Demande aide pour une desinfection
Fermé
cortex70
Messages postés
41
Date d'inscription
jeudi 28 juin 2012
Statut
Membre
Dernière intervention
11 juillet 2012
-
29 juin 2012 à 20:43
Utilisateur anonyme - 8 juil. 2012 à 23:12
Utilisateur anonyme - 8 juil. 2012 à 23:12
A voir également:
- Demande aide pour une desinfection
- Aide pour désinfection pc ✓ - Forum Virus
- Pour désinfecter un ordinateur, il est recommandé de le redémarrer depuis un cd-rom ou une clef usb; pourquoi ? ✓ - Forum Virus
- Demande de desinfection ✓ - Forum Virus
- Demande de désinfection! - Forum Virus
- Demande de désinfection SVP !!! - Forum Virus
55 réponses
cortex70
Messages postés
41
Date d'inscription
jeudi 28 juin 2012
Statut
Membre
Dernière intervention
11 juillet 2012
1
5 juil. 2012 à 02:27
5 juil. 2012 à 02:27
ca y est j'ai pu enfin poster le deuxieme rapport sur malekal : https://pjjoint.malekal.com/files.php?id=20120705_b8l9v8e10j13
Utilisateur anonyme
5 juil. 2012 à 03:07
5 juil. 2012 à 03:07
ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous "Personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "5.6.7.8"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll File not found
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A88E1024-2CD1-4203-91B6-954C071CAFB3}: DhcpNameServer = 41.206.65.1 213.136.109.2
[1 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\MUSTANG\Desktop\*.tmp files -> C:\Users\MUSTANG\Desktop\*.tmp -> ]
[2011/11/22 22:56:08 | 000,000,056 | ---- | C] () -- C:\ProgramData\DFRM4.key
[2011/11/22 22:56:01 | 000,000,012 | ---- | C] () -- C:\Users\MUSTANG\AppData\Roaming\7427
[2011/11/22 22:56:01 | 000,000,012 | ---- | C] () -- C:\ProgramData\6622
[2011/11/22 22:56:01 | 000,000,012 | ---- | C] () -- C:\Users\MUSTANG\AppData\Local\2902
[2011/11/22 22:56:01 | 000,000,012 | ---- | C] () -- C:\ProgramData\1252
[2011/11/22 22:56:01 | 000,000,012 | ---- | C] () -- C:\ProgramData\0840
@Alternate Data Stream - 784 bytes -> C:\Users\Public\Documents\Tiffen:45684614-4E3E-4a9e-B027-9752F01A2EF1
@Alternate Data Stream - 256 bytes -> C:\Users\Public\Documents\Tiffen:B3EF4157-6971-4D4D-B272-EBD4DCE32FF4
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:763FFD2C
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:FF566C71
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:FFC7EC5B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B6AC352B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:810B9F0D
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:456A69E6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:88812874
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:054B9966
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0C6951A3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C59E90A4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B24B19F1
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:04853F41
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9E00596C
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8DAF83BD
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3241321C
@Alternate Data Stream - 1139 bytes -> C:\ProgramData\Microsoft:BkrnuPbrYZYIXtqqe6GlhQz7
@Alternate Data Stream - 1052 bytes -> C:\ProgramData\Microsoft:Qa36qskyepzobTX8B
:commands
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur "Correction" pour lancer la suppression.
▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous "Personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "5.6.7.8"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll File not found
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A88E1024-2CD1-4203-91B6-954C071CAFB3}: DhcpNameServer = 41.206.65.1 213.136.109.2
[1 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\MUSTANG\Desktop\*.tmp files -> C:\Users\MUSTANG\Desktop\*.tmp -> ]
[2011/11/22 22:56:08 | 000,000,056 | ---- | C] () -- C:\ProgramData\DFRM4.key
[2011/11/22 22:56:01 | 000,000,012 | ---- | C] () -- C:\Users\MUSTANG\AppData\Roaming\7427
[2011/11/22 22:56:01 | 000,000,012 | ---- | C] () -- C:\ProgramData\6622
[2011/11/22 22:56:01 | 000,000,012 | ---- | C] () -- C:\Users\MUSTANG\AppData\Local\2902
[2011/11/22 22:56:01 | 000,000,012 | ---- | C] () -- C:\ProgramData\1252
[2011/11/22 22:56:01 | 000,000,012 | ---- | C] () -- C:\ProgramData\0840
@Alternate Data Stream - 784 bytes -> C:\Users\Public\Documents\Tiffen:45684614-4E3E-4a9e-B027-9752F01A2EF1
@Alternate Data Stream - 256 bytes -> C:\Users\Public\Documents\Tiffen:B3EF4157-6971-4D4D-B272-EBD4DCE32FF4
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:763FFD2C
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:FF566C71
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:FFC7EC5B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B6AC352B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:810B9F0D
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:456A69E6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:88812874
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:054B9966
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0C6951A3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C59E90A4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B24B19F1
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:04853F41
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9E00596C
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8DAF83BD
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3241321C
@Alternate Data Stream - 1139 bytes -> C:\ProgramData\Microsoft:BkrnuPbrYZYIXtqqe6GlhQz7
@Alternate Data Stream - 1052 bytes -> C:\ProgramData\Microsoft:Qa36qskyepzobTX8B
:commands
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur "Correction" pour lancer la suppression.
▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
cortex70
Messages postés
41
Date d'inscription
jeudi 28 juin 2012
Statut
Membre
Dernière intervention
11 juillet 2012
1
5 juil. 2012 à 03:19
5 juil. 2012 à 03:19
je suppose qu'il est tard chez toi et que tu as besoin de repos alors une dernière question avant de continuer demain,dois je paramétrer OTL de la même manière que lors du premier scan ?
Utilisateur anonyme
Modifié par g3n-h@ckm@n le 5/07/2012 à 03:20
Modifié par g3n-h@ckm@n le 5/07/2012 à 03:20
non
tu colles le texte en gras et "correction" , c'est tout rien d'autre
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
tu colles le texte en gras et "correction" , c'est tout rien d'autre
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
cortex70
Messages postés
41
Date d'inscription
jeudi 28 juin 2012
Statut
Membre
Dernière intervention
11 juillet 2012
1
5 juil. 2012 à 03:22
5 juil. 2012 à 03:22
ok,je fais tout ca et a demain pour la suite,mille merci a toi de me donner de ton temps et ton savoir.
cortex70
Messages postés
41
Date d'inscription
jeudi 28 juin 2012
Statut
Membre
Dernière intervention
11 juillet 2012
1
5 juil. 2012 à 03:32
5 juil. 2012 à 03:32
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Prefs.js: "127.0.0.1" removed from network.proxy.ftp
Prefs.js: 8080 removed from network.proxy.ftp_port
Prefs.js: "5.6.7.8" removed from network.proxy.gopher
Prefs.js: 8080 removed from network.proxy.gopher_port
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: "127.0.0.1" removed from network.proxy.socks
Prefs.js: 1080 removed from network.proxy.socks_port
Prefs.js: 8080 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}\ deleted successfully.
C:\Program Files (x86)\LastPass\LPBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}\ deleted successfully.
File C:\Program Files (x86)\LastPass\LPBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
File C:\Program Files (x86)\LastPass\LPBar.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
File C:\Program Files (x86)\LastPass\LPBar.dll not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A88E1024-2CD1-4203-91B6-954C071CAFB3}\\DhcpNameServer| /E : value set successfully!
C:\windows\SysNative\drivers\SETC320.tmp deleted successfully.
C:\Users\MUSTANG\Desktop\~PI6167.tmp deleted successfully.
C:\ProgramData\DFRM4.key moved successfully.
C:\Users\MUSTANG\AppData\Roaming\7427 moved successfully.
C:\ProgramData\6622 moved successfully.
C:\Users\MUSTANG\AppData\Local\2902 moved successfully.
