CommentCaMarche
Recherche
Posez votre question Signaler

Effacer virus redirection page

dorenavon 11Messages postés lundi 12 décembre 2011Date d'inscription 8 mai 2012Dernière intervention - Dernière réponse le 8 mai 2012 à 14:56
Bonjour,
j ai un probleme au niveau de recherche sur internet , quand je clique sur un lien pour l ouvrir , il me redirecte sur une autre page qui s intitule 63.209.69.107/search .
je sais pas comment supprimer ce virus , et aussi quend je veux cliquer sur un autre onglet , j ai la page de babylon search . je sais pas comment la supprimer
Lire la suite 
Réponse
+0
moins plus
salut ton windows n'est pas à jour

)=========

Télécharge et enregistre ADWcleaner sur ton bureau :

ADWCleaner (Merci à Xplode)

Lance le,

clique sur suppression et poste son rapport.
Ajouter un commentaire
Réponse
+0
moins plus
# AdwCleaner v1.605 - Logfile created 05/06/2012 at 13:39:43
# Updated 05/05/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : M645-S4045 - YOUSSEF
# Running from : C:\Users\M645-S4045\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CR7X3XBR\2-adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\M645-S4045\AppData\Local\Babylon
Folder Deleted : C:\Users\M645-S4045\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\M645-S4045\AppData\Roaming\Babylon
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2769720
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
[x64] Key Deleted : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?AF=100486&babsrc=NT_ss&mntrId=cc7dc51f0000000000001c659d08a88f --> hxxp://www.google.fr

-\\ Google Chrome v18.0.1025.168

File : C:\Users\M645-S4045\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5258 octets] - [06/05/2012 13:39:31]
AdwCleaner[S1].txt - [3576 octets] - [06/05/2012 13:39:43]

########## EOF - C:\AdwCleaner[S1].txt - [3704 octets] ##########

et comment je peux mettre mon windows a jour , merci
Ajouter un commentaire
Réponse
+0
moins plus
menu demarrer/programmes/windows update
Ajouter un commentaire
Réponse
+0
moins plus
bonjour,
c est fait. , maintenant j ai nouvel onglet qui met google amlors qu il devrait etre vide .
et redirection de page est toujours la . toujours des redirections sur le site scour .asktofriend..
merci pour l aide
Ajouter un commentaire
Réponse
+0
moins plus
telecharge et enregistre Pre_Scan sur ton bureau :

http://forums-fec.be/gen-hackman/Pre_Scan.exe
http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan

Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.

une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.

si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"

si l'outil est bloqué par l'infection utilise cette version avec extension .pif :

http://forums-fec.be/gen-hackman/Pre_Scan.pif

ou cette version renommée winlogon.exe :

http://forums-fec.be/gen-hackman/winlogon.exe

si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler

Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan


NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)

Heberge le rapport sur http://pjjoint.malekal.com puis donne le lien obtenu en echange sur le forum où tu te fais aider
Ajouter un commentaire
Réponse
+0
moins plus
voila c fait .
http://pjjoint.malekal.com/files.php?id=20120506_j9y11i5i10q9

merci pouur l aide si precieuse . , c est termine ou il reste quelque chose a faire
Ajouter un commentaire
Réponse
+0
moins plus
bonjour , en fait la redirection est toujours la
. mais nouvel onglet est resolu.
merci
Ajouter un commentaire
Réponse
+0
moins plus
c'est quoi ce windows ? un copain qui t'a passé la copie ?
Ajouter un commentaire
Réponse
+0
moins plus
hhh, non du tout achete comme ca , je suis en usa. , t as remarque un probleme ?
Ajouter un commentaire
Réponse
+0
moins plus

/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\

__________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================


▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur

Telecharge ici : Combofix

Avant d'utiliser ComboFix :

Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
La simple désactivation du résident n'est pas suffisante.
Télécharge le désinstalleur d'AVG sur ce lien : http://www.avg.com/fr-fr/outils-telecharges
Choisis la version adéquate (32 ou 64 bits)/!\

Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :

▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau

▶ Lance le

Une fenêtre apparait : clique sur "Disable"

▶ Fais redémarrer l'ordinateur si l'outil te le demande

Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"

_________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°


si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."


sur combofix renommé

¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤

▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.


