Virus " Application cannot be executed...''
Résolu/Fermé
boostar22
Messages postés
19
Date d'inscription
lundi 10 août 2009
Statut
Membre
Dernière intervention
19 juillet 2010
-
19 juil. 2010 à 09:57
carlux041 Messages postés 1 Date d'inscription lundi 7 février 2011 Statut Membre Dernière intervention 7 février 2011 - 7 févr. 2011 à 03:45
carlux041 Messages postés 1 Date d'inscription lundi 7 février 2011 Statut Membre Dernière intervention 7 février 2011 - 7 févr. 2011 à 03:45
A voir également:
- Virus " Application cannot be executed...''
- Application mobile - Guide
- Application gps sans internet - Guide
- Desinstaller application windows - Guide
- Télécharger application tensiomètre gratuit - Télécharger - Vie quotidienne
- Application partage photo entre amis - Guide
4 réponses
Xplode
Messages postés
8820
Date d'inscription
vendredi 21 août 2009
Statut
Contributeur sécurité
Dernière intervention
2 juillet 2015
726
Modifié par Xplode le 19/07/2010 à 10:06
Modifié par Xplode le 19/07/2010 à 10:06
Bonjour,
-+-+-+-+-> Rkill <-+-+-+-+-
[x] Télécharge rkill sur ton bureau.
[x] Rkill peut être reconnu comme indésirable par certains antivirus, ignore l'alerte et désactive momentanément l'antivirus.
[x] Lance le, une fenêtre noire s'ouvrira t'indiquant que l'installation s'est bien déroulée.
[x] Note : Si le premier lien ne fonctionne pas, essaie ces trois autres : n°1 , n°2 et n°3
[x] /!\ Il ne faut pas redémarrer le PC après avoir lancé rkill, sinon il faudra recommencer la procédure /!\
[x] Poste le contenu du rapport qui s'ouvrira -> rkill.log
-+-+-+-+-> ComboFix <-+-+-+-
[x] Télécharge ComboFix ( de sUBs ) à cette adresse.
/!\ Ferme toutes les fenêtres de programme ouvertes /!\
/!\ Désactive temporairement toutes les protections résidentes ( Antivirus, Pare-Feu, AntiSpyware ) /!\
[x] Double clique sur " Combofix.exe "
[x] Suis les indications qui sont données à l'écran, à un moment tu auras un message te demandant d'installer la console de récupération, fais le.
[x] Pendant le scan, ne touche à rien ( souris, clavier )
[x] Tu seras peut être invité à redémarrer ton PC. A la fin du scan, combofix ouvrira un rapport, copie/colle le dans ta prochaine réponse.
Note : Si jamais il ne s'ouvrait pas, il se trouve sous C:\Combofix.txt
Xplode - Contributeur sécurité.
-+-+-+-+-> Rkill <-+-+-+-+-
[x] Télécharge rkill sur ton bureau.
[x] Rkill peut être reconnu comme indésirable par certains antivirus, ignore l'alerte et désactive momentanément l'antivirus.
[x] Lance le, une fenêtre noire s'ouvrira t'indiquant que l'installation s'est bien déroulée.
[x] Note : Si le premier lien ne fonctionne pas, essaie ces trois autres : n°1 , n°2 et n°3
[x] /!\ Il ne faut pas redémarrer le PC après avoir lancé rkill, sinon il faudra recommencer la procédure /!\
[x] Poste le contenu du rapport qui s'ouvrira -> rkill.log
-+-+-+-+-> ComboFix <-+-+-+-
[x] Télécharge ComboFix ( de sUBs ) à cette adresse.
/!\ Ferme toutes les fenêtres de programme ouvertes /!\
/!\ Désactive temporairement toutes les protections résidentes ( Antivirus, Pare-Feu, AntiSpyware ) /!\
[x] Double clique sur " Combofix.exe "
[x] Suis les indications qui sont données à l'écran, à un moment tu auras un message te demandant d'installer la console de récupération, fais le.
[x] Pendant le scan, ne touche à rien ( souris, clavier )
[x] Tu seras peut être invité à redémarrer ton PC. A la fin du scan, combofix ouvrira un rapport, copie/colle le dans ta prochaine réponse.
