Trojan sur fichier MSA

[NIKO74]

Le voici, par contre je n'ai pas eu besoin de confirmé la fenetre qui s'ouvre avant de cliker sur l appareil photo pour copier le rapport...

 

Rapport de ZHPDiag v1.25.119 par Nicolas Coolman

Run by Nico at 16/02/2010 15:01:41

Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html

 

---\\ Web Browser

MSIE: Internet Explorer v7.0.6002.18005

MFIE: Mozilla Firefox (3.5.7)

 

---\\ System Information

Platform : Windows Vista Business (6.0.6002) Service Pack 2

Processor: x86 Family 6 Model 14 Stepping 12, GenuineIntel

Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 1014 MB (12% free)

System drive C: has 64 GB (58%) free of 110 GB

 

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 64 Go of 110 Go)

E:\ CD-ROM drive (Not Inserted)

 

 

---\\ Processus lancés

[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe

[MD5.78546A5C27C5140DB1A4BBAFE1079DD4] - (.TOSHIBA Corporation - TOSHIBA Password Utility.) -- C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe

[MD5.424C1ADB34F9F1B2BC947D8BF0D5FBE3] - (.TOSHIBA Corporation - TOSHIBA Power Saver.) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

[MD5.15058804D8A48C67C007DD1D797CC72A] - (.TOSHIBA Corporation - HotStartOn.) -- C:\Program Files\TOSHIBA\TBS\HSON.exe

[MD5.1ED780F9C470D4F22D9EF29A3082B0F4] - (.TOSHIBA Corporation - SmoothView.) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe

[MD5.842691D383157CDF5D3D81E06BC1FC71] - (.TOSHIBA Corporation - TOSHIBA Flash Cards.) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

[MD5.6838FAA4B684E8294A2C165AAF5B3F60] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint2K\Apoint.exe

[MD5.7DC4E93F9BE692E29B1E1D27B6A389DC] - (.Agere Systems - LtMoh MFC Application.) -- C:\Program Files\ltmoh\Ltmoh.exe

[MD5.B7A199DD944A74B59642C431A5CA4C4B] - (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe

[MD5.9FC01591581597B73970E548B4D2C6E6] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe

[MD5.F31D1E104C3EE503FD4B94AFFE2247D5] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe

[MD5.62F5A5462A2D80EC33324445261CF2A7] - (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe

[MD5.2BA3404196A305B1F6AD2E9BEA09AAD7] - (.Toshiba - Vista Registration.) -- C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

[MD5.72A7A352072EB6EC4953F9F580463B0D] - (.AVG Technologies CZ, s.r.o. - AVG Tray Monitor.) -- C:\PROGRA~1\AVG\AVG9\avgtray.exe

[MD5.E474202772C45CF949C51AEE72241A48] - (.Microsoft Corporation - Outil de suppression de logiciels malveilla.) -- C:\Windows\system32\MRT.exe

[MD5.9E35FF7F943AE0FB89192BFE058B7FD4] - (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe

[MD5.002835A0AFFF66D5A7B7FB266A6AA368] - (.TOSHIBA - CD/DVD Drive Acoustic Silencer.) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

[MD5.18B4B12358EFCF68D76812058A26181F] - (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[MD5.762A5BD25FF00D0376959A8611B327AC] - (.Nokia - Nokia Launch Application.) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

[MD5.16B35D618CBFF41A2AE887F1887A40A6] - (.Nokia - Nokia PC Internet Access.) -- C:\Program Files\Nokia\PC Internet Access\NPCIA.exe

[MD5.35937EAD711207544E219C2A19A78A7D] - (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe

[MD5.1CE7A489BACCBA7B0DC272F3E7C8EDCB] - (.Pas de propriétaire - Pas de description.) -- C:\Users\Nico\AppData\Local\KSTKLec.dll

[MD5.21AAAE1CF1D5109084A97C8E408D3255] - (.Pas de propriétaire - Pas de description.) -- C:\Users\Nico\AppData\Local\Temp\Rjh.exe

[MD5.3794B461C45882E06856F282EEF025AF] - (.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe

[MD5.1CB677BF1DABD3BAF4F944E2C90D6C73] - (.Agere Systems - Agere Soft Modem Call Progress Service.) -- C:\Windows\system32\agrsmsvc.exe

[MD5.7E7B5FA964F578ACD655E8BEEAE2A5CA] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

[MD5.C82162949BBA6CC5D006C7BD008F3CF1] - (.TOSHIBA CORPORATION - Service of ConfigFree..) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

[MD5.8F0DE4FEF8201E306F9938B0905AC96A] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe

[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe

[MD5.3978F3540329E16C0AC3BCF677E5669F] - (.Microsoft Corporation - Processus de l’autorité de sécurité locale.) -- C:\Windows\system32\lsass.exe

[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe

[MD5.524BFBEA40E6E404737CCBC754647A2E] - (.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\System32\spoolsv.exe

[MD5.97CAAAC8031FDDAEF84150E1CA737E3E] - (.TOSHIBA Corporation - TOSHIBA HDD Protection Service.) -- C:\Windows\system32\ThpSrv.exe

[MD5.D540858E65BFA6FDED41AD2495ECE344] - (.TOSHIBA Corporation - TDCSrv Application.) -- C:\Windows\system32\TODDSrv.exe

[MD5.AF41337C08D1C240AF14BA4CAB02BF02] - (.TOSHIBA Corporation - TOSHIBA Power Saver.) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

[MD5.76148C3159718B701252F87B067904A6] - (.TOSHIBA CORPORATION - TOSHIBA Bluetooth Service.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

[MD5.332D341D92B933600D41953B08360DFB] - (.Ulead Systems, Inc. - ULCDRSvr.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

[MD5.3978704576A121A9204F8CC49A301A9B] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows M.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe

[MD5.AED0DFF80C6B3914769407E78D7AB21A] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) -- C:\Windows\system32\SearchIndexer.exe

 

 

---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=explorer.exe

 

 

---\\ Pages de démarrage d'Internet Explorer (R0)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

 

 

---\\ Pages de recherche d'Internet Explorer (R1)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

 

 

---\\ Internet Explorer URLSearchHook (R3)

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (7.00.6000.16386 (vista_rtm.061101-2205)) -- C:\Windows\system32\ieframe.dll

R3 - URLSearchHook: Microsoft Url Search Hook - {A3BC75A2-1F87-4686-AA43-5347D756017C} . (.Pas de propriétaire - AVG Security Toolbar.) (3.011.025.005) -- C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

 

 

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe Acrobat IE Helper Version 7.0 for Act.) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} . (.AVG Technologies CZ, s.r.o. - Safe Search for Internet Explorer.) -- C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} . (.Pas de propriétaire - AVG Security Toolbar.) -- C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

 

 

---\\ Internet Explorer Toolbars (O3)

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} . (.Pas de propriétaire - AVG Security Toolbar.) -- C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

 

 

---\\ Applications démarrées automatiquement par le registre (O4)

O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe

O4 - HKLM\..\Run: [TOSDCR] . (.TOSHIBA Corporation - TOSHIBA Password Utility.) -- C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe

O4 - HKLM\..\Run: [TPwrMain] . (.TOSHIBA Corporation - TOSHIBA Power Saver.) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

O4 - HKLM\..\Run: [HSON] . (.TOSHIBA Corporation - HotStartOn.) -- C:\Program Files\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [smoothView] . (.TOSHIBA Corporation - SmoothView.) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [00TCrdMain] . (.TOSHIBA Corporation - TOSHIBA Flash Cards.) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [LtMoh] . (.Agere Systems - LtMoh MFC Application.) -- C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [topi] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe

O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Toshiba Registration] . (.Toshiba - Vista Registration.) -- C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

O4 - HKLM\..\Run: [AVG9_TRAY] . (.AVG Technologies CZ, s.r.o. - AVG Tray Monitor.) -- C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [MRT] . (.Microsoft Corporation - Outil de suppression de logiciels malveilla.) -- C:\Windows\system32\MRT.exe