▶▶▶ Si, après le redémarrage de votre pc par combofix, vous avez des erreurs "Clé marquée pour suppression" ou des soucis de connexion internet, redémarrez à nouveau votre ordinateur


Ajouter un commentaire
Réponse
+0
moins plus
bonjour
ComboFix 12-05-06.03 - M645-S4045 05/06/2012 16:07:41.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.2536 [GMT -4:00]
Running from: c:\users\M645-S4045\Desktop\dorenavon.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\M645-S4045\AppData\Local\assembly\tmp
c:\users\M645-S4045\AppData\Roaming\app
c:\users\M645-S4045\AppData\Roaming\app\Jerakine_lang.dat
c:\users\M645-S4045\AppData\Roaming\app\Jerakine_lang_vesrion.dat
c:\users\M645-S4045\AppData\Roaming\Malwarebytes\Malwarebytes\dpvdx.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-06 to 2012-05-06 )))))))))))))))))))))))))))))))
.
.
2012-05-06 20:14 . 2012-05-06 20:14 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{758B7884-C4EA-435E-9A5B-ED47BFDC72B4}\offreg.dll
2012-05-06 20:13 . 2012-05-06 20:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-06 18:08 . 2012-05-06 18:27 -------- d-----w- C:\Pre_Scan
2012-05-06 17:55 . 2012-04-18 07:03 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{758B7884-C4EA-435E-9A5B-ED47BFDC72B4}\mpengine.dll
2012-05-06 16:18 . 2012-05-06 16:18 -------- d-----w- c:\program files\Enigma Software Group
2012-05-06 16:17 . 2012-05-06 17:15 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-05-06 16:17 . 2012-05-06 16:17 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-05-06 16:01 . 2012-05-06 16:01 -------- d---a-w- C:\Navilog1
2012-05-06 16:01 . 2012-05-06 16:01 -------- d-----w- c:\program files (x86)\Navilog1
2012-05-05 21:18 . 2012-04-18 07:03 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-30 13:00 . 2012-02-09 17:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7242BB6-C198-48C0-BF2C-383BE6685076}\gapaengine.dll
2012-04-30 12:56 . 2012-04-30 12:56 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-30 12:56 . 2012-04-30 12:56 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-30 12:56 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-04-27 13:31 . 2012-04-18 07:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA104C60-5F35-4126-BCD0-4B0D0A94CA8C}\mpengine.dll
2012-04-23 23:27 . 2012-04-23 23:27 -------- d-----w- c:\users\M645-S4045\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2012-04-20 22:36 . 2012-04-20 22:36 -------- d-----w- c:\users\M645-S4045\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2012-04-16 19:11 . 2012-04-16 19:11 -------- d-----w- c:\windows\en
2012-04-16 19:09 . 2012-03-08 22:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-16 19:07 . 2012-04-16 19:07 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2bd6ecee1cd1c0403\DSETUP.dll
2012-04-16 19:07 . 2012-04-16 19:07 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2bd6ecee1cd1c0403\DXSETUP.exe
2012-04-16 19:07 . 2012-04-16 19:07 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2bd6ecee1cd1c0403\dsetup32.dll
2012-04-16 19:07 . 2012-04-16 19:07 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2bfeca2a1cd1c0404\MeshBetaRemover.exe
2012-04-12 03:04 . 2012-03-06 06:43 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 03:04 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 03:04 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 03:02 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 03:02 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 03:02 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 03:02 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 03:02 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 03:02 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 03:02 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 13:57 . 2012-04-11 13:57 -------- d-----w- c:\users\M645-S4045\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2012-04-11 13:57 . 2012-05-06 13:09 -------- d-----w- c:\users\M645-S4045\AppData\Roaming\Dofus2
2012-04-11 13:57 . 2012-04-11 13:57 -------- d-----w- c:\users\M645-S4045\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2012-04-11 13:28 . 2012-04-11 13:28 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 00:44 . 2012-03-21 00:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2012-03-21 00:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-23 14:18 . 2010-10-12 19:05 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 06:27 . 2012-03-14 14:53 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 14:53 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 14:53 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 14:53 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:18 . 2012-03-14 17:48 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 06:17 . 2012-03-14 17:48 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 06:17 . 2012-03-14 17:48 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-10 06:17 . 2012-03-14 17:48 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 06:17 . 2012-03-14 17:48 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 17:48 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-10 05:41 . 2012-03-14 17:48 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-14 17:48 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 17:48 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-10 05:41 . 2012-03-14 17:48 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-07 14:45 . 2012-02-07 14:45 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-02-07 14:45 . 2012-02-07 14:45 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-07 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PxDotNetLoader"="c:\program files (x86)\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2012-03-15 43880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 DeviceManager;DeviceManager;c:\program files (x86)\Common Files\DeviceHelper\DeviceManager.exe [2009-11-17 40960]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2012-01-13 135608]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 SAS Document Conversion;SAS Document Conversion;c:\program files\SASHome\SASTextAnalyticsDocumentConversion\1.2\file-converter-service.exe [2011-04-12 61440]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 14:33]
.
2012-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 14:33]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\SysWOW64\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-BsScanner
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
Toolbar-Locked - (no file)
WebBrowser-{00F2C0C6-2194-484E-9064-44E57787867B} - (no file)
HKLM-Run-(Default) - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4170576019-912217950-3123445801-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4170576019-912217950-3123445801-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-05-06 16:20:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-06 20:20
.
Pre-Run: 416,059,826,176 bytes free
Post-Run: 415,827,496,960 bytes free
.
- - End Of File - - 8229860BE99F494945EA0C1E3E66EE4E
Ajouter un commentaire
Réponse
+0
moins plus