C:\ProgramData\1252 moved successfully.
C:\ProgramData\0840 moved successfully.
ADS C:\Users\Public\Documents\Tiffen:45684614-4E3E-4a9e-B027-9752F01A2EF1 deleted successfully.
ADS C:\Users\Public\Documents\Tiffen:B3EF4157-6971-4D4D-B272-EBD4DCE32FF4 deleted successfully.
ADS C:\ProgramData\TEMP:1CE11B51 deleted successfully.
ADS C:\ProgramData\TEMP:FB1B13D8 deleted successfully.
ADS C:\ProgramData\TEMP:763FFD2C deleted successfully.
ADS C:\ProgramData\TEMP:FF566C71 deleted successfully.
ADS C:\ProgramData\TEMP:FFC7EC5B deleted successfully.
ADS C:\ProgramData\TEMP:B6AC352B deleted successfully.
ADS C:\ProgramData\TEMP:810B9F0D deleted successfully.
ADS C:\ProgramData\TEMP:456A69E6 deleted successfully.
ADS C:\ProgramData\TEMP:88812874 deleted successfully.
ADS C:\ProgramData\TEMP:054B9966 deleted successfully.
ADS C:\ProgramData\TEMP:63238B95 deleted successfully.
ADS C:\ProgramData\TEMP:0C6951A3 deleted successfully.
ADS C:\ProgramData\TEMP:C59E90A4 deleted successfully.
ADS C:\ProgramData\TEMP:B24B19F1 deleted successfully.
ADS C:\ProgramData\TEMP:04853F41 deleted successfully.
ADS C:\ProgramData\TEMP:9E00596C deleted successfully.
ADS C:\ProgramData\TEMP:8DAF83BD deleted successfully.
ADS C:\ProgramData\TEMP:3241321C deleted successfully.
ADS C:\ProgramData\Microsoft:BkrnuPbrYZYIXtqqe6GlhQz7 deleted successfully.
ADS C:\ProgramData\Microsoft:Qa36qskyepzobTX8B deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56478 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Flash cache emptied: 56478 bytes
User: MUSTANG
->Temp folder emptied: 33597 bytes
->Temporary Internet Files folder emptied: 981469 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61469621 bytes
->Google Chrome cache emptied: 101042421 bytes
->Flash cache emptied: 57583 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 538 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 556 bytes
RecycleBin emptied: 1124127 bytes
Total Files Cleaned = 157,00 mb
OTL by OldTimer - Version 3.2.53.1 log created on 07052012_012446
Files\Folders moved on Reboot...
C:\Users\MUSTANG\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\MUSTANG\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Prefs.js: "127.0.0.1" removed from network.proxy.ftp
Prefs.js: 8080 removed from network.proxy.ftp_port
Prefs.js: "5.6.7.8" removed from network.proxy.gopher
Prefs.js: 8080 removed from network.proxy.gopher_port
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: "127.0.0.1" removed from network.proxy.socks
Prefs.js: 1080 removed from network.proxy.socks_port
Prefs.js: 8080 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}\ deleted successfully.
C:\Program Files (x86)\LastPass\LPBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}\ deleted successfully.
File C:\Program Files (x86)\LastPass\LPBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
File C:\Program Files (x86)\LastPass\LPBar.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
File C:\Program Files (x86)\LastPass\LPBar.dll not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A88E1024-2CD1-4203-91B6-954C071CAFB3}\\DhcpNameServer| /E : value set successfully!
C:\windows\SysNative\drivers\SETC320.tmp deleted successfully.
C:\Users\MUSTANG\Desktop\~PI6167.tmp deleted successfully.
C:\ProgramData\DFRM4.key moved successfully.
C:\Users\MUSTANG\AppData\Roaming\7427 moved successfully.
C:\ProgramData\6622 moved successfully.
C:\Users\MUSTANG\AppData\Local\2902 moved successfully.
C:\ProgramData\1252 moved successfully.
C:\ProgramData\0840 moved successfully.
ADS C:\Users\Public\Documents\Tiffen:45684614-4E3E-4a9e-B027-9752F01A2EF1 deleted successfully.
ADS C:\Users\Public\Documents\Tiffen:B3EF4157-6971-4D4D-B272-EBD4DCE32FF4 deleted successfully.
ADS C:\ProgramData\TEMP:1CE11B51 deleted successfully.
ADS C:\ProgramData\TEMP:FB1B13D8 deleted successfully.
ADS C:\ProgramData\TEMP:763FFD2C deleted successfully.
ADS C:\ProgramData\TEMP:FF566C71 deleted successfully.
ADS C:\ProgramData\TEMP:FFC7EC5B deleted successfully.
ADS C:\ProgramData\TEMP:B6AC352B deleted successfully.
ADS C:\ProgramData\TEMP:810B9F0D deleted successfully.
ADS C:\ProgramData\TEMP:456A69E6 deleted successfully.
ADS C:\ProgramData\TEMP:88812874 deleted successfully.
ADS C:\ProgramData\TEMP:054B9966 deleted successfully.
ADS C:\ProgramData\TEMP:63238B95 deleted successfully.
ADS C:\ProgramData\TEMP:0C6951A3 deleted successfully.
ADS C:\ProgramData\TEMP:C59E90A4 deleted successfully.
ADS C:\ProgramData\TEMP:B24B19F1 deleted successfully.
ADS C:\ProgramData\TEMP:04853F41 deleted successfully.
ADS C:\ProgramData\TEMP:9E00596C deleted successfully.
ADS C:\ProgramData\TEMP:8DAF83BD deleted successfully.
ADS C:\ProgramData\TEMP:3241321C deleted successfully.
ADS C:\ProgramData\Microsoft:BkrnuPbrYZYIXtqqe6GlhQz7 deleted successfully.
ADS C:\ProgramData\Microsoft:Qa36qskyepzobTX8B deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56478 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Flash cache emptied: 56478 bytes
User: MUSTANG
->Temp folder emptied: 33597 bytes
->Temporary Internet Files folder emptied: 981469 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61469621 bytes
->Google Chrome cache emptied: 101042421 bytes
->Flash cache emptied: 57583 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 538 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 556 bytes
RecycleBin emptied: 1124127 bytes
Total Files Cleaned = 157,00 mb
OTL by OldTimer - Version 3.2.53.1 log created on 07052012_012446
Files\Folders moved on Reboot...
C:\Users\MUSTANG\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\MUSTANG\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
Utilisateur anonyme
5 juil. 2012 à 03:36
5 juil. 2012 à 03:36
refais le script que je t'ai fait faire avec combofix maintenant
cortex70
Messages postés
41
Date d'inscription
jeudi 28 juin 2012
Statut
Membre
Dernière intervention
11 juillet 2012
1
5 juil. 2012 à 11:20
5 juil. 2012 à 11:20
Bonjour a toi g3n,
tout s'est déroulé sans accrocs cette fois et voila le rapport:
ComboFix 12-07-04.01 - MUSTANG 05/07/2012 2:07.5.4 - x64
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.1.1033.18.6051.3835 [GMT 0:00]
Running from: c:\users\MUSTANG\Desktop\cequetuveux.exe
Command switches used :: c:\users\MUSTANG\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\F9C9.tmp"
.
.
((((((((((((((((((((((((( Files Created from 2012-06-05 to 2012-07-05 )))))))))))))))))))))))))))))))
.
.
