Supprimer le virus bagle !!
adidousevilla
Messages postés
3
Statut
Membre
-
Fish66 Messages postés 18337 Statut Contributeur sécurité -
Fish66 Messages postés 18337 Statut Contributeur sécurité -
Bonjour à tous !!!!
Je tente de supprimer le virus bagle à l'aide des tutos que j'ai trouvé sur le forum !!!
j'en suis à l'étape 2 de findykill cad "supression"....
le souci c'est que mon ordi reste bloqué à 80 % est ce normal ??? combien de temps dois je attendre à peu près ??
merci d'avance
Je tente de supprimer le virus bagle à l'aide des tutos que j'ai trouvé sur le forum !!!
j'en suis à l'étape 2 de findykill cad "supression"....
le souci c'est que mon ordi reste bloqué à 80 % est ce normal ??? combien de temps dois je attendre à peu près ??
merci d'avance
A voir également:
- Supprimer le virus bagle !!
- Supprimer rond bleu whatsapp - Guide
- Supprimer page word - Guide
- Comment supprimer fausse alerte virus mcafee - Accueil - Piratage
- Supprimer pub youtube - Accueil - Streaming
- Fichier impossible à supprimer - Guide
10 réponses
Salut,
Qui t'a dit que tu as attrapé un Bagle ?
Le scan ne dure pas longtemps!
Redémarre ton PC puis fais ceci stp :
* Télécharge ZHPDiag (de Nicolas Coolman) à partir l'un
des deux liens : Lien 1 ou Lien 2
* Lance-le, (Clic droit "exécuter en tant qu'administrateur" si tu es sous Vista/7)
* Clique sur l'icône en forme de loupe pour lancer le diagnostique
* Héberge le rapport ZHPDiag.txt de ton bureau sur : malekal.com ou cjoint.com
* Fais copier/coller le lien fourni dans ta prochaine réponse
@+
_ _ _ Fish66_ _ _ I''"""""I_ _ membre contributeur sécurité_ _I''"""""I_ _ _
¤¤¤ Le meilleur remède pour tous les problèmes, c'est la patience.... ¤¤¤
Qui t'a dit que tu as attrapé un Bagle ?
Le scan ne dure pas longtemps!
Redémarre ton PC puis fais ceci stp :
* Télécharge ZHPDiag (de Nicolas Coolman) à partir l'un
des deux liens : Lien 1 ou Lien 2
* Lance-le, (Clic droit "exécuter en tant qu'administrateur" si tu es sous Vista/7)
* Clique sur l'icône en forme de loupe pour lancer le diagnostique
* Héberge le rapport ZHPDiag.txt de ton bureau sur : malekal.com ou cjoint.com
* Fais copier/coller le lien fourni dans ta prochaine réponse
@+
_ _ _ Fish66_ _ _ I''"""""I_ _ membre contributeur sécurité_ _I''"""""I_ _ _
¤¤¤ Le meilleur remède pour tous les problèmes, c'est la patience.... ¤¤¤
c'est ce que j'en ai deduit en lisant ce que j'ai trouvé sur divers forum....
mon anti virus a été supprimé, internet ne cesse de s'éteindre.
j'ai retenté le scan mais cela n'a pas fonctionné il a encore beugué à 80% !!!
je suis sur windows 7 cela change t il quelque chose à ce que tu m'as dit de faire au dessus ???
merci beaucoup pour ton aide !!!!!et la reponse rapide !!!
mon anti virus a été supprimé, internet ne cesse de s'éteindre.
j'ai retenté le scan mais cela n'a pas fonctionné il a encore beugué à 80% !!!
je suis sur windows 7 cela change t il quelque chose à ce que tu m'as dit de faire au dessus ???
merci beaucoup pour ton aide !!!!!et la reponse rapide !!!
