A l'aide gros ralentissements

Pyrrhus -  
 Pyrrhus13 -
Bonjour,





j'ai mon ordi qui est sujet a de gros ralentissements au démarrage ainsi qu'a l'utilisation alors qu'il n'a qu'un an.
J'ai essaye des solutions basiques style combofix et j'utilise microsoft security essential.
En faisant netstat j'ai régulièrement de nombreuses connections.
Merci si quelqu'un arrive à m'aider.

Pierre

54 réponses

Réponse 1 / 54
Utilisateur anonyme
 
salut

J'ai essaye des solutions basiques style combofix

basiques ? tu sais faire retour arriere si la machine plante sous le scan de combofix?
1
Réponse 2 / 54
Utilisateur anonyme
 
les informatitiens ne savent pas se servir d'un tel outil sinon ils formateraient les pc moins souvent ^^

poste ton rapport de combofix stp
1
Réponse 3 / 54
Pyrrhus
 
Moi non, mais la societe d'informatique du travail aurait pu m'aider mais la si je pouvais m'en charger seul ca m'arrangerait.
Merci.
0
Réponse 4 / 54
Pyrrhus
 
Merci beaucoup, et oui il m'aurait propose de le reformater...

le dernier rapport :

ComboFix 11-05-14.01 - Amour 15/05/2011 13:30:02.7.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.4094.2773 [GMT 2:00]
Lancé depuis: c:\users\Amour\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-04-15 au 2011-05-15 ))))))))))))))))))))))))))))))))))))
.
.
2011-05-15 11:33 . 2011-05-15 11:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-05-15 11:33 . 2011-05-15 11:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-15 08:11 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95F3A602-537E-40E4-B77B-B65E3C4A6C95}\mpengine.dll
2011-05-11 07:34 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 07:34 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 07:34 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-10 11:48 . 2011-05-10 11:48 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-05-10 11:48 . 2011-05-10 11:47 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-10 11:48 . 2011-05-10 11:47 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-05-10 09:24 . 2011-04-14 16:47 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-10 09:24 . 2011-04-14 16:47 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-10 09:24 . 2011-04-14 16:47 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-05-10 09:24 . 2011-04-14 16:47 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-10 09:24 . 2011-04-14 16:47 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-05-10 09:24 . 2011-04-14 16:47 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-10 09:24 . 2010-01-01 08:00 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-10 09:24 . 2010-01-01 08:00 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 08:21 . 2010-03-26 22:35 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-11 06:19 . 2011-04-14 13:23 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:19 . 2011-04-14 13:23 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-14 13:23 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40 . 2011-04-14 13:23 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-08 06:14 . 2011-04-14 13:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-14 13:21 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-03 06:17 . 2011-04-14 13:22 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:14 . 2011-04-14 13:22 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:27 . 2011-04-14 13:22 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58 . 2011-04-14 13:23 3133440 ----a-w- c:\windows\system32\win32k.sys
2011-02-24 06:29 . 2011-04-14 13:22 1197056 ----a-w- c:\windows\system32\wininet.dll
2011-02-24 06:24 . 2011-04-14 13:22 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-24 05:32 . 2011-04-14 13:22 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-02-24 05:30 . 2011-04-14 13:22 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-02-24 05:05 . 2011-04-14 13:22 482816 ----a-w- c:\windows\system32\html.iec
2011-02-24 04:24 . 2011-04-14 13:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-24 04:23 . 2011-04-14 13:22 386048 ----a-w- c:\windows\SysWow64\html.iec
2011-02-24 03:50 . 2011-04-14 13:22 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-02-23 05:16 . 2011-04-14 13:23 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 05:16 . 2011-04-14 13:23 401920 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 05:15 . 2011-04-14 13:23 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 05:15 . 2011-04-14 13:21 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 05:15 . 2011-04-14 13:21 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 05:15 . 2011-04-14 13:21 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 05:15 . 2011-04-14 13:21 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-19 06:36 . 2011-04-14 13:23 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 05:32 . 2011-04-14 13:23 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-19 04:13 . 2011-04-14 13:23 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-02-19 03:37 . 2011-04-14 13:23 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-02-18 06:37 . 2011-04-14 13:23 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-02-18 05:36 . 2011-04-14 13:23 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-05-07_19.48.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-07 01:46 . 2011-05-13 08:07 40110 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-13 08:07 44562 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-03-24 19:48 . 2011-05-06 16:43 12098 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-792627412-3204125982-2048311111-1000_UserData.bin
+ 2010-03-24 19:48 . 2011-05-13 08:07 12098 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-792627412-3204125982-2048311111-1000_UserData.bin
- 2010-03-24 17:26 . 2011-05-05 12:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-24 17:26 . 2011-05-12 17:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-24 17:26 . 2011-05-12 17:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-24 17:26 . 2011-05-05 12:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-05-05 12:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-12 17:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-09 16:57 . 2011-05-07 19:06 27796 c:\windows\system32\config\systemprofile\AppData\Local\ATI\ACE\Manifest.Bin
+ 2010-10-09 16:57 . 2011-05-09 13:35 27796 c:\windows\system32\config\systemprofile\AppData\Local\ATI\ACE\Manifest.Bin
- 2009-07-14 04:46 . 2011-04-19 17:34 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2011-05-13 17:08 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-03-24 22:40 . 2011-05-13 08:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-24 22:40 . 2011-05-06 16:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-27 12:07 . 2011-05-07 19:12 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
+ 2010-03-27 12:07 . 2011-05-15 11:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
+ 2010-03-24 22:40 . 2011-05-13 08:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-24 22:40 . 2011-05-06 16:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-14 20:40 . 2011-04-14 20:40 49936 c:\windows\Installer\{95120000-00AF-040C-0000-0000000FF1CE}\ppvwicon.exe
+ 2011-05-12 10:57 . 2011-05-12 10:57 49936 c:\windows\Installer\{95120000-00AF-040C-0000-0000000FF1CE}\ppvwicon.exe
- 2010-03-30 11:53 . 2011-04-14 20:42 23040 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2010-03-30 11:53 . 2011-05-12 10:57 23040 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2010-03-30 11:53 . 2011-05-12 10:57 27136 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2010-03-30 11:53 . 2011-04-14 20:42 27136 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2010-03-30 11:53 . 2011-05-12 10:57 11264 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2010-03-30 11:53 . 2011-04-14 20:42 11264 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2010-03-30 11:53 . 2011-05-12 10:57 12288 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-03-30 11:53 . 2011-04-14 20:42 12288 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-05-12 10:57 . 2011-05-12 10:57 35600 c:\windows\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe
- 2011-04-14 20:40 . 2011-04-14 20:40 35600 c:\windows\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe
- 2011-05-06 16:40 . 2011-05-06 16:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-13 08:05 . 2011-05-13 08:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-06 16:40 . 2011-05-06 16:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-13 08:05 . 2011-05-13 08:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-30 11:53 . 2011-05-12 10:57 4096 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2010-03-30 11:53 . 2011-04-14 20:42 4096 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-05-10 11:48 . 2011-05-10 11:47 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-05-10 11:48 . 2011-05-10 11:47 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-05-10 11:48 . 2011-05-10 11:47 145184 c:\windows\SysWOW64\java.exe
+ 2009-07-14 15:24 . 2011-05-11 07:30 697104 c:\windows\system32\perfh00C.dat
- 2009-07-14 15:24 . 2011-04-14 13:16 697104 c:\windows\system32\perfh00C.dat
- 2009-07-14 02:36 . 2011-04-14 13:16 609290 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-05-11 07:30 609290 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:24 . 2011-05-11 07:30 128684 c:\windows\system32\perfc00C.dat
- 2009-07-14 15:24 . 2011-04-14 13:16 128684 c:\windows\system32\perfc00C.dat
+ 2009-07-14 02:36 . 2011-05-11 07:30 104568 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-04-14 13:16 104568 c:\windows\system32\perfc009.dat
- 2010-11-07 12:41 . 2010-11-07 10:36 262144 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-11-07 12:41 . 2011-05-11 07:25 262144 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2011-05-12 23:24 315424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-10 10:32 . 2011-05-12 23:24 315424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-792627412-3204125982-2048311111-1000-8192.dat
+ 2011-05-10 11:48 . 2011-05-10 11:48 183808 c:\windows\Installer\41ffa9.msi
+ 2010-03-30 11:53 . 2011-05-12 10:57 409600 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2010-03-30 11:53 . 2011-04-14 20:42 409600 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2010-03-30 11:53 . 2011-05-12 10:57 286720 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-03-30 11:53 . 2011-04-14 20:42 286720 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-03-30 11:53 . 2011-04-14 20:42 249856 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2010-03-30 11:53 . 2011-05-12 10:57 249856 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2010-03-30 11:53 . 2011-04-14 20:42 794624 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2010-03-30 11:53 . 2011-05-12 10:57 794624 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2010-03-30 11:53 . 2011-05-12 10:57 135168 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2010-03-30 11:53 . 2011-04-14 20:42 135168 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-07-14 04:45 . 2011-04-18 15:49 3798234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-05-12 17:53 3798234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-04-27 09:14 . 2011-04-27 09:14 5520384 c:\windows\Installer\5ea87d7.msp
+ 2011-04-29 11:04 . 2011-04-29 11:04 5053440 c:\windows\Installer\5ea87c5.msp
+ 2011-04-29 10:30 . 2011-04-29 10:30 1197056 c:\windows\Installer\5ea87ab.msp
+ 2009-07-14 02:34 . 2011-05-15 10:24 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-05-07 16:57 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-03-24 20:07 . 2011-05-12 10:57 44548040 c:\windows\system32\MRT.exe
+ 2011-05-10 11:47 . 2011-05-10 11:47 12584960 c:\windows\Installer\41ffa3.msi
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspection réseau Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CanalPlus.VOD;CanalPlus.VOD;c:\program files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [2010-07-07 188416]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 eStantLaunchService;BboxUpdate;c:\program files (x86)\BboxUpdate\eSRunService.exe [2008-04-29 20480]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-18 11775592]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files (x86)\PokerStars.FR\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Amour\AppData\Roaming\Mozilla\Firefox\Profiles\xw7d1wy9.default\
FF - prefs.js: browser.search.selectedEngine - Wikipédia (fr)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2011-05-15 13:36:31
ComboFix-quarantined-files.txt 2011-05-15 11:36
ComboFix2.txt 2011-05-07 19:50
ComboFix3.txt 2011-04-12 16:42
ComboFix4.txt 2011-04-10 23:11
ComboFix5.txt 2011-05-15 11:28
.
Avant-CF: 178 190 315 520 octets libres
Après-CF: 177 744 629 760 octets libres
.
- - End Of File - - 95C8FCFE26B75DE523C305C354E27CB9
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 54
Utilisateur anonyme
 
alors là c'est pas pareil

poste tous les rapports de combofix que tu as les uns apres les autres
G3?-?@¢??@?......Concepteur de List_Kill'em...Pre_Scan....MBR_Repair....
0
Réponse 6 / 54
Pyrrhus
 