O4 - HKCU\..\Run: [sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKCU\..\Run: [TOSCDSPD] . (.TOSHIBA - CD/DVD Drive Acoustic Silencer.) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O4 - HKCU\..\Run: [PC Suite Tray] . (.Nokia - Nokia Launch Application.) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

O4 - HKCU\..\Run: [NokiaPCInternetAccess] . (.Nokia - Nokia PC Internet Access.) -- C:\Program Files\Nokia\PC Internet Access\NPCIA.exe

O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [Xnemuvogepuwido] . (.Pas de propriétaire - Pas de description.) -- C:\Users\Nico\AppData\Local\KSTKLec.dll

O4 - HKCU\..\Run: [F5JMWNZTHI] . (.Pas de propriétaire - Pas de description.) -- C:\Users\Nico\AppData\Local\Temp\Rjh.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - Global Startup: One Touch Backup.lnk . (.Pas de propriétaire - HDBackup MFC Application.) -- C:\Program Files\OTB_one touch backup\OTB_one touch backup\OTB_one touch backup.exe

 

 

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)

O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.exe

 

 

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} . (.not file.) -

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO

O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} . (.Pas de propriétaire - Pas de description.) -- C:\Toshiba\ebay\ebay.ico

 

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll

O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll

 

 

---\\ Objets ActiveX (Downloaded Program Files)(O16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

 

 

---\\ Protocole additionnel et piratage de protocole (O18)

O18 - Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} . (.AVG Technologies CZ, s.r.o. - Safe Search pluggable protocol.) -- C:\Program Files\AVG\AVG9\avgpp.dll

 

 

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll

 

 

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - AppInit_DLLs: . (.Pas de propriétaire - Pas de description.) - (.not File.)

 

 

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\system32\webcheck.dll

 

 

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\system32\browseui.dll

 

 

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: (AgereModemAudio) . (.Agere Systems - Agere Soft Modem Call Progress Service.) - C:\Windows\system32\agrsmsvc.exe

O23 - Service: (avg9wd) . (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: (CFSvcs) . (.TOSHIBA CORPORATION - Service of ConfigFree..) - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: (Planificateur LiveUpdate automatique) . (.Pas de propriétaire - Pas de description.) - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: (Thpsrv) . (.TOSHIBA Corporation - TOSHIBA HDD Protection Service.) - C:\Windows\system32\ThpSrv.exe

O23 - Service: (TODDSrv) . (.TOSHIBA Corporation - TDCSrv Application.) - C:\Windows\system32\TODDSrv.exe

O23 - Service: (TosCoSrv) . (.TOSHIBA Corporation - TOSHIBA Power Saver.) - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: (TOSHIBA Bluetooth Service) . (.TOSHIBA CORPORATION - TOSHIBA Bluetooth Service.) - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: (UleadBurningHelper) . (.Ulead Systems, Inc. - ULCDRSvr.) - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

 

 

---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

 

 

---\\ Composants installés (ActiveSetup Installed Components) (O40)

O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre1.6.0\bin\regutils.dll

O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.0 r32.) -- C:\Windows\system32\Macromed\Flash\Flash10c.ocx

 

 

---\\ Pilotes lancés au démarrage (O41)

O41 - Driver: (AvgLdx86) . (.AVG Technologies CZ, s.r.o. - AVG AVI Loader Driver.) - C:\Windows\system32\Drivers\avgldx86.sys

O41 - Driver: (AvgMfx86) . (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Minifilter Driver.) - C:\Windows\system32\Drivers\avgmfx86.sys

O41 - Driver: (AvgTdiX) . (.AVG Technologies CZ, s.r.o. - AVG Network connection watcher.) - C:\Windows\system32\Drivers\avgtdix.sys

 

 

---\\ Logiciels installés (O42)

O42 - Logiciel: 802.11 USB Wireless LAN Adapter - (.Pas de propriétaire.)

O42 - Logiciel: ALPS Touch Pad Driver - (.Pas de propriétaire.)

O42 - Logiciel: AVG Free 9.0 - (.AVG Technologies.)

O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Reader 7.0.8 - Français - (.Adobe Systems Incorporated.)

O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.)

O42 - Logiciel: Bluetooth Stack for Windows by Toshiba - (.Pas de propriétaire.)

O42 - Logiciel: CCleaner (remove only) - (.Pas de propriétaire.)

O42 - Logiciel: Codeur Windows Media Série 9 - (.Microsoft Corporation.)

O42 - Logiciel: Codeur Windows Media Série 9 - (.Pas de propriétaire.)

O42 - Logiciel: Creative WebCam NX Pro Driver (1.03.03.0326) - (.Pas de propriétaire.)

O42 - Logiciel: DVD MovieFactory for TOSHIBA - (.Ulead Systems, Inc..)

O42 - Logiciel: EBP Gestion Commerciale - (.EBP.)

O42 - Logiciel: Google Chrome - (.Google Inc..)

O42 - Logiciel: Google Update Helper - (.Google Inc..)

O42 - Logiciel: Google Earth - (.Google.)

O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.)

O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.)

O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.)

O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Pas de propriétaire.)

O42 - Logiciel: Java SE Runtime Environment 6 - (.Sun Microsystems, Inc..)

O42 - Logiciel: Logiciel d'archivage WinRAR - (.Pas de propriétaire.)

O42 - Logiciel: MSVC80_x86 - (.Nokia.)

O42 - Logiciel: MSVCRT - (.Microsoft.)

O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.)

O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.)

O42 - Logiciel: Ma-Config.com - (.Cybelsoft.)

O42 - Logiciel: Manuels TOSHIBA - (.TOSHIBA.)

O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.)

O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Pas de propriétaire.)

O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB953297) - (.Pas de propriétaire.)

O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.)

O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.)

O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.)

O42 - Logiciel: Microsoft Office Excel Viewer - (.Microsoft Corporation.)

O42 - Logiciel: Microsoft Office Professional Edition 2003 - (.Microsoft Corporation.)

O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.)

O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.)

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.)

O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.)

O42 - Logiciel: Montpellier Business Plan Classic - (.Montpellier Business Plan Classic.)

O42 - Logiciel: Mozilla Firefox (3.5.7) - (.Mozilla.)

O42 - Logiciel: Nokia Connectivity Cable Driver - (.Nokia.)

O42 - Logiciel: Nokia PC Internet Access - (.Nokia.)

O42 - Logiciel: Nokia PC Suite - (.Nokia.)

O42 - Logiciel: OTB_one touch backup - (.Pas de propriétaire.)

O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.)

O42 - Logiciel: PC Connectivity Solution - (.Nokia.)

O42 - Logiciel: Package de pilotes Windows - Nokia Modem (06/01/2009 4.1) - (.Nokia.)

O42 - Logiciel: Package de pilotes Windows - Nokia Modem (06/01/2009 7.01.0.3) - (.Nokia.)

O42 - Logiciel: Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) - (.Nokia.)

O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..)

O42 - Logiciel: Réducteur de bruit lect. CD/DVD - (.TOSHIBA.)

O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.)

O42 - Logiciel: Security Update for Windows Media Encoder (KB954156) - (.Microsoft Corporation.)

O42 - Logiciel: Skype™ 4.1 - (.Skype Technologies S.A..)

O42 - Logiciel: TOSHIBA Assist - (.Pas de propriétaire.)

O42 - Logiciel: TOSHIBA ConfigFree - (.TOSHIBA.)

O42 - Logiciel: TOSHIBA Disc Creator - (.TOSHIBA Corporation.)

O42 - Logiciel: TOSHIBA Extended Tiles for Windows Mobility Center - (.Toshiba.)

O42 - Logiciel: TOSHIBA HDD Protection - (.TOSHIBA Corporation.)

O42 - Logiciel: TOSHIBA SD Memory Boot Utility - (.TOSHIBA.)

O42 - Logiciel: TOSHIBA SD Memory Utilities - (.TOSHIBA.)

