\BCC7_RED_8Bit.dll
2012-04-06 10:02 . 2012-04-06 10:02 14745088 ----a-w- c:\windows\system32\BCC7_Common_RED.dll
2012-04-06 09:55 . 2012-04-06 09:55 28285952 ----a-w- c:\windows\system32\BCC7_RED_16Bit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnablELUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
"TSleepSrv"=%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R0 gqutuihl;gqutuihl;c:\windows\system32\drivers\suqb.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64lh.sys [2010-01-30 363136]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [2010-01-30 62976]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-08-05 34200]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 MatSvc;Service automatisé de résolution de problèmes Microsoft;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-13 343856]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-08-17 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-21 822704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;tsusbhub [x]
R4 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2011-03-04 482384]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2009-12-16 324928]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-12-08 267192]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-11-30 84480]
S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-11-30 182272]
S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-11-30 84992]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2011-10-20 20592]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-08-05 25496]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-31 174168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 00:09]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 00:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\MUSTANG\AppData\Roaming\Mozilla\Firefox\Profiles\ys7iuh5h.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 5.6.7.8
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-igfxcui - (no file)
Notify-klogon - (no file)
Notify-WB - (no file)
WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
AddRemove-Adobe Flash Player Plugin - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe
AddRemove-UnHackMe_is1 - c:\program files (x86)\UnHackMe\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E718888-423F-11D2-876E-00A0C9082467}"=hex:51,66,7a,6c,4c,1d,38,12,e6,8b,62,
8a,0d,0c,bc,54,f8,78,43,e0,cc,56,60,73
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{9F6B5CC3-5C7B-4B5C-97AF-19DEC1E380E5}"=hex:51,66,7a,6c,4c,1d,38,12,ad,5f,78,
9b,49,12,32,0e,e8,b9,5a,9e,c4,bd,c4,f1
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{95D9ECF5-2A4D-4550-BE49-70D42F71296E}"=hex:51,66,7a,6c,4c,1d,38,12,9b,ef,ca,
91,7f,64,3e,00,c1,5f,33,94,2a,2f,6d,7a
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,
f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:72,98,a5,c5,08,49,cd,01
.
[HKEY_USERS\S-1-5-21-3234270633-3165621610-2973766816-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CB6F261-FAF4-58F7-6949-D1BEF2F0443F}*]
@Allowed: (Read) (RestrictedCode)
"mapjnfleadadohegnkambhmmea"=hex:6f,61,6f,68,62,6f,65,64,66,61,63,68,6c,6d,6e,
6e,61,61,61,64,63,6e,68,68,6b,6a,68,66,6d,6d,00,70
"abojigjhcedcambeappoiijacfghpbhnea"=hex:70,61,61,6b,6b,65,61,67,6f,69,61,61,
63,6e,66,6d,6c,61,6d,6b,66,6c,6d,6e,69,67,65,6f,6b,6a,69,70,00,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:6f,b0,97,09,85,4c,4d,9b,94,22,95,3a,d9,0f,5b,3d,e8,43,e5,02,1b,
20,14,b3,0e,e5,88,66,a9,53,9c,4f,7f,ad,ec,1d,33,c0,d8,20,ec,1b,1c,a7,4f,28,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:6f,b0,97,09,85,4c,4d,9b,94,22,95,3a,d9,0f,5b,3d,e8,43,e5,02,1b,
20,14,b3,0e,e5,88,66,a9,53,9c,4f,7f,ad,ec,1d,33,c0,d8,20,ec,1b,1c,a7,4f,28,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
.
**************************************************************************
.
Completion time: 2012-07-04 12:56:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-04 12:56
ComboFix2.txt 2012-07-03 23:39
.
Pre-Run: 129 327 280 128 octets libres
Post-Run: 128 974 974 976 octets libres
.
- - End Of File - - 923D65E3A58B100360C328C48DF19BA5
ComboFix 12-07-04.01 - MUSTANG 04/07/2012 12:39:52.2.4 - x64
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.1.1033.18.6051.3777 [GMT 0:00]
Running from: c:\users\MUSTANG\Desktop\cequetuveux.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 20:01 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\fr
2012-07-04 20:01 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\en
2012-07-04 20:00 . 2012-07-04 20:00 -------- d-----w- c:\windows\SysWow64\XPSViewer
2012-07-04 20:00 . 2012-07-04 20:00 -------- d-----w- c:\windows\SysWow64\LogFiles
2012-07-04 19:59 . 2012-07-04 19:59 -------- d-----w- c:\windows\SysWow64\winrm
2012-07-04 19:58 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\WCN
2012-07-04 19:56 . 2012-07-04 19:56 -------- d-----w- c:\windows\SysWow64\restore
2012-07-04 19:55 . 2012-07-04 19:55 -------- d-----w- c:\windows\SysWow64\slmgr
2012-07-04 19:52 . 2012-07-04 19:52 -------- d-----w- c:\windows\SysWow64\Printing_Admin_Scripts
2012-07-04 19:40 . 2012-07-04 19:42 -------- d-----w- c:\windows\SysWow64\Dism
2012-07-04 19:38 . 2012-07-04 19:49 -------- d-----w- c:\windows\SysWow64\zh-TW
2012-07-04 19:37 . 2012-07-04 19:37 -------- d-----w- c:\windows\SysWow64\spp
2012-07-04 19:35 . 2012-07-04 19:56 -------- d-----w- c:\windows\SysWow64\Speech
2012-07-04 19:34 . 2012-07-04 19:57 -------- d-----w- c:\windows\SysWow64\setup
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- c:\windows\SysWow64\ras
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- c:\windows\SysWow64\Tasks
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- C:\PerfLogs
2012-07-04 19:33 . 2012-07-04 19:33 -------- d-----w- c:\windows\SysWow64\networklist
2012-07-04 19:33 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\MUI
2012-07-04 19:33 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\drivers\fr-FR
2012-07-04 19:33 . 2012-07-04 12:46 -------- d-----w- c:\windows\SysWow64\Drivers
2012-07-04 19:33 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\MigWiz
2012-07-04 19:31 . 2012-07-04 19:32 -------- d-----w- c:\windows\SysWow64\InstallShield
2012-07-04 19:31 . 2012-07-04 19:31 -------- d-----w- c:\windows\SysWow64\GroupPolicy
2012-07-04 19:31 . 2012-07-04 19:31 -------- d-----w- c:\windows\SysWow64\FxsTmp
2012-07-04 19:30 . 2012-07-04 19:53 -------- d-----w- c:\windows\SysWow64\DriverStore
2012-07-04 19:30 . 2012-07-04 19:53 -------- d-----w- c:\windows\SysWow64\config
2012-07-04 19:30 . 2012-07-04 19:38 -------- d-----w- c:\windows\SysWow64\Com
2012-07-04 19:30 . 2012-07-04 19:59 -------- d-----w- c:\windows\SysWow64\migration
2012-07-04 19:30 . 2012-07-04 12:36 -------- d-----w- c:\windows\SysWow64\wbem
2012-07-04 19:30 . 2012-07-04 19:30 -------- d-----w- c:\windows\SysWow64\wdi
2012-07-04 19:30 . 2012-07-04 19:30 -------- d-----w- c:\windows\SysWow64\manifeststore
2012-07-04 19:30 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\fr-FR
2012-07-04 19:30 . 2012-07-04 12:46 -------- d-----w- c:\windows\SysWOW64
2012-07-04 12:49 . 2012-07-04 12:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-04 12:36 . 2012-07-04 12:37 -------- d-----w- C:\ComboFix
2012-07-04 12:26 . 2012-07-04 12:26 39184 ----a-w- c:\windows\SysWow64\Partizan.exe
2012-07-04 12:26 . 2012-07-04 12:26 35816 ----a-w- c:\windows\SysWow64\drivers\Partizan.sys
2012-07-03 21:27 . 2012-07-03 21:46 -------- d-----w- C:\RmFix
2012-07-03 21:23 . 2012-07-04 10:19 -------- d-----w- C:\Telechargements
2012-07-03 20:16 . 2012-07-03 20:16 -------- d-----w- c:\program files\Unlocker
2012-07-03 19:14 . 2012-07-04 08:55 -------- d-----w- C:\Pre_Scan
2012-07-03 15:19 . 2012-07-03 15:19 332288 ----a-w- c:\windows\system32\uxtheme.new
2012-07-03 15:03 . 2012-07-03 21:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-02 22:44 . 2012-07-02 22:46 -------- d-----w- c:\users\Guest
2012-06-29 15:21 . 2012-06-29 15:21 -------- d-----w- c:\users\MUSTANG\DoctorWeb
2012-06-29 01:06 . 2012-06-29 01:07 -------- d-----w- c:\program files (x86)\ZebHelpProcess
2012-06-28 20:41 . 2012-06-28 20:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-28 20:13 . 2012-06-29 02:30 -------- d-----w- c:\program files\HitmanPro
2012-06-28 20:13 . 2012-06-28 20:42 -------- d-----w- c:\programdata\HitmanPro
2012-06-28 13:40 . 2012-06-28 13:40 -------- d-----w- C:\bd_logs
2012-06-28 13:03 . 2012-06-28 13:03 -------- d-----w- c:\users\MUSTANG\Pavark
2012-06-28 07:06 . 2012-06-28 07:06 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-06-28 06:58 . 2012-07-04 12:26 -------- d-----w- c:\programdata\RegRun
2012-06-28 06:58 . 2012-07-03 15:05 -------- d-----w- c:\program files (x86)\UnHackMe.del
2012-06-27 21:58 . 2012-07-04 09:31 -------- d-----w- C:\DLTools
2012-06-27 21:57 . 2012-06-27 21:57 -------- d-----w- C:\img
2012-06-27 21:53 . 2012-06-27 21:53 486224 ----a-w- C:\HelpSecurity.exe
2012-06-27 20:33 . 2012-06-27 20:33 -------- d-----w- c:\program files (x86)\Common Files\Borland Shared
2012-06-27 17:24 . 2012-06-29 02:28 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-06-27 14:42 . 2012-06-27 14:42 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\SUPERAntiSpyware.com
2012-06-27 10:31 . 2012-06-27 10:31 -------- d-----w- c:\programdata\Sophos
2012-06-27 02:26 . 2009-06-18 12:54 6144 ------w- c:\windows\system32\F9C9.tmp
2012-06-27 02:26 . 2012-06-29 12:35 -------- d-----w- c:\program files (x86)\Sophos
2012-06-27 01:05 . 2012-06-27 01:06 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Sony
2012-06-26 13:47 . 2012-06-26 17:26 -------- d-----w- c:\programdata\eSellerate
2012-06-24 10:52 . 2012-06-24 10:52 708960 ----a-w- C:\GetSystemInfo.exe
2012-06-24 09:05 . 2012-06-24 09:10 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-22 23:10 . 2012-06-22 23:10 -------- d-----w- c:\users\MUSTANG\VirtualBox VMs
2012-06-22 23:04 . 2012-06-24 18:32 -------- d-----w- c:\users\MUSTANG\.VirtualBox
2012-06-22 22:54 . 2012-04-03 14:19 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-06-22 22:53 . 2012-04-03 14:19 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-06-22 02:00 . 2012-06-22 05:21 -------- d-----w- c:\program files\WMV9_VCM
2012-06-21 23:34 . 2012-06-23 13:49 -------- d-----w- c:\program files (x86)\Sony
2012-06-21 15:44 . 2012-06-21 15:44 -------- d-----w- c:\program files (x86)\Common Files\eSellerate
2012-06-21 15:44 . 1913-11-26 07:04 -------- d-----w- c:\program files\NewBlue
2012-06-21 15:43 . 2050-01-01 13:32 -------- d-----w- c:\program files (x86)\NewBlue
2012-06-21 10:33 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 10:33 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 10:33 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 10:33 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 10:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 10:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 10:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 10:32 . 2012-06-02 15:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 10:32 . 2012-06-02 15:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 21:44 . 2012-06-20 21:44 -------- d-----w- c:\programdata\Camel Audio
2012-06-20 21:44 . 2012-06-20 21:44 -------- d-----w- c:\program files\Camel Audio
2012-06-20 20:07 . 2012-06-20 20:07 -------- d-----w- c:\program files\Common Files\OFX
2012-06-20 19:54 . 2012-06-20 19:54 -------- d-----w- c:\program files\Magic Bullet Looks Vegas
2012-06-20 19:14 . 2012-06-27 12:40 -------- d-----w- c:\program files (x86)\MAGIX
2012-06-20 19:13 . 2012-06-20 19:14 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2012-06-20 18:29 . 2012-06-27 12:42 -------- d-----w- c:\users\MUSTANG\AppData\Local\Xara
2012-06-20 18:29 . 2012-06-27 12:59 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\MAGIX
2012-06-20 18:28 . 2012-06-22 02:00 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Shared
2012-06-20 18:21 . 2012-06-27 12:40 -------- d-----w- c:\programdata\MAGIX
2012-06-17 15:00 . 2012-06-17 15:00 -------- d-----w- C:\HOSTCS5PLUGINPATH
2012-06-17 15:00 . 2012-06-17 15:00 -------- d-----w- C:\HOSTCS5DEST
2012-06-17 02:41 . 2012-06-17 02:42 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\mresreg
2012-06-17 02:41 . 2012-06-17 02:50 -------- d-----w- c:\program files (x86)\Slideshow XL
2012-06-17 02:41 . 2012-06-17 02:41 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\IN-MEDIAKG
2012-06-17 02:40 . 2012-06-17 02:40 -------- d-----w- c:\program files (x86)\mresreg
2012-06-17 02:24 . 2012-06-17 02:24 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Ashampoo Slideshow Studio HD 2