2011-04-06 11:33:57 . 2011-04-06 11:33:57 160 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Teco.reg.dat
2011-04-06 11:33:57 . 2011-04-06 11:33:57 161 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat
2011-04-06 11:33:57 . 2011-04-06 11:33:57 160 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-00TCrdMain.reg.dat
2011-04-06 11:33:57 . 2011-04-06 11:33:57 160 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-HSON.reg.dat
2011-04-06 11:33:57 . 2011-04-06 11:33:57 160 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SmoothView.reg.dat
2011-04-06 11:33:57 . 2011-04-06 11:33:57 161 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TPwrMain.reg.dat
2011-04-06 11:33:48 . 2011-04-06 11:33:48 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-MCODS.reg.dat
2011-04-06 11:33:48 . 2011-04-06 11:33:48 546 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-mcmscsvc.reg.dat
2011-04-06 11:32:37 . 2007-11-07 07:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\D\install.exe.vir
2011-04-06 11:30:57 . 2011-05-15 11:32:29 8,731 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-04-06 11:26:05 . 2011-05-15 11:28:54 561 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-04-15 16:46:50 . 2009-04-15 16:46:50 40,960 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\XP\EBLib.dll.vir
2008-07-24 13:40:58 . 2008-07-24 13:40:58 17,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\XP\TPwSav.sys.vir
0
Réponse 7 / 54
Pyrrhus
 
