Jump to content

hotmail redirection to russian IP 46.17.97.109


Recommended Posts

Hello,

When I connect to my hotmail account, malwarebytes indicates it blocked a redirection to a russian IP 46.17.97.109.

I read some similar post in your forum but I couldn't solve it by myself.

Bellow, Malwarebytes and Combofix report. Some part are in french, sorry :unsure:

Malwarebytes didn't find anything but send a message each time I connect to one of hotmail.account. (to the other one, no).

Could you help me?

Thanks

Cédric

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Malwarebytes Anti-Malware (Essai) 1.65.1.1000

www.malwarebytes.org

Version de la base de données: v2012.11.02.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Cedric :: CEDRIC-THINK [administrateur]

Protection: Activé

02/11/2012 14:19:17

mbam-log-2012-11-02 (14-19-17).txt

Type d'examen: Examen rapide

Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM

Options d'examen désactivées: P2P

Elément(s) analysé(s): 207977

Temps écoulé: 3 minute(s), 12 seconde(s)

Processus mémoire détecté(s): 0

(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0

(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0

(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0

(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0

(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0

(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0

(Aucun élément nuisible détecté)

(fin)

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

ComboFix 12-11-02.01 - Cedric 02/11/2012 11:46:05.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.33.1033.18.3983.2002 [GMT 1:00]

Lancé depuis: c:\users\Cedric\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Roaming

C:\root

c:\root\wpfdot.exe

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2012-10-02 au 2012-11-02 ))))))))))))))))))))))))))))))))))))

.

.

2012-11-02 10:56 . 2012-11-02 10:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-02 01:16 . 2012-11-02 01:16 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{243CEE40-D302-4A90-A3EA-5FB126121AC0}\offreg.dll

2012-11-02 01:14 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{243CEE40-D302-4A90-A3EA-5FB126121AC0}\mpengine.dll

2012-11-01 21:43 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-10-31 10:06 . 2012-09-22 15:34 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys

2012-10-31 10:06 . 2012-10-31 10:06 -------- d-----w- c:\users\Cedric\AppData\Local\Trusteer

2012-10-31 10:05 . 2012-10-31 10:05 -------- d-----w- c:\program files (x86)\Trusteer

2012-10-31 10:02 . 2012-10-31 10:02 -------- d-----w- c:\programdata\Trusteer

2012-10-26 15:18 . 2012-10-26 15:18 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-10-25 20:37 . 2012-10-25 20:37 -------- d-----w- c:\program files (x86)\Cobian Backup 11

2012-10-25 16:10 . 2012-10-25 16:10 -------- d-----w- c:\users\Cedric\AppData\Roaming\Malwarebytes

2012-10-25 16:10 . 2012-10-25 16:10 -------- d-----w- c:\programdata\Malwarebytes

2012-10-25 16:10 . 2012-10-25 16:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-10-25 16:10 . 2012-09-29 17:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-22 21:01 . 2012-10-22 21:01 -------- d-----w- c:\program files\7-Zip

2012-10-20 02:14 . 2012-09-27 23:11 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E7E4679B-B4E0-4D65-8591-8B10DA378391}\gapaengine.dll

2012-10-10 10:02 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-10-10 10:02 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-10 10:02 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-10-10 10:02 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-10-10 10:02 . 2012-08-20 18:48 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-10-10 10:02 . 2012-08-20 18:48 1162240 ----a-w- c:\windows\system32\kernel32.dll

2012-10-10 10:02 . 2012-08-20 18:48 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-10-10 10:02 . 2012-08-20 18:46 338432 ----a-w- c:\windows\system32\conhost.exe

2012-10-07 21:26 . 2012-10-07 21:26 -------- d-----w- c:\users\Cedric\AppData\Roaming\OpenOffice.org

2012-10-07 21:24 . 2012-10-07 21:24 -------- d-----w- c:\program files (x86)\OpenOffice.org 3

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-10 16:29 . 2011-08-21 23:21 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-09 09:25 . 2012-04-01 23:47 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 09:25 . 2012-04-01 23:47 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-27 23:11 . 2012-02-11 01:02 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-09-24 13:32 . 2012-07-02 14:11 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-09-24 13:32 . 2011-07-24 18:04 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-30 20:03 . 2011-04-27 14:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-08-24 18:05 . 2012-09-22 11:48 1188864 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 18:05 . 2012-09-22 11:48 1494528 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 18:05 . 2012-09-22 11:48 134144 ----a-w- c:\windows\system32\url.dll

2012-08-24 18:03 . 2012-09-22 11:48 9056256 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 18:03 . 2012-09-22 11:48 97792 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 18:03 . 2012-09-22 11:48 735744 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 18:03 . 2012-09-22 11:48 64512 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 18:02 . 2012-09-22 11:48 247808 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 18:02 . 2012-09-22 11:48 12295680 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 18:02 . 2012-09-22 11:48 2453504 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 16:57 . 2012-09-22 11:48 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 15:59 . 2012-09-22 11:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 15:20 . 2012-09-22 11:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-22 23:25 . 2012-08-22 23:28 129784 ------w- c:\windows\SysWow64\pxafs.dll

2012-08-22 23:25 . 2012-08-22 23:28 118520 ------w- c:\windows\SysWow64\pxinsi64.exe

2012-08-22 23:25 . 2012-08-22 23:28 116472 ------w- c:\windows\SysWow64\pxcpyi64.exe