Re,
Utilise un autre PC et un clé USB
=============================
Avant d'utiliser ComboFix :
Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :
si tu as ce genre de d'outils sur ton pc Utilise Defogger pour les désactiver temporairement : sinon passe directement à combofix
* Télécharge Defogger (de jpshortstuff) sur ton Bureau
* Lance le
* Une fenêtre apparait : clique sur "Disable"
* Fais redémarrer l'ordinateur si l'outil te le demande
Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"
===================================================
Attention, avant de commencer, lis attentivement la procédure
********************************************************
/!\ Ne pas utiliser ce logiciel en dehors du cadre de cette désinfection : DANGEUREUX /!\
* Fais un clic droit sur ce lien, enregistre le dans ton bureau sous un autre nom exemple « ton pseudo.exe »
Voici Aide combofix
* /!\ Déconnecte-toi du net et ARRÊTE TES LOGICIELS DE PROTECTION /!\
*Double-clique sur ComboFix.exe (ou exécuter en tant qu'administrateur pour vista et seven)
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter
** SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
(si il te propose de l'installer remets internet)
? Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC
*En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
** /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
*Note : Le rapport se trouve également là : C:\ComboFix.txt
Utilise un autre PC et un clé USB
=============================
Avant d'utiliser ComboFix :
Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :
si tu as ce genre de d'outils sur ton pc Utilise Defogger pour les désactiver temporairement : sinon passe directement à combofix
* Télécharge Defogger (de jpshortstuff) sur ton Bureau
* Lance le
* Une fenêtre apparait : clique sur "Disable"
* Fais redémarrer l'ordinateur si l'outil te le demande
Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"
===================================================
Attention, avant de commencer, lis attentivement la procédure
********************************************************
/!\ Ne pas utiliser ce logiciel en dehors du cadre de cette désinfection : DANGEUREUX /!\
* Fais un clic droit sur ce lien, enregistre le dans ton bureau sous un autre nom exemple « ton pseudo.exe »
Voici Aide combofix
* /!\ Déconnecte-toi du net et ARRÊTE TES LOGICIELS DE PROTECTION /!\
*Double-clique sur ComboFix.exe (ou exécuter en tant qu'administrateur pour vista et seven)
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter
** SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
(si il te propose de l'installer remets internet)
? Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC
*En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
** /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
*Note : Le rapport se trouve également là : C:\ComboFix.txt
Je viens de faire l'analyse avec combifox, il semblerait que ma connexion internet soit redevenue normal ceci dit je t'envoie le compte rendu.
Est ce qu'il y'a d'autres étapes à suivre ensuite ???
merci beaucoup pour ton aide !!!! tu ml'as tiré une sacré épine du pied !!!!! ;)
ComboFix 12-06-12.03 - Amandine 13/06/2012 0:22.2.8 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4078.2566 [GMT 2:00]
Lancé depuis: c:\users\Amandine\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\programdata\Toshiba
c:\users\Amandine\AppData\Roaming\cacaoweb
c:\users\Amandine\AppData\Roaming\cacaoweb\npdfile.dat
c:\users\Amandine\AppData\Roaming\cacaoweb\replicating2DE9EB7974C0A3E5C727E1DAFEC83F20.cacao
c:\users\Amandine\AppData\Roaming\cacaoweb\replicating69DA6E78183C1D2D8B490B0F3D84145E.cacao
c:\users\Amandine\AppData\Roaming\cacaoweb\replicatingC708E4F7DA3A5F77FD8914C990EB1119.cacao
c:\users\Amandine\AppData\Roaming\cacaoweb\replicatingC8D8A9E9F882DE96DF6457FAB63D4130.cacao
c:\users\Amandine\AppData\Roaming\cacaoweb\replicatingCF2CCABE7BCE9428AB1AC0253E4FFBDC.cacao
c:\users\Amandine\AppData\Roaming\cacaoweb\replicatingDF52B34530028F47BB69A39DFEDF968F.cacao
c:\users\Amandine\AppData\Roaming\cacaoweb\replicatingE8DB08029191D125DDFDFCB2D241618F.cacao
c:\users\Amandine\AppData\Roaming\cacaoweb\storage.db
c:\users\Amandine\AppData\Roaming\Protector-csfm.exe
c:\users\Amandine\AppData\Roaming\result.db
c:\users\Amandine\AppData\Roaming\Toshiba
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards.xml
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards.xml.bak
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\6f17513b-7dcb-41f7-af73-51eff7c5be7f\TPhoto_00032.jpg.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\6f17513b-7dcb-41f7-af73-51eff7c5be7f\TPhoto_00032.jpg.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\Board.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\Board.xml
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\Board.xml.bak
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\Board.xml
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\board1.xml