ComboFix 11-05-06.05 - Amour 07/05/2011 21:44:47.6.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.4094.2816 [GMT 2:00]
Lancé depuis: c:\users\Amour\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-04-07 au 2011-05-07 ))))))))))))))))))))))))))))))))))))
.
.
2011-05-07 19:48 . 2011-05-07 19:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-05-07 19:48 . 2011-05-07 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-07 16:46 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54440BAA-3F17-45B5-A093-922BA8AE3852}\mpengine.dll
2011-04-14 13:21 . 2011-03-08 06:14 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 08:21 . 2010-03-26 22:35 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-06_11.32.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-02-09 12:30 . 2010-12-18 05:30 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2011-04-14 13:22 . 2011-02-24 05:30 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2011-04-14 13:22 . 2011-02-24 05:27 12800 c:\windows\SysWOW64\msfeedssync.exe
- 2011-02-09 12:30 . 2010-12-18 05:26 12800 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-04-14 13:22 . 2011-02-24 05:30 64512 c:\windows\SysWOW64\msfeedsbs.dll
- 2011-02-09 12:30 . 2010-12-18 05:30 64512 c:\windows\SysWOW64\msfeedsbs.dll
- 2011-02-09 12:30 . 2010-12-18 05:32 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-04-14 13:22 . 2011-02-24 05:32 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-04-14 13:22 . 2011-02-24 05:30 44544 c:\windows\SysWOW64\licmgr10.dll
- 2011-02-09 12:30 . 2010-12-18 05:29 44544 c:\windows\SysWOW64\licmgr10.dll
+ 2011-04-14 13:22 . 2011-02-24 05:30 48128 c:\windows\SysWOW64\jsproxy.dll
- 2011-02-09 12:30 . 2010-12-18 05:29 48128 c:\windows\SysWOW64\jsproxy.dll
- 2009-07-13 23:38 . 2009-07-14 01:14 28672 c:\windows\SysWOW64\dnscacheugc.exe
+ 2011-04-14 13:22 . 2011-03-03 05:27 28672 c:\windows\SysWOW64\dnscacheugc.exe
- 2009-07-14 04:54 . 2011-04-02 09:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-05-06 16:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-05-06 16:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-02 09:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-06 16:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-02 09:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-09 12:30 . 2011-01-07 07:27 34304 c:\windows\SysWOW64\atmlib.dll
+ 2011-04-14 13:23 . 2011-02-19 05:32 34304 c:\windows\SysWOW64\atmlib.dll
+ 2010-02-07 01:46 . 2011-04-24 10:25 39846 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-06 16:43 44530 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-24 19:48 . 2011-05-06 16:43 12098 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-792627412-3204125982-2048311111-1000_UserData.bin
- 2011-02-09 12:30 . 2010-12-18 06:12 97280 c:\windows\system32\mshtmled.dll
+ 2011-04-14 13:22 . 2011-02-24 06:25 97280 c:\windows\system32\mshtmled.dll
+ 2011-04-14 13:22 . 2011-02-24 06:21 12288 c:\windows\system32\msfeedssync.exe
- 2011-02-09 12:30 . 2010-12-18 06:08 12288 c:\windows\system32\msfeedssync.exe
+ 2011-04-14 13:22 . 2011-02-24 06:25 82944 c:\windows\system32\msfeedsbs.dll
- 2011-02-09 12:30 . 2010-12-18 06:12 82944 c:\windows\system32\msfeedsbs.dll
+ 2011-04-14 13:22 . 2011-02-24 06:29 95232 c:\windows\system32\migration\WininetPlugin.dll
- 2011-02-09 12:30 . 2010-12-18 06:15 95232 c:\windows\system32\migration\WininetPlugin.dll
- 2011-02-09 12:30 . 2010-12-18 06:11 57856 c:\windows\system32\licmgr10.dll
+ 2011-04-14 13:22 . 2011-02-24 06:24 57856 c:\windows\system32\licmgr10.dll
+ 2011-04-14 13:21 . 2011-02-05 12:41 20352 c:\windows\system32\kdusb.dll
+ 2011-04-14 13:21 . 2011-02-05 12:41 17792 c:\windows\system32\kdcom.dll
+ 2011-04-14 13:21 . 2011-02-05 12:41 19328 c:\windows\system32\kd1394.dll
- 2011-02-09 12:30 . 2010-12-18 06:11 64512 c:\windows\system32\jsproxy.dll
+ 2011-04-14 13:22 . 2011-02-24 06:24 64512 c:\windows\system32\jsproxy.dll
+ 2009-07-14 05:30 . 2011-04-30 18:54 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-03-14 15:33 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2010-09-28 14:44 . 2010-09-28 14:44 51712 c:\windows\system32\drivers\usbaapl64.sys
- 2009-07-13 23:23 . 2009-07-13 23:23 90624 c:\windows\system32\drivers\bowser.sys
+ 2011-04-14 13:21 . 2011-02-23 05:15 90624 c:\windows\system32\drivers\bowser.sys
- 2009-07-13 23:54 . 2009-07-14 01:39 30208 c:\windows\system32\dnscacheugc.exe
+ 2011-04-14 13:22 . 2011-03-03 06:14 30208 c:\windows\system32\dnscacheugc.exe
+ 2010-03-24 17:26 . 2011-05-05 12:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-24 17:26 . 2011-04-05 08:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-24 17:26 . 2011-05-05 12:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-24 17:26 . 2011-04-05 08:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-05 08:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-05 12:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-09 16:57 . 2011-05-07 19:06 78672 c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
- 2010-10-09 16:57 . 2011-01-08 12:44 27796 c:\windows\system32\config\systemprofile\AppData\Local\ATI\ACE\Manifest.Bin
+ 2010-10-09 16:57 . 2011-05-07 19:06 27796 c:\windows\system32\config\systemprofile\AppData\Local\ATI\ACE\Manifest.Bin
- 2011-02-09 12:30 . 2011-01-07 08:06 46080 c:\windows\system32\atmlib.dll
+ 2011-04-14 13:23 . 2011-02-19 06:36 46080 c:\windows\system32\atmlib.dll
- 2010-03-25 22:33 . 2010-09-02 20:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-25 22:33 . 2011-04-15 13:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-04-19 17:34 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2011-04-02 09:40 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-03-25 22:33 . 2010-09-02 20:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-25 22:33 . 2011-04-15 13:27 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-25 22:33 . 2010-09-02 20:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-25 22:33 . 2011-04-15 13:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-24 22:40 . 2011-04-06 11:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-24 22:40 . 2011-05-06 16:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-27 12:07 . 2011-05-07 19:12 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
- 2010-03-27 12:07 . 2011-04-06 11:24 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
+ 2010-03-24 22:40 . 2011-05-06 16:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-24 22:40 . 2011-04-06 11:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-14 20:40 . 2011-04-14 20:40 49936 c:\windows\Installer\{95120000-00AF-040C-0000-0000000FF1CE}\ppvwicon.exe
- 2010-11-10 20:15 . 2010-11-10 20:15 49936 c:\windows\Installer\{95120000-00AF-040C-0000-0000000FF1CE}\ppvwicon.exe
+ 2010-03-30 11:53 . 2011-04-14 20:42 23040 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2010-03-30 11:53 . 2011-03-09 19:48 23040 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2010-03-30 11:53 . 2011-04-14 20:42 27136 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2010-03-30 11:53 . 2011-03-09 19:48 27136 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2010-03-30 11:53 . 2011-04-14 20:42 11264 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2010-03-30 11:53 . 2011-03-09 19:48 11264 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2010-03-30 11:53 . 2011-04-14 20:42 12288 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-03-30 11:53 . 2011-03-09 19:48 12288 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-04-14 20:40 . 2011-04-14 20:40 35600 c:\windows\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-11-10 20:15 . 2010-11-10 20:15 35600 c:\windows\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-06-05 10:53 . 2011-04-22 22:05 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-05 10:53 . 2011-03-16 15:30 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-04-15 14:18 . 2011-04-15 14:18 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\25e24b9842af6168a95af6447edd84e7\System.Windows.Presentation.ni.dll
+ 2011-04-15 14:18 . 2011-04-15 14:18 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\88ae41e083b3ac7a04f1fb2dc60b6b92\System.Web.DynamicData.Design.ni.dll
+ 2011-04-15 14:13 . 2011-04-15 14:13 90624 c:\windows\assembly\NativeImages_v2.0.50727_64\stdole\d4c5904689901ce4bf1f86c5dacfa3c9\stdole.ni.dll
+ 2011-04-15 14:16 . 2011-04-15 14:16 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\61c4342c01fae3975e5b03d3f68bd8f3\PresentationFontCache.ni.exe
+ 2011-04-15 13:32 . 2011-04-15 13:32 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\2165f694f68ea31be5c889744b7f376a\PresentationCFFRasterizer.ni.dll
+ 2011-04-15 14:16 . 2011-04-15 14:16 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\15fbefcc4df790796823a7e2e4ede4ad\Microsoft.WSMan.Runtime.ni.dll
+ 2011-04-15 14:16 . 2011-04-15 14:16 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\9a85013711975f888dbdcd9ba29f7cd9\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2011-04-15 14:16 . 2011-04-15 14:16 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\8eaf21ff4ec85e8c20ca71d336b90aa5\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2011-04-15 14:16 . 2011-04-15 14:16 36864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\72d8c360968f8ae94a59e3e6a6d4f9f4\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2011-04-15 14:16 . 2011-04-15 14:16 70144 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\5495a3448acaa8da2c0d5e4699d04941\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2011-04-15 14:16 . 2011-04-15 14:16 40448 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\4d77bcbe01e9270c4fde9bbb3d7038a3\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2011-04-15 14:16 . 2011-04-15 14:16 59904 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\029c17cd07099cb16415232678393a38\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2011-04-15 13:28 . 2011-04-15 13:28 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\40cd41798c41838f8b9a5d37321e6cc3\Microsoft.VisualC.ni.dll
+ 2011-04-15 14:13 . 2011-04-15 14:13 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\df60a61d94b1a28cbe352cec3ca38303\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2011-04-15 14:15 . 2011-04-15 14:15 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\87a5c18a75ce5dbefd5449ccf7e14015\LoadMxf.ni.exe
+ 2011-04-15 14:13 . 2011-04-15 14:13 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\21ac98f7be6a727c836381b75bfc70aa\ehiUPnP.ni.dll
+ 2011-04-15 14:13 . 2011-04-15 14:13 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\d8496707757be9191cf8ab416cd4cc55\ehiTVMSMusic.ni.dll
+ 2011-04-15 14:13 . 2011-04-15 14:13 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\3a636596125a4a71c7aebc8040a23b95\dfsvc.ni.exe
+ 2011-04-15 13:31 . 2011-04-15 13:31 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\9d237481823f88cbb89c0834d85df526\Accessibility.ni.dll
+ 2011-04-15 13:37 . 2011-04-15 13:37 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\6a8a0fb15f936916d6e51ab8538cff35\UIAutomationProvider.ni.dll
+ 2011-04-15 14:11 . 2011-04-15 14:11 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\4bffc57a97a74462320698ec8d35bb50\System.Windows.Presentation.ni.dll
+ 2011-04-15 14:11 . 2011-04-15 14:11 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\488e644a3bb2fae3aa18fc8853f62bad\System.Web.DynamicData.Design.ni.dll
+ 2011-04-15 14:10 . 2011-04-15 14:10 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\648f4f68ecefd8f36e31e47fd56d941c\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-04-15 14:10 . 2011-04-15 14:10 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\9527a25b7d80904951b6dd248b7ce04e\System.AddIn.Contract.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\e8a0c6235beecde13d8bc572881ac8b1\stdole.ni.dll
+ 2011-04-15 14:10 . 2011-04-15 14:10 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\59cace9a8ff0a24736f137c3e587273d\PresentationFontCache.ni.exe
+ 2011-04-15 13:37 . 2011-04-15 13:37 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\29b15b9eef203908b55751af62b163e2\PresentationCFFRasterizer.ni.dll
+ 2011-04-15 14:08 . 2011-04-15 14:08 49152 c:\windows\assembly\NativeImages_v2.0.50727_32\PCDiag\12aad7c348d9bff705474b2872c8c4a4\PCDiag.ni.exe
+ 2011-04-15 14:10 . 2011-04-15 14:10 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\f4c3808dd2780198b469629de091dc14\napcrypt.ni.dll
+ 2011-04-15 14:10 . 2011-04-15 14:10 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\c80b25dbf6abbec80fa0797142181f0a\Microsoft.WSMan.Runtime.ni.dll
+ 2011-04-15 14:10 . 2011-04-15 14:10 25088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\ca665309b6753bc6126567290689ba4e\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
+ 2011-04-15 14:10 . 2011-04-15 14:10 27136 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\bf84cf9013c3d7bee5ad42c3bc04b2fe\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
+ 2011-04-15 14:10 . 2011-04-15 14:10 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\b8dcbfd51e0d89e7e16048c9efbc6aad\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
+ 2011-04-15 14:10 . 2011-04-15 14:10 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\8342c096f1660f99a19b30529fd105d3\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
+ 2011-04-15 14:10 . 2011-04-15 14:10 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\6d6df1b863e704b425cb7610b9cf9343\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2011-04-15 14:10 . 2011-04-15 14:10 32256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\5aa44d13c29d5251935666fbcc4f9d7c\Microsoft.Windows.Diagnosis.SDHost.ni.dll
+ 2011-04-15 14:10 . 2011-04-15 14:10 23040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\13d89aae42327385e99037b0a1b97181\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\dc288223f0c505d04491a2a67074cb98\Microsoft.Vsa.ni.dll
+ 2011-04-15 13:37 . 2011-04-15 13:37 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\12de3a3ae03044c5c1684ac7181358d2\Microsoft.VisualC.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d07ea523785675cf42d9b9db1f462f53\Microsoft.Build.Framework.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\90df6fcb66dc94accdf887701b730d76\Microsoft.Build.Framework.ni.dll
+ 2011-04-15 14:08 . 2011-04-15 14:08 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.PCDIAGLib\7202bfcfa502455ccb14a0f1e781c1fa\Interop.PCDIAGLib.ni.dll
+ 2011-04-15 14:08 . 2011-04-15 14:08 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.BASICINFOLib\391ec4e6b6aa4b2896f616e14039564c\Interop.BASICINFOLib.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\aac55d605c2ac3537a6ad1e463759480\ehiUserXp.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f6a3bc61f8be1c37cb60328dd7379d90\dfsvc.ni.exe
+ 2011-04-15 14:08 . 2011-04-15 14:08 23552 c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.PCDIAGLib\7dc3dc6cef960bbd27a8e99887d1657e\AxInterop.PCDIAGLib.ni.dll
+ 2011-04-15 14:08 . 2011-04-15 14:08 22528 c:\windows\assembly\NativeImages_v2.0.50727_32\AxInterop.BASICINFO#\ffd6596c1b72c1e0e014673edcb41be6\AxInterop.BASICINFOLib.ni.dll
+ 2011-04-15 13:37 . 2011-04-15 13:37 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11ebcba65c931267301739008a883e60\Accessibility.ni.dll
+ 2011-04-30 19:49 . 2011-04-30 19:49 9560 c:\windows\system32\NetworkList\Icons\{1C76EF8C-ADCB-4C47-88D1-6684FC875494}_48.bin
+ 2011-04-30 19:49 . 2011-04-30 19:49 4280 c:\windows\system32\NetworkList\Icons\{1C76EF8C-ADCB-4C47-88D1-6684FC875494}_32.bin
+ 2011-04-30 19:49 . 2011-04-30 19:49 2456 c:\windows\system32\NetworkList\Icons\{1C76EF8C-ADCB-4C47-88D1-6684FC875494}_24.bin
+ 2011-05-06 16:40 . 2011-05-06 16:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-06 11:18 . 2011-04-06 11:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-06 16:40 . 2011-05-06 16:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-04-06 11:18 . 2011-04-06 11:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-03-30 11:53 . 2011-03-09 19:48 4096 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-03-30 11:53 . 2011-04-14 20:42 4096 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2011-02-09 12:30 . 2010-12-18 05:32 981504 c:\windows\SysWOW64\wininet.dll