O42 - Logiciel: TOSHIBA Security Assist - (.TOSHIBA.)

O42 - Logiciel: TOSHIBA Software Modem - (.Agere Systems.)

O42 - Logiciel: TOSHIBA Value Added Package - (.TOSHIBA Corporation.)

O42 - Logiciel: Toshiba Online Product Information - (.TOSHIBA.)

O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.)

O42 - Logiciel: VLC media player 1.0.3 - (.VideoLAN Team.)

O42 - Logiciel: WinDVD for TOSHIBA - (.InterVideo Inc..)

O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.)

O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.)

O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.)

 

 

---\\ Contenu des dossiers Fichiers Communs (O43)

O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe

O43 - CFD:Common File Directory ----D- C:\Program Files\adslTV

O43 - CFD:Common File Directory ----D- C:\Program Files\Apoint2K

O43 - CFD:Common File Directory ----D- C:\Program Files\AVG

O43 - CFD:Common File Directory ----D- C:\Program Files\CapAlpha

O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files

O43 - CFD:Common File Directory ----D- C:\Program Files\DIFX

O43 - CFD:Common File Directory ----D- C:\Program Files\EBP

O43 - CFD:Common File Directory -SH-D- C:\Program Files\Fichiers communs

O43 - CFD:Common File Directory ----D- C:\Program Files\Google

O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information

O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer

O43 - CFD:Common File Directory ----D- C:\Program Files\InterVideo

O43 - CFD:Common File Directory ----D- C:\Program Files\Inventel

O43 - CFD:Common File Directory ----D- C:\Program Files\Java

O43 - CFD:Common File Directory ----D- C:\Program Files\LimeWire

O43 - CFD:Common File Directory ----D- C:\Program Files\ltmoh

O43 - CFD:Common File Directory ----D- C:\Program Files\ma-config.com

O43 - CFD:Common File Directory ----D- C:\Program Files\Malwarebytes' Anti-Malware

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio .NET 2003

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Works

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET

O43 - CFD:Common File Directory ----D- C:\Program Files\MiCô-Soft

O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker

O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox

O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild

O43 - CFD:Common File Directory ----D- C:\Program Files\MSECache

O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0

O43 - CFD:Common File Directory ----D- C:\Program Files\My Company Name

O43 - CFD:Common File Directory ----D- C:\Program Files\Nokia

O43 - CFD:Common File Directory ----D- C:\Program Files\OTB_one touch backup

O43 - CFD:Common File Directory ----D- C:\Program Files\PC Connectivity Solution

O43 - CFD:Common File Directory ----D- C:\Program Files\PhotoFiltre Studio X

O43 - CFD:Common File Directory ----D- C:\Program Files\Realtek

O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies

O43 - CFD:Common File Directory R---D- C:\Program Files\Skype

O43 - CFD:Common File Directory ----D- C:\Program Files\TOSHIBA

O43 - CFD:Common File Directory ----D- C:\Program Files\Trend Micro

O43 - CFD:Common File Directory ----D- C:\Program Files\Ulead Systems

O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information

O43 - CFD:Common File Directory ----D- C:\Program Files\VideoLAN

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Calendar

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Collaboration

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Defender

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Journal

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Mail

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Components

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Photo Gallery

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Portable Devices

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Sidebar

O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR

O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Adobe

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\DESIGNER

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\EBP

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\InstallShield

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Java

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\microsoft shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Nokia

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\PCSuite

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Services

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\SpeechEngines

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Symantec Shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\System

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Ulead Systems

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Windows Live

 

 

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.00000000000000000000000000000000] - 16/02/2010 - 13:51:33 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\WindowsUpdate.log

O44 - LFC:[MD5.82903149DD2B41DB04E7FB556EC0B94A] - 16/02/2010 - 13:49:12 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\bootstat.dat

O44 - LFC:[MD5.4FB50A26E7C11E70F4A574108086EA05] - 12/02/2010 - 16:50:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\rkill.log

O44 - LFC:[MD5.47877A8E44D88CF172729EE2C129229C] - 11/02/2010 - 15:09:27 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\PFRO.log

O44 - LFC:[MD5.51B3A3481FB089CB1B33D474171AB248] - 11/02/2010 - 15:06:44 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\MRT.INI

O44 - LFC:[MD5.0E46E70F35567E5AB057D72523F0F70E] - 11/02/2010 - 14:58:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\PerfStringBackup.INI

O44 - LFC:[MD5.6268CE6878B4BAF225EFC4A0DBB9F11F] - 11/02/2010 - 14:58:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfc009.dat

O44 - LFC:[MD5.106F8D540E65FE2D52FE8D6F09AEF380] - 11/02/2010 - 14:58:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfc00C.dat

O44 - LFC:[MD5.6E9158874EDD20996CAB7B6B7C281B85] - 11/02/2010 - 14:58:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfh009.dat

O44 - LFC:[MD5.41C9FF3EEEC725E571511A95C142CC89] - 11/02/2010 - 14:58:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfh00C.dat

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 11/02/2010 - 11:12:45 RSHA- . (.Pas de propriétaire - Pas de description.) -- C:\IO.SYS

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 11/02/2010 - 11:12:45 RSHA- . (.Pas de propriétaire - Pas de description.) -- C:\MSDOS.SYS

O44 - LFC:[MD5.700D77AD5EB971AECFF2C89D1804ACE2] - 10/02/2010 - 16:09:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\MEMORY.DMP

O44 - LFC:[MD5.72234734D7AF38DA8719A8A36A6031B8] - 10/02/2010 - 16:07:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\bxkuh0258.exe

O44 - LFC:[MD5.33E5557023CEE9920D567E80798A93D0] - 10/02/2010 - 16:07:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\cvmq66434.exe

O44 - LFC:[MD5.BE7382E07030134BC2F10512063C5FD7] - 02/02/2010 - 20:07:59 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\setupact.log

O44 - LFC:[MD5.42FF368FD1FDA7E409B57D33CD36463C] - 31/01/2010 - 18:55:42 ---A- . (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Starter.) -- C:\Windows\System32\avgrsstx.dll

O44 - LFC:[MD5.4F859C6E204B1205DEB79BD514E29244] - 31/01/2010 - 18:55:40 ---A- . (.AVG Technologies CZ, s.r.o. - AVG Network connection watcher.) -- C:\Windows\System32\drivers\avgtdix.sys

O44 - LFC:[MD5.5DFF0BDE81E35D725C15F01BAEA7740C] - 31/01/2010 - 18:55:30 ---A- . (.AVG Technologies CZ, s.r.o. - AVG AVI Loader Driver.) -- C:\Windows\System32\drivers\avgldx86.sys

O44 - LFC:[MD5.DB5FC10B2FA4A46A6D9D88A7AB509184] - 31/01/2010 - 18:55:26 ---A- . (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Minifilter Driver.) -- C:\Windows\System32\drivers\avgmfx86.sys

O44 - LFC:[MD5.C4DEEA3DE5A1FA203CEC36D05D73C922] - 25/01/2010 - 10:23:42 ---A- . (.Amyuni Technologies

http://www.amyuni.com - Common Driver Interface DLL.) -- C:\Windows\System32\cdintf250.dll

O44 - LFC:[MD5.AB30EEE2719A9EB8C668993ABFD02D19] - 25/01/2010 - 10:22:58 ---A- . (.Pas de propriétaire - Contrôle d'édition du dictionnaire EBP.) -- C:\Windows\System32\EBPDicEd.ocx

 

 

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)

O45 - LFCP:Last File Created Prefetch 12/02/2010 - 15:38:32 ---A- C:\Windows\Prefetch\VERCLSID.EXE-7C52E31C.pf

O45 - LFCP:Last File Created Prefetch 13/02/2010 - 03:01:39 ---A- C:\Windows\Prefetch\IGFXSRVC.EXE-96A493A4.pf