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r2_c110.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r2_c20.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r2_c50.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r4_c70.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r5_c100.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r5_c40.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\Help_Top000000.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\IMG_2866000000.jpg
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\BulletinBoardLog.txt
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\EvernoteSettings.xml
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\EvernoteSettings.xml.bak
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\screenshot.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Settings.xml
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Settings.xml.bak
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Share.xml
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\ToshibaBoardSettings.xml
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\1\1.xml
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\1\Icons\0.ico
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\1\Icons\1.ico
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\1\Icons\2.ico
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\1\Icons\3.ico
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\1\Icons\4.ico
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\1\Icons\5.ico
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\1\Icons\music.png
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\dynamicicon.xml
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\update\Software\TC30424600A\Setup.exe
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\update\Software\TC30424600A\tinstallwb.exe
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\update\Software\TC30424600A\WBDJA44I.DLL
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\update\Software\TC30424600A\WBTOS45I.DLL
c:\users\Amandine\AppData\Roaming\Toshiba\ReelTime\Backup\ReelTimeMonitorData.dat
c:\users\Amandine\AppData\Roaming\Toshiba\ReelTime\ReelTimeMonitorData.dat
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-05-12 au 2012-06-12 ))))))))))))))))))))))))))))))))))))
.
.
2012-06-12 22:28 . 2012-06-12 22:28 -------- d-----w- c:\users\Amandine\AppData\Roaming\TOSHIBA
2012-06-12 15:12 . 2012-06-12 16:30 -------- d-----w- C:\FyK
2012-06-11 15:43 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4FA35AF2-710E-4E1B-85DE-6A14C9D259AD}\mpengine.dll
2012-06-10 15:37 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-20 09:46 . 2012-05-20 09:46 -------- d-----w- c:\windows\fr
2012-05-20 09:45 . 2012-05-20 09:45 -------- d-----w- c:\windows\ar
2012-05-20 09:45 . 2012-05-20 09:45 -------- d-----w- c:\windows\tr
2012-05-20 09:44 . 2012-05-20 09:44 -------- d-----w- c:\windows\en
2012-05-20 09:39 . 2012-05-20 09:39 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7c95565e1cd366c01\DXSETUP.exe
2012-05-20 09:39 . 2012-05-20 09:39 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7c95565e1cd366c01\dsetup32.dll
2012-05-20 09:39 . 2012-05-20 09:39 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7cdd83fd1cd366c02\MeshBetaRemover.exe
2012-05-20 09:39 . 2012-05-20 09:39 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7c95565e1cd366c01\DSETUP.dll
2012-05-20 09:39 . 2012-05-20 09:39 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 06:05 . 2012-05-13 20:04 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-13 20:04 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-13 20:04 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-13 20:04 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-13 20:03 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-20 18:44 . 2011-04-27 14:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2011-04-18 12:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-18 09:58 . 2011-08-03 10:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-17 07:58 . 2012-05-13 20:03 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe" [2011-05-16 846936]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-06-29 1409424]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\users\Amandine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Amandine\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acelerador de inicio de AutoCAD.lnk - c:\program files (x86)\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-8-3 1492352]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 136176]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2012-01-13 103440]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-11 378472]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-03-02 266680]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 10:41]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 10:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-08-03 150992]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ajouter à TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll
TCP: DhcpNameServer = 87.216.1.65 87.216.1.66
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Toolbar-Locked - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Heure de fin: 2012-06-13 00:33:54 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-06-12 22:33
.