Note : Si jamais il ne s'ouvrait pas, il se trouve sous C:\Combofix.txt
Xplode - Contributeur sécurité.
boostar22
Messages postés
19
Date d'inscription
lundi 10 août 2009
Statut
Membre
Dernière intervention
19 juillet 2010
19 juil. 2010 à 10:56
19 juil. 2010 à 10:56
Bonjour Xplode,
Merci de ta réponse si rapide, j'ai tenté de mettre Rkill sur mon bureau via une clée usb car internet ne fonctionne pas et dès que je lance Rkill il y a encore ce foutu message '' Application cannot be executed. The file wuauclt.exe is infected. "
J'ai essayé de déplacer une image dans la clée usb, sa marche donc je peux quand même sauvegardé mes données personnelles, un formatage sera efficace sinon ?
Merci
Merci de ta réponse si rapide, j'ai tenté de mettre Rkill sur mon bureau via une clée usb car internet ne fonctionne pas et dès que je lance Rkill il y a encore ce foutu message '' Application cannot be executed. The file wuauclt.exe is infected. "
J'ai essayé de déplacer une image dans la clée usb, sa marche donc je peux quand même sauvegardé mes données personnelles, un formatage sera efficace sinon ?
Merci
Xplode
Messages postés
8820
Date d'inscription
vendredi 21 août 2009
Statut
Contributeur sécurité
Dernière intervention
2 juillet 2015
726
19 juil. 2010 à 11:08
19 juil. 2010 à 11:08
Pas besoin de formatage, c'est en dernier recours.
Essaie de télécharger les autres rkill que je t'ai proposé ( les liens sont plus haut ) , essaie les tous, il y en a bien un qui devrait fonctionner dans le lot.
Essaie de télécharger les autres rkill que je t'ai proposé ( les liens sont plus haut ) , essaie les tous, il y en a bien un qui devrait fonctionner dans le lot.
boostar22
Messages postés
19
Date d'inscription
lundi 10 août 2009
Statut
Membre
Dernière intervention
19 juillet 2010
19 juil. 2010 à 11:09
19 juil. 2010 à 11:09
Ok, je test cela tout à l'heure je te tient au courrant .
carlux041
Messages postés
1
Date d'inscription
lundi 7 février 2011
Statut
Membre
Dernière intervention
7 février 2011
7 févr. 2011 à 03:45
7 févr. 2011 à 03:45
ComboFix 11-02-05.01 - ludovic le brech 07/02/2011 3:21.1.4 - x64 NETWORK
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3956.3236 [GMT 1:00]
Lancé depuis: c:\users\ludovic le brech\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-01-07 au 2011-02-07 ))))))))))))))))))))))))))))))))))))
.
2011-02-07 02:25 . 2011-02-07 02:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-04 14:13 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24EFEF87-98F3-4728-9E23-14EAC8F23390}\mpengine.dll
2011-02-01 23:24 . 2009-05-18 12:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-02-01 23:24 . 2008-04-17 11:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-02-01 23:24 . 2008-04-17 11:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-02-01 23:24 . 2011-02-01 23:24 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-02-01 23:24 . 2011-02-01 23:24 -------- d-----w- c:\program files\iTunes
2011-02-01 23:24 . 2011-02-01 23:24 -------- d-----w- c:\program files (x86)\iTunes
2011-02-01 23:24 . 2011-02-01 23:24 -------- d-----w- c:\program files (x86)\iPod
2011-02-01 23:23 . 2011-02-01 23:23 -------- d-----w- c:\program files\Bonjour
2011-02-01 23:23 . 2011-02-01 23:23 -------- d-----w- c:\program files (x86)\Bonjour
2011-02-01 22:41 . 2011-02-01 22:41 -------- d-----w- c:\program files (x86)\QuickTime
2011-02-01 19:03 . 2011-02-01 19:03 -------- d-----w- c:\users\ludovic le brech\AppData\Local\WBFSManager
2011-02-01 19:02 . 2011-02-01 19:02 -------- d-----w- c:\program files\WBFS
2011-01-25 19:31 . 2011-01-25 19:31 -------- d-----w- c:\program files\Canon
2011-01-24 16:22 . 2011-01-24 16:22 -------- d-----w- c:\windows\fr
2011-01-24 16:21 . 2010-09-22 23:36 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-01-24 16:21 . 2011-01-24 16:21 -------- d-----w- c:\program files\Windows Live
2011-01-24 16:20 . 2011-01-24 16:20 -------- d-----w- c:\program files (x86)\MSN Toolbar
2011-01-24 16:20 . 2011-01-24 16:21 -------- d-----w- c:\program files (x86)\Bing Bar Installer
2011-01-24 16:20 . 2009-09-04 16:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-01-24 16:20 . 2009-09-04 16:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-01-24 16:20 . 2009-09-04 16:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-01-24 16:20 . 2009-09-04 16:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-01-23 17:54 . 2011-01-23 17:54 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-01-23 17:53 . 2011-01-23 17:53 -------- d-----w- c:\users\ludovic le brech\AppData\Local\Microsoft Help
2011-01-16 01:00 . 2011-01-16 01:00 -------- d-----w- c:\users\ludovic le brech\AppData\Local\HP
2011-01-16 00:59 . 2011-01-16 00:59 -------- d-----w- c:\users\ludovic le brech\AppData\Local\Conexant
2011-01-15 22:07 . 2010-10-13 12:39 18432 ----a-w- c:\windows\system32\drivers\HPub2521.sys
2011-01-15 22:07 . 2010-10-12 10:41 25088 ----a-w- c:\windows\system32\drivers\HPMo2521.sys