2012-07-05 02:16 . 2012-07-05 02:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-05 01:56 . 2012-07-05 01:56 388096 ----a-r- c:\users\MUSTANG\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-05 01:24 . 2012-07-05 01:24 -------- d-----w- C:\_OTL
2012-07-04 20:01 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\fr
2012-07-04 20:01 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\en
2012-07-04 20:00 . 2012-07-04 20:00 -------- d-----w- c:\windows\SysWow64\XPSViewer
2012-07-04 20:00 . 2012-07-04 20:00 -------- d-----w- c:\windows\SysWow64\LogFiles
2012-07-04 19:59 . 2012-07-04 19:59 -------- d-----w- c:\windows\SysWow64\winrm
2012-07-04 19:58 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\WCN
2012-07-04 19:56 . 2012-07-04 19:56 -------- d-----w- c:\windows\SysWow64\restore
2012-07-04 19:55 . 2012-07-04 19:55 -------- d-----w- c:\windows\SysWow64\slmgr
2012-07-04 19:52 . 2012-07-04 19:52 -------- d-----w- c:\windows\SysWow64\Printing_Admin_Scripts
2012-07-04 19:40 . 2012-07-04 19:42 -------- d-----w- c:\windows\SysWow64\Dism
2012-07-04 19:38 . 2012-07-04 19:49 -------- d-----w- c:\windows\SysWow64\zh-TW
2012-07-04 19:37 . 2012-07-04 19:37 -------- d-----w- c:\windows\SysWow64\spp
2012-07-04 19:35 . 2012-07-04 19:56 -------- d-----w- c:\windows\SysWow64\Speech
2012-07-04 19:34 . 2012-07-04 19:57 -------- d-----w- c:\windows\SysWow64\setup
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- c:\windows\SysWow64\ras
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- c:\windows\SysWow64\Tasks
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- C:\PerfLogs
2012-07-04 19:33 . 2012-07-04 19:33 -------- d-----w- c:\windows\SysWow64\networklist
2012-07-04 19:33 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\MUI
2012-07-04 19:33 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\drivers\fr-FR
2012-07-04 19:33 . 2012-07-05 02:14 -------- d-----w- c:\windows\SysWow64\Drivers
2012-07-04 19:33 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\MigWiz
2012-07-04 19:31 . 2012-07-04 19:32 -------- d-----w- c:\windows\SysWow64\InstallShield
2012-07-04 19:31 . 2012-07-04 19:31 -------- d-----w- c:\windows\SysWow64\GroupPolicy
2012-07-04 19:31 . 2012-07-04 19:31 -------- d-----w- c:\windows\SysWow64\FxsTmp
2012-07-04 19:30 . 2012-07-04 19:53 -------- d-----w- c:\windows\SysWow64\DriverStore
2012-07-04 19:30 . 2012-07-04 19:53 -------- d-----w- c:\windows\SysWow64\config
2012-07-04 19:30 . 2012-07-04 19:38 -------- d-----w- c:\windows\SysWow64\Com
2012-07-04 19:30 . 2012-07-04 19:59 -------- d-----w- c:\windows\SysWow64\migration
2012-07-04 19:30 . 2012-07-04 12:36 -------- d-----w- c:\windows\SysWow64\wbem
2012-07-04 19:30 . 2012-07-04 19:30 -------- d-----w- c:\windows\SysWow64\wdi
2012-07-04 19:30 . 2012-07-04 19:30 -------- d-----w- c:\windows\SysWow64\manifeststore
2012-07-04 19:30 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\fr-FR
2012-07-04 19:30 . 2012-07-05 02:14 -------- d-----w- c:\windows\SysWOW64
2012-07-04 12:36 . 2012-07-04 13:47 -------- d-----w- C:\ComboFix
2012-07-04 12:26 . 2012-07-04 12:26 39184 ----a-w- c:\windows\SysWow64\Partizan.exe
2012-07-04 12:26 . 2012-07-04 12:26 35816 ----a-w- c:\windows\SysWow64\drivers\Partizan.sys
2012-07-03 21:27 . 2012-07-03 21:46 -------- d-----w- C:\RmFix
2012-07-03 21:23 . 2012-07-04 10:19 -------- d-----w- C:\Telechargements
2012-07-03 20:16 . 2012-07-03 20:16 -------- d-----w- c:\program files\Unlocker
2012-07-03 19:14 . 2012-07-05 01:40 -------- d-----w- C:\Pre_Scan
2012-07-03 15:19 . 2012-07-03 15:19 332288 ----a-w- c:\windows\system32\uxtheme.new
2012-07-03 15:03 . 2012-07-03 21:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-02 22:44 . 2012-07-02 22:46 -------- d-----w- c:\users\Guest
2012-06-29 15:21 . 2012-06-29 15:21 -------- d-----w- c:\users\MUSTANG\DoctorWeb
2012-06-29 01:06 . 2012-06-29 01:07 -------- d-----w- c:\program files (x86)\ZebHelpProcess
2012-06-28 20:41 . 2012-06-28 20:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-28 20:13 . 2012-06-29 02:30 -------- d-----w- c:\program files\HitmanPro
2012-06-28 20:13 . 2012-06-28 20:42 -------- d-----w- c:\programdata\HitmanPro
2012-06-28 13:40 . 2012-06-28 13:40 -------- d-----w- C:\bd_logs
2012-06-28 13:03 . 2012-06-28 13:03 -------- d-----w- c:\users\MUSTANG\Pavark
2012-06-28 07:06 . 2012-06-28 07:06 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-06-28 06:58 . 2012-07-04 13:58 -------- d-----w- c:\programdata\RegRun
2012-06-28 06:58 . 2012-07-03 15:05 -------- d-----w- c:\program files (x86)\UnHackMe.del
2012-06-27 21:58 . 2012-07-04 09:31 -------- d-----w- C:\DLTools
2012-06-27 21:57 . 2012-06-27 21:57 -------- d-----w- C:\img
2012-06-27 21:53 . 2012-06-27 21:53 486224 ----a-w- C:\HelpSecurity.exe
2012-06-27 20:33 . 2012-06-27 20:33 -------- d-----w- c:\program files (x86)\Common Files\Borland Shared
2012-06-27 17:24 . 2012-06-29 02:28 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-06-27 14:42 . 2012-06-27 14:42 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\SUPERAntiSpyware.com
2012-06-27 10:31 . 2012-06-27 10:31 -------- d-----w- c:\programdata\Sophos
2012-06-27 02:26 . 2012-06-29 12:35 -------- d-----w- c:\program files (x86)\Sophos
2012-06-27 01:05 . 2012-06-27 01:06 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Sony
2012-06-26 13:47 . 2012-06-26 17:26 -------- d-----w- c:\programdata\eSellerate
2012-06-24 10:52 . 2012-06-24 10:52 708960 ----a-w- C:\GetSystemInfo.exe
2012-06-24 09:05 . 2012-06-24 09:10 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-22 23:10 . 2012-06-22 23:10 -------- d-----w- c:\users\MUSTANG\VirtualBox VMs
2012-06-22 23:04 . 2012-06-24 18:32 -------- d-----w- c:\users\MUSTANG\.VirtualBox
2012-06-22 22:54 . 2012-04-03 14:19 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-06-22 22:53 . 2012-04-03 14:19 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-06-22 02:00 . 2012-06-22 05:21 -------- d-----w- c:\program files\WMV9_VCM
2012-06-21 23:34 . 2012-06-23 13:49 -------- d-----w- c:\program files (x86)\Sony
2012-06-21 15:44 . 2012-06-21 15:44 -------- d-----w- c:\program files (x86)\Common Files\eSellerate
2012-06-21 15:44 . 1913-11-26 07:04 -------- d-----w- c:\program files\NewBlue
2012-06-21 15:43 . 2050-01-01 13:32 -------- d-----w- c:\program files (x86)\NewBlue
2012-06-21 10:33 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 10:33 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 10:33 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 10:33 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 10:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 10:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 10:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 10:32 . 2012-06-02 15:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 10:32 . 2012-06-02 15:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 21:44 . 2012-06-20 21:44 -------- d-----w- c:\programdata\Camel Audio
2012-06-20 21:44 . 2012-06-20 21:44 -------- d-----w- c:\program files\Camel Audio
2012-06-20 20:07 . 2012-06-20 20:07 -------- d-----w- c:\program files\Common Files\OFX
2012-06-20 19:54 . 2012-06-20 19:54 -------- d-----w- c:\program files\Magic Bullet Looks Vegas
2012-06-20 19:14 . 2012-06-27 12:40 -------- d-----w- c:\program files (x86)\MAGIX
2012-06-20 19:13 . 2012-06-20 19:14 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2012-06-20 18:29 . 2012-06-27 12:42 -------- d-----w- c:\users\MUSTANG\AppData\Local\Xara
2012-06-20 18:29 . 2012-06-27 12:59 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\MAGIX
2012-06-20 18:28 . 2012-06-22 02:00 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Shared
2012-06-20 18:21 . 2012-06-27 12:40 -------- d-----w- c:\programdata\MAGIX
2012-06-17 15:00 . 2012-06-17 15:00 -------- d-----w- C:\HOSTCS5PLUGINPATH
2012-06-17 15:00 . 2012-06-17 15:00 -------- d-----w- C:\HOSTCS5DEST
2012-06-17 02:41 . 2012-06-17 02:42 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\mresreg
2012-06-17 02:41 . 2012-06-17 02:50 -------- d-----w- c:\program files (x86)\Slideshow XL
2012-06-17 02:41 . 2012-06-17 02:41 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\IN-MEDIAKG
2012-06-17 02:40 . 2012-06-17 02:40 -------- d-----w- c:\program files (x86)\mresreg
2012-06-17 02:24 . 2012-06-17 02:24 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Ashampoo Slideshow Studio HD 2
2012-06-17 00:48 . 2012-06-17 00:48 -------- d-----w- c:\program files (x86)\Selteco