2012-06-17 00:48 . 2012-06-17 00:48 -------- d-----w- c:\program files (x86)\Selteco
2012-06-16 17:24 . 2012-06-16 17:24 -------- d-----w- C:\bblast20
2012-06-16 12:42 . 2012-06-16 12:44 -------- d-----w- c:\users\MUSTANG\AppData\Local\LooksBuilder
2012-06-16 12:39 . 2012-06-16 16:19 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Red Giant Link
2012-06-16 12:15 . 2012-06-16 12:15 -------- d-----w- c:\program files (x86)\LooksBuilder
2012-06-16 12:15 . 2012-06-16 12:15 -------- d-----w- c:\program files (x86)\Red Giant Link
2012-06-16 12:00 . 2012-06-16 12:00 -------- d-----w- c:\programdata\RedGiant
2012-06-15 11:09 . 2012-06-15 11:09 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\IndigoRose
2012-06-15 10:13 . 2012-06-15 10:13 -------- d-----w- c:\program files (x86)\FEC for AVX
2012-06-15 07:06 . 2012-06-15 07:15 -------- d-----w- c:\program files (x86)\ElcomSoft
2012-06-15 02:54 . 2012-06-15 02:54 -------- d-----w- C:\HOSTCS6DEST
2012-06-15 02:41 . 2012-06-15 02:41 -------- d-----w- C:\HOSTPRCS5DEST
2012-06-15 02:37 . 2012-06-15 02:41 -------- d-----w- C:\CUSTOMDESTINATION64
2012-06-15 01:32 . 2012-06-15 01:32 -------- d-----w- c:\users\MUSTANG\AppData\Local\Intel WiDi
2012-06-14 23:57 . 2012-06-14 23:58 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-06-14 23:57 . 2012-06-14 23:57 -------- d-----w- c:\program files (x86)\Intel Corporation
2012-06-14 23:50 . 2012-06-14 23:50 -------- d-----w- c:\users\MUSTANG\.idlerc
2012-06-14 23:44 . 2012-06-14 23:44 -------- d-----w- c:\program files (x86)\Oracle
2012-06-14 23:23 . 2012-06-14 23:24 -------- d-----w- C:\Python32
2012-06-14 22:41 . 2012-06-14 22:41 -------- d-----w- c:\users\MUSTANG\AppData\Local\Macromedia
2012-06-14 20:10 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-14 20:10 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 15:28 . 2012-05-07 15:28 10504192 ----a-w- c:\windows\system32\BCC8_3DObjects_AE.dll
2012-05-05 16:49 . 2012-05-05 16:49 35248640 ----a-w- c:\windows\system32\BCC8_AE_Float.dll
2012-05-05 16:38 . 2012-05-05 16:38 34864640 ----a-w- c:\windows\system32\BCC8_AE_8Bit.dll
2012-05-05 16:27 . 2012-05-05 16:27 34906112 ----a-w- c:\windows\system32\BCC8_AE_16Bit.dll
2012-05-05 16:21 . 2012-05-05 16:21 1027072 ----a-w- c:\windows\system32\BCC8_Common_AE.dll
2012-04-29 21:51 . 2012-04-16 21:09 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-29 21:51 . 2012-04-16 21:09 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-16 22:47 . 2012-04-16 22:47 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-11 07:12 . 2012-04-11 07:12 2884096 ----a-w- c:\windows\system32\python32.dll
2012-04-06 11:45 . 2012-04-06 11:45 22948352 ----a-w- c:\windows\system32\FEC_FOR_RED5_8Bit.dll
2012-04-06 11:36 . 2012-04-06 11:36 13209600 ----a-w- c:\windows\system32\FEC_FOR_RED5_Common.dll
2012-04-06 11:36 . 2012-04-06 11:36 22987264 ----a-w- c:\windows\system32\FEC_FOR_RED5_16Bit.dll
2012-04-06 10:07 . 2012-04-06 10:07 28227072 ----a-w- c:\windows\system32\BCC7_RED_8Bit.dll
2012-04-06 10:02 . 2012-04-06 10:02 14745088 ----a-w- c:\windows\system32\BCC7_Common_RED.dll
2012-04-06 09:55 . 2012-04-06 09:55 28285952 ----a-w- c:\windows\system32\BCC7_RED_16Bit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnablELUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
"TSleepSrv"=%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R0 gqutuihl;gqutuihl;c:\windows\system32\drivers\suqb.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64lh.sys [2010-01-30 363136]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [2010-01-30 62976]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-08-05 34200]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 MatSvc;Service automatisé de résolution de problèmes Microsoft;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-13 343856]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-08-17 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-21 822704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;tsusbhub [x]
R4 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2011-03-04 482384]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2009-12-16 324928]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-12-08 267192]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-11-30 84480]
S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-11-30 182272]
S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-11-30 84992]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2011-10-20 20592]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-08-05 25496]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-31 174168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 00:09]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 00:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\MUSTANG\AppData\Roaming\Mozilla\Firefox\Profiles\ys7iuh5h.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 5.6.7.8
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-igfxcui - (no file)
Notify-klogon - (no file)
Notify-WB - (no file)
WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
AddRemove-Adobe Flash Player Plugin - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe
AddRemove-UnHackMe_is1 - c:\program files (x86)\UnHackMe\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E718888-423F-11D2-876E-00A0C9082467}"=hex:51,66,7a,6c,4c,1d,38,12,e6,8b,62,
8a,0d,0c,bc,54,f8,78,43,e0,cc,56,60,73
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{9F6B5CC3-5C7B-4B5C-97AF-19DEC1E380E5}"=hex:51,66,7a,6c,4c,1d,38,12,ad,5f,78,
9b,49,12,32,0e,e8,b9,5a,9e,c4,bd,c4,f1
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{95D9ECF5-2A4D-4550-BE49-70D42F71296E}"=hex:51,66,7a,6c,4c,1d,38,12,9b,ef,ca,
91,7f,64,3e,00,c1,5f,33,94,2a,2f,6d,7a
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,
f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:72,98,a5,c5,08,49,cd,01
.
[HKEY_USERS\S-1-5-21-3234270633-3165621610-2973766816-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CB6F261-FAF4-58F7-6949-D1BEF2F0443F}*]
@Allowed: (Read) (RestrictedCode)
"mapjnfleadadohegnkambhmmea"=hex:6f,61,6f,68,62,6f,65,64,66,61,63,68,6c,6d,6e,
6e,61,61,61,64,63,6e,68,68,6b,6a,68,66,6d,6d,00,70
"abojigjhcedcambeappoiijacfghpbhnea"=hex:70,61,61,6b,6b,65,61,67,6f,69,61,61,
63,6e,66,6d,6c,61,6d,6b,66,6c,6d,6e,69,67,65,6f,6b,6a,69,70,00,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:6f,b0,97,09,85,4c,4d,9b,94,22,95,3a,d9,0f,5b,3d,e8,43,e5,02,1b,
20,14,b3,0e,e5,88,66,a9,53,9c,4f,7f,ad,ec,1d,33,c0,d8,20,ec,1b,1c,a7,4f,28,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:6f,b0,97,09,85,4c,4d,9b,94,22,95,3a,d9,0f,5b,3d,e8,43,e5,02,1b,
20,14,b3,0e,e5,88,66,a9,53,9c,4f,7f,ad,ec,1d,33,c0,d8,20,ec,1b,1c,a7,4f,28,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
.
**************************************************************************
.
Completion time: 2012-07-04 12:56:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-04 12:56
ComboFix2.txt 2012-07-03 23:39
.
Pre-Run: 129 327 280 128 octets libres
Post-Run: 128 974 974 976 octets libres
.
- - End Of File - - 923D65E3A58B100360C328C48DF19BA5
cortex70
Messages postés
41
Date d'inscription
jeudi 28 juin 2012
Statut
Membre
Dernière intervention
11 juillet 2012
1
Modifié par cortex70 le 4/07/2012 à 15:05
Modifié par cortex70 le 4/07/2012 à 15:05
euhh....j'ai oublier de préciser que je tourne en dual boot avec Ubuntu (au cas ou ca aurait une incidence )
Utilisateur anonyme
4 juil. 2012 à 15:26
4 juil. 2012 à 15:26
__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------
Toujours avec toutes les protections désactivées, fais ceci :
▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :
----------------------------------------------------------
KillAll::
ClearJavaCache::
File::
c:\windows\system32\F9C9.tmp
Rootkit::
c:\windows\system32\drivers\suqb.sys
Driver::
gqutuihl
Firefox::
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 5.6.7.8
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.ssl_port - 8080
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
[HKEY_USERS\S-1-5-21-3234270633-3165621610-2973766816-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CB6F261-FAF4-58F7-6949-D1BEF2F0443F}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
------------------------------------------------------------------
▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes
▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix comme sur cette : illustration
▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt
cortex70
Messages postés
41
Date d'inscription
jeudi 28 juin 2012
Statut
Membre
Dernière intervention
11 juillet 2012
1
4 juil. 2012 à 16:12
4 juil. 2012 à 16:12
ComboFix 12-07-04.01 - MUSTANG 04/07/2012 13:48:42.3.4 - x64
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.1.1033.18.6051.4641 [GMT 0:00]
Running from: c:\users\MUSTANG\Desktop\cequetuveux.exe
Command switches used :: c:\users\MUSTANG\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\F9C9.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\F9C9.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gqutuihl
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 20:01 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\fr
2012-07-04 20:01 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\en
2012-07-04 20:00 . 2012-07-04 20:00 -------- d-----w- c:\windows\SysWow64\XPSViewer
2012-07-04 20:00 . 2012-07-04 20:00 -------- d-----w- c:\windows\SysWow64\LogFiles
2012-07-04 19:59 . 2012-07-04 19:59 -------- d-----w- c:\windows\SysWow64\winrm
2012-07-04 19:58 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\WCN
2012-07-04 19:56 . 2012-07-04 19:56 -------- d-----w- c:\windows\SysWow64\restore
2012-07-04 19:55 . 2012-07-04 19:55 -------- d-----w- c:\windows\SysWow64\slmgr
2012-07-04 19:52 . 2012-07-04 19:52 -------- d-----w- c:\windows\SysWow64\Printing_Admin_Scripts
2012-07-04 19:40 . 2012-07-04 19:42 -------- d-----w- c:\windows\SysWow64\Dism
2012-07-04 19:38 . 2012-07-04 19:49 -------- d-----w- c:\windows\SysWow64\zh-TW
2012-07-04 19:37 . 2012-07-04 19:37 -------- d-----w- c:\windows\SysWow64\spp
2012-07-04 19:35 . 2012-07-04 19:56 -------- d-----w- c:\windows\SysWow64\Speech
2012-07-04 19:34 . 2012-07-04 19:57 -------- d-----w- c:\windows\SysWow64\setup
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- c:\windows\SysWow64\ras
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- c:\windows\SysWow64\Tasks
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- C:\PerfLogs
2012-07-04 19:33 . 2012-07-04 19:33 -------- d-----w- c:\windows\SysWow64\networklist
2012-07-04 19:33 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\MUI
2012-07-04 19:33 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\drivers\fr-FR
2012-07-04 19:33 . 2012-07-04 13:55 -------- d-----w- c:\windows\SysWow64\Drivers
2012-07-04 19:33 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\MigWiz
2012-07-04 19:31 . 2012-07-04 19:32 -------- d-----w- c:\windows\SysWow64\InstallShield
2012-07-04 19:31 . 2012-07-04 19:31 -------- d-----w- c:\windows\SysWow64\GroupPolicy
2012-07-04 19:31 . 2012-07-04 19:31 -------- d-----w- c:\windows\SysWow64\FxsTmp
2012-07-04 19:30 . 2012-07-04 19:53 -------- d-----w- c:\windows\SysWow64\DriverStore
2012-07-04 19:30 . 2012-07-04 19:53 -------- d-----w- c:\windows\SysWow64\config
2012-07-04 19:30 . 2012-07-04 19:38 -------- d-----w- c:\windows\SysWow64\Com
2012-07-04 19:30 . 2012-07-04 19:59 -------- d-----w- c:\windows\SysWow64\migration
2012-07-04 19:30 . 2012-07-04 12:36 -------- d-----w- c:\windows\SysWow64\wbem
2012-07-04 19:30 . 2012-07-04 19:30 -------- d-----w- c:\windows\SysWow64\wdi
2012-07-04 19:30 . 2012-07-04 19:30 -------- d-----w- c:\windows\SysWow64\manifeststore
2012-07-04 19:30 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\fr-FR
2012-07-04 19:30 . 2012-07-04 13:55 -------- d-----w- c:\windows\SysWOW64
2012-07-04 13:58 . 2012-07-04 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-04 12:36 . 2012-07-04 13:47 -------- d-----w- C:\ComboFix
2012-07-04 12:26 . 2012-07-04 12:26 39184 ----a-w- c:\windows\SysWow64\Partizan.exe
2012-07-04 12:26 . 2012-07-04 12:26 35816 ----a-w- c:\windows\SysWow64\drivers\Partizan.sys
2012-07-03 21:27 . 2012-07-03 21:46 -------- d-----w- C:\RmFix
2012-07-03 21:23 . 2012-07-04 10:19 -------- d-----w- C:\Telechargements
2012-07-03 20:16 . 2012-07-03 20:16 -------- d-----w- c:\program files\Unlocker
2012-07-03 19:14 . 2012-07-04 08:55 -------- d-----w- C:\Pre_Scan
2012-07-03 15:19 . 2012-07-03 15:19 332288 ----a-w- c:\windows\system32\uxtheme.new