Avant-CF: 247 752 339 456 octets libres
Après-CF: 248 186 200 064 octets libres
.
- - End Of File - - 1B457F80B52B013F5D78E4B43F1029D8
Est ce qu'il y'a d'autres étapes à suivre ensuite ???
merci beaucoup pour ton aide !!!! tu ml'as tiré une sacré épine du pied !!!!! ;)
ComboFix 12-06-12.03 - Amandine 13/06/2012 0:22.2.8 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4078.2566 [GMT 2:00]
Lancé depuis: c:\users\Amandine\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\programdata\Toshiba
c:\users\Amandine\AppData\Roaming\cacaoweb
c:\users\Amandine\AppData\Roaming\cacaoweb\npdfile.dat
c:\users\Amandine\AppData\Roaming\cacaoweb\replicating2DE9EB7974C0A3E5C727E1DAFEC83F20.cacao
c:\users\Amandine\AppData\Roaming\cacaoweb\replicating69DA6E78183C1D2D8B490B0F3D84145E.cacao
c:\users\Amandine\AppData\Roaming\cacaoweb\replicatingC708E4F7DA3A5F77FD8914C990EB1119.cacao
c:\users\Amandine\AppData\Roaming\cacaoweb\replicatingC8D8A9E9F882DE96DF6457FAB63D4130.cacao
c:\users\Amandine\AppData\Roaming\cacaoweb\replicatingCF2CCABE7BCE9428AB1AC0253E4FFBDC.cacao
c:\users\Amandine\AppData\Roaming\cacaoweb\replicatingDF52B34530028F47BB69A39DFEDF968F.cacao
c:\users\Amandine\AppData\Roaming\cacaoweb\replicatingE8DB08029191D125DDFDFCB2D241618F.cacao
c:\users\Amandine\AppData\Roaming\cacaoweb\storage.db
c:\users\Amandine\AppData\Roaming\Protector-csfm.exe
c:\users\Amandine\AppData\Roaming\result.db
c:\users\Amandine\AppData\Roaming\Toshiba
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards.xml
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards.xml.bak
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\6f17513b-7dcb-41f7-af73-51eff7c5be7f\TPhoto_00032.jpg.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\6f17513b-7dcb-41f7-af73-51eff7c5be7f\TPhoto_00032.jpg.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\Board.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\Board.xml
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\Board.xml.bak
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\109ecccd-40af-4ee7-b6e5-8569155e9497\Get Started Board_layer_r4_c70.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\Get Started Board_layer_r2_c50.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\26f46300-2963-4b51-8b72-ab5327c868da\Get Started Board_layer_r5_c100.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\Get Started Board_layer_r2_c20.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\Get Started Board_layer_r5_c40.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\IMG_2866000000.jpg.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\Board.xml
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png.icon.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\f8891314-3d75-41ad-a271-0e603518934d\Get Started Board_layer_r2_c110.png.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\board1.xml
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r2_c110.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r2_c20.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r2_c50.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r4_c70.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r5_c100.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\Get Started Board_layer_r5_c40.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\Help_Top000000.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Boards\IMG_2866000000.jpg
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\BulletinBoardLog.txt
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\EvernoteSettings.xml
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\EvernoteSettings.xml.bak
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\screenshot.png
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Settings.xml
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Settings.xml.bak
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\Share.xml
c:\users\Amandine\AppData\Roaming\Toshiba\BulletinBoard\ToshibaBoardSettings.xml
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\1\1.xml
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\1\Icons\0.ico
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\1\Icons\1.ico
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\1\Icons\2.ico
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\1\Icons\3.ico
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\1\Icons\4.ico
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\1\Icons\5.ico
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\1\Icons\music.png
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\dynamicicon.xml
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\update\Software\TC30424600A\Setup.exe
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\update\Software\TC30424600A\tinstallwb.exe
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\update\Software\TC30424600A\WBDJA44I.DLL
c:\users\Amandine\AppData\Roaming\Toshiba\DynamicIcon\update\Software\TC30424600A\WBTOS45I.DLL
c:\users\Amandine\AppData\Roaming\Toshiba\ReelTime\Backup\ReelTimeMonitorData.dat
c:\users\Amandine\AppData\Roaming\Toshiba\ReelTime\ReelTimeMonitorData.dat
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-05-12 au 2012-06-12 ))))))))))))))))))))))))))))))))))))
.