2012-06-16 17:24 . 2012-06-16 17:24 -------- d-----w- C:\bblast20
2012-06-16 12:42 . 2012-06-16 12:44 -------- d-----w- c:\users\MUSTANG\AppData\Local\LooksBuilder
2012-06-16 12:39 . 2012-06-16 16:19 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Red Giant Link
2012-06-16 12:15 . 2012-06-16 12:15 -------- d-----w- c:\program files (x86)\LooksBuilder
2012-06-16 12:15 . 2012-06-16 12:15 -------- d-----w- c:\program files (x86)\Red Giant Link
2012-06-16 12:00 . 2012-06-16 12:00 -------- d-----w- c:\programdata\RedGiant
2012-06-15 11:09 . 2012-06-15 11:09 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\IndigoRose
2012-06-15 10:13 . 2012-06-15 10:13 -------- d-----w- c:\program files (x86)\FEC for AVX
2012-06-15 07:06 . 2012-06-15 07:15 -------- d-----w- c:\program files (x86)\ElcomSoft
2012-06-15 02:54 . 2012-06-15 02:54 -------- d-----w- C:\HOSTCS6DEST
2012-06-15 02:41 . 2012-06-15 02:41 -------- d-----w- C:\HOSTPRCS5DEST
2012-06-15 02:37 . 2012-06-15 02:41 -------- d-----w- C:\CUSTOMDESTINATION64
2012-06-15 01:32 . 2012-06-15 01:32 -------- d-----w- c:\users\MUSTANG\AppData\Local\Intel WiDi
2012-06-14 23:57 . 2012-06-14 23:58 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-06-14 23:57 . 2012-06-14 23:57 -------- d-----w- c:\program files (x86)\Intel Corporation
2012-06-14 23:50 . 2012-06-14 23:50 -------- d-----w- c:\users\MUSTANG\.idlerc
2012-06-14 23:44 . 2012-06-14 23:44 -------- d-----w- c:\program files (x86)\Oracle
2012-06-14 23:23 . 2012-06-14 23:24 -------- d-----w- C:\Python32
2012-06-14 22:41 . 2012-06-14 22:41 -------- d-----w- c:\users\MUSTANG\AppData\Local\Macromedia
2012-06-14 20:10 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 15:28 . 2012-05-07 15:28 10504192 ----a-w- c:\windows\system32\BCC8_3DObjects_AE.dll
2012-05-05 16:49 . 2012-05-05 16:49 35248640 ----a-w- c:\windows\system32\BCC8_AE_Float.dll
2012-05-05 16:38 . 2012-05-05 16:38 34864640 ----a-w- c:\windows\system32\BCC8_AE_8Bit.dll
2012-05-05 16:27 . 2012-05-05 16:27 34906112 ----a-w- c:\windows\system32\BCC8_AE_16Bit.dll
2012-05-05 16:21 . 2012-05-05 16:21 1027072 ----a-w- c:\windows\system32\BCC8_Common_AE.dll
2012-04-29 21:51 . 2012-04-16 21:09 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-29 21:51 . 2012-04-16 21:09 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-16 22:47 . 2012-04-16 22:47 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-11 07:12 . 2012-04-11 07:12 2884096 ----a-w- c:\windows\system32\python32.dll
2012-04-06 11:45 . 2012-04-06 11:45 22948352 ----a-w- c:\windows\system32\FEC_FOR_RED5_8Bit.dll
2012-04-06 11:36 . 2012-04-06 11:36 13209600 ----a-w- c:\windows\system32\FEC_FOR_RED5_Common.dll
2012-04-06 11:36 . 2012-04-06 11:36 22987264 ----a-w- c:\windows\system32\FEC_FOR_RED5_16Bit.dll
2012-04-06 10:07 . 2012-04-06 10:07 28227072 ----a-w- c:\windows\system32\BCC7_RED_8Bit.dll
2012-04-06 10:02 . 2012-04-06 10:02 14745088 ----a-w- c:\windows\system32\BCC7_Common_RED.dll
2012-04-06 09:55 . 2012-04-06 09:55 28285952 ----a-w- c:\windows\system32\BCC7_RED_16Bit.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-04_12.51.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-07-04 12:26 . 2012-07-04 12:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-04 12:26 . 2012-07-05 02:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-04 12:26 . 2012-07-05 02:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-07-04 12:26 . 2012-07-04 12:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-07-04 12:26 . 2012-07-04 12:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-04 12:26 . 2012-07-05 02:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-04 12:26 . 2012-07-05 02:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-04 12:26 . 2012-07-04 12:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-07-05 01:49 72816 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-05 01:49 50452 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-20 17:43 . 2012-07-05 01:49 17448 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3234270633-3165621610-2973766816-1000_UserData.bin
+ 2011-10-21 00:24 . 2012-07-04 14:07 7628 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-07-04 12:50 . 2012-07-04 12:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-05 02:17 . 2012-07-05 02:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-04 12:50 . 2012-07-04 12:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-05 02:17 . 2012-07-05 02:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-29 09:53 . 2012-07-04 12:32 715018 c:\windows\system32\perfh00C.dat
+ 2011-10-29 09:53 . 2012-07-05 01:50 715018 c:\windows\system32\perfh00C.dat
- 2009-07-14 02:36 . 2012-07-04 12:32 636122 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-05 01:50 636122 c:\windows\system32\perfh009.dat
- 2011-10-29 09:53 . 2012-07-04 12:32 135872 c:\windows\system32\perfc00C.dat
+ 2011-10-29 09:53 . 2012-07-05 01:50 135872 c:\windows\system32\perfc00C.dat
+ 2009-07-14 02:36 . 2012-07-05 01:50 111664 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-04 12:32 111664 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-04 12:49 785072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-05 02:16 785072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-04-05 18:25 . 2012-07-04 12:49 3367848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-04-05 18:25 . 2012-07-05 01:25 3367848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-10-21 12:12 . 2012-07-04 11:05 1583720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3234270633-3165621610-2973766816-1000-12288.dat
+ 2011-10-21 12:12 . 2012-07-05 01:25 1583720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3234270633-3165621610-2973766816-1000-12288.dat
+ 2012-07-05 01:55 . 2012-07-05 01:55 1402880 c:\windows\Installer\9ab7e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
[BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
"TSleepSrv"=%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64lh.sys [2010-01-30 363136]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [2010-01-30 62976]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-08-05 34200]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 MatSvc;Service automatisé de résolution de problèmes Microsoft;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-13 343856]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-08-17 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-21 822704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;tsusbhub [x]
R4 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2011-03-04 482384]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2009-12-16 324928]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-12-08 267192]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-11-30 84480]
S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-11-30 182272]
S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-11-30 84992]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2011-10-20 20592]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-08-05 25496]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-31 174168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 00:09]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 00:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\MUSTANG\AppData\Roaming\Mozilla\Firefox\Profiles\ys7iuh5h.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
FF - prefs.js: network.proxy.ftp -
FF - prefs.js: network.proxy.ftp_port -
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port -
FF - prefs.js: network.proxy.http -
FF - prefs.js: network.proxy.http_port -
FF - prefs.js: network.proxy.socks -
FF - prefs.js: network.proxy.socks_port -
FF - prefs.js: network.proxy.ssl_port -
FF - prefs.js: network.proxy.type -
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E718888-423F-11D2-876E-00A0C9082467}"=hex:51,66,7a,6c,4c,1d,38,12,e6,8b,62,
8a,0d,0c,bc,54,f8,78,43,e0,cc,56,60,73
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{9F6B5CC3-5C7B-4B5C-97AF-19DEC1E380E5}"=hex:51,66,7a,6c,4c,1d,38,12,ad,5f,78,
9b,49,12,32,0e,e8,b9,5a,9e,c4,bd,c4,f1
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{95D9ECF5-2A4D-4550-BE49-70D42F71296E}"=hex:51,66,7a,6c,4c,1d,38,12,9b,ef,ca,
91,7f,64,3e,00,c1,5f,33,94,2a,2f,6d,7a
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,
f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:72,98,a5,c5,08,49,cd,01
.