+ 2011-04-14 13:22 . 2011-02-24 05:32 981504 c:\windows\SysWOW64\wininet.dll
- 2011-02-09 12:30 . 2011-01-05 05:37 428032 c:\windows\SysWOW64\vbscript.dll
+ 2011-04-14 13:23 . 2011-02-18 05:36 428032 c:\windows\SysWOW64\vbscript.dll
- 2011-02-09 12:30 . 2010-12-18 05:30 606208 c:\windows\SysWOW64\mstime.dll
+ 2011-04-14 13:22 . 2011-02-24 05:30 606208 c:\windows\SysWOW64\mstime.dll
+ 2011-04-14 13:22 . 2011-02-24 05:30 599040 c:\windows\SysWOW64\msfeeds.dll
- 2011-02-09 12:30 . 2010-12-18 05:30 599040 c:\windows\SysWOW64\msfeeds.dll
- 2011-02-09 12:30 . 2011-01-05 05:34 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-04-14 13:23 . 2011-02-18 05:35 716800 c:\windows\SysWOW64\jscript.dll
- 2010-05-12 19:20 . 2010-03-04 07:33 740864 c:\windows\SysWOW64\inetcomm.dll
+ 2011-04-14 13:21 . 2011-03-08 05:38 740864 c:\windows\SysWOW64\inetcomm.dll
- 2011-02-09 12:30 . 2010-12-18 05:29 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-04-14 13:22 . 2011-02-24 05:29 176640 c:\windows\SysWOW64\ieui.dll
- 2011-02-09 12:30 . 2010-12-18 05:29 185856 c:\windows\SysWOW64\iepeers.dll
+ 2011-04-14 13:22 . 2011-02-24 05:29 185856 c:\windows\SysWOW64\iepeers.dll
- 2011-02-09 12:30 . 2010-12-18 05:29 381440 c:\windows\SysWOW64\iedkcs32.dll
+ 2011-04-14 13:22 . 2011-02-24 05:29 381440 c:\windows\SysWOW64\iedkcs32.dll
- 2009-07-13 23:12 . 2009-07-14 01:15 269824 c:\windows\SysWOW64\dnsapi.dll
+ 2011-04-14 13:22 . 2011-03-03 05:29 269824 c:\windows\SysWOW64\dnsapi.dll
+ 2010-03-26 18:37 . 2011-05-01 10:40 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-03-26 18:37 . 2011-03-09 15:27 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-04-14 13:23 . 2011-02-19 03:37 294912 c:\windows\SysWOW64\atmfd.dll
+ 2011-04-14 13:21 . 2011-02-05 12:39 518160 c:\windows\system32\winresume.exe
+ 2011-04-14 13:21 . 2011-02-05 12:39 603976 c:\windows\system32\winload.exe
+ 2011-04-14 13:23 . 2011-02-18 06:37 612352 c:\windows\system32\vbscript.dll
- 2011-02-09 12:30 . 2011-01-05 06:20 612352 c:\windows\system32\vbscript.dll
+ 2009-07-14 15:24 . 2011-04-14 13:16 697104 c:\windows\system32\perfh00C.dat
- 2009-07-14 15:24 . 2011-04-06 11:26 697104 c:\windows\system32\perfh00C.dat
+ 2009-07-14 02:36 . 2011-04-14 13:16 609290 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-04-06 11:26 609290 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:24 . 2011-04-14 13:16 128684 c:\windows\system32\perfc00C.dat
- 2009-07-14 15:24 . 2011-04-06 11:26 128684 c:\windows\system32\perfc00C.dat
+ 2009-07-14 02:36 . 2011-04-14 13:16 104568 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-04-06 11:26 104568 c:\windows\system32\perfc009.dat
+ 2011-04-14 13:22 . 2011-02-24 06:25 703488 c:\windows\system32\msfeeds.dll
- 2011-02-09 12:30 . 2010-12-18 06:12 703488 c:\windows\system32\msfeeds.dll
- 2011-02-09 12:30 . 2011-01-05 06:16 852480 c:\windows\system32\jscript.dll
+ 2011-04-14 13:23 . 2011-02-18 06:36 852480 c:\windows\system32\jscript.dll
- 2011-02-09 12:30 . 2010-12-18 06:11 247808 c:\windows\system32\ieui.dll
+ 2011-04-14 13:22 . 2011-02-24 06:24 247808 c:\windows\system32\ieui.dll
+ 2011-04-14 13:22 . 2011-02-24 06:24 256000 c:\windows\system32\iepeers.dll
- 2011-02-09 12:30 . 2010-12-18 06:11 256000 c:\windows\system32\iepeers.dll
- 2011-02-09 12:30 . 2010-12-18 06:11 445952 c:\windows\system32\iedkcs32.dll
+ 2011-04-14 13:22 . 2011-02-24 06:24 445952 c:\windows\system32\iedkcs32.dll
+ 2011-04-14 13:21 . 2011-02-12 06:14 267776 c:\windows\system32\FXSCOVER.exe
+ 2009-07-14 04:45 . 2011-04-15 13:23 335040 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2011-02-10 10:55 335040 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:30 . 2011-03-14 15:33 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-04-30 18:54 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2011-04-14 13:23 . 2011-02-23 05:15 161792 c:\windows\system32\drivers\srvnet.sys
- 2010-10-14 22:11 . 2010-08-27 03:37 161792 c:\windows\system32\drivers\srvnet.sys
+ 2011-04-14 13:23 . 2011-02-23 05:16 401920 c:\windows\system32\drivers\srv2.sys
+ 2011-04-14 13:23 . 2011-02-23 05:16 461312 c:\windows\system32\drivers\srv.sys
+ 2011-04-14 13:21 . 2011-02-23 05:15 126464 c:\windows\system32\drivers\mrxsmb20.sys
- 2010-04-14 20:28 . 2010-02-27 07:52 286720 c:\windows\system32\drivers\mrxsmb10.sys
+ 2011-04-14 13:21 . 2011-02-23 05:15 286720 c:\windows\system32\drivers\mrxsmb10.sys
- 2010-04-14 20:28 . 2010-02-27 07:52 157696 c:\windows\system32\drivers\mrxsmb.sys
+ 2011-04-14 13:21 . 2011-02-23 05:15 157696 c:\windows\system32\drivers\mrxsmb.sys
+ 2011-04-14 13:22 . 2011-03-03 06:17 182272 c:\windows\system32\dnsrslvr.dll
- 2009-07-13 23:21 . 2009-07-14 01:40 182272 c:\windows\system32\dnsrslvr.dll
+ 2011-04-14 13:22 . 2011-03-03 06:17 356352 c:\windows\system32\dnsapi.dll
- 2009-07-13 23:21 . 2009-07-14 01:40 356352 c:\windows\system32\dnsapi.dll
+ 2009-07-14 05:12 . 2011-04-15 13:27 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-04-14 13:21 . 2011-02-05 12:39 518160 c:\windows\system32\Boot\winresume.exe
+ 2011-04-14 13:21 . 2011-02-05 12:39 603976 c:\windows\system32\Boot\winload.exe
+ 2011-04-14 13:23 . 2011-02-19 04:13 367104 c:\windows\system32\atmfd.dll
+ 2010-03-25 22:33 . 2011-04-15 13:27 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-03-25 22:33 . 2010-09-02 20:57 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-08-17 08:05 . 2010-05-20 22:38 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
+ 2011-04-14 13:23 . 2011-02-07 23:30 485192 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
- 2010-08-17 08:05 . 2010-05-20 22:49 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-04-14 13:23 . 2011-02-07 23:35 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-04-14 13:23 . 2011-02-07 23:35 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2010-08-17 08:05 . 2010-05-20 22:49 995160 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-04-14 13:23 . 2011-02-07 23:35 995160 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-01-11 07:19 . 2011-01-11 07:19 226816 c:\windows\Installer\c1e1a8e.msi
+ 2011-01-11 06:48 . 2011-01-11 06:48 235008 c:\windows\Installer\c1e1a87.msi
+ 2010-03-30 11:53 . 2011-04-14 20:42 409600 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2010-03-30 11:53 . 2011-03-09 19:48 409600 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2010-03-30 11:53 . 2011-04-14 20:42 286720 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-03-30 11:53 . 2011-03-09 19:48 286720 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-03-30 11:53 . 2011-03-09 19:48 249856 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2010-03-30 11:53 . 2011-04-14 20:42 249856 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2010-03-30 11:53 . 2011-03-09 19:48 794624 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2010-03-30 11:53 . 2011-04-14 20:42 794624 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2010-03-30 11:53 . 2011-03-09 19:48 135168 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-03-30 11:53 . 2011-04-14 20:42 135168 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-04-15 14:18 . 2011-04-15 14:18 468992 c:\windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\a204d00ba10c911f00293014caafc2a9\WsatConfig.ni.exe
+ 2011-04-15 14:18 . 2011-04-15 14:18 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\24f5de449f83de20ab6e7cd6636a74c0\WindowsFormsIntegration.ni.dll
+ 2011-04-15 13:31 . 2011-04-15 13:31 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationTypes\98ed2ce59a02b2ad53b96c0c3b6a874e\UIAutomationTypes.ni.dll
+ 2011-04-15 13:31 . 2011-04-15 13:31 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\69f823739fd264e2405cc8af76c2196f\UIAutomationProvider.ni.dll
+ 2011-04-15 14:16 . 2011-04-15 14:16 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\8a1c25a6532f4078b303d6aa1333065f\UIAutomationClient.ni.dll
+ 2011-04-15 14:18 . 2011-04-15 14:18 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\4ce28e6887c5110334a0523de81a5b59\TaskScheduler.ni.dll
+ 2011-04-15 14:17 . 2011-04-15 14:17 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\b819f184922b7faef750b18a0d82e858\System.Xml.Linq.ni.dll
+ 2011-04-15 14:18 . 2011-04-15 14:18 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\02c01af0907002c36a1b898d0bc3c31c\System.Web.Routing.ni.dll
+ 2011-04-15 13:35 . 2011-04-15 13:35 261120 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\e710c7ee94372b7b828e50af9a40755d\System.Web.RegularExpressions.ni.dll
+ 2011-04-15 14:18 . 2011-04-15 14:18 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\66669158b4e8688fbbdeefc9a680b46c\System.Web.Entity.ni.dll
+ 2011-04-15 14:18 . 2011-04-15 14:18 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\acbbfd99fb86d00db846d84739841e34\System.Web.Entity.Design.ni.dll
+ 2011-04-15 14:18 . 2011-04-15 14:18 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\edcdc55c2f52e4a141ab5c7fb26bce59\System.Web.DynamicData.ni.dll
+ 2011-04-15 14:18 . 2011-04-15 14:18 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\cedb3051c72884cec81d0979940da378\System.Web.Abstractions.ni.dll
+ 2011-04-15 13:33 . 2011-04-15 13:33 921600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\f0bbdfdeb16f0ee1fdaf0877f7d88cfc\System.Transactions.ni.dll
+ 2011-04-15 13:35 . 2011-04-15 13:35 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\78823484d7145e65b3ee87fe946b4fae\System.ServiceProcess.ni.dll
+ 2011-04-15 13:30 . 2011-04-15 13:30 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\ae5dbb7ece9715387344b40d44249877\System.Security.ni.dll
+ 2011-04-15 13:32 . 2011-04-15 13:32 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\e2661f961657f6705544823d25728184\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-04-15 14:18 . 2011-04-15 14:18 916480 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\091778aa3187d35535f90b00dd95baef\System.Net.ni.dll
+ 2011-04-15 14:13 . 2011-04-15 14:13 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\2939541c1b3a1563d6a7877df6d6e6e8\System.Messaging.ni.dll
+ 2011-04-15 14:18 . 2011-04-15 14:18 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\6d89678666d49bb027764c8c0879f032\System.Management.Instrumentation.ni.dll
+ 2011-04-15 14:18 . 2011-04-15 14:18 569344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\cbd156c642f9698caa21a622cdfe29c2\System.IO.Log.ni.dll
+ 2011-04-15 14:13 . 2011-04-15 14:13 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\ea431ab37ee44a253dd95f563d4376a7\System.IdentityModel.Selectors.ni.dll
+ 2011-04-15 13:34 . 2011-04-15 13:34 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\ba9279746ba6eb498176b0130bc1340c\System.EnterpriseServices.Wrapper.dll
+ 2011-04-15 13:35 . 2011-04-15 13:35 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\7cddebcb28b0e9fcbfe66a244eb7cd61\System.Drawing.Design.ni.dll
+ 2011-04-15 13:35 . 2011-04-15 13:35 649728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\e7b23ec962ae6a9b0e69547ae4bd4d98\System.DirectoryServices.Protocols.ni.dll
+ 2011-04-15 14:18 . 2011-04-15 14:18 493056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\c1a0f4689ae1cf73a0416e70e946f87b\System.Data.Services.Design.ni.dll
+ 2011-04-15 14:17 . 2011-04-15 14:17 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\8d5d24a53750f68ed069d218548310c7\System.Data.DataSetExtensions.ni.dll
+ 2011-04-15 13:35 . 2011-04-15 13:35 192000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\b486333468a782e0d7433bd494480df0\System.Configuration.Install.ni.dll
+ 2011-04-15 14:17 . 2011-04-15 14:17 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\e396dd0bab3b9a38d0a8b6a84b3a8409\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-04-15 14:17 . 2011-04-15 14:17 889344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\cfb735ab4102c23ddda6411e3e1c2a1d\System.AddIn.ni.dll
+ 2011-04-15 14:17 . 2011-04-15 14:17 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\f439fd4698b29680c6387ed258592edc\System.AddIn.Contract.ni.dll
+ 2011-04-15 14:18 . 2011-04-15 14:18 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\76f801595d49c56ab3d0dd86cff7ce5d\sysglobl.ni.dll
+ 2011-04-15 14:17 . 2011-04-15 14:17 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\731e7ded67383623d69d38aab9696c84\SMSvcHost.ni.exe
+ 2011-04-15 14:12 . 2011-04-15 14:12 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\8b2a0f357186101fe26a7ed196b396fe\SMDiagnostics.ni.dll
+ 2011-04-15 13:35 . 2011-04-15 13:35 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\fa7db7310a8415385632395042607d6d\PresentationFramework.Aero.ni.dll
+ 2011-04-15 13:35 . 2011-04-15 13:35 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\615e2449f6de31234a1b04131d972cc8\PresentationFramework.Royale.ni.dll
+ 2011-04-15 13:35 . 2011-04-15 13:35 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\5f0119616775b2bab899d8768c7a909c\PresentationFramework.Luna.ni.dll
+ 2011-04-15 13:35 . 2011-04-15 13:35 279040 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\1a7aaba1ab9c2e3d2edf48cea9509552\PresentationFramework.Classic.ni.dll
+ 2011-04-15 14:16 . 2011-04-15 14:16 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\b904e2dc6fe9a06c3fdecf1586444989\napsnap.ni.dll
+ 2011-04-15 14:16 . 2011-04-15 14:16 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\d163c4448708f49b85ec59c3fec91350\napinit.ni.dll
+ 2011-04-15 14:16 . 2011-04-15 14:16 175104 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\765a4776917e3f7190e004ac708e4021\naphlpr.ni.dll
+ 2011-04-15 14:16 . 2011-04-15 14:16 127488 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\b121712a09393bbea7d98025920d496d\napcrypt.ni.dll
+ 2011-04-15 14:16 . 2011-04-15 14:16 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\3678d0857e9ad8ef89b40a47ec7035e9\MSBuild.ni.exe
+ 2011-04-15 14:14 . 2011-04-15 14:14 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\1edce855e47b6279c45b04ccd67b18e2\MMCFxCommon.ni.dll
+ 2011-04-15 14:16 . 2011-04-15 14:16 681472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\58eab56a3dad06abd5678683831d9f0c\Microsoft.WSMan.Management.ni.dll
+ 2011-04-15 14:16 . 2011-04-15 14:16 122368 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\94cc0bd657babf3f9d75aef3d45d512a\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
+ 2011-04-15 14:16 . 2011-04-15 14:16 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\0a653cd63f7ee2f2ad8544e5f0e7e771\Microsoft.Vsa.ni.dll
+ 2011-04-15 14:16 . 2011-04-15 14:16 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\e4bdf0f9949189329b888af10a8be118\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-04-15 14:16 . 2011-04-15 14:16 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b8bd0ab3d0711bee247473a6bc005824\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-04-15 14:16 . 2011-04-15 14:16 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\829e156651ae88ec5e327b73894d49fa\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-04-15 14:16 . 2011-04-15 14:16 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\64afcf8829889a21cf4a893acd6fe54b\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-04-15 14:16 . 2011-04-15 14:16 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\5ec243876e1b251455de6f9ea14510a5\Microsoft.PowerShell.Security.ni.dll
+ 2011-04-15 14:14 . 2011-04-15 14:14 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\faa8fb08b5298aeb876f6c05721b1b46\Microsoft.MediaCenter.Sports.ni.dll
+ 2011-04-15 14:14 . 2011-04-15 14:14 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ecd61a6b41ee15a514c4a6e65d9c0348\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2011-04-15 14:14 . 2011-04-15 14:14 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\8af30c4922127aa112aecda3ba103c4c\Microsoft.MediaCenter.iTv.Media.ni.dll
+ 2011-04-15 14:14 . 2011-04-15 14:14 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\68b81ae2731dc7430e42690c829f1208\Microsoft.MediaCenter.Playback.ni.dll
+ 2011-04-15 14:15 . 2011-04-15 14:15 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\46b1931ac42cc387dd3fa93058109223\Microsoft.MediaCenter.Mheg.ni.dll
+ 2011-04-15 14:14 . 2011-04-15 14:14 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\17b599afe8831594b203fd2556ff8351\Microsoft.MediaCenter.iTv.ni.dll