2011-01-12 08:09 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 08:09 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 08:09 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 08:09 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 08:09 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 08:09 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-12 08:09 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 08:09 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 08:09 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 08:09 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-09 15:34 . 2011-02-06 23:09 -------- d-----w- c:\users\ludovic le brech\AppData\Roaming\Partouche Poker
2011-01-09 14:35 . 2011-01-09 15:18 -------- d-----w- c:\users\ludovic le brech\AppData\Roaming\Partouche
2011-01-09 14:08 . 2011-01-09 14:08 -------- d-----w- c:\programdata\CanonIJ
2011-01-09 14:03 . 2011-01-09 14:03 -------- d-----w- c:\users\ludovic le brech\AppData\Roaming\Canon
2011-01-09 02:58 . 2011-01-09 02:58 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1140a43b1cbafa92d\InstallManager_WLE_WLE.exe
2011-01-09 02:57 . 2011-01-09 02:57 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4bfc65c1cbafa922\MeshBetaRemover.exe
2011-01-09 02:57 . 2011-01-09 02:57 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f7892a651cbafa81a\DSETUP.dll
2011-01-09 02:57 . 2011-01-09 02:57 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f7892a651cbafa81a\DXSETUP.exe
2011-01-09 02:57 . 2011-01-09 02:57 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f7892a651cbafa81a\dsetup32.dll
2011-01-09 02:57 . 2011-01-09 02:57 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f59590741cbafa819\DXSETUP.exe
2011-01-09 02:57 . 2011-01-09 02:57 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f59590741cbafa819\dsetup32.dll
2011-01-09 02:57 . 2011-01-09 02:57 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f59590741cbafa819\DSETUP.dll
2011-01-09 02:56 . 2011-02-04 14:03 -------- d-----w- c:\users\ludovic le brech\AppData\Local\Windows Live
2011-01-09 02:56 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-01-09 02:56 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-01-09 02:56 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-01-09 02:56 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-09 02:56 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll
2011-01-09 02:56 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2011-01-09 02:56 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-04 20:27 . 2011-01-04 20:27 2724120 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-01-04 20:24 . 2011-01-04 20:24 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-01-04 20:24 . 2011-01-04 20:24 639296 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-14 17:51 . 2010-12-14 17:51 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2010-12-14 17:51 . 2010-12-14 17:51 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-06 07:48 . 2011-01-06 01:45 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-06 07:48 . 2011-01-06 01:45 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\SysWow64\GPhotos.scr
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-13 39408]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2009-07-21 701752]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-24 2454840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-06 281768]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-06 135336]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-05 136176]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-10-15 116104]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-08-21 84512]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-12-14 51712]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-06 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2009-08-31 6656]
S3 HPMo2521;Mouse Suite Driver_2521 (WDF Version);c:\windows\system32\DRIVERS\HPMo2521.sys [2010-10-12 25088]
S3 HPub2521;USB Mouse Low Filter Driver_2521 (WDF Version);c:\windows\system32\Drivers\HPub2521.sys [2010-10-13 18432]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072]
S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [2009-08-31 48128]
S3 nuvotonhidcir;Nuvoton HID CIR Receiver;c:\windows\system32\DRIVERS\nuvotonhidcir.sys [2009-08-31 26624]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-11-03 74016]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys [2009-08-18 49568]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 946688]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2011-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-05 01:22]
2011-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-05 01:22]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-10-15 1050000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-07 16414824]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-08-25 134032]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-01 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ww.free.fr/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8992
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
FF - ProfilePath - c:\users\ludovic le brech\AppData\Roaming\Mozilla\Firefox\Profiles\95mhtttg.default\
FF - prefs.js: browser.startup.homepage - www.free.fr
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
.