2012-07-03 15:03 . 2012-07-03 21:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-02 22:44 . 2012-07-02 22:46 -------- d-----w- c:\users\Guest
2012-06-29 15:21 . 2012-06-29 15:21 -------- d-----w- c:\users\MUSTANG\DoctorWeb
2012-06-29 01:06 . 2012-06-29 01:07 -------- d-----w- c:\program files (x86)\ZebHelpProcess
2012-06-28 20:41 . 2012-06-28 20:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-28 20:13 . 2012-06-29 02:30 -------- d-----w- c:\program files\HitmanPro
2012-06-28 20:13 . 2012-06-28 20:42 -------- d-----w- c:\programdata\HitmanPro
2012-06-28 13:40 . 2012-06-28 13:40 -------- d-----w- C:\bd_logs
2012-06-28 13:03 . 2012-06-28 13:03 -------- d-----w- c:\users\MUSTANG\Pavark
2012-06-28 07:06 . 2012-06-28 07:06 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-06-28 06:58 . 2012-07-04 13:58 -------- d-----w- c:\programdata\RegRun
2012-06-28 06:58 . 2012-07-03 15:05 -------- d-----w- c:\program files (x86)\UnHackMe.del
2012-06-27 21:58 . 2012-07-04 09:31 -------- d-----w- C:\DLTools
2012-06-27 21:57 . 2012-06-27 21:57 -------- d-----w- C:\img
2012-06-27 21:53 . 2012-06-27 21:53 486224 ----a-w- C:\HelpSecurity.exe
2012-06-27 20:33 . 2012-06-27 20:33 -------- d-----w- c:\program files (x86)\Common Files\Borland Shared
2012-06-27 17:24 . 2012-06-29 02:28 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-06-27 14:42 . 2012-06-27 14:42 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\SUPERAntiSpyware.com
2012-06-27 10:31 . 2012-06-27 10:31 -------- d-----w- c:\programdata\Sophos
2012-06-27 02:26 . 2012-06-29 12:35 -------- d-----w- c:\program files (x86)\Sophos
2012-06-27 01:05 . 2012-06-27 01:06 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Sony
2012-06-26 13:47 . 2012-06-26 17:26 -------- d-----w- c:\programdata\eSellerate
2012-06-24 10:52 . 2012-06-24 10:52 708960 ----a-w- C:\GetSystemInfo.exe
2012-06-24 09:05 . 2012-06-24 09:10 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-22 23:10 . 2012-06-22 23:10 -------- d-----w- c:\users\MUSTANG\VirtualBox VMs
2012-06-22 23:04 . 2012-06-24 18:32 -------- d-----w- c:\users\MUSTANG\.VirtualBox
2012-06-22 22:54 . 2012-04-03 14:19 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-06-22 22:53 . 2012-04-03 14:19 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-06-22 02:00 . 2012-06-22 05:21 -------- d-----w- c:\program files\WMV9_VCM
2012-06-21 23:34 . 2012-06-23 13:49 -------- d-----w- c:\program files (x86)\Sony
2012-06-21 15:44 . 2012-06-21 15:44 -------- d-----w- c:\program files (x86)\Common Files\eSellerate
2012-06-21 15:44 . 1913-11-26 07:04 -------- d-----w- c:\program files\NewBlue
2012-06-21 15:43 . 2050-01-01 13:32 -------- d-----w- c:\program files (x86)\NewBlue
2012-06-21 10:33 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 10:33 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 10:33 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 10:33 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 10:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 10:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 10:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 10:32 . 2012-06-02 15:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 10:32 . 2012-06-02 15:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 21:44 . 2012-06-20 21:44 -------- d-----w- c:\programdata\Camel Audio
2012-06-20 21:44 . 2012-06-20 21:44 -------- d-----w- c:\program files\Camel Audio
2012-06-20 20:07 . 2012-06-20 20:07 -------- d-----w- c:\program files\Common Files\OFX
2012-06-20 19:54 . 2012-06-20 19:54 -------- d-----w- c:\program files\Magic Bullet Looks Vegas
2012-06-20 19:14 . 2012-06-27 12:40 -------- d-----w- c:\program files (x86)\MAGIX
2012-06-20 19:13 . 2012-06-20 19:14 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2012-06-20 18:29 . 2012-06-27 12:42 -------- d-----w- c:\users\MUSTANG\AppData\Local\Xara
2012-06-20 18:29 . 2012-06-27 12:59 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\MAGIX
2012-06-20 18:28 . 2012-06-22 02:00 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Shared
2012-06-20 18:21 . 2012-06-27 12:40 -------- d-----w- c:\programdata\MAGIX
2012-06-17 15:00 . 2012-06-17 15:00 -------- d-----w- C:\HOSTCS5PLUGINPATH
2012-06-17 15:00 . 2012-06-17 15:00 -------- d-----w- C:\HOSTCS5DEST
2012-06-17 02:41 . 2012-06-17 02:42 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\mresreg
2012-06-17 02:41 . 2012-06-17 02:50 -------- d-----w- c:\program files (x86)\Slideshow XL
2012-06-17 02:41 . 2012-06-17 02:41 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\IN-MEDIAKG
2012-06-17 02:40 . 2012-06-17 02:40 -------- d-----w- c:\program files (x86)\mresreg
2012-06-17 02:24 . 2012-06-17 02:24 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Ashampoo Slideshow Studio HD 2
2012-06-17 00:48 . 2012-06-17 00:48 -------- d-----w- c:\program files (x86)\Selteco
2012-06-16 17:24 . 2012-06-16 17:24 -------- d-----w- C:\bblast20
2012-06-16 12:42 . 2012-06-16 12:44 -------- d-----w- c:\users\MUSTANG\AppData\Local\LooksBuilder
2012-06-16 12:39 . 2012-06-16 16:19 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Red Giant Link
2012-06-16 12:15 . 2012-06-16 12:15 -------- d-----w- c:\program files (x86)\LooksBuilder
2012-06-16 12:15 . 2012-06-16 12:15 -------- d-----w- c:\program files (x86)\Red Giant Link
2012-06-16 12:00 . 2012-06-16 12:00 -------- d-----w- c:\programdata\RedGiant
2012-06-15 11:09 . 2012-06-15 11:09 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\IndigoRose
2012-06-15 10:13 . 2012-06-15 10:13 -------- d-----w- c:\program files (x86)\FEC for AVX
2012-06-15 07:06 . 2012-06-15 07:15 -------- d-----w- c:\program files (x86)\ElcomSoft
2012-06-15 02:54 . 2012-06-15 02:54 -------- d-----w- C:\HOSTCS6DEST
2012-06-15 02:41 . 2012-06-15 02:41 -------- d-----w- C:\HOSTPRCS5DEST
2012-06-15 02:37 . 2012-06-15 02:41 -------- d-----w- C:\CUSTOMDESTINATION64
2012-06-15 01:32 . 2012-06-15 01:32 -------- d-----w- c:\users\MUSTANG\AppData\Local\Intel WiDi
2012-06-14 23:57 . 2012-06-14 23:58 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-06-14 23:57 . 2012-06-14 23:57 -------- d-----w- c:\program files (x86)\Intel Corporation
2012-06-14 23:50 . 2012-06-14 23:50 -------- d-----w- c:\users\MUSTANG\.idlerc
2012-06-14 23:44 . 2012-06-14 23:44 -------- d-----w- c:\program files (x86)\Oracle
2012-06-14 23:23 . 2012-06-14 23:24 -------- d-----w- C:\Python32
2012-06-14 22:41 . 2012-06-14 22:41 -------- d-----w- c:\users\MUSTANG\AppData\Local\Macromedia
2012-06-14 20:10 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-14 20:10 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-13 11:02 . 2012-06-13 11:02 -------- d-----w- c:\programdata\PACE Anti-Piracy
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 15:28 . 2012-05-07 15:28 10504192 ----a-w- c:\windows\system32\BCC8_3DObjects_AE.dll
2012-05-05 16:49 . 2012-05-05 16:49 35248640 ----a-w- c:\windows\system32\BCC8_AE_Float.dll
2012-05-05 16:38 . 2012-05-05 16:38 34864640 ----a-w- c:\windows\system32\BCC8_AE_8Bit.dll
2012-05-05 16:27 . 2012-05-05 16:27 34906112 ----a-w- c:\windows\system32\BCC8_AE_16Bit.dll
2012-05-05 16:21 . 2012-05-05 16:21 1027072 ----a-w- c:\windows\system32\BCC8_Common_AE.dll
2012-04-29 21:51 . 2012-04-16 21:09 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-29 21:51 . 2012-04-16 21:09 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-16 22:47 . 2012-04-16 22:47 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-11 07:12 . 2012-04-11 07:12 2884096 ----a-w- c:\windows\system32\python32.dll
2012-04-06 11:45 . 2012-04-06 11:45 22948352 ----a-w- c:\windows\system32\FEC_FOR_RED5_8Bit.dll
2012-04-06 11:36 . 2012-04-06 11:36 13209600 ----a-w- c:\windows\system32\FEC_FOR_RED5_Common.dll
2012-04-06 11:36 . 2012-04-06 11:36 22987264 ----a-w- c:\windows\system32\FEC_FOR_RED5_16Bit.dll
2012-04-06 10:07 . 2012-04-06 10:07 28227072 ----a-w- c:\windows\system32\BCC7_RED_8Bit.dll
2012-04-06 10:02 . 2012-04-06 10:02 14745088 ----a-w- c:\windows\system32\BCC7_Common_RED.dll
2012-04-06 09:55 . 2012-04-06 09:55 28285952 ----a-w- c:\windows\system32\BCC7_RED_16Bit.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-04_12.51.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-07-04 12:26 . 2012-07-04 12:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-04 12:26 . 2012-07-04 14:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-07-04 12:26 . 2012-07-04 12:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-07-04 12:26 . 2012-07-04 14:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-07-04 12:26 . 2012-07-04 12:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-04 12:26 . 2012-07-04 14:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-04 12:26 . 2012-07-04 14:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-04 12:26 . 2012-07-04 12:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-07-04 13:42 72436 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-04 13:42 49960 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-07-04 12:28 49960 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-20 17:43 . 2012-07-04 13:42 17130 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3234270633-3165621610-2973766816-1000_UserData.bin
+ 2012-07-04 13:59 . 2012-07-04 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-04 12:50 . 2012-07-04 12:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-04 13:59 . 2012-07-04 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-04 12:50 . 2012-07-04 12:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-29 09:53 . 2012-07-04 12:32 715018 c:\windows\system32\perfh00C.dat
+ 2011-10-29 09:53 . 2012-07-04 13:45 715018 c:\windows\system32\perfh00C.dat
- 2009-07-14 02:36 . 2012-07-04 12:32 636122 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-04 13:45 636122 c:\windows\system32\perfh009.dat
- 2011-10-29 09:53 . 2012-07-04 12:32 135872 c:\windows\system32\perfc00C.dat
+ 2011-10-29 09:53 . 2012-07-04 13:45 135872 c:\windows\system32\perfc00C.dat
+ 2009-07-14 02:36 . 2012-07-04 13:45 111664 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-04 12:32 111664 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-04 12:49 785072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-04 13:59 785072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnablELUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
[BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
"TSleepSrv"=%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64lh.sys [2010-01-30 363136]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [2010-01-30 62976]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-08-05 34200]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 MatSvc;Service automatisé de résolution de problèmes Microsoft;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-13 343856]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-08-17 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-21 822704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;tsusbhub [x]
R4 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2011-03-04 482384]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2009-12-16 324928]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-12-08 267192]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-11-30 84480]
S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-11-30 182272]
S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-11-30 84992]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2011-10-20 20592]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-08-05 25496]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-31 174168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 00:09]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 00:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
"combofix"="c:\cequetuveux\CF20559.3XE" [2010-11-21 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\MUSTANG\AppData\Roaming\Mozilla\Firefox\Profiles\ys7iuh5h.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 5.6.7.8
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E718888-423F-11D2-876E-00A0C9082467}"=hex:51,66,7a,6c,4c,1d,38,12,e6,8b,62,
8a,0d,0c,bc,54,f8,78,43,e0,cc,56,60,73
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{9F6B5CC3-5C7B-4B5C-97AF-19DEC1E380E5}"=hex:51,66,7a,6c,4c,1d,38,12,ad,5f,78,
9b,49,12,32,0e,e8,b9,5a,9e,c4,bd,c4,f1
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{95D9ECF5-2A4D-4550-BE49-70D42F71296E}"=hex:51,66,7a,6c,4c,1d,38,12,9b,ef,ca,
91,7f,64,3e,00,c1,5f,33,94,2a,2f,6d,7a
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,
f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:72,98,a5,c5,08,49,cd,01
.