+ 2011-04-15 14:13 . 2011-04-15 14:13 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\147fe6e09b6af26c1572ba5a10668d49\Microsoft.MediaCenter.Interop.ni.dll
+ 2011-04-15 14:14 . 2011-04-15 14:14 797696 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\35292b1c40de7c9b70fac10964a0564c\Microsoft.ManagementConsole.ni.dll
+ 2011-04-15 14:15 . 2011-04-15 14:15 244224 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\d832ebab9b336bd7d7d5a9a6ce8358d6\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-04-15 14:15 . 2011-04-15 14:15 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\7782d5404093d2c5a723ce1a2ca4a9c8\Microsoft.Build.Utilities.ni.dll
+ 2011-04-15 14:15 . 2011-04-15 14:15 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\fe49e18822f811ba5885934068e4c6d5\Microsoft.Build.Framework.ni.dll
+ 2011-04-15 14:15 . 2011-04-15 14:15 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\766c3fae1b31c90c12144de7ba802166\Microsoft.Build.Framework.ni.dll
+ 2011-04-15 14:15 . 2011-04-15 14:15 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\302e5bd7cd8eb1a91092f24e4aada304\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-04-15 14:15 . 2011-04-15 14:15 107520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\ecc9d0b03e5a0b65d4aaa348f4803d26\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
+ 2011-04-15 14:14 . 2011-04-15 14:14 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\6d7e0873f16833c344e9b9b5585282d1\Mcx2Dvcs.ni.dll
+ 2011-04-15 14:15 . 2011-04-15 14:15 545792 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\62f8d8b148e5ea4935bb02d0f927d670\mcupdate.ni.exe
+ 2011-04-15 14:13 . 2011-04-15 14:13 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\c73cb1372bb50cc34bc639d067091bca\mcstoredb.ni.dll
+ 2011-04-15 14:15 . 2011-04-15 14:15 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\828a455e406f2b90b4de42745abf5d71\mcplayerinterop.ni.dll
+ 2011-04-15 14:15 . 2011-04-15 14:15 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\22816a513d607a10f42bf1506f6ea0af\mcGlidHostObj.ni.dll
+ 2011-04-15 14:15 . 2011-04-15 14:15 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\d0b9246440b0008dacf0e4572a67192c\MCESidebarCtrl.ni.dll
+ 2011-04-15 14:14 . 2011-04-15 14:14 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\938c373c9e414f1c3360674f925da421\EventViewer.ni.dll
+ 2011-04-15 14:13 . 2011-04-15 14:13 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\9d4bd86350f1267de648b04293413fe3\ehRecObj.ni.dll
+ 2011-04-15 14:13 . 2011-04-15 14:13 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\96f0e431b898ab61ce982efb5029a575\ehiWUapi.ni.dll
+ 2011-04-15 14:13 . 2011-04-15 14:13 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\27869a1b711abd758db6434784e3e924\ehiwmp.ni.dll
+ 2011-04-15 14:13 . 2011-04-15 14:13 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\207c5f9fb2a43197c5847af6d83b10d7\ehiUserXp.ni.dll
+ 2011-04-15 14:13 . 2011-04-15 14:13 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\4b121c97bf8825d527814204f40349ff\ehiiTv.ni.dll
+ 2011-04-15 14:13 . 2011-04-15 14:13 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\b0850300010766f4cb1d54868c5e8000\ehiExtens.ni.dll
+ 2011-04-15 14:13 . 2011-04-15 14:13 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\58dcdd95ed5632ed521f78e7b8b6d2ef\ehiBmlDataCarousel.ni.dll
+ 2011-04-15 14:13 . 2011-04-15 14:13 126976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\1fe31369fbd97e02ff3ad599c01b6082\ehiActivScp.ni.dll
+ 2011-04-15 14:13 . 2011-04-15 14:13 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\bb7a1dfe12563a04a33c7454823ea14a\ehExtHost.ni.exe
+ 2011-04-15 14:13 . 2011-04-15 14:13 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\4d0ab98537a118b62771dd0dfc84a2ef\ehCIR.ni.dll
+ 2011-04-15 14:13 . 2011-04-15 14:13 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\441d1cc78fd9efcc1d6f75759ae3b5fe\CustomMarshalers.ni.dll
+ 2011-04-15 14:12 . 2011-04-15 14:12 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\c92afe3489a1236dfb52ec202ec835d1\ComSvcConfig.ni.exe
+ 2011-04-15 14:11 . 2011-04-15 14:11 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\b5866d13f13973cb6c1ed4f34da3a307\BDATunePIA.ni.dll
+ 2011-04-15 14:11 . 2011-04-15 14:11 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\92820867d7756b2ee6e784d106f4082e\WsatConfig.ni.exe
+ 2011-04-15 14:08 . 2011-04-15 14:08 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\dc92545eebf5f0ab962c9e04f6371873\WindowsFormsIntegration.ni.dll
+ 2011-04-15 13:37 . 2011-04-15 13:37 185344 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\7f7d2046655d4c9869df1400e96ef148\UIAutomationTypes.ni.dll
+ 2011-04-15 14:10 . 2011-04-15 14:10 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\b46016e46c49f5c6e454d799fe3905a1\UIAutomationClient.ni.dll
+ 2011-04-15 14:11 . 2011-04-15 14:11 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\94b7b6fdf4fae7d8729f497accebfc51\TaskScheduler.ni.dll
+ 2011-04-15 14:11 . 2011-04-15 14:11 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\d5dfe3fcbea2923bfa33430ff487ffb6\System.Xml.Linq.ni.dll
+ 2011-04-15 14:11 . 2011-04-15 14:11 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\ed71e07845afe0a93b7746b6430dda73\System.Web.Routing.ni.dll
+ 2011-04-15 13:39 . 2011-04-15 13:39 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\86f6b6c6f39adbf30b16f0010eae55ed\System.Web.RegularExpressions.ni.dll
+ 2011-04-15 14:11 . 2011-04-15 14:11 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d9aef815443e4d3c10bc05e599a80567\System.Web.Extensions.Design.ni.dll
+ 2011-04-15 14:11 . 2011-04-15 14:11 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\e194364704c7634d78692566990695e1\System.Web.Entity.ni.dll
+ 2011-04-15 14:11 . 2011-04-15 14:11 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\e35377eb04faaa818ab7594cfc25c383\System.Web.Entity.Design.ni.dll
+ 2011-04-15 14:11 . 2011-04-15 14:11 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af6bfa76fd64a29416ed911c599a8f63\System.Web.DynamicData.ni.dll
+ 2011-04-15 14:11 . 2011-04-15 14:11 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\ee6d962b3e3145a009995d2a12526492\System.Web.Abstractions.ni.dll
+ 2011-04-15 13:38 . 2011-04-15 13:38 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4be7719ea0e1f2ba2d3fde051d1ef7ab\System.Transactions.ni.dll
+ 2011-04-15 13:39 . 2011-04-15 13:39 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b6d66d3c48e430796c17d0497ce37972\System.ServiceProcess.ni.dll
+ 2011-04-15 13:37 . 2011-04-15 13:37 680960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\395fc7d9f333940351a74aaab5d6ae99\System.Security.ni.dll
+ 2011-04-15 13:37 . 2011-04-15 13:37 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ad1106dcb485b61902595ebdbac11003\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-04-15 13:38 . 2011-04-15 13:38 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\adc8998d96ca331d17cef00b1ef95a5f\System.Runtime.Remoting.ni.dll
+ 2011-04-15 14:11 . 2011-04-15 14:11 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\3edb259ce4002a23b081c7499169a03d\System.Net.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\5881d9447d785713df04b6eef6daf417\System.Messaging.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 997888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\94eb4ca06f43edf88bbdecd3729657d5\System.Management.ni.dll
+ 2011-04-15 14:11 . 2011-04-15 14:11 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\88d1e8766ea70faf415ff33ae68ab296\System.Management.Instrumentation.ni.dll
+ 2011-04-15 14:11 . 2011-04-15 14:11 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\faadac81c1e5803ee56cd14b45f4e05c\System.IO.Log.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\f57bc1904dcf818df2884ea65086a288\System.IdentityModel.Selectors.ni.dll
+ 2011-04-15 13:38 . 2011-04-15 13:38 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\d571165dafc1dd90e3450ea2a1325657\System.EnterpriseServices.Wrapper.dll
+ 2011-04-15 13:38 . 2011-04-15 13:38 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\d571165dafc1dd90e3450ea2a1325657\System.EnterpriseServices.ni.dll
+ 2011-04-15 13:39 . 2011-04-15 13:39 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ee36fbb280cddb3efe592efd9119c8d5\System.Drawing.Design.ni.dll
+ 2011-04-15 14:11 . 2011-04-15 14:11 887808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\fddab756434edabe6389b3b2e3edfbee\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-04-15 13:39 . 2011-04-15 13:39 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\fcffd264d279dfade0e9e81676e2be2e\System.DirectoryServices.Protocols.ni.dll
+ 2011-04-15 14:11 . 2011-04-15 14:11 356864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d6485a7b50ca90fa320ac63da3285585\System.Data.Services.Design.ni.dll
+ 2011-04-15 14:11 . 2011-04-15 14:11 946176 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\12cc161596458a54666bfb0f47b84c20\System.Data.Services.Client.ni.dll
+ 2011-04-15 14:11 . 2011-04-15 14:11 762880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\9d990cc6b3b48a7362036791beb16552\System.Data.Entity.Design.ni.dll
+ 2011-04-15 14:10 . 2011-04-15 14:10 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\08f80695e275fb341524fc324ce572c1\System.Data.DataSetExtensions.ni.dll
+ 2011-04-15 13:37 . 2011-04-15 13:37 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9d054fc9618b81d5703af1662cd11135\System.Configuration.ni.dll
+ 2011-04-15 13:39 . 2011-04-15 13:39 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\6ab5ba34d9ef6368859b41a78d77cb8b\System.Configuration.Install.ni.dll
+ 2011-04-15 14:10 . 2011-04-15 14:10 633344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\c23507b5fb2ac12c725e5b21e9876718\System.AddIn.ni.dll
+ 2011-04-15 14:11 . 2011-04-15 14:11 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\2309cc00d60111e583b7a5da3bb9e66e\sysglobl.ni.dll
+ 2011-04-15 14:10 . 2011-04-15 14:10 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\1c87b6d89d1bb464c9ff1d8ce8e0d7ed\SMSvcHost.ni.exe
+ 2011-04-15 14:08 . 2011-04-15 14:08 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\c33c0219534ddfe640fe44ccccb41f2b\SMDiagnostics.ni.dll
+ 2011-04-15 13:39 . 2011-04-15 13:39 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b3063a90df90a31a7ab2524bac40b7fc\PresentationFramework.Classic.ni.dll
+ 2011-04-15 13:39 . 2011-04-15 13:39 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b0aaab2b6a3abd5d4a54bdf346152416\PresentationFramework.Luna.ni.dll
+ 2011-04-15 13:39 . 2011-04-15 13:39 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e1f199a523bdc014cd19072d583e7cc\PresentationFramework.Aero.ni.dll
+ 2011-04-15 13:39 . 2011-04-15 13:39 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\35bfb432b168fb51731c8257117093aa\PresentationFramework.Royale.ni.dll
+ 2011-04-15 14:10 . 2011-04-15 14:10 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\7ab917a7b1576bca7dc9fb2cf9a53569\napsnap.ni.dll
+ 2011-04-15 14:10 . 2011-04-15 14:10 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\aad191f43e9b4a127501040f917380e6\napinit.ni.dll
+ 2011-04-15 14:10 . 2011-04-15 14:10 114176 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\b0ae87278eb84e2b831103df63fa2657\naphlpr.ni.dll
+ 2011-04-15 14:10 . 2011-04-15 14:10 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\f23c6ad56ad4605afc688022a386f2ad\MSBuild.ni.exe
+ 2011-04-15 14:09 . 2011-04-15 14:09 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\e7bf0bdf0202180ab0ef3aa522762b60\MMCFxCommon.ni.dll
+ 2011-04-15 14:10 . 2011-04-15 14:10 531456 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\27b7aa571ad3e6f9120fb3fb6f869f07\Microsoft.WSMan.Management.ni.dll
+ 2011-04-15 14:10 . 2011-04-15 14:10 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\51d5e62fd2fbf00f545f39e0d024a98c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-04-15 14:10 . 2011-04-15 14:10 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\e47d78eaaf4e73ffbb55c2e5f3d2c816\Microsoft.PowerShell.Security.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d5dca4260f2ade8d607daf1698ba73ea\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b0b2c2cd14cfba3ff2c6939de43bfd48\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-04-15 14:10 . 2011-04-15 14:10 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\94b2b89b9ab207a928b5ae14ddab7fb1\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 785920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1e659b044679bf346882b726851ba3e9\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\8f5d31794203c5d9ba6c89af26d33587\Microsoft.ManagementConsole.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4f0f296e30faa9a8276944f6b55faa57\Microsoft.Build.Utilities.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\46bf9580c6422121b8f20e0d35d30cde\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\85e2726db1f258e49f0d71c3de15d096\Microsoft.Build.Engine.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0813e2893e5acbc57418c7e30a93b516\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\24c4963d5d60d9c64b9b845c73293674\mcstoredb.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\c5d0b89f0fe0d02f0c7e8393342c2463\EventViewer.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\2b93d801332264555f2c9cd35b9799d1\ehRecObj.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 875520 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\c733aca005090391aa4520b7415e5847\ehiVidCtl.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 442880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\8b5dfd678af2ce1e63f4fb45c35247d7\ehiProxy.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\134fdbf744efb0166c20d53bf2eee245\ehiExtens.ni.dll
+ 2011-04-15 14:09 . 2011-04-15 14:09 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\57e8cac6b563dadf43235da308f3cad7\ehExtHost32.ni.exe
+ 2011-04-15 14:09 . 2011-04-15 14:09 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\690ef8a86cc2ce3dd973cf0ee4ca8cd0\CustomMarshalers.ni.dll
+ 2011-04-15 14:08 . 2011-04-15 14:08 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\4c15a608346fc62b46765dd106e3c43f\ComSvcConfig.ni.exe
+ 2011-04-15 14:07 . 2011-04-15 14:07 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\1c02b1d787025d0361fb319b6548e79e\BDATunePIA.ni.dll
+ 2011-04-14 13:22 . 2011-02-24 05:32 1228800 c:\windows\SysWOW64\urlmon.dll
+ 2011-04-14 13:23 . 2011-02-24 05:30 5981696 c:\windows\SysWOW64\mshtml.dll
+ 2011-04-14 13:23 . 2011-03-11 05:40 1164288 c:\windows\SysWOW64\mfc42u.dll
+ 2011-04-14 13:23 . 2011-03-11 05:40 1137664 c:\windows\SysWOW64\mfc42.dll
+ 2011-04-14 13:22 . 2011-02-24 05:29 2063360 c:\windows\SysWOW64\iertutil.dll
- 2011-02-09 12:30 . 2010-12-18 05:29 2063360 c:\windows\SysWOW64\iertutil.dll
- 2011-02-09 12:30 . 2010-12-18 06:15 1197056 c:\windows\system32\wininet.dll
+ 2011-04-14 13:22 . 2011-02-24 06:29 1197056 c:\windows\system32\wininet.dll
+ 2011-04-14 13:23 . 2011-03-03 03:58 3133440 c:\windows\system32\win32k.sys
+ 2010-09-28 14:44 . 2010-09-28 14:44 4184352 c:\windows\system32\usbaaplrc.dll
+ 2011-04-14 13:22 . 2011-02-24 06:28 1499136 c:\windows\system32\urlmon.dll
+ 2011-04-14 13:22 . 2011-02-24 06:25 1026560 c:\windows\system32\mstime.dll
- 2011-02-09 12:30 . 2010-12-18 06:12 1026560 c:\windows\system32\mstime.dll
+ 2011-04-14 13:23 . 2011-02-24 06:25 9311744 c:\windows\system32\mshtml.dll
+ 2011-04-14 13:23 . 2011-03-11 06:19 1359872 c:\windows\system32\mfc42u.dll
+ 2011-04-14 13:23 . 2011-03-11 06:19 1395712 c:\windows\system32\mfc42.dll
- 2011-02-09 12:30 . 2010-12-18 06:11 2447872 c:\windows\system32\iertutil.dll
+ 2011-04-14 13:22 . 2011-02-24 06:24 2447872 c:\windows\system32\iertutil.dll
- 2009-07-14 04:45 . 2011-03-26 09:41 3798234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-04-18 15:49 3798234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2010-08-17 08:05 . 2010-05-20 22:38 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
+ 2011-04-14 13:23 . 2011-02-07 23:30 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
+ 2011-04-14 13:23 . 2011-02-07 23:30 1576784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
- 2010-08-17 08:05 . 2010-05-20 22:38 1764
0
Réponse 8 / 54
Pyrrhus
 