.
2012-06-12 22:28 . 2012-06-12 22:28 -------- d-----w- c:\users\Amandine\AppData\Roaming\TOSHIBA
2012-06-12 15:12 . 2012-06-12 16:30 -------- d-----w- C:\FyK
2012-06-11 15:43 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4FA35AF2-710E-4E1B-85DE-6A14C9D259AD}\mpengine.dll
2012-06-10 15:37 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-20 09:46 . 2012-05-20 09:46 -------- d-----w- c:\windows\fr
2012-05-20 09:45 . 2012-05-20 09:45 -------- d-----w- c:\windows\ar
2012-05-20 09:45 . 2012-05-20 09:45 -------- d-----w- c:\windows\tr
2012-05-20 09:44 . 2012-05-20 09:44 -------- d-----w- c:\windows\en
2012-05-20 09:39 . 2012-05-20 09:39 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7c95565e1cd366c01\DXSETUP.exe
2012-05-20 09:39 . 2012-05-20 09:39 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7c95565e1cd366c01\dsetup32.dll
2012-05-20 09:39 . 2012-05-20 09:39 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7cdd83fd1cd366c02\MeshBetaRemover.exe
2012-05-20 09:39 . 2012-05-20 09:39 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7c95565e1cd366c01\DSETUP.dll
2012-05-20 09:39 . 2012-05-20 09:39 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 06:05 . 2012-05-13 20:04 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-13 20:04 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-13 20:04 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-13 20:04 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-13 20:03 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-20 18:44 . 2011-04-27 14:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2011-04-18 12:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-18 09:58 . 2011-08-03 10:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-17 07:58 . 2012-05-13 20:03 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe" [2011-05-16 846936]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-06-29 1409424]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\users\Amandine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Amandine\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acelerador de inicio de AutoCAD.lnk - c:\program files (x86)\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-8-3 1492352]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 136176]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2012-01-13 103440]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-11 378472]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-03-02 266680]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 10:41]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 10:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Amandine\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-08-03 150992]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ajouter à TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll
TCP: DhcpNameServer = 87.216.1.65 87.216.1.66
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Toolbar-Locked - (no file)
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Heure de fin: 2012-06-13 00:33:54 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-06-12 22:33
.
Avant-CF: 247 752 339 456 octets libres
Après-CF: 248 186 200 064 octets libres
.
- - End Of File - - 1B457F80B52B013F5D78E4B43F1029D8
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Petite question mis à part, du coupen utilisant l'ordi de ma pote je ne sais pas ce qu'il sait passé mais je lui ai sans doute refilé le virus (ou un autre). Impossible de se connecter à internet et il affiche sans cesse
"Tentative d'opération non autorisée sur une clé du registre marquée pour suppression."
Je dois faire les mêmes étapes que sur le mien ???
"Tentative d'opération non autorisée sur une clé du registre marquée pour suppression."
Je dois faire les mêmes étapes que sur le mien ???
Re,
Pour l'autre PC, la création d'un nouveau sujet est nécessaire :-)
==========================
Maintenat prépare stp le rapport ZHPDiag demandé : <<< ICI >>>
@+
Pour l'autre PC, la création d'un nouveau sujet est nécessaire :-)
==========================
Maintenat prépare stp le rapport ZHPDiag demandé : <<< ICI >>>
@+
http://pjjoint.malekal.com/files.php?id=ZHPDiag_20120613_s5k12p8n14q14
voici le lien en question ;)
Reste-t-il quelques intrus à éliminer ?????
voici le lien en question ;)
Reste-t-il quelques intrus à éliminer ?????