[HKEY_USERS\S-1-5-21-3234270633-3165621610-2973766816-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CB6F261-FAF4-58F7-6949-D1BEF2F0443F}*]
@Allowed: (Read) (RestrictedCode)
"mapjnfleadadohegnkambhmmea"=hex:6f,61,6f,68,62,6f,65,64,66,61,63,68,6c,6d,6e,
6e,61,61,61,64,63,6e,68,68,6b,6a,68,66,6d,6d,00,70
"abojigjhcedcambeappoiijacfghpbhnea"=hex:70,61,61,6b,6b,65,61,67,6f,69,61,61,
63,6e,66,6d,6c,61,6d,6b,66,6c,6d,6e,69,67,65,6f,6b,6a,69,70,00,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:6f,b0,97,09,85,4c,4d,9b,94,22,95,3a,d9,0f,5b,3d,e8,43,e5,02,1b,
20,14,b3,0e,e5,88,66,a9,53,9c,4f,7f,ad,ec,1d,33,c0,d8,20,ec,1b,1c,a7,4f,28,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:6f,b0,97,09,85,4c,4d,9b,94,22,95,3a,d9,0f,5b,3d,e8,43,e5,02,1b,
20,14,b3,0e,e5,88,66,a9,53,9c,4f,7f,ad,ec,1d,33,c0,d8,20,ec,1b,1c,a7,4f,28,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
.
**************************************************************************
.
Completion time: 2012-07-04 14:05:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-04 14:05
ComboFix2.txt 2012-07-04 12:56
ComboFix3.txt 2012-07-03 23:39
.
Pre-Run: 129 135 927 296 octets libres
Post-Run: 128 661 553 152 octets libres
.
- - End Of File - - BF0B090DB49280709FBE8D8E7D761914
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.1.1033.18.6051.4641 [GMT 0:00]
Running from: c:\users\MUSTANG\Desktop\cequetuveux.exe
Command switches used :: c:\users\MUSTANG\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\F9C9.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\F9C9.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gqutuihl
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 20:01 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\fr
2012-07-04 20:01 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\en
2012-07-04 20:00 . 2012-07-04 20:00 -------- d-----w- c:\windows\SysWow64\XPSViewer
2012-07-04 20:00 . 2012-07-04 20:00 -------- d-----w- c:\windows\SysWow64\LogFiles
2012-07-04 19:59 . 2012-07-04 19:59 -------- d-----w- c:\windows\SysWow64\winrm
2012-07-04 19:58 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\WCN
2012-07-04 19:56 . 2012-07-04 19:56 -------- d-----w- c:\windows\SysWow64\restore
2012-07-04 19:55 . 2012-07-04 19:55 -------- d-----w- c:\windows\SysWow64\slmgr
2012-07-04 19:52 . 2012-07-04 19:52 -------- d-----w- c:\windows\SysWow64\Printing_Admin_Scripts
2012-07-04 19:40 . 2012-07-04 19:42 -------- d-----w- c:\windows\SysWow64\Dism
2012-07-04 19:38 . 2012-07-04 19:49 -------- d-----w- c:\windows\SysWow64\zh-TW
2012-07-04 19:37 . 2012-07-04 19:37 -------- d-----w- c:\windows\SysWow64\spp
2012-07-04 19:35 . 2012-07-04 19:56 -------- d-----w- c:\windows\SysWow64\Speech
2012-07-04 19:34 . 2012-07-04 19:57 -------- d-----w- c:\windows\SysWow64\setup
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- c:\windows\SysWow64\ras
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- c:\windows\SysWow64\Tasks
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- C:\PerfLogs
2012-07-04 19:33 . 2012-07-04 19:33 -------- d-----w- c:\windows\SysWow64\networklist
2012-07-04 19:33 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\MUI
2012-07-04 19:33 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\drivers\fr-FR
2012-07-04 19:33 . 2012-07-04 13:55 -------- d-----w- c:\windows\SysWow64\Drivers
2012-07-04 19:33 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\MigWiz
2012-07-04 19:31 . 2012-07-04 19:32 -------- d-----w- c:\windows\SysWow64\InstallShield
2012-07-04 19:31 . 2012-07-04 19:31 -------- d-----w- c:\windows\SysWow64\GroupPolicy
2012-07-04 19:31 . 2012-07-04 19:31 -------- d-----w- c:\windows\SysWow64\FxsTmp
2012-07-04 19:30 . 2012-07-04 19:53 -------- d-----w- c:\windows\SysWow64\DriverStore
2012-07-04 19:30 . 2012-07-04 19:53 -------- d-----w- c:\windows\SysWow64\config
2012-07-04 19:30 . 2012-07-04 19:38 -------- d-----w- c:\windows\SysWow64\Com
2012-07-04 19:30 . 2012-07-04 19:59 -------- d-----w- c:\windows\SysWow64\migration
2012-07-04 19:30 . 2012-07-04 12:36 -------- d-----w- c:\windows\SysWow64\wbem
2012-07-04 19:30 . 2012-07-04 19:30 -------- d-----w- c:\windows\SysWow64\wdi
2012-07-04 19:30 . 2012-07-04 19:30 -------- d-----w- c:\windows\SysWow64\manifeststore
2012-07-04 19:30 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\fr-FR
2012-07-04 19:30 . 2012-07-04 13:55 -------- d-----w- c:\windows\SysWOW64
2012-07-04 13:58 . 2012-07-04 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-04 12:36 . 2012-07-04 13:47 -------- d-----w- C:\ComboFix
2012-07-04 12:26 . 2012-07-04 12:26 39184 ----a-w- c:\windows\SysWow64\Partizan.exe
2012-07-04 12:26 . 2012-07-04 12:26 35816 ----a-w- c:\windows\SysWow64\drivers\Partizan.sys
2012-07-03 21:27 . 2012-07-03 21:46 -------- d-----w- C:\RmFix
2012-07-03 21:23 . 2012-07-04 10:19 -------- d-----w- C:\Telechargements
2012-07-03 20:16 . 2012-07-03 20:16 -------- d-----w- c:\program files\Unlocker
2012-07-03 19:14 . 2012-07-04 08:55 -------- d-----w- C:\Pre_Scan
2012-07-03 15:19 . 2012-07-03 15:19 332288 ----a-w- c:\windows\system32\uxtheme.new
2012-07-03 15:03 . 2012-07-03 21:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-02 22:44 . 2012-07-02 22:46 -------- d-----w- c:\users\Guest
2012-06-29 15:21 . 2012-06-29 15:21 -------- d-----w- c:\users\MUSTANG\DoctorWeb
2012-06-29 01:06 . 2012-06-29 01:07 -------- d-----w- c:\program files (x86)\ZebHelpProcess
2012-06-28 20:41 . 2012-06-28 20:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-28 20:13 . 2012-06-29 02:30 -------- d-----w- c:\program files\HitmanPro
2012-06-28 20:13 . 2012-06-28 20:42 -------- d-----w- c:\programdata\HitmanPro
2012-06-28 13:40 . 2012-06-28 13:40 -------- d-----w- C:\bd_logs
2012-06-28 13:03 . 2012-06-28 13:03 -------- d-----w- c:\users\MUSTANG\Pavark
2012-06-28 07:06 . 2012-06-28 07:06 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-06-28 06:58 . 2012-07-04 13:58 -------- d-----w- c:\programdata\RegRun
2012-06-28 06:58 . 2012-07-03 15:05 -------- d-----w- c:\program files (x86)\UnHackMe.del
2012-06-27 21:58 . 2012-07-04 09:31 -------- d-----w- C:\DLTools
2012-06-27 21:57 . 2012-06-27 21:57 -------- d-----w- C:\img
2012-06-27 21:53 . 2012-06-27 21:53 486224 ----a-w- C:\HelpSecurity.exe
2012-06-27 20:33 . 2012-06-27 20:33 -------- d-----w- c:\program files (x86)\Common Files\Borland Shared
2012-06-27 17:24 . 2012-06-29 02:28 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-06-27 14:42 . 2012-06-27 14:42 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\SUPERAntiSpyware.com
2012-06-27 10:31 . 2012-06-27 10:31 -------- d-----w- c:\programdata\Sophos
2012-06-27 02:26 . 2012-06-29 12:35 -------- d-----w- c:\program files (x86)\Sophos
2012-06-27 01:05 . 2012-06-27 01:06 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Sony
2012-06-26 13:47 . 2012-06-26 17:26 -------- d-----w- c:\programdata\eSellerate
2012-06-24 10:52 . 2012-06-24 10:52 708960 ----a-w- C:\GetSystemInfo.exe
2012-06-24 09:05 . 2012-06-24 09:10 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-22 23:10 . 2012-06-22 23:10 -------- d-----w- c:\users\MUSTANG\VirtualBox VMs
2012-06-22 23:04 . 2012-06-24 18:32 -------- d-----w- c:\users\MUSTANG\.VirtualBox
2012-06-22 22:54 . 2012-04-03 14:19 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-06-22 22:53 . 2012-04-03 14:19 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-06-22 02:00 . 2012-06-22 05:21 -------- d-----w- c:\program files\WMV9_VCM
2012-06-21 23:34 . 2012-06-23 13:49 -------- d-----w- c:\program files (x86)\Sony
2012-06-21 15:44 . 2012-06-21 15:44 -------- d-----w- c:\program files (x86)\Common Files\eSellerate
2012-06-21 15:44 . 1913-11-26 07:04 -------- d-----w- c:\program files\NewBlue
2012-06-21 15:43 . 2050-01-01 13:32 -------- d-----w- c:\program files (x86)\NewBlue
2012-06-21 10:33 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 10:33 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 10:33 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 10:33 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 10:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 10:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 10:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 10:32 . 2012-06-02 15:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 10:32 . 2012-06-02 15:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 21:44 . 2012-06-20 21:44 -------- d-----w- c:\programdata\Camel Audio
2012-06-20 21:44 . 2012-06-20 21:44 -------- d-----w- c:\program files\Camel Audio
2012-06-20 20:07 . 2012-06-20 20:07 -------- d-----w- c:\program files\Common Files\OFX
2012-06-20 19:54 . 2012-06-20 19:54 -------- d-----w- c:\program files\Magic Bullet Looks Vegas
2012-06-20 19:14 . 2012-06-27 12:40 -------- d-----w- c:\program files (x86)\MAGIX
2012-06-20 19:13 . 2012-06-20 19:14 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2012-06-20 18:29 . 2012-06-27 12:42 -------- d-----w- c:\users\MUSTANG\AppData\Local\Xara
2012-06-20 18:29 . 2012-06-27 12:59 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\MAGIX
2012-06-20 18:28 . 2012-06-22 02:00 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Shared
2012-06-20 18:21 . 2012-06-27 12:40 -------- d-----w- c:\programdata\MAGIX
2012-06-17 15:00 . 2012-06-17 15:00 -------- d-----w- C:\HOSTCS5PLUGINPATH
2012-06-17 15:00 . 2012-06-17 15:00 -------- d-----w- C:\HOSTCS5DEST
2012-06-17 02:41 . 2012-06-17 02:42 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\mresreg
2012-06-17 02:41 . 2012-06-17 02:50 -------- d-----w- c:\program files (x86)\Slideshow XL
2012-06-17 02:41 . 2012-06-17 02:41 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\IN-MEDIAKG
2012-06-17 02:40 . 2012-06-17 02:40 -------- d-----w- c:\program files (x86)\mresreg
2012-06-17 02:24 . 2012-06-17 02:24 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Ashampoo Slideshow Studio HD 2
2012-06-17 00:48 . 2012-06-17 00:48 -------- d-----w- c:\program files (x86)\Selteco