__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------


Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
KillAll::

ClearJavaCache::

Folder::
c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP

RegLock::
[HKEY_USERS\S-1-5-21-4170576019-912217950-3123445801-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
[HKEY_USERS\S-1-5-21-4170576019-912217950-3123445801-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]


------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix comme sur cette : illustration

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt


Ajouter un commentaire
Réponse
+0
moins plus
bonjour voila rapport ,
ComboFix 12-05-07.01 - M645-S4045 05/07/2012 8:58.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.2419 [GMT -4:00]
Running from: c:\users\M645-S4045\Desktop\ComboFix.exe
Command switches used :: c:\users\M645-S4045\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCall.dll
c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla.dll
c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla2.dll
c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla21.dll
c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla31.exe
c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla32.dll
c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla33.dll
c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla34.dll
c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla36.dll
c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseCustomCalla36.exe
c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP\WiseData.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-04-07 to 2012-05-07 )))))))))))))))))))))))))))))))
.
.
2012-05-07 13:04 . 2012-05-07 13:04 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{758B7884-C4EA-435E-9A5B-ED47BFDC72B4}\offreg.dll
2012-05-07 13:03 . 2012-05-07 13:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-06 18:08 . 2012-05-06 18:27 -------- d-----w- C:\Pre_Scan
2012-05-06 17:55 . 2012-04-18 07:03 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{758B7884-C4EA-435E-9A5B-ED47BFDC72B4}\mpengine.dll
2012-05-06 16:18 . 2012-05-06 16:18 -------- d-----w- c:\program files\Enigma Software Group
2012-05-06 16:17 . 2012-05-06 16:17 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-05-06 16:01 . 2012-05-06 16:01 -------- d---a-w- C:\Navilog1
2012-05-06 16:01 . 2012-05-06 16:01 -------- d-----w- c:\program files (x86)\Navilog1
2012-05-05 21:18 . 2012-04-18 07:03 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-30 13:00 . 2012-02-09 17:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7242BB6-C198-48C0-BF2C-383BE6685076}\gapaengine.dll
2012-04-30 12:56 . 2012-04-30 12:56 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-30 12:56 . 2012-04-30 12:56 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-30 12:56 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-04-27 13:31 . 2012-04-18 07:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA104C60-5F35-4126-BCD0-4B0D0A94CA8C}\mpengine.dll
2012-04-23 23:27 . 2012-04-23 23:27 -------- d-----w- c:\users\M645-S4045\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2012-04-20 22:36 . 2012-04-20 22:36 -------- d-----w- c:\users\M645-S4045\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2012-04-16 19:11 . 2012-04-16 19:11 -------- d-----w- c:\windows\en
2012-04-16 19:09 . 2012-03-08 22:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-16 19:07 . 2012-04-16 19:07 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2bd6ecee1cd1c0403\DSETUP.dll
2012-04-16 19:07 . 2012-04-16 19:07 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2bd6ecee1cd1c0403\DXSETUP.exe
2012-04-16 19:07 . 2012-04-16 19:07 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2bd6ecee1cd1c0403\dsetup32.dll
2012-04-16 19:07 . 2012-04-16 19:07 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2bfeca2a1cd1c0404\MeshBetaRemover.exe
2012-04-12 03:04 . 2012-03-06 06:43 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 03:04 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 03:04 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 03:02 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 03:02 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 03:02 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 03:02 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 03:02 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 03:02 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 03:02 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 13:57 . 2012-04-11 13:57 -------- d-----w- c:\users\M645-S4045\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2012-04-11 13:57 . 2012-05-06 13:09 -------- d-----w- c:\users\M645-S4045\AppData\Roaming\Dofus2