ComboFix 11-04-10.01 - Amour 11/04/2011 1:03.4.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.4094.2709 [GMT 2:00]
Lancé depuis: c:\users\Amour\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-03-10 au 2011-04-10 ))))))))))))))))))))))))))))))))))))
.
.
2011-04-10 23:08 . 2011-04-10 23:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-10 22:31 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{034D69E4-06A3-4898-AEFF-E51763610BC9}\mpengine.dll
2011-03-25 15:10 . 2011-02-01 18:56 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-25 15:10 . 2011-02-01 18:56 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C80FCD56-8803-4FEC-83AB-E6EDF6A49A79}\gapaengine.dll
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 05:17 . 2010-03-26 22:35 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-25 17:54 . 2011-02-26 10:46 2727912 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2011-01-25 12:58 . 2011-02-26 10:46 2358888 ----a-w- c:\windows\system32\RtPgEx64.dll
2011-01-25 12:58 . 2011-02-26 10:46 2838632 ----a-w- c:\windows\system32\RtkAPO64.dll
2011-01-24 13:20 . 2011-02-26 10:46 638056 ----a-w- c:\windows\system32\RtkApi64.dll
2011-01-24 12:29 . 2010-02-07 01:53 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-01-20 13:47 . 2011-02-26 10:45 1943616 ----a-w- c:\windows\system32\FMAPO64.dll
2011-01-12 10:09 . 2011-02-26 10:46 783360 ----a-w- c:\windows\system32\RCoRes64.dat
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-06_11.32.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-04-02 09:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-09 20:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-02 09:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-09 20:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-09 20:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-02 09:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-07 01:46 . 2011-04-07 06:33 39822 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2010-02-07 01:46 . 2011-04-06 11:20 39822 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-09 20:36 44466 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-04-06 11:20 44466 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-24 19:48 . 2011-04-09 20:36 11850 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-792627412-3204125982-2048311111-1000_UserData.bin
+ 2010-03-24 22:40 . 2011-04-09 20:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-24 22:40 . 2011-04-06 11:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-27 12:07 . 2011-04-06 11:24 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
+ 2010-03-27 12:07 . 2011-04-10 22:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
+ 2010-03-24 22:40 . 2011-04-09 20:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-24 22:40 . 2011-04-06 11:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-06 11:18 . 2011-04-06 11:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-09 20:33 . 2011-04-09 20:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-06 11:18 . 2011-04-06 11:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-09 20:33 . 2011-04-09 20:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-26 18:37 . 2011-04-09 20:34 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-03-26 18:37 . 2011-03-09 15:27 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 15:24 . 2011-04-09 20:40 697104 c:\windows\system32\perfh00C.dat
- 2009-07-14 15:24 . 2011-04-06 11:26 697104 c:\windows\system32\perfh00C.dat
- 2009-07-14 02:36 . 2011-04-06 11:26 609290 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-04-09 20:40 609290 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:24 . 2011-04-09 20:40 128684 c:\windows\system32\perfc00C.dat
- 2009-07-14 15:24 . 2011-04-06 11:26 128684 c:\windows\system32\perfc00C.dat
- 2009-07-14 02:36 . 2011-04-06 11:26 104568 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-04-09 20:40 104568 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:34 . 2011-04-10 22:17 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-04-05 17:03 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-09 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"BboxUpdate"="c:\program files (x86)\BboxUpdate\eStantAutoRunV.exe" [2008-04-14 6144]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\Amour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
La ChaOEne M't'o.lnk - c:\program files (x86)\La ChaOEne M't'o\La ChaOEne M't'o.exe [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspection réseau Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CanalPlus.VOD;CanalPlus.VOD;c:\program files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [2010-07-07 188416]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 eStantLaunchService;BboxUpdate;c:\program files (x86)\BboxUpdate\eSRunService.exe [2008-04-29 20480]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe" [BU]
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe" [BU]
"00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
"Teco"="%ProgramFiles%\TOSHIBA\TECO\Teco.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-18 11775592]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files (x86)\PokerStars.FR\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Amour\AppData\Roaming\Mozilla\Firefox\Profiles\xw7d1wy9.default\
FF - prefs.js: browser.search.selectedEngine - Wikipédia (fr)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2011-04-11 01:11:25
ComboFix-quarantined-files.txt 2011-04-10 23:11
ComboFix2.txt 2011-04-07 23:10
ComboFix3.txt 2011-04-06 11:51
ComboFix4.txt 2011-04-06 11:35
.
Avant-CF: 178 443 653 120 octets libres
Après-CF: 178 229 772 288 octets libres
.
- - End Of File - - 72B2720064C2B9EED0EBCC5107CBC3F7
0
Réponse 9 / 54
Pyrrhus
 