2012-06-16 17:24 . 2012-06-16 17:24 -------- d-----w- C:\bblast20
2012-06-16 12:42 . 2012-06-16 12:44 -------- d-----w- c:\users\MUSTANG\AppData\Local\LooksBuilder
2012-06-16 12:39 . 2012-06-16 16:19 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Red Giant Link
2012-06-16 12:15 . 2012-06-16 12:15 -------- d-----w- c:\program files (x86)\LooksBuilder
2012-06-16 12:15 . 2012-06-16 12:15 -------- d-----w- c:\program files (x86)\Red Giant Link
2012-06-16 12:00 . 2012-06-16 12:00 -------- d-----w- c:\programdata\RedGiant
2012-06-15 11:09 . 2012-06-15 11:09 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\IndigoRose
2012-06-15 10:13 . 2012-06-15 10:13 -------- d-----w- c:\program files (x86)\FEC for AVX
2012-06-15 07:06 . 2012-06-15 07:15 -------- d-----w- c:\program files (x86)\ElcomSoft
2012-06-15 02:54 . 2012-06-15 02:54 -------- d-----w- C:\HOSTCS6DEST
2012-06-15 02:41 . 2012-06-15 02:41 -------- d-----w- C:\HOSTPRCS5DEST
2012-06-15 02:37 . 2012-06-15 02:41 -------- d-----w- C:\CUSTOMDESTINATION64
2012-06-15 01:32 . 2012-06-15 01:32 -------- d-----w- c:\users\MUSTANG\AppData\Local\Intel WiDi
2012-06-14 23:57 . 2012-06-14 23:58 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-06-14 23:57 . 2012-06-14 23:57 -------- d-----w- c:\program files (x86)\Intel Corporation
2012-06-14 23:50 . 2012-06-14 23:50 -------- d-----w- c:\users\MUSTANG\.idlerc
2012-06-14 23:44 . 2012-06-14 23:44 -------- d-----w- c:\program files (x86)\Oracle
2012-06-14 23:23 . 2012-06-14 23:24 -------- d-----w- C:\Python32
2012-06-14 22:41 . 2012-06-14 22:41 -------- d-----w- c:\users\MUSTANG\AppData\Local\Macromedia
2012-06-14 20:10 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-14 20:10 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-13 11:02 . 2012-06-13 11:02 -------- d-----w- c:\programdata\PACE Anti-Piracy
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 15:28 . 2012-05-07 15:28 10504192 ----a-w- c:\windows\system32\BCC8_3DObjects_AE.dll
2012-05-05 16:49 . 2012-05-05 16:49 35248640 ----a-w- c:\windows\system32\BCC8_AE_Float.dll
2012-05-05 16:38 . 2012-05-05 16:38 34864640 ----a-w- c:\windows\system32\BCC8_AE_8Bit.dll
2012-05-05 16:27 . 2012-05-05 16:27 34906112 ----a-w- c:\windows\system32\BCC8_AE_16Bit.dll
2012-05-05 16:21 . 2012-05-05 16:21 1027072 ----a-w- c:\windows\system32\BCC8_Common_AE.dll
2012-04-29 21:51 . 2012-04-16 21:09 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-29 21:51 . 2012-04-16 21:09 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-16 22:47 . 2012-04-16 22:47 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-11 07:12 . 2012-04-11 07:12 2884096 ----a-w- c:\windows\system32\python32.dll
2012-04-06 11:45 . 2012-04-06 11:45 22948352 ----a-w- c:\windows\system32\FEC_FOR_RED5_8Bit.dll
2012-04-06 11:36 . 2012-04-06 11:36 13209600 ----a-w- c:\windows\system32\FEC_FOR_RED5_Common.dll
2012-04-06 11:36 . 2012-04-06 11:36 22987264 ----a-w- c:\windows\system32\FEC_FOR_RED5_16Bit.dll
2012-04-06 10:07 . 2012-04-06 10:07 28227072 ----a-w- c:\windows\system32\BCC7_RED_8Bit.dll
2012-04-06 10:02 . 2012-04-06 10:02 14745088 ----a-w- c:\windows\system32\BCC7_Common_RED.dll
2012-04-06 09:55 . 2012-04-06 09:55 28285952 ----a-w- c:\windows\system32\BCC7_RED_16Bit.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-04_12.51.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-07-04 12:26 . 2012-07-04 12:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-04 12:26 . 2012-07-04 14:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-07-04 12:26 . 2012-07-04 12:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-07-04 12:26 . 2012-07-04 14:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-07-04 12:26 . 2012-07-04 12:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-04 12:26 . 2012-07-04 14:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-04 12:26 . 2012-07-04 14:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-04 12:26 . 2012-07-04 12:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-07-04 13:42 72436 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-04 13:42 49960 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-07-04 12:28 49960 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-20 17:43 . 2012-07-04 13:42 17130 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3234270633-3165621610-2973766816-1000_UserData.bin
+ 2012-07-04 13:59 . 2012-07-04 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-04 12:50 . 2012-07-04 12:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-04 13:59 . 2012-07-04 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-04 12:50 . 2012-07-04 12:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-29 09:53 . 2012-07-04 12:32 715018 c:\windows\system32\perfh00C.dat
+ 2011-10-29 09:53 . 2012-07-04 13:45 715018 c:\windows\system32\perfh00C.dat
- 2009-07-14 02:36 . 2012-07-04 12:32 636122 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-04 13:45 636122 c:\windows\system32\perfh009.dat
- 2011-10-29 09:53 . 2012-07-04 12:32 135872 c:\windows\system32\perfc00C.dat
+ 2011-10-29 09:53 . 2012-07-04 13:45 135872 c:\windows\system32\perfc00C.dat
+ 2009-07-14 02:36 . 2012-07-04 13:45 111664 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-04 12:32 111664 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-04 12:49 785072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-04 13:59 785072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnablELUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
[BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
"TSleepSrv"=%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64lh.sys [2010-01-30 363136]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [2010-01-30 62976]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-08-05 34200]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 MatSvc;Service automatisé de résolution de problèmes Microsoft;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-13 343856]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-08-17 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-21 822704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;tsusbhub [x]
R4 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2011-03-04 482384]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2009-12-16 324928]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-12-08 267192]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-11-30 84480]
S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-11-30 182272]
S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-11-30 84992]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2011-10-20 20592]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-08-05 25496]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-31 174168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 00:09]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 00:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
"combofix"="c:\cequetuveux\CF20559.3XE" [2010-11-21 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\MUSTANG\AppData\Roaming\Mozilla\Firefox\Profiles\ys7iuh5h.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 5.6.7.8
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E718888-423F-11D2-876E-00A0C9082467}"=hex:51,66,7a,6c,4c,1d,38,12,e6,8b,62,
8a,0d,0c,bc,54,f8,78,43,e0,cc,56,60,73
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{9F6B5CC3-5C7B-4B5C-97AF-19DEC1E380E5}"=hex:51,66,7a,6c,4c,1d,38,12,ad,5f,78,
9b,49,12,32,0e,e8,b9,5a,9e,c4,bd,c4,f1
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{95D9ECF5-2A4D-4550-BE49-70D42F71296E}"=hex:51,66,7a,6c,4c,1d,38,12,9b,ef,ca,
91,7f,64,3e,00,c1,5f,33,94,2a,2f,6d,7a
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,
f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:72,98,a5,c5,08,49,cd,01
.
[HKEY_USERS\S-1-5-21-3234270633-3165621610-2973766816-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CB6F261-FAF4-58F7-6949-D1BEF2F0443F}*]
@Allowed: (Read) (RestrictedCode)
"mapjnfleadadohegnkambhmmea"=hex:6f,61,6f,68,62,6f,65,64,66,61,63,68,6c,6d,6e,
6e,61,61,61,64,63,6e,68,68,6b,6a,68,66,6d,6d,00,70
"abojigjhcedcambeappoiijacfghpbhnea"=hex:70,61,61,6b,6b,65,61,67,6f,69,61,61,
63,6e,66,6d,6c,61,6d,6b,66,6c,6d,6e,69,67,65,6f,6b,6a,69,70,00,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:6f,b0,97,09,85,4c,4d,9b,94,22,95,3a,d9,0f,5b,3d,e8,43,e5,02,1b,
20,14,b3,0e,e5,88,66,a9,53,9c,4f,7f,ad,ec,1d,33,c0,d8,20,ec,1b,1c,a7,4f,28,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:6f,b0,97,09,85,4c,4d,9b,94,22,95,3a,d9,0f,5b,3d,e8,43,e5,02,1b,
20,14,b3,0e,e5,88,66,a9,53,9c,4f,7f,ad,ec,1d,33,c0,d8,20,ec,1b,1c,a7,4f,28,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
.
**************************************************************************
.
Completion time: 2012-07-04 14:05:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-04 14:05
ComboFix2.txt 2012-07-04 12:56
ComboFix3.txt 2012-07-03 23:39
.
Pre-Run: 129 135 927 296 octets libres
Post-Run: 128 661 553 152 octets libres
.
- - End Of File - - BF0B090DB49280709FBE8D8E7D761914
Utilisateur anonyme
4 juil. 2012 à 18:59
4 juil. 2012 à 18:59
heu t'es sur que t'as pris tout ce qui etait en gras ?????????????
cortex70
Messages postés
41
Date d'inscription
jeudi 28 juin 2012
Statut
Membre
Dernière intervention
11 juillet 2012
1
4 juil. 2012 à 19:17
4 juil. 2012 à 19:17
j' ai peut être paumer quelques lignes mais je crois pas non,puis je recommencer la même manoeuvre ?
cortex70
Messages postés
41
Date d'inscription
jeudi 28 juin 2012
Statut
Membre
Dernière intervention
11 juillet 2012
1
Modifié par cortex70 le 4/07/2012 à 22:27
Modifié par cortex70 le 4/07/2012 à 22:27
cette fois je me suis assuré de bien sélectionner tout le gras et de désactiver Malware-bytes,Windows Defender et le Pare-feu,mais en cours de scan j'ai eu une fenêtre d'erreur qui c'est ouverte ''the contents of folder C:\windows\erdnt\Hiv-backup could not be completely deleted!''