[HKEY_USERS\S-1-5-21-3234270633-3165621610-2973766816-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CB6F261-FAF4-58F7-6949-D1BEF2F0443F}*]
@Allowed: (Read) (RestrictedCode)
"mapjnfleadadohegnkambhmmea"=hex:6f,61,6f,68,62,6f,65,64,66,61,63,68,6c,6d,6e,
6e,61,61,61,64,63,6e,68,68,6b,6a,68,66,6d,6d,00,70
"abojigjhcedcambeappoiijacfghpbhnea"=hex:70,61,61,6b,6b,65,61,67,6f,69,61,61,
63,6e,66,6d,6c,61,6d,6b,66,6c,6d,6e,69,67,65,6f,6b,6a,69,70,00,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:6f,b0,97,09,85,4c,4d,9b,94,22,95,3a,d9,0f,5b,3d,e8,43,e5,02,1b,
20,14,b3,0e,e5,88,66,a9,53,9c,4f,7f,ad,ec,1d,33,c0,d8,20,ec,1b,1c,a7,4f,28,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:6f,b0,97,09,85,4c,4d,9b,94,22,95,3a,d9,0f,5b,3d,e8,43,e5,02,1b,
20,14,b3,0e,e5,88,66,a9,53,9c,4f,7f,ad,ec,1d,33,c0,d8,20,ec,1b,1c,a7,4f,28,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\TOSHIBA\widimon\widimon.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
.
**************************************************************************
.
Completion time: 2012-07-05 02:23:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-05 02:23
ComboFix2.txt 2012-07-04 20:14
ComboFix3.txt 2012-07-04 14:05
ComboFix4.txt 2012-07-04 12:56
ComboFix5.txt 2012-07-05 02:07
.
Pre-Run: 127 480 750 080 octets libres
Post-Run: 127 124 131 840 octets libres
.
- - End Of File - - 43735353C7739156501767F1542F45D4
tout s'est déroulé sans accrocs cette fois et voila le rapport:
ComboFix 12-07-04.01 - MUSTANG 05/07/2012 2:07.5.4 - x64
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.1.1033.18.6051.3835 [GMT 0:00]
Running from: c:\users\MUSTANG\Desktop\cequetuveux.exe
Command switches used :: c:\users\MUSTANG\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\F9C9.tmp"
.
.
((((((((((((((((((((((((( Files Created from 2012-06-05 to 2012-07-05 )))))))))))))))))))))))))))))))
.
.
2012-07-05 02:16 . 2012-07-05 02:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-05 01:56 . 2012-07-05 01:56 388096 ----a-r- c:\users\MUSTANG\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-05 01:24 . 2012-07-05 01:24 -------- d-----w- C:\_OTL
2012-07-04 20:01 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\fr
2012-07-04 20:01 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\en
2012-07-04 20:00 . 2012-07-04 20:00 -------- d-----w- c:\windows\SysWow64\XPSViewer
2012-07-04 20:00 . 2012-07-04 20:00 -------- d-----w- c:\windows\SysWow64\LogFiles
2012-07-04 19:59 . 2012-07-04 19:59 -------- d-----w- c:\windows\SysWow64\winrm
2012-07-04 19:58 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\WCN
2012-07-04 19:56 . 2012-07-04 19:56 -------- d-----w- c:\windows\SysWow64\restore
2012-07-04 19:55 . 2012-07-04 19:55 -------- d-----w- c:\windows\SysWow64\slmgr
2012-07-04 19:52 . 2012-07-04 19:52 -------- d-----w- c:\windows\SysWow64\Printing_Admin_Scripts
2012-07-04 19:40 . 2012-07-04 19:42 -------- d-----w- c:\windows\SysWow64\Dism
2012-07-04 19:38 . 2012-07-04 19:49 -------- d-----w- c:\windows\SysWow64\zh-TW
2012-07-04 19:37 . 2012-07-04 19:37 -------- d-----w- c:\windows\SysWow64\spp
2012-07-04 19:35 . 2012-07-04 19:56 -------- d-----w- c:\windows\SysWow64\Speech
2012-07-04 19:34 . 2012-07-04 19:57 -------- d-----w- c:\windows\SysWow64\setup
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- c:\windows\SysWow64\ras
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- c:\windows\SysWow64\Tasks
2012-07-04 19:34 . 2012-07-04 19:34 -------- d-----w- C:\PerfLogs
2012-07-04 19:33 . 2012-07-04 19:33 -------- d-----w- c:\windows\SysWow64\networklist
2012-07-04 19:33 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\MUI
2012-07-04 19:33 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\drivers\fr-FR
2012-07-04 19:33 . 2012-07-05 02:14 -------- d-----w- c:\windows\SysWow64\Drivers
2012-07-04 19:33 . 2012-07-04 19:58 -------- d-----w- c:\windows\SysWow64\MigWiz
2012-07-04 19:31 . 2012-07-04 19:32 -------- d-----w- c:\windows\SysWow64\InstallShield
2012-07-04 19:31 . 2012-07-04 19:31 -------- d-----w- c:\windows\SysWow64\GroupPolicy
2012-07-04 19:31 . 2012-07-04 19:31 -------- d-----w- c:\windows\SysWow64\FxsTmp
2012-07-04 19:30 . 2012-07-04 19:53 -------- d-----w- c:\windows\SysWow64\DriverStore
2012-07-04 19:30 . 2012-07-04 19:53 -------- d-----w- c:\windows\SysWow64\config
2012-07-04 19:30 . 2012-07-04 19:38 -------- d-----w- c:\windows\SysWow64\Com
2012-07-04 19:30 . 2012-07-04 19:59 -------- d-----w- c:\windows\SysWow64\migration
2012-07-04 19:30 . 2012-07-04 12:36 -------- d-----w- c:\windows\SysWow64\wbem
2012-07-04 19:30 . 2012-07-04 19:30 -------- d-----w- c:\windows\SysWow64\wdi
2012-07-04 19:30 . 2012-07-04 19:30 -------- d-----w- c:\windows\SysWow64\manifeststore
2012-07-04 19:30 . 2012-07-04 20:01 -------- d-----w- c:\windows\SysWow64\fr-FR
2012-07-04 19:30 . 2012-07-05 02:14 -------- d-----w- c:\windows\SysWOW64
2012-07-04 12:36 . 2012-07-04 13:47 -------- d-----w- C:\ComboFix
2012-07-04 12:26 . 2012-07-04 12:26 39184 ----a-w- c:\windows\SysWow64\Partizan.exe
2012-07-04 12:26 . 2012-07-04 12:26 35816 ----a-w- c:\windows\SysWow64\drivers\Partizan.sys
2012-07-03 21:27 . 2012-07-03 21:46 -------- d-----w- C:\RmFix
2012-07-03 21:23 . 2012-07-04 10:19 -------- d-----w- C:\Telechargements
2012-07-03 20:16 . 2012-07-03 20:16 -------- d-----w- c:\program files\Unlocker
2012-07-03 19:14 . 2012-07-05 01:40 -------- d-----w- C:\Pre_Scan
2012-07-03 15:19 . 2012-07-03 15:19 332288 ----a-w- c:\windows\system32\uxtheme.new
2012-07-03 15:03 . 2012-07-03 21:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-02 22:44 . 2012-07-02 22:46 -------- d-----w- c:\users\Guest
2012-06-29 15:21 . 2012-06-29 15:21 -------- d-----w- c:\users\MUSTANG\DoctorWeb
2012-06-29 01:06 . 2012-06-29 01:07 -------- d-----w- c:\program files (x86)\ZebHelpProcess
2012-06-28 20:41 . 2012-06-28 20:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-28 20:13 . 2012-06-29 02:30 -------- d-----w- c:\program files\HitmanPro
2012-06-28 20:13 . 2012-06-28 20:42 -------- d-----w- c:\programdata\HitmanPro
2012-06-28 13:40 . 2012-06-28 13:40 -------- d-----w- C:\bd_logs
2012-06-28 13:03 . 2012-06-28 13:03 -------- d-----w- c:\users\MUSTANG\Pavark
2012-06-28 07:06 . 2012-06-28 07:06 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-06-28 06:58 . 2012-07-04 13:58 -------- d-----w- c:\programdata\RegRun
2012-06-28 06:58 . 2012-07-03 15:05 -------- d-----w- c:\program files (x86)\UnHackMe.del
2012-06-27 21:58 . 2012-07-04 09:31 -------- d-----w- C:\DLTools
2012-06-27 21:57 . 2012-06-27 21:57 -------- d-----w- C:\img