ComboFix 11-04-05.02 - Amour 06/04/2011 13:28:06.1.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.4094.2855 [GMT 2:00]
Lancé depuis: c:\users\Amour\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
D:\install.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-03-06 au 2011-04-06 ))))))))))))))))))))))))))))))))))))
.
.
2011-04-04 09:37 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AA6A2CFF-92A9-4018-B21C-F74EE14436E8}\mpengine.dll
2011-03-25 15:10 . 2011-02-01 18:56 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-25 15:10 . 2011-02-01 18:56 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C80FCD56-8803-4FEC-83AB-E6EDF6A49A79}\gapaengine.dll
2011-03-09 19:27 . 2011-03-09 19:29 -------- d-----w- c:\users\Amour\AppData\Roaming\Mozilla-Cache
2011-03-09 19:27 . 2011-03-09 19:29 -------- d-----w- c:\program files\Temp
2011-03-09 19:26 . 2011-03-09 20:15 -------- d-----w- c:\program files\PartyPokerFr
2011-03-09 19:23 . 2011-03-09 19:23 -------- d-----w- C:\Programs
2011-03-09 15:35 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 15:35 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-09 15:35 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 15:35 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-09 15:35 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 15:35 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 15:35 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 15:35 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-03-09 15:35 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-09 15:35 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 15:35 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-09 15:35 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 05:17 . 2010-03-26 22:35 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-25 17:54 . 2011-02-26 10:46 2727912 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2011-01-25 12:58 . 2011-02-26 10:46 2358888 ----a-w- c:\windows\system32\RtPgEx64.dll
2011-01-25 12:58 . 2011-02-26 10:46 2838632 ----a-w- c:\windows\system32\RtkAPO64.dll
2011-01-24 13:20 . 2011-02-26 10:46 638056 ----a-w- c:\windows\system32\RtkApi64.dll
2011-01-24 12:29 . 2010-02-07 01:53 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-01-20 13:47 . 2011-02-26 10:45 1943616 ----a-w- c:\windows\system32\FMAPO64.dll
2011-01-12 10:09 . 2011-02-26 10:46 783360 ----a-w- c:\windows\system32\RCoRes64.dat
2011-01-07 08:06 . 2011-02-09 12:30 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 07:27 . 2011-02-09 12:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-09 12:30 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-09 12:30 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-09 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"BboxUpdate"="c:\program files (x86)\BboxUpdate\eStantAutoRunV.exe" [2008-04-14 6144]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\Amour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
La ChaOEne M't'o.lnk - c:\program files (x86)\La ChaOEne M't'o\La ChaOEne M't'o.exe [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspection réseau Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CanalPlus.VOD;CanalPlus.VOD;c:\program files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [2010-07-07 188416]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 eStantLaunchService;BboxUpdate;c:\program files (x86)\BboxUpdate\eSRunService.exe [2008-04-29 20480]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-18 11775592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files (x86)\PokerStars.FR\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Amour\AppData\Roaming\Mozilla\Firefox\Profiles\xw7d1wy9.default\
FF - prefs.js: browser.search.selectedEngine - Wikipédia (fr)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHELINS SUPPRIMES - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2011-04-06 13:35:08
ComboFix-quarantined-files.txt 2011-04-06 11:35
.
Avant-CF: 178 910 904 320 octets libres
Après-CF: 178 846 420 992 octets libres
.
- - End Of File - - 2B1D27A699D695C0DA06805DD751DD1D
ComboFix 11-04-05.02 - Amour 06/04/2011 13:44:33.2.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.4094.2712 [GMT 2:00]
Lancé depuis: c:\users\Amour\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-03-06 au 2011-04-06 ))))))))))))))))))))))))))))))))))))
.
.
2011-04-06 11:48 . 2011-04-06 11:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-04 09:37 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AA6A2CFF-92A9-4018-B21C-F74EE14436E8}\mpengine.dll
2011-03-25 15:10 . 2011-02-01 18:56 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-25 15:10 . 2011-02-01 18:56 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C80FCD56-8803-4FEC-83AB-E6EDF6A49A79}\gapaengine.dll
2011-03-09 19:27 . 2011-03-09 19:29 -------- d-----w- c:\users\Amour\AppData\Roaming\Mozilla-Cache
2011-03-09 19:27 . 2011-03-09 19:29 -------- d-----w- c:\program files\Temp
2011-03-09 19:26 . 2011-03-09 20:15 -------- d-----w- c:\program files\PartyPokerFr
2011-03-09 19:23 . 2011-03-09 19:23 -------- d-----w- C:\Programs
2011-03-09 15:35 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 15:35 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-09 15:35 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 15:35 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-09 15:35 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 15:35 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 15:35 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 15:35 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-03-09 15:35 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-09 15:35 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 15:35 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-09 15:35 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 05:17 . 2010-03-26 22:35 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-25 17:54 . 2011-02-26 10:46 2727912 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2011-01-25 12:58 . 2011-02-26 10:46 2358888 ----a-w- c:\windows\system32\RtPgEx64.dll
2011-01-25 12:58 . 2011-02-26 10:46 2838632 ----a-w- c:\windows\system32\RtkAPO64.dll
2011-01-24 13:20 . 2011-02-26 10:46 638056 ----a-w- c:\windows\system32\RtkApi64.dll
2011-01-24 12:29 . 2010-02-07 01:53 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-01-20 13:47 . 2011-02-26 10:45 1943616 ----a-w- c:\windows\system32\FMAPO64.dll
2011-01-12 10:09 . 2011-02-26 10:46 783360 ----a-w- c:\windows\system32\RCoRes64.dat
2011-01-07 08:06 . 2011-02-09 12:30 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 07:27 . 2011-02-09 12:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-09 12:30 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-09 12:30 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-06_11.32.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-04-06 11:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-02 09:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-02 09:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-06 11:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-02 09:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-06 11:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 05:10 . 2011-04-06 11:20 44466 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-06 11:39 44466 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-03-24 19:48 . 2011-04-06 11:20 11842 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-792627412-3204125982-2048311111-1000_UserData.bin
+ 2010-03-24 19:48 . 2011-04-06 11:39 11842 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-792627412-3204125982-2048311111-1000_UserData.bin
+ 2010-03-24 22:40 . 2011-04-06 11:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-24 22:40 . 2011-04-06 11:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-24 22:40 . 2011-04-06 11:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-24 22:40 . 2011-04-06 11:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-06 11:37 . 2011-04-06 11:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-06 11:18 . 2011-04-06 11:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-06 11:18 . 2011-04-06 11:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-06 11:37 . 2011-04-06 11:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 15:24 . 2011-04-06 11:26 697104 c:\windows\system32\perfh00C.dat
+ 2009-07-14 15:24 . 2011-04-06 11:45 697104 c:\windows\system32\perfh00C.dat
+ 2009-07-14 02:36 . 2011-04-06 11:45 609290 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-04-06 11:26 609290 c:\windows\system32\perfh009.dat
- 2009-07-14 15:24 . 2011-04-06 11:26 128684 c:\windows\system32\perfc00C.dat
+ 2009-07-14 15:24 . 2011-04-06 11:45 128684 c:\windows\system32\perfc00C.dat
+ 2009-07-14 02:36 . 2011-04-06 11:45 104568 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-04-06 11:26 104568 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-09 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"BboxUpdate"="c:\program files (x86)\BboxUpdate\eStantAutoRunV.exe" [2008-04-14 6144]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\Amour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
La ChaOEne M't'o.lnk - c:\program files (x86)\La ChaOEne M't'o\La ChaOEne M't'o.exe [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspection réseau Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CanalPlus.VOD;CanalPlus.VOD;c:\program files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [2010-07-07 188416]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 eStantLaunchService;BboxUpdate;c:\program files (x86)\BboxUpdate\eSRunService.exe [2008-04-29 20480]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe" [BU]
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe" [BU]
"00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
"Teco"="%ProgramFiles%\TOSHIBA\TECO\Teco.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-18 11775592]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files (x86)\PokerStars.FR\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Amour\AppData\Roaming\Mozilla\Firefox\Profiles\xw7d1wy9.default\
FF - prefs.js: browser.search.selectedEngine - Wikipédia (fr)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2011-04-06 13:51:14
ComboFix-quarantined-files.txt 2011-04-06 11:51
ComboFix2.txt 2011-04-06 11:35
.
Avant-CF: 178 757 124 096 octets libres
Après-CF: 178 444 976 128 octets libres
.
- - End Of File - - 1FA410261F900DF6D4E872DC50C9357F
ComboFix 11-04-07.05 - Amour 08/04/2011 1:05.3.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.4094.2763 [GMT 2:00]
Lancé depuis: c:\users\Amour\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-03-07 au 2011-04-07 ))))))))))))))))))))))))))))))))))))
.
.
2011-04-07 23:08 . 2011-04-07 23:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-06 11:56 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9023A2F6-B5B2-4942-95DC-0B52B4AA7A8E}\mpengine.dll
2011-03-25 15:10 . 2011-02-01 18:56 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-25 15:10 . 2011-02-01 18:56 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C80FCD56-8803-4FEC-83AB-E6EDF6A49A79}\gapaengine.dll
2011-03-09 19:27 . 2011-03-09 19:29 -------- d-----w- c:\users\Amour\AppData\Roaming\Mozilla-Cache
2011-03-09 19:27 . 2011-03-09 19:29 -------- d-----w- c:\program files\Temp
2011-03-09 19:26 . 2011-03-09 20:15 -------- d-----w- c:\program files\PartyPokerFr
2011-03-09 19:23 . 2011-03-09 19:23 -------- d-----w- C:\Programs
2011-03-09 15:35 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 15:35 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-09 15:35 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 15:35 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-09 15:35 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 15:35 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 15:35 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 15:35 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-03-09 15:35 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-09 15:35 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 15:35 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-09 15:35 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 05:17 . 2010-03-26 22:35 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-25 17:54 . 2011-02-26 10:46 2727912 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2011-01-25 12:58 . 2011-02-26 10:46 2358888 ----a-w- c:\windows\system32\RtPgEx64.dll
2011-01-25 12:58 . 2011-02-26 10:46 2838632 ----a-w- c:\windows\system32\RtkAPO64.dll
2011-01-24 13:20 . 2011-02-26 10:46 638056 ----a-w- c:\windows\system32\RtkApi64.dll
2011-01-24 12:29 . 2010-02-07 01:53 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-01-20 13:47 . 2011-02-26 10:45 1943616 ----a-w- c:\windows\system32\FMAPO64.dll
2011-01-12 10:09 . 2011-02-26 10:46 783360 ----a-w- c:\windows\system32\RCoRes64.dat
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-06_11.32.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-04-07 06:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-02 09:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-07 06:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-02 09:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-02 09:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-07 06:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-07 01:46 . 2011-04-07 06:33 39822 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2010-02-07 01:46 . 2011-04-06 11:20 39822 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-07 06:33 44466 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-04-06 11:20 44466 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-03-24 19:48 . 2011-04-06 11:20 11842 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-792627412-3204125982-2048311111-1000_UserData.bin
+ 2010-03-24 19:48 . 2011-04-07 06:33 11842 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-792627412-3204125982-2048311111-1000_UserData.bin
+ 2010-03-24 22:40 . 2011-04-07 06:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-24 22:40 . 2011-04-06 11:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-27 12:07 . 2011-04-07 23:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
- 2010-03-27 12:07 . 2011-04-06 11:24 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
+ 2010-03-24 22:40 . 2011-04-07 06:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-24 22:40 . 2011-04-06 11:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-07 06:13 . 2011-04-07 06:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-06 11:18 . 2011-04-06 11:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-06 11:18 . 2011-04-06 11:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-07 06:13 . 2011-04-07 06:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 15:24 . 2011-04-07 22:03 697104 c:\windows\system32\perfh00C.dat
- 2009-07-14 15:24 . 2011-04-06 11:26 697104 c:\windows\system32\perfh00C.dat
- 2009-07-14 02:36 . 2011-04-06 11:26 609290 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-04-07 22:03 609290 c:\windows\system32\perfh009.dat
- 2009-07-14 15:24 . 2011-04-06 11:26 128684 c:\windows\system32\perfc00C.dat
+ 2009-07-14 15:24 . 2011-04-07 22:03 128684 c:\windows\system32\perfc00C.dat
- 2009-07-14 02:36 . 2011-04-06 11:26 104568 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-04-07 22:03 104568 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:34 . 2011-04-07 09:24 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-04-05 17:03 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-09 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"BboxUpdate"="c:\program files (x86)\BboxUpdate\eStantAutoRunV.exe" [2008-04-14 6144]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\Amour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
La ChaOEne M't'o.lnk - c:\program files (x86)\La ChaOEne M't'o\La ChaOEne M't'o.exe [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspection réseau Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CanalPlus.VOD;CanalPlus.VOD;c:\program files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [2010-07-07 188416]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 eStantLaunchService;BboxUpdate;c:\program files (x86)\BboxUpdate\eSRunService.exe [2008-04-29 20480]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe" [BU]
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe" [BU]
"00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
"Teco"="%ProgramFiles%\TOSHIBA\TECO\Teco.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-18 11775592]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files (x86)\PokerStars.FR\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Amour\AppData\Roaming\Mozilla\Firefox\Profiles\xw7d1wy9.default\
FF - prefs.js: browser.search.selectedEngine - Wikipédia (fr)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2011-04-08 01:10:33
ComboFix-quarantined-files.txt 2011-04-07 23:10
ComboFix2.txt 2011-04-06 11:51
ComboFix3.txt 2011-04-06 11:35
.
Avant-CF: 178 294 579 200 octets libres
Après-CF: 178 216 574 976 octets libres
.
- - End Of File - - EA3DDC67E4D787D033BB25D32BBA4D44
0
Réponse 10 / 54
Pyrrhus
 