ComboFix 12-07-04.01 - MUSTANG 04/07/2012 19:27:55.4.4 - x64
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.1.1033.18.6051.4741 [GMT 0:00]
Running from: c:\users\MUSTANG\Desktop\cequetuveux.exe
Command switches used :: c:\users\MUSTANG\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\F9C9.tmp"
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 20:01 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\fr
2012-07-04 20:01 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\en
2012-07-04 20:00 . 2012-07-04 20:00 -------- d-----w- c:\windows\SysWow64\XPSViewer
2012-07-04 20:00 . 2012-07-04 20:00 -------- d-----w- c:\windows\SysWow64\LogFiles
2012-07-04 19:59 . 2012-07-04 19:59 -------- d-----w- c:\windows\SysWow64\winrm
2012-07-04 19:58 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\WCN
2012-07-04 19:56 . 2012-07-04 19:56 -------- d-----w- c:\windows\SysWow64\restore
2012-07-04 19:55 . 2012-07-04 19:55 -------- d-----w- c:\windows\SysWow64\slmgr
2012-07-04 19:52 . 2012-07-04 19:52 -------- d-----w- c:\windows\SysWow64\Printing_Admin_Scripts
2012-07-04 19:40 . 2012-07-04 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-04 19:40 . 2012-07-04 19:42 -------- d-----w- c:\windows\SysWow64\Dism
2012-07-04 19:38 . 2012-07-04 19:49 -------- d-----w- c:\windows\SysWow64\zh-TW
2012-07-04 19:37 . 2012-07-04 19:37 -------- d-----w- c:\windows\SysWow64\spp
2012-07-04 19:35 . 2012-07-04 19:56 -------- d-----w- c:\windows\SysWow64\Speech
2012-07-04 19:34 . 2012-07-04 19:57 -------- d-----w- c:\windows\SysWow64\setup
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- c:\windows\SysWow64\ras
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- c:\windows\SysWow64\Tasks
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- C:\PerfLogs
2012-07-04 19:33 . 2012-07-04 19:33 -------- d-----w- c:\windows\SysWow64\networklist
2012-07-04 19:33 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\MUI
2012-07-04 19:33 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\drivers\fr-FR
2012-07-04 19:33 . 2012-07-04 19:38 -------- d-----w- c:\windows\SysWow64\Drivers
2012-07-04 19:33 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\MigWiz
2012-07-04 19:31 . 2012-07-04 19:32 -------- d-----w- c:\windows\SysWow64\InstallShield
2012-07-04 19:31 . 2012-07-04 19:31 -------- d-----w- c:\windows\SysWow64\GroupPolicy
2012-07-04 19:31 . 2012-07-04 19:31 -------- d-----w- c:\windows\SysWow64\FxsTmp
2012-07-04 19:30 . 2012-07-04 19:53 -------- d-----w- c:\windows\SysWow64\DriverStore
2012-07-04 19:30 . 2012-07-04 19:53 -------- d-----w- c:\windows\SysWow64\config
2012-07-04 19:30 . 2012-07-04 19:38 -------- d-----w- c:\windows\SysWow64\Com
2012-07-04 19:30 . 2012-07-04 19:59 -------- d-----w- c:\windows\SysWow64\migration
2012-07-04 19:30 . 2012-07-04 12:36 -------- d-----w- c:\windows\SysWow64\wbem
2012-07-04 19:30 . 2012-07-04 19:30 -------- d-----w- c:\windows\SysWow64\wdi
2012-07-04 19:30 . 2012-07-04 19:30 -------- d-----w- c:\windows\SysWow64\manifeststore
2012-07-04 19:30 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\fr-FR
2012-07-04 19:30 . 2012-07-04 19:38 -------- d-----w- c:\windows\SysWOW64
2012-07-04 12:36 . 2012-07-04 13:47 -------- d-----w- C:\ComboFix
2012-07-04 12:26 . 2012-07-04 12:26 39184 ----a-w- c:\windows\SysWow64\Partizan.exe
2012-07-04 12:26 . 2012-07-04 12:26 35816 ----a-w- c:\windows\SysWow64\drivers\Partizan.sys
2012-07-03 21:27 . 2012-07-03 21:46 -------- d-----w- C:\RmFix
2012-07-03 21:23 . 2012-07-04 10:19 -------- d-----w- C:\Telechargements
2012-07-03 20:16 . 2012-07-03 20:16 -------- d-----w- c:\program files\Unlocker
2012-07-03 19:14 . 2012-07-04 08:55 -------- d-----w- C:\Pre_Scan
2012-07-03 15:19 . 2012-07-03 15:19 332288 ----a-w- c:\windows\system32\uxtheme.new
2012-07-03 15:03 . 2012-07-03 21:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-02 22:44 . 2012-07-02 22:46 -------- d-----w- c:\users\Guest
2012-06-29 15:21 . 2012-06-29 15:21 -------- d-----w- c:\users\MUSTANG\DoctorWeb
2012-06-29 01:06 . 2012-06-29 01:07 -------- d-----w- c:\program files (x86)\ZebHelpProcess
2012-06-28 20:41 . 2012-06-28 20:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-28 20:13 . 2012-06-29 02:30 -------- d-----w- c:\program files\HitmanPro
2012-06-28 20:13 . 2012-06-28 20:42 -------- d-----w- c:\programdata\HitmanPro
2012-06-28 13:40 . 2012-06-28 13:40 -------- d-----w- C:\bd_logs
2012-06-28 13:03 . 2012-06-28 13:03 -------- d-----w- c:\users\MUSTANG\Pavark
2012-06-28 07:06 . 2012-06-28 07:06 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-06-28 06:58 . 2012-07-04 13:58 -------- d-----w- c:\programdata\RegRun
2012-06-28 06:58 . 2012-07-03 15:05 -------- d-----w- c:\program files (x86)\UnHackMe.del
2012-06-27 21:58 . 2012-07-04 09:31 -------- d-----w- C:\DLTools
2012-06-27 21:57 . 2012-06-27 21:57 -------- d-----w- C:\img
2012-06-27 21:53 . 2012-06-27 21:53 486224 ----a-w- C:\HelpSecurity.exe
2012-06-27 20:33 . 2012-06-27 20:33 -------- d-----w- c:\program files (x86)\Common Files\Borland Shared
2012-06-27 17:24 . 2012-06-29 02:28 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-06-27 14:42 . 2012-06-27 14:42 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\SUPERAntiSpyware.com
2012-06-27 10:31 . 2012-06-27 10:31 -------- d-----w- c:\programdata\Sophos
2012-06-27 02:26 . 2012-06-29 12:35 -------- d-----w- c:\program files (x86)\Sophos
2012-06-27 01:05 . 2012-06-27 01:06 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Sony
2012-06-26 13:47 . 2012-06-26 17:26 -------- d-----w- c:\programdata\eSellerate
2012-06-24 10:52 . 2012-06-24 10:52 708960 ----a-w- C:\GetSystemInfo.exe
2012-06-24 09:05 . 2012-06-24 09:10 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-22 23:10 . 2012-06-22 23:10 -------- d-----w- c:\users\MUSTANG\VirtualBox VMs
2012-06-22 23:04 . 2012-06-24 18:32 -------- d-----w- c:\users\MUSTANG\.VirtualBox
2012-06-22 22:54 . 2012-04-03 14:19 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-06-22 22:53 . 2012-04-03 14:19 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-06-22 02:00 . 2012-06-22 05:21 -------- d-----w- c:\program files\WMV9_VCM
2012-06-21 23:34 . 2012-06-23 13:49 -------- d-----w- c:\program files (x86)\Sony
2012-06-21 15:44 . 2012-06-21 15:44 -------- d-----w- c:\program files (x86)\Common Files\eSellerate
2012-06-21 15:44 . 1913-11-26 07:04 -------- d-----w- c:\program files\NewBlue
2012-06-21 15:43 . 2050-01-01 13:32 -------- d-----w- c:\program files (x86)\NewBlue
2012-06-21 10:33 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 10:33 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 10:33 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 10:33 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 10:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 10:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 10:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 10:32 . 2012-06-02 15:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 10:32 . 2012-06-02 15:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 21:44 . 2012-06-20 21:44 -------- d-----w- c:\programdata\Camel Audio
2012-06-20 21:44 . 2012-06-20 21:44 -------- d-----w- c:\program files\Camel Audio
2012-06-20 20:07 . 2012-06-20 20:07 -------- d-----w- c:\program files\Common Files\OFX
2012-06-20 19:54 . 2012-06-20 19:54 -------- d-----w- c:\program files\Magic Bullet Looks Vegas
2012-06-20 19:14 . 2012-06-27 12:40 -------- d-----w- c:\program files (x86)\MAGIX
2012-06-20 19:13 . 2012-06-20 19:14 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2012-06-20 18:29 . 2012-06-27 12:42 -------- d-----w- c:\users\MUSTANG\AppData\Local\Xara
2012-06-20 18:29 . 2012-06-27 12:59 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\MAGIX
2012-06-20 18:28 . 2012-06-22 02:00 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Shared
2012-06-20 18:21 . 2012-06-27 12:40 -------- d-----w- c:\programdata\MAGIX
2012-06-17 15:00 . 2012-06-17 15:00 -------- d-----w- C:\HOSTCS5PLUGINPATH
2012-06-17 15:00 . 2012-06-17 15:00 -------- d-----w- C:\HOSTCS5DEST
2012-06-17 02:41 . 2012-06-17 02:42 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\mresreg
2012-06-17 02:41 . 2012-06-17 02:50 -------- d-----w- c:\program files (x86)\Slideshow XL
2012-06-17 02:41 . 2012-06-17 02:41 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\IN-MEDIAKG
2012-06-17 02:40 . 2012-06-17 02:40 -------- d-----w- c:\program files (x86)\mresreg
2012-06-17 02:24 . 2012-06-17 02:24 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Ashampoo Slideshow Studio HD 2
2012-06-17 00:48 . 2012-06-17 00:48 -------- d-----w- c:\program files (x86)\Selteco
2012-06-16 17:24 . 2012-06-16 17:24 -------- d-----w- C:\bblast20
2012-06-16 12:42 . 2012-06-16 12:44 -------- d-----w- c:\users\MUSTANG\AppData\Local\LooksBuilder
2012-06-16 12:39 . 2012-06-16 16:19 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Red Giant Link
2012-06-16 12:15 . 2012-06-16 12:15 -------- d-----w- c:\program files (x86)\LooksBuilder
2012-06-16 12:15 . 2012-06-16 12:15 -------- d-----w- c:\program files (x86)\Red Giant Link
2012-06-16 12:00 . 2012-06-16 12:00 -------- d-----w- c:\programdata\RedGiant
2012-06-15 11:09 . 2012-06-15 11:09 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\IndigoRose
2012-06-15 10:13 . 2012-06-15 10:13 -------- d-----w- c:\program files (x86)\FEC for AVX
2012-06-15 07:06 . 2012-06-15 07:15 -------- d-----w- c:\program files (x86)\ElcomSoft
2012-06-15 02:54 . 2012-06-15 02:54 -------- d-----w- C:\HOSTCS6DEST
2012-06-15 02:41 . 2012-06-15 02:41 -------- d-----w- C:\HOSTPRCS5DEST
2012-06-15 02:37 . 2012-06-15 02:41 -------- d-----w- C:\CUSTOMDESTINATION64
2012-06-15 01:32 . 2012-06-15 01:32 -------- d-----w- c:\users\MUSTANG\AppData\Local\Intel WiDi
2012-06-14 23:57 . 2012-06-14 23:58 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-06-14 23:57 . 2012-06-14 23:57 -------- d-----w- c:\program files (x86)\Intel Corporation
2012-06-14 23:50 . 2012-06-14 23:50 -------- d-----w- c:\users\MUSTANG\.idlerc
2012-06-14 23:44 . 2012-06-14 23:44 -------- d-----w- c:\program files (x86)\Oracle
2012-06-14 23:23 . 2012-06-14 23:24 -------- d-----w- C:\Python32
2012-06-14 22:41 . 2012-06-14 22:41 -------- d-----w- c:\users\MUSTANG\AppData\Local\Macromedia
2012-06-14 20:10 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-14 20:10 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-13 11:02 . 2012-06-13 11:02 -------- d-----w- c:\programdata\PACE Anti-Piracy
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 15:28 . 2012-05-07 15:28 10504192 ----a-w- c:\windows\system32\BCC8_3DObjects_AE.dll
2012-05-05 16:49 . 2012-05-05 16:49 35248640 ----a-w- c:\windows\system32\BCC8_AE_Float.dll
2012-05-05 16:38 . 2012-05-05 16:38 34864640 ----a-w- c:\windows\system32\BCC8_AE_8Bit.dll
2012-05-05 16:27 . 2012-05-05 16:27 34906112 ----a-w- c:\windows\system32\BCC8_AE_16Bit.dll
2012-05-05 16:21 . 2012-05-05 16:21 1027072 ----a-w- c:\windows\system32\BCC8_Common_AE.dll
2012-04-29 21:51 . 2012-04-16 21:09 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-29 21:51 . 2012-04-16 21:09 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-16 22:47 . 2012-04-16 22:47 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-11 07:12 . 2012-04-11 07:12 2884096 ----a-w- c:\windows\system32\python32.dll
2012-04-06 11:45 . 2012-04-06 11:45 22948352 ----a-w- c:\windows\system32\FEC_FOR_RED5_8Bit.dll
2012-04-06 11:36 . 2012-04-06 11:36 13209600 ----a-w- c:\windows\system32\FEC_FOR_RED5_Common.dll
2012-04-06 11:36 . 2012-04-06 11:36 22987264 ----a-w- c:\windows\system32\FEC_FOR_RED5_16Bit.dll
2012-04-06 10:07 . 2012-04-06 10:07 28227072 ----a-w- c:\windows\system32\BCC7_RED_8Bit.dll
2012-04-06 10:02 . 2012-04-06 10:02 14745088 ----a-w- c:\windows\system32\BCC7_Common_RED.dll
2012-04-06 09:55 . 2012-04-06 09:55 28285952 ----a-w- c:\windows\system32\BCC7_RED_16Bit.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-04_12.51.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-07-04 12:26 . 2012-07-04 12:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-04 12:26 . 2012-07-04 20:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-04 12:26 . 2012-07-04 20:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-07-04 12:26 . 2012-07-04 12:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-07-04 12:26 . 2012-07-04 20:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-07-04 12:26 . 2012-07-04 12:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-04 12:26 . 2012-07-04 20:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-04 12:26 . 2012-07-04 12:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-07-04 19:20 72444 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-04 19:20 49960 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-07-04 12:28 49960 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-20 17:43 . 2012-07-04 19:20 17400 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3234270633-3165621610-2973766816-1000_UserData.bin
+ 2011-10-21 00:24 . 2012-07-04 14:07 7628 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-07-04 20:09 . 2012-07-04 20:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-04 12:50 . 2012-07-04 12:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-04 20:09 . 2012-07-04 20:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-04 12:50 . 2012-07-04 12:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-29 09:53 . 2012-07-04 12:32 715018 c:\windows\system32\perfh00C.dat
+ 2011-10-29 09:53 . 2012-07-04 19:23 715018 c:\windows\system32\perfh00C.dat
- 2009-07-14 02:36 . 2012-07-04 12:32 636122 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-04 19:23 636122 c:\windows\system32\perfh009.dat
+ 2011-10-29 09:53 . 2012-07-04 19:23 135872 c:\windows\system32\perfc00C.dat
- 2011-10-29 09:53 . 2012-07-04 12:32 135872 c:\windows\system32\perfc00C.dat
+ 2009-07-14 02:36 . 2012-07-04 19:23 111664 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-04 12:32 111664 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-04 12:49 785072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-04 19:41 785072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-04-05 18:25 . 2012-07-04 12:49 3367848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-04-05 18:25 . 2012-07-04 19:41 3367848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-10-21 12:12 . 2012-07-04 19:41 1583720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3234270633-3165621610-2973766816-1000-12288.dat
- 2011-10-21 12:12 . 2012-07-04 11:05 1583720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3234270633-3165621610-2973766816-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnablELUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
[BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
"TSleepSrv"=%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64lh.sys [2010-01-30 363136]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [2010-01-30 62976]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-08-05 34200]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 MatSvc;Service automatisé de résolution de problèmes Microsoft;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-13 343856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-08-17 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-21 822704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;tsusbhub [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2011-03-04 482384]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2009-12-16 324928]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-12-08 267192]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-11-30 84480]
S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-11-30 182272]
S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-11-30 84992]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2011-10-20 20592]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-08-05 25496]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-31 174168]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 00:09]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 00:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\MUSTANG\AppData\Roaming\Mozilla\Firefox\Profiles\ys7iuh5h.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 5.6.7.8
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E718888-423F-11D2-876E-00A0C9082467}"=hex:51,66,7a,6c,4c,1d,38,12,e6,8b,62,
8a,0d,0c,bc,54,f8,78,43,e0,cc,56,60,73
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{9F6B5CC3-5C7B-4B5C-97AF-19DEC1E380E5}"=hex:51,66,7a,6c,4c,1d,38,12,ad,5f,78,
9b,49,12,32,0e,e8,b9,5a,9e,c4,bd,c4,f1
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{95D9ECF5-2A4D-4550-BE49-70D42F71296E}"=hex:51,66,7a,6c,4c,1d,38,12,9b,ef,ca,
91,7f,64,3e,00,c1,5f,33,94,2a,2f,6d,7a
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,
f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:72,98,a5,c5,08,49,cd,01
.