- - - - ORPHELINS SUPPRIMES - - - -
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
HKLM-Run-HDMICtrlMan - %ProgramFiles%\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2011-02-07 03:26:42
ComboFix-quarantined-files.txt 2011-02-07 02:26
Avant-CF: 180 993 368 064 octets libres
Après-CF: 180 859 748 352 octets libres
- - End Of File - - 299CE51E9C3517504D5E0702263A3AE5
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3956.3236 [GMT 1:00]
Lancé depuis: c:\users\ludovic le brech\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-01-07 au 2011-02-07 ))))))))))))))))))))))))))))))))))))
.
2011-02-07 02:25 . 2011-02-07 02:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-04 14:13 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24EFEF87-98F3-4728-9E23-14EAC8F23390}\mpengine.dll
2011-02-01 23:24 . 2009-05-18 12:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-02-01 23:24 . 2008-04-17 11:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-02-01 23:24 . 2008-04-17 11:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-02-01 23:24 . 2011-02-01 23:24 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-02-01 23:24 . 2011-02-01 23:24 -------- d-----w- c:\program files\iTunes
2011-02-01 23:24 . 2011-02-01 23:24 -------- d-----w- c:\program files (x86)\iTunes
2011-02-01 23:24 . 2011-02-01 23:24 -------- d-----w- c:\program files (x86)\iPod
2011-02-01 23:23 . 2011-02-01 23:23 -------- d-----w- c:\program files\Bonjour
2011-02-01 23:23 . 2011-02-01 23:23 -------- d-----w- c:\program files (x86)\Bonjour
2011-02-01 22:41 . 2011-02-01 22:41 -------- d-----w- c:\program files (x86)\QuickTime
2011-02-01 19:03 . 2011-02-01 19:03 -------- d-----w- c:\users\ludovic le brech\AppData\Local\WBFSManager
2011-02-01 19:02 . 2011-02-01 19:02 -------- d-----w- c:\program files\WBFS
2011-01-25 19:31 . 2011-01-25 19:31 -------- d-----w- c:\program files\Canon
2011-01-24 16:22 . 2011-01-24 16:22 -------- d-----w- c:\windows\fr
2011-01-24 16:21 . 2010-09-22 23:36 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-01-24 16:21 . 2011-01-24 16:21 -------- d-----w- c:\program files\Windows Live
2011-01-24 16:20 . 2011-01-24 16:20 -------- d-----w- c:\program files (x86)\MSN Toolbar
2011-01-24 16:20 . 2011-01-24 16:21 -------- d-----w- c:\program files (x86)\Bing Bar Installer
2011-01-24 16:20 . 2009-09-04 16:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-01-24 16:20 . 2009-09-04 16:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-01-24 16:20 . 2009-09-04 16:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-01-24 16:20 . 2009-09-04 16:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-01-23 17:54 . 2011-01-23 17:54 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-01-23 17:53 . 2011-01-23 17:53 -------- d-----w- c:\users\ludovic le brech\AppData\Local\Microsoft Help
2011-01-16 01:00 . 2011-01-16 01:00 -------- d-----w- c:\users\ludovic le brech\AppData\Local\HP
2011-01-16 00:59 . 2011-01-16 00:59 -------- d-----w- c:\users\ludovic le brech\AppData\Local\Conexant
2011-01-15 22:07 . 2010-10-13 12:39 18432 ----a-w- c:\windows\system32\drivers\HPub2521.sys
2011-01-15 22:07 . 2010-10-12 10:41 25088 ----a-w- c:\windows\system32\drivers\HPMo2521.sys
2011-01-12 08:09 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 08:09 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 08:09 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 08:09 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 08:09 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 08:09 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-12 08:09 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 08:09 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 08:09 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 08:09 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-09 15:34 . 2011-02-06 23:09 -------- d-----w- c:\users\ludovic le brech\AppData\Roaming\Partouche Poker
2011-01-09 14:35 . 2011-01-09 15:18 -------- d-----w- c:\users\ludovic le brech\AppData\Roaming\Partouche
2011-01-09 14:08 . 2011-01-09 14:08 -------- d-----w- c:\programdata\CanonIJ
2011-01-09 14:03 . 2011-01-09 14:03 -------- d-----w- c:\users\ludovic le brech\AppData\Roaming\Canon
2011-01-09 02:58 . 2011-01-09 02:58 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1140a43b1cbafa92d\InstallManager_WLE_WLE.exe
2011-01-09 02:57 . 2011-01-09 02:57 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4bfc65c1cbafa922\MeshBetaRemover.exe