O45 - LFCP:Last File Created Prefetch 13/02/2010 - 03:21:20 ---A- C:\Windows\Prefetch\PfSvPerfStats.bin

O45 - LFCP:Last File Created Prefetch 13/02/2010 - 11:55:43 ---A- C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf

O45 - LFCP:Last File Created Prefetch 13/02/2010 - 17:09:52 ---A- C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf

O45 - LFCP:Last File Created Prefetch 13/02/2010 - 17:09:53 ---A- C:\Windows\Prefetch\CTFMON.EXE-9450846B.pf

O45 - LFCP:Last File Created Prefetch 14/02/2010 - 00:24:37 ---A- C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf

O45 - LFCP:Last File Created Prefetch 14/02/2010 - 01:52:07 ---A- C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf

O45 - LFCP:Last File Created Prefetch 14/02/2010 - 03:01:30 ---A- C:\Windows\Prefetch\WUAUCLT.EXE-70318591.pf

O45 - LFCP:Last File Created Prefetch 14/02/2010 - 03:02:53 ---A- C:\Windows\Prefetch\MSIEXEC.EXE-A2D55CB6.pf

O45 - LFCP:Last File Created Prefetch 14/02/2010 - 03:03:57 ---A- C:\Windows\Prefetch\NGEN.EXE-7900743E.pf

O45 - LFCP:Last File Created Prefetch 14/02/2010 - 03:36:51 ---A- C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf

O45 - LFCP:Last File Created Prefetch 14/02/2010 - 03:36:52 ---A- C:\Windows\Prefetch\DFRGNTFS.EXE-7E4077FE.pf

O45 - LFCP:Last File Created Prefetch 14/02/2010 - 03:46:36 ---A- C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf

O45 - LFCP:Last File Created Prefetch 14/02/2010 - 03:46:39 ---A- C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf

O45 - LFCP:Last File Created Prefetch 14/02/2010 - 11:38:40 ---A- C:\Windows\Prefetch\Layout.ini

O45 - LFCP:Last File Created Prefetch 14/02/2010 - 12:33:00 ---A- C:\Windows\Prefetch\LOGON.SCR-30601369.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 13:49:29 ---A- C:\Windows\Prefetch\AgCx_SC1.db.trx

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 13:49:29 ---A- C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 13:49:29 ---A- C:\Windows\Prefetch\WMPNSCFG.EXE-FC0D39BF.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 13:50:00 ---A- C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 13:50:27 ---A- C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 13:50:32 ---A- C:\Windows\Prefetch\AgCx_SC1.db

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 13:52:29 ---A- C:\Windows\Prefetch\AVGUPD.EXE-A2A9EA76.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 13:53:56 ---A- C:\Windows\Prefetch\FIXCFG.EXE-DEF5F496.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 13:54:04 ---A- C:\Windows\Prefetch\AVGSRMAX.EXE-D4A7AE38.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 13:57:10 ---A- C:\Windows\Prefetch\HELPER.EXE-8AEDE3E3.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 13:57:12 ---A- C:\Windows\Prefetch\FIREFOX.EXE-A606B53C.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 13:57:51 ---A- C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-680769235-560145632-250185584-1000.db

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 13:57:51 ---A- C:\Windows\Prefetch\AgGlUAD_S-1-5-21-680769235-560145632-250185584-1000.db

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 14:01:17 ---A- C:\Windows\Prefetch\EXCEL.EXE-804D5D87.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 14:11:25 ---A- C:\Windows\Prefetch\PCAUI.EXE-3E82C312.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 14:11:35 ---A- C:\Windows\Prefetch\ACRORD32.EXE-C7F7B209.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 14:31:22 ---A- C:\Windows\Prefetch\MSNMSGR.EXE-9974F251.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 14:31:35 ---A- C:\Windows\Prefetch\WLCOMM.EXE-272FF9F7.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 14:35:01 ---A- C:\Windows\Prefetch\GOOGLEUPDATE.EXE-FE771DDA.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 14:39:06 ---A- C:\Windows\Prefetch\MSFEEDSSYNC.EXE-6E6FBDF4.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 14:49:24 ---A- C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 14:53:14 ---A- C:\Windows\Prefetch\AVGCMGR.EXE-7F3B658E.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 14:53:58 ---A- C:\Windows\Prefetch\AgGlGlobalHistory.db

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 14:53:58 ---A- C:\Windows\Prefetch\AgRobust.db

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 14:53:59 ---A- C:\Windows\Prefetch\AgGlFaultHistory.db

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 14:53:59 ---A- C:\Windows\Prefetch\AgGlFgAppHistory.db

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 14:58:53 ---A- C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 14:58:54 ---A- C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 15:00:08 ---A- C:\Windows\Prefetch\RJH.EXE-0076898A.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 15:00:32 ---A- C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 15:00:39 ---A- C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 15:00:44 ---A- C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 15:00:49 ---A- C:\Windows\Prefetch\ZHPDIAG 1.25.11.EXE-766B6477.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 15:00:49 ---A- C:\Windows\Prefetch\ZHPDIAG 1.25.11.TMP-1EBCC3F4.pf

O45 - LFCP:Last File Created Prefetch 16/02/2010 - 15:01:11 ---A- C:\Windows\Prefetch\ZHPDIAG.EXE-5F50D22C.pf

 

 

---\\ MountPoints2 Shell Key (MPSK) (O51)

O51 - MPSK:{bdca2bf7-bbc4-11de-b92e-0015b75d36e8}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- D:\NokiaPCIA_Autorun.exe (.not file.)

 

 

---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)

O52 - TDSD: \Drivers\"MSVideo.PD1130VFW"="P1130Vfw.drv" . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O52 - TDSD: \Drivers32\"VIDC.I420"="msh263.drv" . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll

O52 - TDSD: \Drivers32\"msacm.dvacm"="C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm" . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

 

 

---\\ Microsoft Control Security Providers (MCSP) (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=credssp.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=credssp.dll

 

 

---\\ Microsoft Windows Policies System (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1

O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

 

 

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)

O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveTypeAutoRun"=145

O56 - MWPE:[HKLM\...\Policies\Explorer] - "BindDirectlyToPropertySetStorage"=0

 

 

---\\ Liste des Drivers Système (SDL) (O58)

O58 - SDL:[MD5.2EDC5BBAC6C651ECE337BDE8ED97C9FB] - 02/11/2006 - 10:51:38 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys

O58 - SDL:[MD5.B84088CA3CDCA97DA44A984C6CE1CCAD] - 02/11/2006 - 10:51:32 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys

O58 - SDL:[MD5.7880C67BCCC27C86FD05AA2AFB5EA469] - 02/11/2006 - 10:50:35 ---A- . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (x86).) -- C:\Windows\system32\drivers\adpu160m.sys

O58 - SDL:[MD5.9AE713F8E30EFC2ABCCD84904333DF4D] - 02/11/2006 - 10:51:00 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys

O58 - SDL:[MD5.4E6294A06BE883C9BD685A8DFD9FCD4E] - 31/08/2006 - 06:53:00 ---A- . (.Agere Systems - SoftModem Device Driver.) -- C:\Windows\system32\drivers\AGRSM.sys

O58 - SDL:[MD5.90395B64600EBB4552E26E178C94B2E4] - 02/11/2006 - 10:49:20 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys

O58 - SDL:[MD5.7C2F57BCE81FA74933F0E1C84A97C9DB] - 30/08/2006 - 09:35:00 ---A- . (.Alps Electric Co., Ltd. - Alps Touch Pad Driver.) -- C:\Windows\system32\drivers\Apfiltr.sys

O58 - SDL:[MD5.5F673180268BB1FDB69C99B6619FE379] - 02/11/2006 - 10:50:09 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys

O58 - SDL:[MD5.957F7540B5E7F602E44648C7DE5A1C05] - 02/11/2006 - 10:50:10 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys

O58 - SDL:[MD5.96EE10617D6ECB02C45D9208CB9CD8D4] - 11/04/2009 - 07:32:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\drivers\atapi.sys