[HKEY_USERS\S-1-5-21-3234270633-3165621610-2973766816-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CB6F261-FAF4-58F7-6949-D1BEF2F0443F}*]
@Allowed: (Read) (RestrictedCode)
"mapjnfleadadohegnkambhmmea"=hex:6f,61,6f,68,62,6f,65,64,66,61,63,68,6c,6d,6e,
6e,61,61,61,64,63,6e,68,68,6b,6a,68,66,6d,6d,00,70
"abojigjhcedcambeappoiijacfghpbhnea"=hex:70,61,61,6b,6b,65,61,67,6f,69,61,61,
63,6e,66,6d,6c,61,6d,6b,66,6c,6d,6e,69,67,65,6f,6b,6a,69,70,00,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:6f,b0,97,09,85,4c,4d,9b,94,22,95,3a,d9,0f,5b,3d,e8,43,e5,02,1b,
20,14,b3,0e,e5,88,66,a9,53,9c,4f,7f,ad,ec,1d,33,c0,d8,20,ec,1b,1c,a7,4f,28,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:6f,b0,97,09,85,4c,4d,9b,94,22,95,3a,d9,0f,5b,3d,e8,43,e5,02,1b,
20,14,b3,0e,e5,88,66,a9,53,9c,4f,7f,ad,ec,1d,33,c0,d8,20,ec,1b,1c,a7,4f,28,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
.
**************************************************************************
.
Completion time: 2012-07-04 20:14:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-04 20:14
ComboFix2.txt 2012-07-04 14:05
ComboFix3.txt 2012-07-04 12:56
ComboFix4.txt 2012-07-03 23:39
.
Pre-Run: 128 984 125 440 octets libres
Post-Run: 128 848 478 208 octets libres
.
- - End Of File - - 38B7F4F15F52790CC70691CC0B1993D7
ComboFix 12-07-04.01 - MUSTANG 04/07/2012 19:27:55.4.4 - x64
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.1.1033.18.6051.4741 [GMT 0:00]
Running from: c:\users\MUSTANG\Desktop\cequetuveux.exe
Command switches used :: c:\users\MUSTANG\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\F9C9.tmp"
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 20:01 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\fr
2012-07-04 20:01 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\en
2012-07-04 20:00 . 2012-07-04 20:00 -------- d-----w- c:\windows\SysWow64\XPSViewer
2012-07-04 20:00 . 2012-07-04 20:00 -------- d-----w- c:\windows\SysWow64\LogFiles
2012-07-04 19:59 . 2012-07-04 19:59 -------- d-----w- c:\windows\SysWow64\winrm
2012-07-04 19:58 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\WCN
2012-07-04 19:56 . 2012-07-04 19:56 -------- d-----w- c:\windows\SysWow64\restore
2012-07-04 19:55 . 2012-07-04 19:55 -------- d-----w- c:\windows\SysWow64\slmgr
2012-07-04 19:52 . 2012-07-04 19:52 -------- d-----w- c:\windows\SysWow64\Printing_Admin_Scripts
2012-07-04 19:40 . 2012-07-04 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-04 19:40 . 2012-07-04 19:42 -------- d-----w- c:\windows\SysWow64\Dism
2012-07-04 19:38 . 2012-07-04 19:49 -------- d-----w- c:\windows\SysWow64\zh-TW
2012-07-04 19:37 . 2012-07-04 19:37 -------- d-----w- c:\windows\SysWow64\spp
2012-07-04 19:35 . 2012-07-04 19:56 -------- d-----w- c:\windows\SysWow64\Speech
2012-07-04 19:34 . 2012-07-04 19:57 -------- d-----w- c:\windows\SysWow64\setup
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- c:\windows\SysWow64\ras
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- c:\windows\SysWow64\Tasks
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- C:\PerfLogs
2012-07-04 19:33 . 2012-07-04 19:33 -------- d-----w- c:\windows\SysWow64\networklist
2012-07-04 19:33 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\MUI
2012-07-04 19:33 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\drivers\fr-FR
2012-07-04 19:33 . 2012-07-04 19:38 -------- d-----w- c:\windows\SysWow64\Drivers
2012-07-04 19:33 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\MigWiz
2012-07-04 19:31 . 2012-07-04 19:32 -------- d-----w- c:\windows\SysWow64\InstallShield
2012-07-04 19:31 . 2012-07-04 19:31 -------- d-----w- c:\windows\SysWow64\GroupPolicy
2012-07-04 19:31 . 2012-07-04 19:31 -------- d-----w- c:\windows\SysWow64\FxsTmp
2012-07-04 19:30 . 2012-07-04 19:53 -------- d-----w- c:\windows\SysWow64\DriverStore
2012-07-04 19:30 . 2012-07-04 19:53 -------- d-----w- c:\windows\SysWow64\config
2012-07-04 19:30 . 2012-07-04 19:38 -------- d-----w- c:\windows\SysWow64\Com
2012-07-04 19:30 . 2012-07-04 19:59 -------- d-----w- c:\windows\SysWow64\migration
2012-07-04 19:30 . 2012-07-04 12:36 -------- d-----w- c:\windows\SysWow64\wbem
2012-07-04 19:30 . 2012-07-04 19:30 -------- d-----w- c:\windows\SysWow64\wdi
2012-07-04 19:30 . 2012-07-04 19:30 -------- d-----w- c:\windows\SysWow64\manifeststore
2012-07-04 19:30 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\fr-FR
2012-07-04 19:30 . 2012-07-04 19:38 -------- d-----w- c:\windows\SysWOW64
2012-07-04 12:36 . 2012-07-04 13:47 -------- d-----w- C:\ComboFix
2012-07-04 12:26 . 2012-07-04 12:26 39184 ----a-w- c:\windows\SysWow64\Partizan.exe
2012-07-04 12:26 . 2012-07-04 12:26 35816 ----a-w- c:\windows\SysWow64\drivers\Partizan.sys
2012-07-03 21:27 . 2012-07-03 21:46 -------- d-----w- C:\RmFix
2012-07-03 21:23 . 2012-07-04 10:19 -------- d-----w- C:\Telechargements
2012-07-03 20:16 . 2012-07-03 20:16 -------- d-----w- c:\program files\Unlocker
2012-07-03 19:14 . 2012-07-04 08:55 -------- d-----w- C:\Pre_Scan
2012-07-03 15:19 . 2012-07-03 15:19 332288 ----a-w- c:\windows\system32\uxtheme.new
2012-07-03 15:03 . 2012-07-03 21:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-02 22:44 . 2012-07-02 22:46 -------- d-----w- c:\users\Guest
2012-06-29 15:21 . 2012-06-29 15:21 -------- d-----w- c:\users\MUSTANG\DoctorWeb
2012-06-29 01:06 . 2012-06-29 01:07 -------- d-----w- c:\program files (x86)\ZebHelpProcess
2012-06-28 20:41 . 2012-06-28 20:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-28 20:13 . 2012-06-29 02:30 -------- d-----w- c:\program files\HitmanPro
2012-06-28 20:13 . 2012-06-28 20:42 -------- d-----w- c:\programdata\HitmanPro
2012-06-28 13:40 . 2012-06-28 13:40 -------- d-----w- C:\bd_logs
2012-06-28 13:03 . 2012-06-28 13:03 -------- d-----w- c:\users\MUSTANG\Pavark
2012-06-28 07:06 . 2012-06-28 07:06 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-06-28 06:58 . 2012-07-04 13:58 -------- d-----w- c:\programdata\RegRun
2012-06-28 06:58 . 2012-07-03 15:05 -------- d-----w- c:\program files (x86)\UnHackMe.del
2012-06-27 21:58 . 2012-07-04 09:31 -------- d-----w- C:\DLTools
2012-06-27 21:57 . 2012-06-27 21:57 -------- d-----w- C:\img
2012-06-27 21:53 . 2012-06-27 21:53 486224 ----a-w- C:\HelpSecurity.exe
2012-06-27 20:33 . 2012-06-27 20:33 -------- d-----w- c:\program files (x86)\Common Files\Borland Shared
2012-06-27 17:24 . 2012-06-29 02:28 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-06-27 14:42 . 2012-06-27 14:42 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\SUPERAntiSpyware.com
2012-06-27 10:31 . 2012-06-27 10:31 -------- d-----w- c:\programdata\Sophos
2012-06-27 02:26 . 2012-06-29 12:35 -------- d-----w- c:\program files (x86)\Sophos
2012-06-27 01:05 . 2012-06-27 01:06 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Sony
2012-06-26 13:47 . 2012-06-26 17:26 -------- d-----w- c:\programdata\eSellerate
2012-06-24 10:52 . 2012-06-24 10:52 708960 ----a-w- C:\GetSystemInfo.exe
2012-06-24 09:05 . 2012-06-24 09:10 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-22 23:10 . 2012-06-22 23:10 -------- d-----w- c:\users\MUSTANG\VirtualBox VMs
2012-06-22 23:04 . 2012-06-24 18:32 -------- d-----w- c:\users\MUSTANG\.VirtualBox
2012-06-22 22:54 . 2012-04-03 14:19 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-06-22 22:53 . 2012-04-03 14:19 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-06-22 02:00 . 2012-06-22 05:21 -------- d-----w- c:\program files\WMV9_VCM
2012-06-21 23:34 . 2012-06-23 13:49 -------- d-----w- c:\program files (x86)\Sony
2012-06-21 15:44 . 2012-06-21 15:44 -------- d-----w- c:\program files (x86)\Common Files\eSellerate
2012-06-21 15:44 . 1913-11-26 07:04 -------- d-----w- c:\program files\NewBlue
2012-06-21 15:43 . 2050-01-01 13:32 -------- d-----w- c:\program files (x86)\NewBlue
2012-06-21 10:33 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 10:33 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 10:33 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 10:33 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 10:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 10:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 10:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 10:32 . 2012-06-02 15:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 10:32 . 2012-06-02 15:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 21:44 . 2012-06-20 21:44 -------- d-----w- c:\programdata\Camel Audio
2012-06-20 21:44 . 2012-06-20 21:44 -------- d-----w- c:\program files\Camel Audio
2012-06-20 20:07 . 2012-06-20 20:07 -------- d-----w- c:\program files\Common Files\OFX
2012-06-20 19:54 . 2012-06-20 19:54 -------- d-----w- c:\program files\Magic Bullet Looks Vegas
2012-06-20 19:14 . 2012-06-27 12:40 -------- d-----w- c:\program files (x86)\MAGIX
2012-06-20 19:13 . 2012-06-20 19:14 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2012-06-20 18:29 . 2012-06-27 12:42 -------- d-----w- c:\users\MUSTANG\AppData\Local\Xara
2012-06-20 18:29 . 2012-06-27 12:59 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\MAGIX
2012-06-20 18:28 . 2012-06-22 02:00 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Shared
2012-06-20 18:21 . 2012-06-27 12:40 -------- d-----w- c:\programdata\MAGIX
2012-06-17 15:00 . 2012-06-17 15:00 -------- d-----w- C:\HOSTCS5PLUGINPATH
2012-06-17 15:00 . 2012-06-17 15:00 -------- d-----w- C:\HOSTCS5DEST
2012-06-17 02:41 . 2012-06-17 02:42 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\mresreg
2012-06-17 02:41 . 2012-06-17 02:50 -------- d-----w- c:\program files (x86)\Slideshow XL
2012-06-17 02:41 . 2012-06-17 02:41 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\IN-MEDIAKG
2012-06-17 02:40 . 2012-06-17 02:40 -------- d-----w- c:\program files (x86)\mresreg
2012-06-17 02:24 . 2012-06-17 02:24 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Ashampoo Slideshow Studio HD 2
2012-06-17 00:48 . 2012-06-17 00:48 -------- d-----w- c:\program files (x86)\Selteco
2012-06-16 17:24 . 2012-06-16 17:24 -------- d-----w- C:\bblast20
2012-06-16 12:42 . 2012-06-16 12:44 -------- d-----w- c:\users\MUSTANG\AppData\Local\LooksBuilder
2012-06-16 12:39 . 2012-06-16 16:19 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Red Giant Link
2012-06-16 12:15 . 2012-06-16 12:15 -------- d-----w- c:\program files (x86)\LooksBuilder
2012-06-16 12:15 . 2012-06-16 12:15 -------- d-----w- c:\program files (x86)\Red Giant Link
2012-06-16 12:00 . 2012-06-16 12:00 -------- d-----w- c:\programdata\RedGiant
2012-06-15 11:09 . 2012-06-15 11:09 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\IndigoRose
2012-06-15 10:13 . 2012-06-15 10:13 -------- d-----w- c:\program files (x86)\FEC for AVX
2012-06-15 07:06 . 2012-06-15 07:15 -------- d-----w- c:\program files (x86)\ElcomSoft
2012-06-15 02:54 . 2012-06-15 02:54 -------- d-----w- C:\HOSTCS6DEST
2012-06-15 02:41 . 2012-06-15 02:41 -------- d-----w- C:\HOSTPRCS5DEST
2012-06-15 02:37 . 2012-06-15 02:41 -------- d-----w- C:\CUSTOMDESTINATION64
2012-06-15 01:32 . 2012-06-15 01:32 -------- d-----w- c:\users\MUSTANG\AppData\Local\Intel WiDi