NOUVEAU LIEN : http://pjjoint.malekal.com/files.php?id=ZHPDiag_20120614_i10l11d7r13l8
mot de passe : 1234
mot de passe : 1234
Re,
1/
Désinstalle : Logiciel: Bejeweled 3
2/
Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
M3 - MFPP: Plugins - [Amandine] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\fcmdSrch.xml
O42 - Logiciel: Bejeweled 3 - (.WildTangent.) [HKLM] -- WTA-b46daead-2810-4a1f-baf8-a925b5772436
O69 - SBI: SearchScopes [HKCU] {0D7562AE-8EF6-416d-A838-AB665251703A} - (Facemoods Search) - http://start.facemoods.com
O87 - FAEL: "TCP Query User{01855A17-5A41-49F7-B4BD-D42F4D8B49BB}C:\users\amandine\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\amandine\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.)
O87 - FAEL: "UDP Query User{8D3705B1-86C5-43F9-91BD-569410A6770F}C:\users\amandine\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\amandine\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.)
O87 - FAEL: "TCP Query User{5EE5A7E9-EEC6-4E4F-AC3C-7BFDFF931567}C:\users\amandine\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\amandine\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) => Infection PUP (PUP.CacaoWeb)
O87 - FAEL: "UDP Query User{0400F32E-9E15-4A12-B0AF-EE67949B8119}C:\users\amandine\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\amandine\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.)
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}]
[HKLM\Software\WOW6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}]
[HKLM\Software\WOW6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}]
[MD5.00000000000000000000000000000000] [APT] [{8DB8C3D8-47AD-42F5-8C20-A61B0A12F6F9}] (...) -- E:\AutoCAD_2010 - Spanish 64B.exe (.not file.)
Puis Lance ZHPFix depuis le raccourci du bureau .
* Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .
* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .
Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.
Clique sur le bouton GO
Copie/Colle le rapport à l'écran dans ton prochain message.
3/
Tu fais de la même (ZHPFix) avec la ligne en gras ci-dessous :
EmptyCLSID
@+
1/
Désinstalle : Logiciel: Bejeweled 3
2/
Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
M3 - MFPP: Plugins - [Amandine] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\fcmdSrch.xml
O42 - Logiciel: Bejeweled 3 - (.WildTangent.) [HKLM] -- WTA-b46daead-2810-4a1f-baf8-a925b5772436
O69 - SBI: SearchScopes [HKCU] {0D7562AE-8EF6-416d-A838-AB665251703A} - (Facemoods Search) - http://start.facemoods.com
O87 - FAEL: "TCP Query User{01855A17-5A41-49F7-B4BD-D42F4D8B49BB}C:\users\amandine\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\amandine\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.)
O87 - FAEL: "UDP Query User{8D3705B1-86C5-43F9-91BD-569410A6770F}C:\users\amandine\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\amandine\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.)
O87 - FAEL: "TCP Query User{5EE5A7E9-EEC6-4E4F-AC3C-7BFDFF931567}C:\users\amandine\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\amandine\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) => Infection PUP (PUP.CacaoWeb)
O87 - FAEL: "UDP Query User{0400F32E-9E15-4A12-B0AF-EE67949B8119}C:\users\amandine\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\amandine\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.)
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}]
[HKLM\Software\WOW6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}]
[HKLM\Software\WOW6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}]
[MD5.00000000000000000000000000000000] [APT] [{8DB8C3D8-47AD-42F5-8C20-A61B0A12F6F9}] (...) -- E:\AutoCAD_2010 - Spanish 64B.exe (.not file.)
Puis Lance ZHPFix depuis le raccourci du bureau .
* Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .
* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .
Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.
Clique sur le bouton GO
Copie/Colle le rapport à l'écran dans ton prochain message.
3/
Tu fais de la même (ZHPFix) avec la ligne en gras ci-dessous :
EmptyCLSID
@+