Voila j'espere que ça ne fait pas trop long... Et que je n'en ai pas oublié...
Merci encore
0
Réponse 11 / 54
Utilisateur anonyme
 
ok poste-les sur cijoint.fr et donne tous les liens car là tu as mis un gros bord$$$ et on comprend rien
0
Réponse 12 / 54
Pyrrhus
 
ok j'envoie tout demain matin
0
Réponse 13 / 54
Utilisateur anonyme
 
pas de soucis :)
0
Réponse 14 / 54
Pyrrhus
 
Alors :

les rapports du dernier au premier :
http://www.cijoint.fr/cjlink.php?file=cj201105/cijbzyFo82.txt
http://www.cijoint.fr/cjlink.php?file=cj201105/cijBxGMW33.txt
http://www.cijoint.fr/cjlink.php?file=cj201105/cij8c8RSFI.txt
http://www.cijoint.fr/cjlink.php?file=cj201105/cijyjuVFud.txt
http://www.cijoint.fr/cjlink.php?file=cj201105/cijarodGUr.txt

quarantined files :
http://www.cijoint.fr/cjlink.php?file=cj201105/cijbAasLea.txt

add-remove :
http://www.cijoint.fr/cjlink.php?file=cj201105/cijcxQGfXl.txt

Je reviens ce soir.
0
Réponse 15 / 54
Utilisateur anonyme
 

__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt


0
Réponse 16 / 54
Pyrrhus
 
Et voila :
http://www.cijoint.fr/cjlink.php?file=cj201105/cijcNuweNF.txt
0
Réponse 17 / 54
Utilisateur anonyme
 
re

desactive tes protections puis enregistre ceci sur ton bureau

Pre_Scan

s'il n'est pas sur ton bureau coupe-le de ton dossier telechargements et colle-le sur ton bureau

Avertissement: Il y aura une extinction courte du bureau --> pas de panique.

une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan.txt" sur le bureau.

si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

si l'outil semble ne pas avoir fonctionné clique plusieurs fois très rapidement dessus ou renomme-le winlogon , ou change son extension en .com ou .scr

Il se peut que l'outil soit un peu long sur la reattribution des fichiers tout depend combien tu en as , laisse-le travailler

Poste Pre_Scan.txt qui apparaitra sur le bureau en fin de scan
0
Réponse 18 / 54
Pyrrhus
 
re, et merci encore pour l'aide c'est vraiment super gentil et je trouve génial ce que vous faites, voila le txt :
http://www.cijoint.fr/cjlink.php?file=cj201105/cijgdMzghO.txt
0
Réponse 19 / 54
Utilisateur anonyme
 
que contient ce dossier ?

C:\ProgramData\Vista32
0
Réponse 20 / 54
Pyrrhus
 
Un dossier - Microsoft.VC80.MFC
Une extension - EBLib.dll
un catalogue de sécurité - lpcfilter
un txt config - LPCFilter
un .sys - LPCFilter.ys
0

Discussions similaires

Superposition des applications
Peltekian -
Marco -

2 réponses
superposition application impossible
pacorabano -
Lolopomo -

8 réponses
activer la superposition
lebarca -
bazfile -

1 réponse
"Comment activer la fonctionnalité EAB/présence provisionnée
AMANA -
MPMP10 -

1 réponse
Bloquer mon compteur edf de temps à autre
lili -
brupala -

4 réponses