2012-06-27 21:53 . 2012-06-27 21:53 486224 ----a-w- C:\HelpSecurity.exe
2012-06-27 20:33 . 2012-06-27 20:33 -------- d-----w- c:\program files (x86)\Common Files\Borland Shared
2012-06-27 17:24 . 2012-06-29 02:28 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-06-27 14:42 . 2012-06-27 14:42 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\SUPERAntiSpyware.com
2012-06-27 10:31 . 2012-06-27 10:31 -------- d-----w- c:\programdata\Sophos
2012-06-27 02:26 . 2012-06-29 12:35 -------- d-----w- c:\program files (x86)\Sophos
2012-06-27 01:05 . 2012-06-27 01:06 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Sony
2012-06-26 13:47 . 2012-06-26 17:26 -------- d-----w- c:\programdata\eSellerate
2012-06-24 10:52 . 2012-06-24 10:52 708960 ----a-w- C:\GetSystemInfo.exe
2012-06-24 09:05 . 2012-06-24 09:10 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-22 23:10 . 2012-06-22 23:10 -------- d-----w- c:\users\MUSTANG\VirtualBox VMs
2012-06-22 23:04 . 2012-06-24 18:32 -------- d-----w- c:\users\MUSTANG\.VirtualBox
2012-06-22 22:54 . 2012-04-03 14:19 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-06-22 22:53 . 2012-04-03 14:19 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-06-22 02:00 . 2012-06-22 05:21 -------- d-----w- c:\program files\WMV9_VCM
2012-06-21 23:34 . 2012-06-23 13:49 -------- d-----w- c:\program files (x86)\Sony
2012-06-21 15:44 . 2012-06-21 15:44 -------- d-----w- c:\program files (x86)\Common Files\eSellerate
2012-06-21 15:44 . 1913-11-26 07:04 -------- d-----w- c:\program files\NewBlue
2012-06-21 15:43 . 2050-01-01 13:32 -------- d-----w- c:\program files (x86)\NewBlue
2012-06-21 10:33 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 10:33 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 10:33 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 10:33 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 10:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 10:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 10:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 10:32 . 2012-06-02 15:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 10:32 . 2012-06-02 15:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 21:44 . 2012-06-20 21:44 -------- d-----w- c:\programdata\Camel Audio
2012-06-20 21:44 . 2012-06-20 21:44 -------- d-----w- c:\program files\Camel Audio
2012-06-20 20:07 . 2012-06-20 20:07 -------- d-----w- c:\program files\Common Files\OFX
2012-06-20 19:54 . 2012-06-20 19:54 -------- d-----w- c:\program files\Magic Bullet Looks Vegas
2012-06-20 19:14 . 2012-06-27 12:40 -------- d-----w- c:\program files (x86)\MAGIX
2012-06-20 19:13 . 2012-06-20 19:14 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2012-06-20 18:29 . 2012-06-27 12:42 -------- d-----w- c:\users\MUSTANG\AppData\Local\Xara
2012-06-20 18:29 . 2012-06-27 12:59 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\MAGIX
2012-06-20 18:28 . 2012-06-22 02:00 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Shared
2012-06-20 18:21 . 2012-06-27 12:40 -------- d-----w- c:\programdata\MAGIX
2012-06-17 15:00 . 2012-06-17 15:00 -------- d-----w- C:\HOSTCS5PLUGINPATH
2012-06-17 15:00 . 2012-06-17 15:00 -------- d-----w- C:\HOSTCS5DEST
2012-06-17 02:41 . 2012-06-17 02:42 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\mresreg
2012-06-17 02:41 . 2012-06-17 02:50 -------- d-----w- c:\program files (x86)\Slideshow XL
2012-06-17 02:41 . 2012-06-17 02:41 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\IN-MEDIAKG
2012-06-17 02:40 . 2012-06-17 02:40 -------- d-----w- c:\program files (x86)\mresreg
2012-06-17 02:24 . 2012-06-17 02:24 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Ashampoo Slideshow Studio HD 2
2012-06-17 00:48 . 2012-06-17 00:48 -------- d-----w- c:\program files (x86)\Selteco
2012-06-16 17:24 . 2012-06-16 17:24 -------- d-----w- C:\bblast20
2012-06-16 12:42 . 2012-06-16 12:44 -------- d-----w- c:\users\MUSTANG\AppData\Local\LooksBuilder
2012-06-16 12:39 . 2012-06-16 16:19 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\Red Giant Link
2012-06-16 12:15 . 2012-06-16 12:15 -------- d-----w- c:\program files (x86)\LooksBuilder
2012-06-16 12:15 . 2012-06-16 12:15 -------- d-----w- c:\program files (x86)\Red Giant Link
2012-06-16 12:00 . 2012-06-16 12:00 -------- d-----w- c:\programdata\RedGiant
2012-06-15 11:09 . 2012-06-15 11:09 -------- d-----w- c:\users\MUSTANG\AppData\Roaming\IndigoRose
2012-06-15 10:13 . 2012-06-15 10:13 -------- d-----w- c:\program files (x86)\FEC for AVX
2012-06-15 07:06 . 2012-06-15 07:15 -------- d-----w- c:\program files (x86)\ElcomSoft
2012-06-15 02:54 . 2012-06-15 02:54 -------- d-----w- C:\HOSTCS6DEST
2012-06-15 02:41 . 2012-06-15 02:41 -------- d-----w- C:\HOSTPRCS5DEST
2012-06-15 02:37 . 2012-06-15 02:41 -------- d-----w- C:\CUSTOMDESTINATION64
2012-06-15 01:32 . 2012-06-15 01:32 -------- d-----w- c:\users\MUSTANG\AppData\Local\Intel WiDi
2012-06-14 23:57 . 2012-06-14 23:58 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-06-14 23:57 . 2012-06-14 23:57 -------- d-----w- c:\program files (x86)\Intel Corporation
2012-06-14 23:50 . 2012-06-14 23:50 -------- d-----w- c:\users\MUSTANG\.idlerc
2012-06-14 23:44 . 2012-06-14 23:44 -------- d-----w- c:\program files (x86)\Oracle
2012-06-14 23:23 . 2012-06-14 23:24 -------- d-----w- C:\Python32
2012-06-14 22:41 . 2012-06-14 22:41 -------- d-----w- c:\users\MUSTANG\AppData\Local\Macromedia
2012-06-14 20:10 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 15:28 . 2012-05-07 15:28 10504192 ----a-w- c:\windows\system32\BCC8_3DObjects_AE.dll
2012-05-05 16:49 . 2012-05-05 16:49 35248640 ----a-w- c:\windows\system32\BCC8_AE_Float.dll
2012-05-05 16:38 . 2012-05-05 16:38 34864640 ----a-w- c:\windows\system32\BCC8_AE_8Bit.dll
2012-05-05 16:27 . 2012-05-05 16:27 34906112 ----a-w- c:\windows\system32\BCC8_AE_16Bit.dll
2012-05-05 16:21 . 2012-05-05 16:21 1027072 ----a-w- c:\windows\system32\BCC8_Common_AE.dll
2012-04-29 21:51 . 2012-04-16 21:09 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-29 21:51 . 2012-04-16 21:09 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-16 22:47 . 2012-04-16 22:47 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-11 07:12 . 2012-04-11 07:12 2884096 ----a-w- c:\windows\system32\python32.dll
2012-04-06 11:45 . 2012-04-06 11:45 22948352 ----a-w- c:\windows\system32\FEC_FOR_RED5_8Bit.dll
2012-04-06 11:36 . 2012-04-06 11:36 13209600 ----a-w- c:\windows\system32\FEC_FOR_RED5_Common.dll
2012-04-06 11:36 . 2012-04-06 11:36 22987264 ----a-w- c:\windows\system32\FEC_FOR_RED5_16Bit.dll