O58 - SDL:[MD5.5DFF0BDE81E35D725C15F01BAEA7740C] - 31/01/2010 - 18:55:30 ---A- . (.AVG Technologies CZ, s.r.o. - AVG AVI Loader Driver.) -- C:\Windows\system32\drivers\avgldx86.sys

O58 - SDL:[MD5.DB5FC10B2FA4A46A6D9D88A7AB509184] - 31/01/2010 - 18:55:26 ---A- . (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Minifilter Driver.) -- C:\Windows\system32\drivers\avgmfx86.sys

O58 - SDL:[MD5.4F859C6E204B1205DEB79BD514E29244] - 31/01/2010 - 18:55:40 ---A- . (.AVG Technologies CZ, s.r.o. - AVG Network connection watcher.) -- C:\Windows\system32\drivers\avgtdix.sys

O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 02/11/2006 - 09:24:45 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys

O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 02/11/2006 - 09:24:46 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys

O58 - SDL:[MD5.B304E75CFF293029EDDF094246747113] - 02/11/2006 - 09:25:24 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys

O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 02/11/2006 - 09:24:44 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys

O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 02/11/2006 - 09:24:44 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys

O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 02/11/2006 - 09:24:47 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys

O58 - SDL:[MD5.4A8A2AA0706B659175169DECF198E9D7] - 09/02/2009 - 07:37:46 ---A- . (.Nokia - Nokia USB Phone Bus Driver.) -- C:\Windows\system32\drivers\ccdcmb.sys

O58 - SDL:[MD5.FD3E61831095AC62E6840D986B5A2016] - 09/02/2009 - 07:37:46 ---A- . (.Nokia - Nokia USB Phone Bus Driver.) -- C:\Windows\system32\drivers\ccdcmbo.sys

O58 - SDL:[MD5.45201046C776FFDAF3FC8A0029C581C8] - 02/11/2006 - 10:49:28 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys

O58 - SDL:[MD5.AE1FDF7BF7BB6C6A70F67699D880592A] - 02/11/2006 - 10:50:11 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys

O58 - SDL:[MD5.139E691F12561C9F66B7F4140A9FFB90] - 28/08/2009 - 23:16:18 ---A- . (.Intel Corporation - Intel® PRO/1000 Adapter NDIS 6 deserialized driver.) -- C:\Windows\system32\drivers\e1e6032.sys

O58 - SDL:[MD5.F88FB26547FD2CE6D0A5AF2985892C48] - 02/11/2006 - 08:30:54 ---A- . (.Intel Corporation - Intel® PRO/1000 Adapter NDIS 6 deserialized driver.) -- C:\Windows\system32\drivers\E1G60I32.sys

O58 - SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] - 02/11/2006 - 10:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys

O58 - SDL:[MD5.DF353B401001246853763C4B7AAA6F50] - 02/11/2006 - 10:50:10 ---A- . (.Hewlett-Packard Company - Smart Array Storport Driver.) -- C:\Windows\system32\drivers\HpCISSs.sys

O58 - SDL:[MD5.C957BF4B5D80B46C5017BF0101E6C906] - 02/11/2006 - 10:51:25 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) -- C:\Windows\system32\drivers\iaStorV.sys

O58 - SDL:[MD5.5F43E40C46D98E5E1E7D8A77D7BBF738] - 12/12/2006 - 10:49:56 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\system32\drivers\igdkmd32.sys

O58 - SDL:[MD5.2D077BF86E843F901D8DB709C95B49A5] - 02/11/2006 - 10:50:17 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys

O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\system32\drivers\iteatapi.sys

O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\system32\drivers\iteraid.sys

O58 - SDL:[MD5.1E0D65F7FFEB4E99B2EEC1CCB5754CC8] - 14/02/2006 - 18:50:52 ---A- . (.TOSHIBA CORPORATION - TOSHIBA RAID Driver.) -- C:\Windows\system32\drivers\KR10I.sys

O58 - SDL:[MD5.0F9E83709CBB60B1549F3A65D0AB6E4F] - 14/02/2006 - 18:41:20 ---A- . (.TOSHIBA CORPORATION - TOSHIBA RAID Driver.) -- C:\Windows\system32\drivers\KR10N.sys

O58 - SDL:[MD5.A2262FB9F28935E862B4DB46438C80D2] - 02/11/2006 - 10:50:04 ---A- . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys

O58 - SDL:[MD5.30D73327D390F72A62F32C103DAF1D6D] - 02/11/2006 - 10:50:05 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys

O58 - SDL:[MD5.E1E36FEFD45849A95F1AB81DE0159FE3] - 02/11/2006 - 10:50:10 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys

O58 - SDL:[MD5.D153B14FC6598EAE8422A2037553ADCE] - 02/11/2006 - 10:49:53 ---A- . (.LSI Logic Corporation - MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) -- C:\Windows\system32\drivers\megasas.sys

O58 - SDL:[MD5.4FBBB70D30FD20EC51F80061703B001E] - 02/11/2006 - 10:49:59 ---A- . (.LSI Logic Corporation - MegaRAID RAID Controller Driver for Windows Vista/Longhorn for.) -- C:\Windows\system32\drivers\Mraid35x.sys

O58 - SDL:[MD5.ACC6170D80C69E50145B370023B64ED3] - 30/10/2006 - 09:42:28 ---A- . (.Intel® Corporation - Intel® Wireless LAN Driver.) -- C:\Windows\system32\drivers\NETw3v32.sys

O58 - SDL:[MD5.8DE67BD902095A13329FD82C85A1FA09] - 17/11/2008 - 15:40:22 ---A- . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\system32\drivers\NETw5v32.sys

O58 - SDL:[MD5.2E7FB731D4790A1BC6270ACCEFACB36E] - 02/11/2006 - 10:50:19 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys

O58 - SDL:[MD5.E875C093AEC0C978A90F30C9E0DFBB72] - 02/11/2006 - 08:36:50 ---A- . (.N-trig Innovative Technologies - Pilote intégré de digitalisateur de tablette N-trig.) -- C:\Windows\system32\drivers\ntrigdigi.sys

O58 - SDL:[MD5.E69E946F80C1C31C53003BFBF50CBB7C] - 02/11/2006 - 10:50:24 ---A- . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys

O58 - SDL:[MD5.9E0BA19A28C498A6D323D065DB76DFFC] - 02/11/2006 - 10:50:13 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys

O58 - SDL:[MD5.C33020863ECA962B66E17F9FA2A2EB59] - 30/04/2002 - 15:51:40 ---A- . (.OrangeWare Corporation - USB 2.0 Hub Driver.) -- C:\Windows\system32\drivers\ousb2hub.sys

O58 - SDL:[MD5.5AF01C765C9EC5E5AD3BF38A8303B1E1] - 30/04/2002 - 15:51:40 ---A- . (.OrangeWare Corporation - USB 2.0 Enhanced Host Controller Driver.) -- C:\Windows\system32\drivers\ousbehci.sys

O58 - SDL:[MD5.37D3E66567E5082A783BEA33CF69837C] - 04/05/2004 - 05:48:00 ---A- . (.Creative Technology Ltd. - Video streaming and Capture Device Driver.) -- C:\Windows\system32\drivers\P1130Vid.sys

O58 - SDL:[MD5.FD2041E9BA03DB7764B2248F02475079] - 26/08/2008 - 09:26:12 ---A- . (.Nokia - PCCS Mode Change Filter Driver.) -- C:\Windows\system32\drivers\pccsmcfd.sys

O58 - SDL:[MD5.CCDAC889326317792480C0A67156A1EC] - 02/11/2006 - 10:51:45 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys

O58 - SDL:[MD5.81A7E5C076E59995D54BC1ED3A16E60B] - 02/11/2006 - 10:50:35 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys

O58 - SDL:[MD5.A47B2875680AD67B35C6150BD0203056] - 08/11/2006 - 19:09:00 ---A- . (.Realtek Semiconductor Corp. - Realtek® High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RTKVHDA.sys

O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 02/11/2006 - 07:37:21 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys

O58 - SDL:[MD5.C2299AF684920F592D87AA002D072080] - 01/03/2006 - 18:37:32 ---A- . (.Silicon Integrated Systems Corp. - SiS163 USB Wireless LAN Adapter Driver.) -- C:\Windows\system32\drivers\sis163u.sys

O58 - SDL:[MD5.CEDD6F4E7D84E9F98B34B3FE988373AA] - 02/11/2006 - 10:50:10 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys

O58 - SDL:[MD5.DF843C528C4F69D12CE41CE462E973A7] - 02/11/2006 - 10:50:16 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys

O58 - SDL:[MD5.192AA3AC01DF071B541094F251DEED10] - 02/11/2006 - 10:50:05 ---A- . (.LSI Logic - LSI Logic 8XX SCSI Miniport Driver.) -- C:\Windows\system32\drivers\symc8xx.sys

O58 - SDL:[MD5.8C8EB8C76736EBAF3B13B633B2E64125] - 02/11/2006 - 10:49:56 ---A- . (.LSI Logic - LSI Logic Hi-Perf SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_hi.sys

O58 - SDL:[MD5.8072AF52B5FD103BBBA387A1E49F62CB] - 02/11/2006 - 10:50:03 ---A- . (.LSI Logic - LSI Logic Ultra160 SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_u3.sys

O58 - SDL:[MD5.1825BCEB47BF41C5A9F0E44DE82FC27A] - 18/10/2006 - 11:50:04 ---A- . (.TOSHIBA Corporation. - Toshiba ODD Writing Driver For x86..) -- C:\Windows\system32\drivers\tdcmdpst.sys

O58 - SDL:[MD5.9A847CD173C9776F62BFBB36C1617974] - 30/10/2006 - 15:47:22 ---A- . (.TOSHIBA Corporation - TOSHIBA HDD Protection Driver.) -- C:\Windows\system32\drivers\thpdrv.sys

O58 - SDL:[MD5.EE6FE4F18657C6AFED533A5D8FD4AF5C] - 04/09/2007 - 01:30:24 ---A- . (.TOSHIBA Corporation - TOSHIBA HDD Protection - Shock Sensor Driver.) -- C:\Windows\system32\drivers\Thpevm.sys

O58 - SDL:[MD5.E362D54FD394999C4178936396664E57] - 11/07/2005 - 18:58:56 ---A- . (.TOSHIBA Corporation. - Toshiba Bluetooth HID mini port driver.) -- C:\Windows\system32\drivers\Toshidpt.sys

O58 - SDL:[MD5.8D624D3BD1F2D78BD1C01A2D4E954B4E] - 10/10/2006 - 19:33:22 ---A- . (.TOSHIBA Corporation - TOSHIBA Bluetooth Port Emulation Driver.) -- C:\Windows\system32\drivers\tosporte.sys

O58 - SDL:[MD5.CE378F952A16FBFE355126D90D8F42E8] - 21/09/2006 - 14:22:42 ---A- . (.TOSHIBA CORPORATION - Bluetooth RF Bus Driver.) -- C:\Windows\system32\drivers\TosRfbd.sys

O58 - SDL:[MD5.1AE2BA74B2A4F5A358B13FCD35258C30] - 16/03/2006 - 10:45:12 ---A- . (.TOSHIBA Corporation - Bluetooth RFBNEP Driver.) -- C:\Windows\system32\drivers\tosrfbnp.sys

O58 - SDL:[MD5.5BA1CA3B3CDDB1DDC67DF473F05D1EC2] - 01/08/2005 - 16:45:08 ---A- . (.TOSHIBA Corporation - Bluetooth RFCOMM Driver.) -- C:\Windows\system32\drivers\tosrfcom.sys

O58 - SDL:[MD5.28099A4E52148319AFA685D93A2244D0] - 05/10/2006 - 16:07:46 ---A- . (.TOSHIBA Corporation. - Bluetooth HID Driver from TOSHIBA.) -- C:\Windows\system32\drivers\TosRfhid.sys

O58 - SDL:[MD5.C52FD27B9ADF3A1F22CB90E6BCF9B0CB] - 06/01/2005 - 13:42:42 ---A- . (.TOSHIBA Corporation. - Bluetooth BNEP Driver.) -- C:\Windows\system32\drivers\tosrfnds.sys

O58 - SDL:[MD5.1FF09B64D1E0C82EE81026718D8D47C2] - 22/11/2006 - 16:09:22 ---A- . (.TOSHIBA Corporation - Bluetooth Audio Driver (WDM).) -- C:\Windows\system32\drivers\TosRfSnd.sys

O58 - SDL:[MD5.20CC46C5D3326122E1A0A8C9DAD00E0D] - 28/10/2006 - 00:29:10 ---A- . (.TOSHIBA CORPORATION - Bluetooth USB Miniport Driver.) -- C:\Windows\system32\drivers\tosrfusb.sys

O58 - SDL:[MD5.C2AC99B9979AA8B82B4BB5EE514EF71B] - 05/10/2006 - 22:13:12 ---A- . (.TOSHIBA Corporation - TOSHIBA ACPI-Based Value Added Logical and General Purpose Devi.) -- C:\Windows\system32\drivers\TVALZ.SYS

O58 - SDL:[MD5.3CD4EA35A6221B85DCC25DAA46313F8D] - 02/11/2006 - 10:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\system32\drivers\uliahci.sys

O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\system32\drivers\ulsata.sys

O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 02/11/2006 - 10:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\system32\drivers\ulsata2.sys

O58 - SDL:[MD5.587E643A4E2FFD9A00F114B057CEB773] - 09/02/2009 - 07:37:48 ---A- . (.Nokia - Filter Driver for Nokia USB Phone Bus Driver.) -- C:\Windows\system32\drivers\usbser_lowerflt.sys

O58 - SDL:[MD5.FCA6A196D47CB972A0E4ADC0DB9CD17C] - 09/02/2009 - 07:37:56 ---A- . (.Nokia - Filter Driver for Nokia USB Phone Bus Driver.) -- C:\Windows\system32\drivers\usbser_lowerfltj.sys

O58 - SDL:[MD5.FD2E3175FCADA350C7AB4521DCA187EC] - 02/11/2006 - 10:49:30 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys

O58 - SDL:[MD5.D984439746D42B30FC65A4C3546C6829] - 02/11/2006 - 10:50:41 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR X86-32.) -- C:\Windows\system32\drivers\vsmraid.sys

O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\ANSI.SYS

O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\country.sys

O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\HIMEM.SYS

O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\KEY01.SYS

O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\KEYBOARD.SYS

O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS.SYS

O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS404.SYS

O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS411.SYS

O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS412.SYS

O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS804.SYS

O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO.SYS

O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO404.SYS

O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO411.SYS

O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO412.SYS

O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO804.SYS

O58 - SDL:[MD5.2F9806B52CB3748B1E49222744B28E3C] - 26/09/2009 - 11:28:22 ---A- . (.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 Protocol Driver.) -- C:\Windows\system32\PCANDIS5.SYS

 

 

---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)

O61 - LFC:Last File Created 13/02/2010 - 03:20:53 ---A- C:\Users\All Users\avg9\Log\avgui.log

O61 - LFC:Last File Created 13/02/2010 - 03:21:02 --HA- C:\Users\Nico\AppData\Local\IconCache.db

O61 - LFC:Last File Created 13/02/2010 - 11:39:55 --HA- C:\Users\Default\ntuser.dat.LOG1

O61 - LFC:Last File Created 13/02/2010 - 11:39:55 -SHA- C:\Users\Default\NTUSER.DAT

O61 - LFC:Last File Created 13/02/2010 - 11:53:58 ---A- C:\Users\All Users\avg9\Log\avgtdi.log