2011-01-09 02:57 . 2011-01-09 02:57 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f7892a651cbafa81a\DSETUP.dll
2011-01-09 02:57 . 2011-01-09 02:57 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f7892a651cbafa81a\DXSETUP.exe
2011-01-09 02:57 . 2011-01-09 02:57 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f7892a651cbafa81a\dsetup32.dll
2011-01-09 02:57 . 2011-01-09 02:57 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f59590741cbafa819\DXSETUP.exe
2011-01-09 02:57 . 2011-01-09 02:57 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f59590741cbafa819\dsetup32.dll
2011-01-09 02:57 . 2011-01-09 02:57 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f59590741cbafa819\DSETUP.dll
2011-01-09 02:56 . 2011-02-04 14:03 -------- d-----w- c:\users\ludovic le brech\AppData\Local\Windows Live
2011-01-09 02:56 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-01-09 02:56 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-01-09 02:56 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-01-09 02:56 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-09 02:56 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll
2011-01-09 02:56 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2011-01-09 02:56 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-04 20:27 . 2011-01-04 20:27 2724120 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-01-04 20:24 . 2011-01-04 20:24 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-01-04 20:24 . 2011-01-04 20:24 639296 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-14 17:51 . 2010-12-14 17:51 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2010-12-14 17:51 . 2010-12-14 17:51 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-06 07:48 . 2011-01-06 01:45 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-06 07:48 . 2011-01-06 01:45 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\SysWow64\GPhotos.scr
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-13 39408]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2009-07-21 701752]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-24 2454840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-06 281768]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-06 135336]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-05 136176]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-10-15 116104]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-08-21 84512]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-12-14 51712]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-06 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2009-08-31 6656]
S3 HPMo2521;Mouse Suite Driver_2521 (WDF Version);c:\windows\system32\DRIVERS\HPMo2521.sys [2010-10-12 25088]
S3 HPub2521;USB Mouse Low Filter Driver_2521 (WDF Version);c:\windows\system32\Drivers\HPub2521.sys [2010-10-13 18432]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072]
S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [2009-08-31 48128]
S3 nuvotonhidcir;Nuvoton HID CIR Receiver;c:\windows\system32\DRIVERS\nuvotonhidcir.sys [2009-08-31 26624]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-11-03 74016]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys [2009-08-18 49568]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 946688]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2011-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-05 01:22]
2011-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-05 01:22]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-10-15 1050000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-07 16414824]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-08-25 134032]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-01 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ww.free.fr/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8992
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
FF - ProfilePath - c:\users\ludovic le brech\AppData\Roaming\Mozilla\Firefox\Profiles\95mhtttg.default\
FF - prefs.js: browser.startup.homepage - www.free.fr
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
.
- - - - ORPHELINS SUPPRIMES - - - -
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
HKLM-Run-HDMICtrlMan - %ProgramFiles%\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2011-02-07 03:26:42
ComboFix-quarantined-files.txt 2011-02-07 02:26
Avant-CF: 180 993 368 064 octets libres
Après-CF: 180 859 748 352 octets libres
- - End Of File - - 299CE51E9C3517504D5E0702263A3AE5