2012-04-06 10:07 . 2012-04-06 10:07 28227072 ----a-w- c:\windows\system32\BCC7_RED_8Bit.dll
2012-04-06 10:02 . 2012-04-06 10:02 14745088 ----a-w- c:\windows\system32\BCC7_Common_RED.dll
2012-04-06 09:55 . 2012-04-06 09:55 28285952 ----a-w- c:\windows\system32\BCC7_RED_16Bit.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-04_12.51.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-07-04 12:26 . 2012-07-04 12:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-04 12:26 . 2012-07-05 02:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-04 12:26 . 2012-07-05 02:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-07-04 12:26 . 2012-07-04 12:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-07-04 12:26 . 2012-07-04 12:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-04 12:26 . 2012-07-05 02:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-04 12:26 . 2012-07-05 02:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-04 12:26 . 2012-07-04 12:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-07-05 01:49 72816 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-05 01:49 50452 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-20 17:43 . 2012-07-05 01:49 17448 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3234270633-3165621610-2973766816-1000_UserData.bin
+ 2011-10-21 00:24 . 2012-07-04 14:07 7628 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-07-04 12:50 . 2012-07-04 12:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-05 02:17 . 2012-07-05 02:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-04 12:50 . 2012-07-04 12:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-05 02:17 . 2012-07-05 02:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-29 09:53 . 2012-07-04 12:32 715018 c:\windows\system32\perfh00C.dat
+ 2011-10-29 09:53 . 2012-07-05 01:50 715018 c:\windows\system32\perfh00C.dat
- 2009-07-14 02:36 . 2012-07-04 12:32 636122 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-05 01:50 636122 c:\windows\system32\perfh009.dat
- 2011-10-29 09:53 . 2012-07-04 12:32 135872 c:\windows\system32\perfc00C.dat
+ 2011-10-29 09:53 . 2012-07-05 01:50 135872 c:\windows\system32\perfc00C.dat
+ 2009-07-14 02:36 . 2012-07-05 01:50 111664 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-04 12:32 111664 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-04 12:49 785072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-05 02:16 785072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-04-05 18:25 . 2012-07-04 12:49 3367848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-04-05 18:25 . 2012-07-05 01:25 3367848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-10-21 12:12 . 2012-07-04 11:05 1583720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3234270633-3165621610-2973766816-1000-12288.dat
+ 2011-10-21 12:12 . 2012-07-05 01:25 1583720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3234270633-3165621610-2973766816-1000-12288.dat
+ 2012-07-05 01:55 . 2012-07-05 01:55 1402880 c:\windows\Installer\9ab7e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
[BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
"TSleepSrv"=%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64lh.sys [2010-01-30 363136]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [2010-01-30 62976]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-08-05 34200]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 MatSvc;Service automatisé de résolution de problèmes Microsoft;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-13 343856]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-08-17 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-21 822704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;tsusbhub [x]
R4 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2011-03-04 482384]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2009-12-16 324928]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-12-08 267192]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-11-30 84480]
S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-11-30 182272]
S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-11-30 84992]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2011-10-20 20592]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-08-05 25496]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-31 174168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 00:09]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 00:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\MUSTANG\AppData\Roaming\Mozilla\Firefox\Profiles\ys7iuh5h.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
FF - prefs.js: network.proxy.ftp -
FF - prefs.js: network.proxy.ftp_port -
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port -
FF - prefs.js: network.proxy.http -
FF - prefs.js: network.proxy.http_port -
FF - prefs.js: network.proxy.socks -
FF - prefs.js: network.proxy.socks_port -
FF - prefs.js: network.proxy.ssl_port -
FF - prefs.js: network.proxy.type -
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E718888-423F-11D2-876E-00A0C9082467}"=hex:51,66,7a,6c,4c,1d,38,12,e6,8b,62,
8a,0d,0c,bc,54,f8,78,43,e0,cc,56,60,73
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{9F6B5CC3-5C7B-4B5C-97AF-19DEC1E380E5}"=hex:51,66,7a,6c,4c,1d,38,12,ad,5f,78,
9b,49,12,32,0e,e8,b9,5a,9e,c4,bd,c4,f1
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{95D9ECF5-2A4D-4550-BE49-70D42F71296E}"=hex:51,66,7a,6c,4c,1d,38,12,9b,ef,ca,
91,7f,64,3e,00,c1,5f,33,94,2a,2f,6d,7a
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,
f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:72,98,a5,c5,08,49,cd,01
.
[HKEY_USERS\S-1-5-21-3234270633-3165621610-2973766816-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CB6F261-FAF4-58F7-6949-D1BEF2F0443F}*]
@Allowed: (Read) (RestrictedCode)
"mapjnfleadadohegnkambhmmea"=hex:6f,61,6f,68,62,6f,65,64,66,61,63,68,6c,6d,6e,
6e,61,61,61,64,63,6e,68,68,6b,6a,68,66,6d,6d,00,70
"abojigjhcedcambeappoiijacfghpbhnea"=hex:70,61,61,6b,6b,65,61,67,6f,69,61,61,
63,6e,66,6d,6c,61,6d,6b,66,6c,6d,6e,69,67,65,6f,6b,6a,69,70,00,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:6f,b0,97,09,85,4c,4d,9b,94,22,95,3a,d9,0f,5b,3d,e8,43,e5,02,1b,
20,14,b3,0e,e5,88,66,a9,53,9c,4f,7f,ad,ec,1d,33,c0,d8,20,ec,1b,1c,a7,4f,28,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:6f,b0,97,09,85,4c,4d,9b,94,22,95,3a,d9,0f,5b,3d,e8,43,e5,02,1b,
20,14,b3,0e,e5,88,66,a9,53,9c,4f,7f,ad,ec,1d,33,c0,d8,20,ec,1b,1c,a7,4f,28,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\TOSHIBA\widimon\widimon.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
.