O61 - LFC:Last File Created 13/02/2010 - 11:54:08 ---A- C:\Users\All Users\avg9\Temp\3e7b56c2-74b2-4a9b-ac7f-a6412e59710c-2b0-oopp.tmp

O61 - LFC:Last File Created 13/02/2010 - 11:55:02 ---A- C:\Users\All Users\avg9\Log\avgwd.log.2

O61 - LFC:Last File Created 13/02/2010 - 11:58:13 ---A- C:\Users\All Users\avg9\update\download\u9iavi2685u2680dc.bin

O61 - LFC:Last File Created 13/02/2010 - 14:53:11 ---A- C:\Users\All Users\avg9\Log\avgcfg.log.2

O61 - LFC:Last File Created 13/02/2010 - 18:20:55 ---A- C:\Users\Nico\AppData\Local\Temp\VBE\MSForms.exd

O61 - LFC:Last File Created 13/02/2010 - 18:20:58 ---A- C:\Users\Nico\AppData\Local\Temp\VBE\RefEdit.exd

O61 - LFC:Last File Created 13/02/2010 - 18:21:21 ---A- C:\Users\Nico\AppData\Roaming\Microsoft\Office\Récent\Temp.lnk

O61 - LFC:Last File Created 13/02/2010 - 18:21:21 ---A- C:\Users\Nico\AppData\Roaming\Microsoft\Office\Récent\UMAS CARP Tackle EURO Price List 2010.xls.lnk

O61 - LFC:Last File Created 14/02/2010 - 00:27:17 ---A- C:\Users\All Users\avg9\Log\avgcore.log.1

O61 - LFC:Last File Created 14/02/2010 - 00:27:26 ---A- C:\Users\All Users\avg9\update\download\u9iavi2686u2685qn.bin

O61 - LFC:Last File Created 14/02/2010 - 00:28:28 ---A- C:\Users\All Users\avg9\update\backup\incavi.avm

O61 - LFC:Last File Created 14/02/2010 - 01:18:20 ---A- C:\Users\All Users\avg9\Log\avgcfg.log.1

O61 - LFC:Last File Created 14/02/2010 - 01:42:34 ---A- C:\Users\Nico\AppData\Roaming\Adobe\Flash Player\AssetCache\N9WDSGXL\1C04C61346A1FA3139A37D860ED92632AA13DECF.heu

O61 - LFC:Last File Created 16/02/2010 - 13:52:20 ---A- C:\Users\All Users\avg9\Log\avgwd.log.1

O61 - LFC:Last File Created 16/02/2010 - 13:52:28 ---A- C:\Users\All Users\avg9\Log\avgcfg.log

O61 - LFC:Last File Created 16/02/2010 - 13:52:28 ---A- C:\Users\All Users\avg9\update\download\avg9infoavi.ctf

O61 - LFC:Last File Created 16/02/2010 - 13:52:28 ---A- C:\Users\All Users\avg9\update\download\avg9infowin.ctf

O61 - LFC:Last File Created 16/02/2010 - 13:52:31 ---A- C:\Users\All Users\avg9\update\download\u9iavi2691u2686vg.bin

O61 - LFC:Last File Created 16/02/2010 - 13:52:31 ---A- C:\Users\All Users\avg9\update\download\x8xplsb_120d1195.bin

O61 - LFC:Last File Created 16/02/2010 - 13:52:31 ---A- C:\Users\All Users\avg9\update\download\x8xplsc_180d17846.bin

O61 - LFC:Last File Created 16/02/2010 - 13:53:39 ---A- C:\Users\All Users\avg9\Log\avgldr.log

O61 - LFC:Last File Created 16/02/2010 - 13:53:40 ---A- C:\Users\All Users\avg9\CfgAll\updateall.cfg

O61 - LFC:Last File Created 16/02/2010 - 13:54:03 ---A- C:\Users\All Users\avg9\Log\avgchjwsrv.log

O61 - LFC:Last File Created 16/02/2010 - 13:54:04 ---A- C:\Users\All Users\avg9\CfgAll\falsealarm.cfg

O61 - LFC:Last File Created 16/02/2010 - 13:54:04 ---A- C:\Users\All Users\avg9\Log\vault.log

O61 - LFC:Last File Created 16/02/2010 - 13:54:18 ---A- C:\Users\All Users\avg9\Cfg\updatecomps.cfg

O61 - LFC:Last File Created 16/02/2010 - 13:54:18 ---A- C:\Users\All Users\avg9\Temp\file9514.tmp

O61 - LFC:Last File Created 16/02/2010 - 13:54:26 ---A- C:\Users\All Users\avg9\Cfg\update.cfg

O61 - LFC:Last File Created 16/02/2010 - 13:54:26 ---A- C:\Users\All Users\avg9\Log\fixcfg.log

O61 - LFC:Last File Created 16/02/2010 - 13:54:26 ---A- C:\Users\All Users\avg9\Log\history.xml

O61 - LFC:Last File Created 16/02/2010 - 13:54:27 ---A- C:\Users\All Users\avg9\Log\avgupd.log

O61 - LFC:Last File Created 16/02/2010 - 13:56:37 ---A- C:\Users\All Users\avg9\Log\avgwdsvc.log

O61 - LFC:Last File Created 16/02/2010 - 13:57:13 ---A- C:\Users\Nico\AppData\Local\Temp\Nico.bmp

O61 - LFC:Last File Created 16/02/2010 - 14:01:17 ---A- C:\Users\Nico\AppData\Roaming\Microsoft\Office\Récent\Bibliothèque.lnk

O61 - LFC:Last File Created 16/02/2010 - 14:01:17 ---A- C:\Users\Nico\AppData\Roaming\Microsoft\Office\Récent\Copie de 06 Order form retail trade 2010-1.xls.lnk

O61 - LFC:Last File Created 16/02/2010 - 14:01:17 ---A- C:\Users\Nico\AppData\Roaming\Microsoft\Office\Récent\EUROTOOL.XLA.lnk

O61 - LFC:Last File Created 16/02/2010 - 14:06:12 ---A- C:\Users\Nico\AppData\Roaming\Microsoft\Office\Récent\Cipro.lnk

O61 - LFC:Last File Created 16/02/2010 - 14:06:12 ---A- C:\Users\Nico\AppData\Roaming\Microsoft\Office\Récent\ORDER FOR ME 16 02 2010.xls.lnk

O61 - LFC:Last File Created 16/02/2010 - 14:06:12 --HA- C:\Users\Nico\AppData\Roaming\Microsoft\Office\Récent\index.dat

O61 - LFC:Last File Created 16/02/2010 - 14:06:16 ---A- C:\Users\Nico\AppData\Roaming\Microsoft\Excel\Excel11.xlb

O61 - LFC:Last File Created 16/02/2010 - 14:06:16 ---A- C:\Users\Nico\AppData\Roaming\Microsoft\Office\Excel11.pip

O61 - LFC:Last File Created 16/02/2010 - 14:06:16 ---A- C:\Users\Nico\AppData\Roaming\Microsoft\Office\VB11.pip

O61 - LFC:Last File Created 16/02/2010 - 14:11:24 ---A- C:\Users\Nico\AppData\Local\AVG Security Toolbar\cache\overlay.xml

O61 - LFC:Last File Created 16/02/2010 - 14:17:15 ---A- C:\Users\Nico\AppData\Roaming\Adobe\Acrobat\7.0\Collab\RSS

O61 - LFC:Last File Created 16/02/2010 - 14:17:15 ---A- C:\Users\Nico\AppData\Roaming\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js

O61 - LFC:Last File Created 16/02/2010 - 14:17:15 ---A- C:\Users\Nico\AppData\Roaming\Adobe\Acrobat\7.0\Updater\udlog.txt

O61 - LFC:Last File Created 16/02/2010 - 14:17:15 ---A- C:\Users\Nico\AppData\Roaming\Adobe\Acrobat\7.0\Updater\udstore.js