2012-04-11 13:57 . 2012-04-11 13:57 -------- d-----w- c:\users\M645-S4045\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2012-04-11 13:28 . 2012-04-11 13:28 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 00:44 . 2012-03-21 00:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2012-03-21 00:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-23 14:18 . 2010-10-12 19:05 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 06:27 . 2012-03-14 14:53 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 14:53 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 14:53 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 14:53 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:18 . 2012-03-14 17:48 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 06:17 . 2012-03-14 17:48 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 06:17 . 2012-03-14 17:48 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-10 06:17 . 2012-03-14 17:48 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 06:17 . 2012-03-14 17:48 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 17:48 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-10 05:41 . 2012-03-14 17:48 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-14 17:48 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 17:48 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-10 05:41 . 2012-03-14 17:48 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-07 14:45 . 2012-02-07 14:45 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-02-07 14:45 . 2012-02-07 14:45 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-06_20.15.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-06 20:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-07 13:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-06 20:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-07 13:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-07 13:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-06 20:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-05-07 13:06 49104 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-19 00:20 . 2012-05-07 13:06 15968 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4170576019-912217950-3123445801-1003_UserData.bin
+ 2010-10-12 17:44 . 2012-05-07 13:07 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-12 17:44 . 2012-05-06 18:31 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-12 19:03 . 2012-05-06 18:31 49152 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-12 19:03 . 2012-05-07 13:07 49152 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-07 13:07 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-06 18:31 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-05-07 13:06 49104 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-19 00:20 . 2012-05-07 13:06 15968 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4170576019-912217950-3123445801-1003_UserData.bin
- 2010-10-12 17:44 . 2012-05-06 18:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-12 17:44 . 2012-05-07 12:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-12 19:03 . 2012-05-07 12:54 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-12 19:03 . 2012-05-06 18:31 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-06 18:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-07 12:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-12 05:47 . 2012-05-06 20:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-12 05:47 . 2012-05-07 13:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-12 05:47 . 2012-05-07 13:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-12 05:47 . 2012-05-06 20:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-24 01:42 . 2012-05-07 13:03 5504 c:\windows\system64\wdi\ERCQueuedResolutions.dat
+ 2011-01-24 01:42 . 2012-05-07 13:03 5504 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-05-06 20:14 . 2012-05-06 20:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-07 13:04 . 2012-05-07 13:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-07 13:04 . 2012-05-07 13:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-06 20:14 . 2012-05-06 20:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-10-12 23:25 . 2012-05-07 12:54 251242 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:12 . 2012-05-07 13:07 262144 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-05-06 18:31 262144 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-10-12 23:25 . 2012-05-07 12:54 251242 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:12 . 2012-05-07 12:54 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-05-06 18:31 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-05-06 03:32 449652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-07 13:03 449652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-05-06 18:06 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-05-06 20:28 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-05-06 18:06 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-05-06 20:28 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-07 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PxDotNetLoader"="c:\program files (x86)\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2012-03-15 43880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 DeviceManager;DeviceManager;c:\program files (x86)\Common Files\DeviceHelper\DeviceManager.exe [2009-11-17 40960]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2012-01-13 135608]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 SAS Document Conversion;SAS Document Conversion;c:\program files\SASHome\SASTextAnalyticsDocumentConversion\1.2\file-converter-service.exe [2011-04-12 61440]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 14:33]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 14:33]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\SysWOW64\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{00F2C0C6-2194-484E-9064-44E57787867B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-05-07 09:10:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-07 13:10