**************************************************************************
.
Completion time: 2012-07-05 02:23:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-05 02:23
ComboFix2.txt 2012-07-04 20:14
ComboFix3.txt 2012-07-04 14:05
ComboFix4.txt 2012-07-04 12:56
ComboFix5.txt 2012-07-05 02:07
.
Pre-Run: 127 480 750 080 octets libres
Post-Run: 127 124 131 840 octets libres
.
- - End Of File - - 43735353C7739156501767F1542F45D4
cortex70
Messages postés
41
Date d'inscription
jeudi 28 juin 2012
Statut
Membre
Dernière intervention
11 juillet 2012
1
5 juil. 2012 à 12:30
5 juil. 2012 à 12:30
il ne date pas d'hier,je l'avais installer quand j'ai commencer a ramer.
cortex70
Messages postés
41
Date d'inscription
jeudi 28 juin 2012
Statut
Membre
Dernière intervention
11 juillet 2012
1
5 juil. 2012 à 12:30
5 juil. 2012 à 12:30
je le vire ???
Utilisateur anonyme
5 juil. 2012 à 12:42
5 juil. 2012 à 12:42
ah ouais ila du faire une mise à jour hier en fait...
oui c'est un fracasse systeme ce truc
oui c'est un fracasse systeme ce truc
cortex70
Messages postés
41
Date d'inscription
jeudi 28 juin 2012
Statut
Membre
Dernière intervention
11 juillet 2012
1
5 juil. 2012 à 12:50
5 juil. 2012 à 12:50
il repose en paix et a la droite de ccleaner
Cordialement,
nul n'a le droit d'être heureux tout seul
Cordialement,
nul n'a le droit d'être heureux tout seul
Utilisateur anonyme
5 juil. 2012 à 13:01
5 juil. 2012 à 13:01
fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge ici :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
▶ Télécharge ici :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
cortex70
Messages postés
41
Date d'inscription
jeudi 28 juin 2012
Statut
Membre
Dernière intervention
11 juillet 2012
1
5 juil. 2012 à 13:08
5 juil. 2012 à 13:08
dois-je désinstaller la version que j'ai actuellement sur ma machine et télécharger celle que tu me propose ou plutôt suivre les instructions et lancer le scan a partir de la version déjà présente ?
cortex70
Messages postés
41
Date d'inscription
jeudi 28 juin 2012
Statut
Membre
Dernière intervention
11 juillet 2012
1
5 juil. 2012 à 13:22
5 juil. 2012 à 13:22
Salut Captain et merci pour ton intervention
cortex70
Messages postés
41
Date d'inscription
jeudi 28 juin 2012
Statut
Membre
Dernière intervention
11 juillet 2012
1
5 juil. 2012 à 16:06
5 juil. 2012 à 16:06
Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org
Version de la base de données: v2012.07.05.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MUSTANG :: MUSTANG-PC [administrateur]
Protection: Activé
05/07/2012 11:25:35
mbam-log-2012-07-05 (11-25-35).txt
Type d'examen: Examen complet
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 872640
Temps écoulé: 2 heure(s), 30 minute(s), 9 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 1
C:\Users\MUSTANG\Downloads\ADOBE PREMIERE PRO\Adobe.Premiere.Pro.CS5.5.v5.5.x64.Multilingual.Incl.Keymaker-CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Mis en quarantaine et supprimé avec succès.
(fin)
www.malwarebytes.org
Version de la base de données: v2012.07.05.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MUSTANG :: MUSTANG-PC [administrateur]
Protection: Activé
05/07/2012 11:25:35
mbam-log-2012-07-05 (11-25-35).txt
Type d'examen: Examen complet
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 872640
Temps écoulé: 2 heure(s), 30 minute(s), 9 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 1
C:\Users\MUSTANG\Downloads\ADOBE PREMIERE PRO\Adobe.Premiere.Pro.CS5.5.v5.5.x64.Multilingual.Incl.Keymaker-CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Mis en quarantaine et supprimé avec succès.
(fin)
cortex70
Messages postés
41
Date d'inscription
jeudi 28 juin 2012
Statut
Membre
Dernière intervention
11 juillet 2012
1
6 juil. 2012 à 12:35
6 juil. 2012 à 12:35
Bonjour a toi,
je ne comprends pas encore certains détails,pourrais tu m'expliquer si ce n'est pas grave et si oui quoi faire stp.
1/ le rapport de Gmer máffiche encore ceci :
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-06 10:09:41
Windows 6.1.7601 Service Pack 1
Running: gmer.exe
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CB6F261-FAF4-58F7-6949-D1BEF2F0443F}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CB6F261-FAF4-58F7-6949-D1BEF2F0443F}@mapjnfleadadohegnkambhmmea 0x6F 0x61 0x6F 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CB6F261-FAF4-58F7-6949-D1BEF2F0443F}@abojigjhcedcambeappoiijacfghpbhnea 0x70 0x61 0x61 0x6B ...
---- EOF - GMER 1.0.15 ----
2/ celui de hijackthis http://www.hijackthis.de/fr me donnes plein d'anomalie tel qu'ici :
https://www.cjoint.com/?BGgmxnOeBoQ (dois-je m'en inquieter ?)
3/ je n'arrive toujours a lancer pre_scan
est ce normal si l'infection a été eradiqué ?
4/ Pour terminer je n'arrive toujours pas a reinstaller Kaspersky antivirus 2012 après l'avoir désinstallé parceque corrompu par l'infection
j'espère ne pas trop te prendre la tête avec mes questions et inquietudes
je ne comprends pas encore certains détails,pourrais tu m'expliquer si ce n'est pas grave et si oui quoi faire stp.
1/ le rapport de Gmer máffiche encore ceci :
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-06 10:09:41
Windows 6.1.7601 Service Pack 1
Running: gmer.exe
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CB6F261-FAF4-58F7-6949-D1BEF2F0443F}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CB6F261-FAF4-58F7-6949-D1BEF2F0443F}@mapjnfleadadohegnkambhmmea 0x6F 0x61 0x6F 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4CB6F261-FAF4-58F7-6949-D1BEF2F0443F}@abojigjhcedcambeappoiijacfghpbhnea 0x70 0x61 0x61 0x6B ...
---- EOF - GMER 1.0.15 ----
2/ celui de hijackthis http://www.hijackthis.de/fr me donnes plein d'anomalie tel qu'ici :
https://www.cjoint.com/?BGgmxnOeBoQ (dois-je m'en inquieter ?)
3/ je n'arrive toujours a lancer pre_scan
est ce normal si l'infection a été eradiqué ?
4/ Pour terminer je n'arrive toujours pas a reinstaller Kaspersky antivirus 2012 après l'avoir désinstallé parceque corrompu par l'infection
j'espère ne pas trop te prendre la tête avec mes questions et inquietudes
Utilisateur anonyme
6 juil. 2012 à 12:47
6 juil. 2012 à 12:47
le robot de hijackthis est tout juste bon à te faire planter ta machiine , faut pas t'y fier il dit n'importe quoi
======================
pour pre_scan si tu tiens à le lanceer , essaie retelechargeant une nouvelle version
=====================
pour kaspersky tu n'es pas assez precis
======================
pour pre_scan si tu tiens à le lanceer , essaie retelechargeant une nouvelle version
=====================
pour kaspersky tu n'es pas assez precis