2012-06-14 23:57 . 2012-06-14 23:58 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-06-14 23:57 . 2012-06-14 23:57 -------- d-----w- c:\program files (x86)\Intel Corporation
2012-06-14 23:50 . 2012-06-14 23:50 -------- d-----w- c:\users\MUSTANG\.idlerc
2012-06-14 23:44 . 2012-06-14 23:44 -------- d-----w- c:\program files (x86)\Oracle
2012-06-14 23:23 . 2012-06-14 23:24 -------- d-----w- C:\Python32
2012-06-14 22:41 . 2012-06-14 22:41 -------- d-----w- c:\users\MUSTANG\AppData\Local\Macromedia
2012-06-14 20:10 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-14 20:10 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-13 11:02 . 2012-06-13 11:02 -------- d-----w- c:\programdata\PACE Anti-Piracy
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 15:28 . 2012-05-07 15:28 10504192 ----a-w- c:\windows\system32\BCC8_3DObjects_AE.dll
2012-05-05 16:49 . 2012-05-05 16:49 35248640 ----a-w- c:\windows\system32\BCC8_AE_Float.dll
2012-05-05 16:38 . 2012-05-05 16:38 34864640 ----a-w- c:\windows\system32\BCC8_AE_8Bit.dll
2012-05-05 16:27 . 2012-05-05 16:27 34906112 ----a-w- c:\windows\system32\BCC8_AE_16Bit.dll
2012-05-05 16:21 . 2012-05-05 16:21 1027072 ----a-w- c:\windows\system32\BCC8_Common_AE.dll
2012-04-29 21:51 . 2012-04-16 21:09 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-29 21:51 . 2012-04-16 21:09 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-16 22:47 . 2012-04-16 22:47 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-11 07:12 . 2012-04-11 07:12 2884096 ----a-w- c:\windows\system32\python32.dll
2012-04-06 11:45 . 2012-04-06 11:45 22948352 ----a-w- c:\windows\system32\FEC_FOR_RED5_8Bit.dll
2012-04-06 11:36 . 2012-04-06 11:36 13209600 ----a-w- c:\windows\system32\FEC_FOR_RED5_Common.dll
2012-04-06 11:36 . 2012-04-06 11:36 22987264 ----a-w- c:\windows\system32\FEC_FOR_RED5_16Bit.dll
2012-04-06 10:07 . 2012-04-06 10:07 28227072 ----a-w- c:\windows\system32\BCC7_RED_8Bit.dll
2012-04-06 10:02 . 2012-04-06 10:02 14745088 ----a-w- c:\windows\system32\BCC7_Common_RED.dll
2012-04-06 09:55 . 2012-04-06 09:55 28285952 ----a-w- c:\windows\system32\BCC7_RED_16Bit.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-04_12.51.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-07-04 12:26 . 2012-07-04 12:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-04 12:26 . 2012-07-04 20:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-04 12:26 . 2012-07-04 20:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-07-04 12:26 . 2012-07-04 12:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-07-04 12:26 . 2012-07-04 20:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-07-04 12:26 . 2012-07-04 12:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-04 12:26 . 2012-07-04 20:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-04 12:26 . 2012-07-04 12:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-07-04 19:20 72444 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-04 19:20 49960 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-07-04 12:28 49960 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-20 17:43 . 2012-07-04 19:20 17400 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3234270633-3165621610-2973766816-1000_UserData.bin
+ 2011-10-21 00:24 . 2012-07-04 14:07 7628 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-07-04 20:09 . 2012-07-04 20:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-04 12:50 . 2012-07-04 12:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-04 20:09 . 2012-07-04 20:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-04 12:50 . 2012-07-04 12:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-29 09:53 . 2012-07-04 12:32 715018 c:\windows\system32\perfh00C.dat
+ 2011-10-29 09:53 . 2012-07-04 19:23 715018 c:\windows\system32\perfh00C.dat
- 2009-07-14 02:36 . 2012-07-04 12:32 636122 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-04 19:23 636122 c:\windows\system32\perfh009.dat
+ 2011-10-29 09:53 . 2012-07-04 19:23 135872 c:\windows\system32\perfc00C.dat
- 2011-10-29 09:53 . 2012-07-04 12:32 135872 c:\windows\system32\perfc00C.dat
+ 2009-07-14 02:36 . 2012-07-04 19:23 111664 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-04 12:32 111664 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-04 12:49 785072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-04 19:41 785072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-04-05 18:25 . 2012-07-04 12:49 3367848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-04-05 18:25 . 2012-07-04 19:41 3367848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-10-21 12:12 . 2012-07-04 19:41 1583720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3234270633-3165621610-2973766816-1000-12288.dat
- 2011-10-21 12:12 . 2012-07-04 11:05 1583720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3234270633-3165621610-2973766816-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnablELUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
[BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
"TSleepSrv"=%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64lh.sys [2010-01-30 363136]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [2010-01-30 62976]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-08-05 34200]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 MatSvc;Service automatisé de résolution de problèmes Microsoft;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-13 343856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-08-17 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-21 822704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;tsusbhub [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2011-03-04 482384]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2009-12-16 324928]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-12-08 267192]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-11-30 84480]
S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-11-30 182272]
S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-11-30 84992]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2011-10-20 20592]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-08-05 25496]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-31 174168]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 00:09]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 00:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\MUSTANG\AppData\Roaming\Mozilla\Firefox\Profiles\ys7iuh5h.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 5.6.7.8
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E718888-423F-11D2-876E-00A0C9082467}"=hex:51,66,7a,6c,4c,1d,38,12,e6,8b,62,
8a,0d,0c,bc,54,f8,78,43,e0,cc,56,60,73
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{9F6B5CC3-5C7B-4B5C-97AF-19DEC1E380E5}"=hex:51,66,7a,6c,4c,1d,38,12,ad,5f,78,
9b,49,12,32,0e,e8,b9,5a,9e,c4,bd,c4,f1
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{95D9ECF5-2A4D-4550-BE49-70D42F71296E}"=hex:51,66,7a,6c,4c,1d,38,12,9b,ef,ca,
91,7f,64,3e,00,c1,5f,33,94,2a,2f,6d,7a
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,
f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:72,98,a5,c5,08,49,cd,01
.
[HKEY_USERS\S-1-5-21-3234270633-3165621610-2973766816-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CB6F261-FAF4-58F7-6949-D1BEF2F0443F}*]
@Allowed: (Read) (RestrictedCode)
"mapjnfleadadohegnkambhmmea"=hex:6f,61,6f,68,62,6f,65,64,66,61,63,68,6c,6d,6e,
6e,61,61,61,64,63,6e,68,68,6b,6a,68,66,6d,6d,00,70
"abojigjhcedcambeappoiijacfghpbhnea"=hex:70,61,61,6b,6b,65,61,67,6f,69,61,61,
63,6e,66,6d,6c,61,6d,6b,66,6c,6d,6e,69,67,65,6f,6b,6a,69,70,00,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:6f,b0,97,09,85,4c,4d,9b,94,22,95,3a,d9,0f,5b,3d,e8,43,e5,02,1b,
20,14,b3,0e,e5,88,66,a9,53,9c,4f,7f,ad,ec,1d,33,c0,d8,20,ec,1b,1c,a7,4f,28,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:6f,b0,97,09,85,4c,4d,9b,94,22,95,3a,d9,0f,5b,3d,e8,43,e5,02,1b,
20,14,b3,0e,e5,88,66,a9,53,9c,4f,7f,ad,ec,1d,33,c0,d8,20,ec,1b,1c,a7,4f,28,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
.
**************************************************************************
.
Completion time: 2012-07-04 20:14:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-04 20:14
ComboFix2.txt 2012-07-04 14:05
ComboFix3.txt 2012-07-04 12:56
ComboFix4.txt 2012-07-03 23:39
.
Pre-Run: 128 984 125 440 octets libres
Post-Run: 128 848 478 208 octets libres
.
- - End Of File - - 38B7F4F15F52790CC70691CC0B1993D7
Utilisateur anonyme
5 juil. 2012 à 00:45
5 juil. 2012 à 00:45
Télécharge ici :OTL
▶ enregistre le sur ton Bureau.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶ => Clique ici pour voir la Configuration
▶ Copie et colle le contenu de ce qui suit en gras dans la partie inférieure d'OTL "Personnalisation"
/md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndisuio.sys
net.exe
tdx.sys
netbt.sys
afd.sys
net1.exe
Rundll32.exe
/md5stop
netsvcs
safebootminimal
safebootnetwork
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\*.ini
%systemroot%\Tasks\*.*
%systemroot%\system32\Tasks\*.*
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\config\*.exe /s
%systemroot%\system32\*.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
CREATERESTOREPOINT
▶ Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\<Bureau ou Desktop>\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)
heberge OTL.txt et extra.txt sur http://pjjoint.malekal.com et donne les liens
▶ enregistre le sur ton Bureau.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶ => Clique ici pour voir la Configuration
▶ Copie et colle le contenu de ce qui suit en gras dans la partie inférieure d'OTL "Personnalisation"
/md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndisuio.sys
net.exe
tdx.sys
netbt.sys
afd.sys
net1.exe
Rundll32.exe
/md5stop
netsvcs
safebootminimal
safebootnetwork
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\*.ini
%systemroot%\Tasks\*.*
%systemroot%\system32\Tasks\*.*
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\config\*.exe /s
%systemroot%\system32\*.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
CREATERESTOREPOINT
▶ Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\<Bureau ou Desktop>\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)
heberge OTL.txt et extra.txt sur http://pjjoint.malekal.com et donne les liens
cortex70
Messages postés
41
Date d'inscription
jeudi 28 juin 2012
Statut
Membre
Dernière intervention
11 juillet 2012
1
5 juil. 2012 à 01:59
5 juil. 2012 à 01:59
cortex70
Messages postés
41
Date d'inscription
jeudi 28 juin 2012
Statut
Membre
Dernière intervention
11 juillet 2012
1
5 juil. 2012 à 02:23
5 juil. 2012 à 02:23
Désolé,impossible de me connecter a malekal mais voici les deux liens :
http://threat-rc.com/affichage-des-fichiers?open=20120705022154_1199.Txt
http://threat-rc.com/affichage-des-fichiers?open=20120705022333_8139.Txt
http://threat-rc.com/affichage-des-fichiers?open=20120705022154_1199.Txt
http://threat-rc.com/affichage-des-fichiers?open=20120705022333_8139.Txt