ComboFix2.txt 2012-05-06 20:20
.
Pre-Run: 415,596,052,480 bytes free
Post-Run: 415,599,099,904 bytes free
.
- - End Of File - - BA0ED1666280100BB5617B7E862F6B08
Ajouter un commentaire
Réponse
+0
moins plus
combofix n'a pas ete renommé comme demandé
Ajouter un commentaire
Réponse
+0
moins plus
bonjour
si au debut a ete renomme apres j ai supprime et telecharge un autre parceque dans l ilustration n a pas ete renome.
donc je refais cette etape?
Ajouter un commentaire
Réponse
+0
moins plus
Ajouter un commentaire
Réponse
+0
moins plus
ComboFix 12-05-08.01 - M645-S4045 05/08/2012 8:43.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.2693 [GMT -4:00]
Running from: c:\users\M645-S4045\Desktop\dor.exe
Command switches used :: c:\users\M645-S4045\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))
.
.
2012-05-08 12:49 . 2012-05-08 12:49 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B9E0414B-4FC0-4825-ABE5-7161DCA66781}\offreg.dll
2012-05-08 12:48 . 2012-05-08 12:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-07 18:41 . 2012-04-18 07:03 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B9E0414B-4FC0-4825-ABE5-7161DCA66781}\mpengine.dll
2012-05-06 18:08 . 2012-05-06 18:27 -------- d-----w- C:\Pre_Scan
2012-05-06 17:55 . 2012-04-18 07:03 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-06 16:18 . 2012-05-06 16:18 -------- d-----w- c:\program files\Enigma Software Group
2012-05-06 16:17 . 2012-05-06 16:17 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-05-06 16:01 . 2012-05-06 16:01 -------- d---a-w- C:\Navilog1
2012-05-06 16:01 . 2012-05-06 16:01 -------- d-----w- c:\program files (x86)\Navilog1
2012-04-30 13:00 . 2012-02-09 17:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7242BB6-C198-48C0-BF2C-383BE6685076}\gapaengine.dll
2012-04-30 12:56 . 2012-04-30 12:56 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-30 12:56 . 2012-04-30 12:56 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-30 12:56 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-04-27 13:31 . 2012-04-18 07:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA104C60-5F35-4126-BCD0-4B0D0A94CA8C}\mpengine.dll
2012-04-23 23:27 . 2012-04-23 23:27 -------- d-----w- c:\users\M645-S4045\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2012-04-20 22:36 . 2012-04-20 22:36 -------- d-----w- c:\users\M645-S4045\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2012-04-16 19:11 . 2012-04-16 19:11 -------- d-----w- c:\windows\en
2012-04-16 19:09 . 2012-03-08 22:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-16 19:07 . 2012-04-16 19:07 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2bd6ecee1cd1c0403\DSETUP.dll
2012-04-16 19:07 . 2012-04-16 19:07 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2bd6ecee1cd1c0403\DXSETUP.exe
2012-04-16 19:07 . 2012-04-16 19:07 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2bd6ecee1cd1c0403\dsetup32.dll
2012-04-16 19:07 . 2012-04-16 19:07 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2bfeca2a1cd1c0404\MeshBetaRemover.exe
2012-04-12 03:04 . 2012-03-06 06:43 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 03:04 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 03:04 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 03:02 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 03:02 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 03:02 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 03:02 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 03:02 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 03:02 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 03:02 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 13:57 . 2012-04-11 13:57 -------- d-----w- c:\users\M645-S4045\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2012-04-11 13:57 . 2012-05-06 13:09 -------- d-----w- c:\users\M645-S4045\AppData\Roaming\Dofus2
2012-04-11 13:57 . 2012-04-11 13:57 -------- d-----w- c:\users\M645-S4045\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2012-04-11 13:28 . 2012-04-11 13:28 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 00:44 . 2012-03-21 00:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2012-03-21 00:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-23 14:18 . 2010-10-12 19:05 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 06:27 . 2012-03-14 14:53 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 14:53 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 14:53 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 14:53 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:18 . 2012-03-14 17:48 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 06:17 . 2012-03-14 17:48 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 06:17 . 2012-03-14 17:48 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-10 06:17 . 2012-03-14 17:48 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 06:17 . 2012-03-14 17:48 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 17:48 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-10 05:41 . 2012-03-14 17:48 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-14 17:48 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 17:48 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-10 05:41 . 2012-03-14 17:48 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-06_20.15.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-06 20:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-08 12:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-06 20:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-08 12:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-06 20:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-08 12:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-05-08 12:51 49152 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-19 00:20 . 2012-05-08 12:51 16200 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4170576019-912217950-3123445801-1003_UserData.bin