2012-08-22 23:23 . 2012-08-22 23:23 89387520 ----a-w- C:\Rescue and Recovery.msi

2012-08-22 18:12 . 2012-09-12 09:58 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 09:58 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 09:58 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 09:58 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-26 09:41 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-20 17:38 . 2012-10-10 10:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]

2012-02-10 09:28 1307928 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-04-09 15:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]

"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]

"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-02-03 1543016]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-04-09 1557160]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

.

c:\users\Cedric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-19 425000]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-19 39464]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]

R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-03-15 31152]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-02-03 79208]

R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2012-03-01 37480]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-21 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2011-02-03 31344]

S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-09-22 101688]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2010-12-15 23664]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]

S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]

S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-31 505720]

S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-09-22 55096]

S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-09-22 297240]

S2 cbVSCService11;Cobian Backup 11 Service « Volume Shadow Copy »;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-07-31 67584]

S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]

S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]

S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-14 40808]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]

S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-14 59240]

S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]

S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-09-22 976728]

S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2010-12-15 98816]

S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]

S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]

S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 114024]

S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]

S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2010-12-03 167680]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

S3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-02-03 155496]

S3 ElcMouLFlt;ELECOM USB Mouse Lower Filter Driver;c:\windows\system32\DRIVERS\ElcMouLFlt.sys [2010-10-05 18432]

S3 ElcMouUFlt;ELECOM USB Mouse Upper Filter Driver;c:\windows\system32\DRIVERS\ElcMouUFlt.sys [2010-11-30 17408]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2012-03-01 37480]

S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 41536]

.

.

--- Autres Services/Pilotes en mémoire ---

.

*NewlyCreated* - RAPPORTKE64

.

Contenu du dossier 'Tâches planifiées'

.

2012-11-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000Core.job

- c:\users\Cedric\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-14 13:26]

.

2012-11-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000UA.job

- c:\users\Cedric\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-14 13:26]

.

2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-07 22:34]

.

2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-07 22:34]

.

2012-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000Core.job

- c:\users\Cedric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-19 20:27]

.

2012-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000UA.job

- c:\users\Cedric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-19 20:27]

.

2012-10-30 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]

.

2012-11-01 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TpShocks"="TpShocks.exe" [2010-12-09 380776]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-21 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-21 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-21 418328]

"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-14 41320]

"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2010-12-17 281448]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]

"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]

"ElcMouse"="c:\program files\ELECOM_Mouse_Driver\ElcMouseApl.exe" [2011-03-14 1068544]

.

------- Examen supplémentaire -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://lenovo.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHELINS SUPPRIMES - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_USERS\S-1-5-21-3945560438-835355012-1364033068-1000\Software\SecuROM\License information*]

"datasecu"=hex:d2,b6,18,82,cc,f6,e0,a3,d3,2a,b0,5a,1d,d5,75,1c,c5,78,bc,05,64,

24,57,b1,ff,8e,30,5d,01,0d,21,22,38,25,1d,cf,81,5c,48,a9,74,b9,b6,af,82,0f,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Heure de fin: 2012-11-02 12:13:45

ComboFix-quarantined-files.txt 2012-11-02 11:13

.

Avant-CF: 90 577 522 688 bytes free

Après-CF: 91 615 928 320 bytes free

.

- - End Of File - - 6FC71C76609195F88A66C0794AF6FDAE

Link to post
Share on other sites

Hi, Cedrill:

Sorry to hear you might be infected.

We cannot review scan logs or work on malware removal in this sub-section of the forum.

So please read below for assistance with cleaning your system.

IMPORTANT: Please do NOT use any temporary file cleaners unless instructed to do so - they can cause data loss, making recovery difficult.

Also, please do not run Combofix or other powerful malware removal tools without expert help -- they can cause serious damage to your system.

IF YOU WOULD LIKE EXPERT HELP WITH MALWARE REMOVAL, PLEASE CHOOSE ONE OF THE FOLLOWING 3 OPTIONS:

OPTION 1: Free, one-on-one, expert assistance in the Malware Removal Forum. (Please see helpful tips below.)

OPTION 2: For licensed users of MBAM PRO, there is free, one-on-one, expert assistance from the MBAM support helpdesk.

OPTION 3: Fee-based, one-on-one, expert assistance from Premium Support.

OPTION 1:

  • Please print out, read and carefully follow the instructions in the "I'm Infected - What Do I Do Now?" sticky topic.
  • -->If the infection has so crippled the computer that you cannot complete some or all of the steps, then just do the best you can and start a new topic as described below.
  • Then please start a new post in the Malware Removal Forum.
  • An authorized, trained malware expert will provide free, one-on-one assistance as soon as one becomes available.

  • -->>When starting your new post, please note the following:<<--
  • Please do NOT post in a topic started by someone else, even if their problem sounds similar.
  • Please COPY/PASTE the requested logs directly into your post, rather than attaching them.
  • Under options, please be sure to select "track this topic" and "immediate email notification", so you'll know when a helper responds.
  • Please be patient - it may be 48 hours or more before a helper can assist you, especially when the forum is very busy.
  • Please do NOT "bump" your topic or reply back to it for at least 48 hours.
  • Doing so may cause your topic to be overlooked, as it will appear that you are already being helped.

OPTION 2:

If you are a paid user of MBAM PRO and would like support via the helpdesk, please contact them HERE.

OPTION 3:

If you prefer the Malwarebytes Premium Services (comprehensive solutions to all your computer support needs – from installation and set-up to troubleshooting and tune-ups), please go to the Premium Support site HERE.

Please be patient – someone will assist you as soon as possible.

Thank you very much,

daledoc1

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.