- 2010-10-12 17:44 . 2012-05-06 18:31 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-12 17:44 . 2012-05-08 12:36 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-12 19:03 . 2012-05-08 12:36 49152 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-12 19:03 . 2012-05-06 18:31 49152 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-06 18:31 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-08 12:36 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-05-08 12:51 49152 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-19 00:20 . 2012-05-08 12:51 16200 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4170576019-912217950-3123445801-1003_UserData.bin
+ 2010-10-12 17:44 . 2012-05-08 12:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-12 17:44 . 2012-05-06 18:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-12 19:03 . 2012-05-06 18:31 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-12 19:03 . 2012-05-08 12:36 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-06 18:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-08 12:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-12 05:47 . 2012-05-08 12:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-12 05:47 . 2012-05-06 20:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-12 05:47 . 2012-05-06 20:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-12 05:47 . 2012-05-08 12:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-24 01:42 . 2012-05-07 13:03 5504 c:\windows\system64\wdi\ERCQueuedResolutions.dat
+ 2011-01-24 01:42 . 2012-05-07 13:03 5504 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-05-08 12:49 . 2012-05-08 12:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-06 20:14 . 2012-05-06 20:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-06 20:14 . 2012-05-06 20:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-08 12:49 . 2012-05-08 12:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-10-13 20:30 . 2012-05-08 12:36 231998 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-10-12 23:25 . 2012-05-08 01:08 251306 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:12 . 2012-05-06 18:31 262144 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-05-08 12:36 262144 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-10-13 20:30 . 2012-05-08 12:36 231998 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-10-12 23:25 . 2012-05-08 01:08 251306 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:12 . 2012-05-06 18:31 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-05-08 12:36 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-05-08 12:48 449652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-06 03:32 449652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-05-06 18:06 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-05-07 18:51 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-05-07 18:51 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-05-06 18:06 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-07 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PxDotNetLoader"="c:\program files (x86)\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2012-03-15 43880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 DeviceManager;DeviceManager;c:\program files (x86)\Common Files\DeviceHelper\DeviceManager.exe [2009-11-17 40960]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2012-01-13 135608]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 SAS Document Conversion;SAS Document Conversion;c:\program files\SASHome\SASTextAnalyticsDocumentConversion\1.2\file-converter-service.exe [2011-04-12 61440]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 14:33]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 14:33]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\SysWOW64\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{00F2C0C6-2194-484E-9064-44E57787867B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-05-08 08:55:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-08 12:55
ComboFix2.txt 2012-05-07 13:10
ComboFix3.txt 2012-05-06 20:20
.
Pre-Run: 415,355,555,840 bytes free
Post-Run: 415,338,139,648 bytes free
.
- - End Of File - - 3D90E1FFF373229725A18D53765F7FEE
Ajouter un commentaire
Ce document intitulé «  effacer virus redirection page  » issu de CommentCaMarche (www.commentcamarche.net) est mis à disposition sous les termes de la licence Creative Commons. Vous pouvez copier, modifier des copies de cette page, dans les conditions fixées par la licence, tant que cette note apparaît clairement.

Vous n'êtes pas encore membre ?

inscrivez-vous, c'est gratuit et ça prend moins d'une minute !

Les membres obtiennent plus de réponses que les utilisateurs anonymes.

Le fait d'être membre vous permet d'avoir un suivi détaillé de vos demandes.

Le fait d'être membre vous permet d'avoir des options supplémentaires.