O61 - LFC:Last File Created 16/02/2010 - 14:19:21 ---A- C:\Users\All Users\avg9\Chjw\cm-0-p.dat

O61 - LFC:Last File Created 16/02/2010 - 14:20:31 ---A- C:\Users\All Users\avg9\Chjw\cm-1-p.dat

O61 - LFC:Last File Created 16/02/2010 - 14:22:54 ---A- C:\Users\All Users\avg9\Chjw\cm-2-i.dat

O61 - LFC:Last File Created 16/02/2010 - 14:22:54 ---A- C:\Users\All Users\avg9\Chjw\cm-2-p.dat

O61 - LFC:Last File Created 16/02/2010 - 14:22:59 ---A- C:\Users\All Users\avg9\Log\avgchjw.log

O61 - LFC:Last File Created 16/02/2010 - 14:31:14 ---A- C:\Users\Nico\Tracing\WindowsLiveMessenger-uccapi-0.uccapilog

O61 - LFC:Last File Created 16/02/2010 - 14:31:25 ---A- C:\Users\Nico\AppData\Roaming\Microsoft\IdentityCRL\production\MetaConfig.xml

O61 - LFC:Last File Created 16/02/2010 - 14:33:08 ---A- C:\Users\Nico\AppData\Local\Temp\MessengerCache\W0aCBOA5abiJAFeIyxjvEpqFDqo=

O61 - LFC:Last File Created 16/02/2010 - 14:35:44 ---A- C:\Users\Nico\AppData\Local\Temp\MessengerCache\MRJy4SwEW15RV5YiN0PCbLvmS2Q=

O61 - LFC:Last File Created 16/02/2010 - 14:40:03 ---A- C:\Users\Nico\AppData\Local\Temp\MessengerCache\2w+5KHKeZADpSw02FzjL5AFRKOpA=

O61 - LFC:Last File Created 16/02/2010 - 14:45:05 ---A- C:\Users\Nico\AppData\Local\Temp\MessengerCache\kMFFhyysDl7h8OBLK5UIp8DVu9M=

O61 - LFC:Last File Created 16/02/2010 - 14:53:01 ---A- C:\Users\All Users\avg9\Log\avglng.log

O61 - LFC:Last File Created 16/02/2010 - 14:53:10 ---A- C:\Users\All Users\avg9\Log\avgns.log

O61 - LFC:Last File Created 16/02/2010 - 14:53:14 ---A- C:\Users\All Users\avg9\Cfg\sched.cfg

O61 - LFC:Last File Created 16/02/2010 - 14:53:15 ---A- C:\Users\All Users\avg9\Log\avgsched.log

O61 - LFC:Last File Created 16/02/2010 - 14:53:37 ---A- C:\Users\All Users\avg9\Log\avgwd.log

O61 - LFC:Last File Created 16/02/2010 - 15:00:27 ---A- C:\Users\All Users\avg9\scanlogs\I_00000001.log

O61 - LFC:Last File Created 16/02/2010 - 15:01:02 ---A- C:\Users\All Users\avg9\Log\avgrs.log

O61 - LFC:Last File Created 16/02/2010 - 15:03:13 ---A- C:\Users\All Users\avg9\Log\avgcore.log

O61 - LFC:Last File Created 16/02/2010 - 15:03:14 ---A- C:\Users\Nico\AppData\Local\Temp\plugtmp-1\plugin-TemplateAdRenderer.xml

O61 - LFC:Last File Created 16/02/2010 - 15:03:14 ---A- C:\Users\Nico\AppData\Local\Temp\plugtmp-1\plugin-spring_V1_spec_300_250.xml

 

 

---\\ Liste des outils de nettoyage (LATC) (O63)

O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.)

O63 - Logiciel: ZHPDiag 1.25 - (.Nicolas Coolman.)

 

 

---\\ Liste des services Legacy (LALS) (O64)

O64 - Services: - C:\Windows\system32\Drivers\avgldx86.sys - AVG Free AVI Loader Driver x86 (AvgLdx86) .(.AVG Technologies CZ, s.r.o. - AVG AVI Loader Driver.) - LEGACY_AVGLDX86

O64 - Services: - C:\Windows\system32\Drivers\avgmfx86.sys - AVG Free On-access Scanner Minifilter Driver x86 (AvgMfx86) .(.AVG Technologies CZ, s.r.o. - AVG Resident Shield Minifilter Driver.) - LEGACY_AVGMFX86

O64 - Services: - C:\Windows\system32\Drivers\avgtdix.sys - AVG Free Network Redirector (AvgTdiX) .(.AVG Technologies CZ, s.r.o. - AVG Network connection watcher.) - LEGACY_AVGTDIX

O64 - Services: - C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys - driverhardwarev2 (driverhardwarev2) .(.CybelSoft - Driver NT Ma-Config.com.) - LEGACY_DRIVERHARDWAREV2

O64 - Services: - (.not file.) - Symantec Eraser Control driver (eeCtrl) .(.Pas de propriétaire - Pas de description.) - LEGACY_EECTRL

O64 - Services: - C:\Windows\system32\Drivers\SECDRV.sys - (.not file.) - Security Driver (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV

O64 - Services: - (.not file.) - SymEvent (SymEvent) .(.Pas de propriétaire - Pas de description.) - LEGACY_SYMEVENT

O64 - Services: - (.not file.) - SYMREDRV (SYMREDRV) .(.Pas de propriétaire - Pas de description.) - LEGACY_SYMREDRV

O64 - Services: - (.not file.) - SYMTDI (SYMTDI) .(.Pas de propriétaire - Pas de description.) - LEGACY_SYMTDI

 

 

---\\ Liste des fichiers non signés (LUF) (O65)

O65 - LUF:28/11/2006 (.Pas de propriétaire - Contrôle d'édition du dictionnaire EBP.) (11.2 - Build 699) - c:\windows\system32\EBPDicEd.ocx

 

 

---\\ Infection Rogue (Possible)

R3 - URLSearchHook: Microsoft Url Search Hook - {A3BC75A2-1F87-4686-AA43-5347D756017C} . (.Pas de propriétaire - AVG Security Toolbar.) (3.011.025.005) -- C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} . (.Pas de propriétaire - AVG Security Toolbar.) -- C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} . (.Pas de propriétaire - AVG Security Toolbar.) -- C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

 

 

 

End of the scan (681 lines in 06mn 52s)

[pear]

Vous allez télécharger Combofix.

Ce logiciel est très puissant et ne doit pas être utilisé sans une aide compétente sous peine de risquer des dommages irréversibles.

Veuillez noter que ce logiciel est régulièrement mis à jour et que la version que vous allez charger sera obsolète dans quelques jours.

 

Télécharger combofix.exe de sUBs

 

Vous devriez avoir une fenêtre vous avertissant que vous téléchargez Combofix depuis un site non-autorisé.

N'en tenez pas compte

 

Lancez Combofix en double cliquant

 

Tout d'abord, Combofix vérifie si la Console de récupération est installée et vous propose de le faire dans le cas contraire.

Certaines infections comme braviax empêcheront son installation.

Les utilisateurs de Windows Vista peuvent utiliser leur CD Windows pour démarrer en mode Vista Recovery Environment (Environnement de réparation Vista)

La Console de récupération Windows vous permettra de démarrer dans un mode spécial de récupération (réparation).

Elle peut être nécessaire si votre ordinateur rencontre un problème après une tentative de nettoyage.

C'est une procédure simple, qui ne vous prendra que peu de temps et pourra peut-être un jour vous sauver la mis

Certaines infections (Rootkit en Mbr)ne peuvent être traitées qu'en utilisant la Console de Récupération,

D'importantes procédures que Combofix est susceptible de lancer ne fonctionneront qu'à la condition que la console de récupération(Sous Xp) soit installée

C'est pourquoi il vous est vivement conseillé d' installer d'abord la Console de Récupération sur le pc .

 

Cela permettra de réparer le système au cas ou le pc ne redémarrerait plus suite à la désinfection.

* Après avoir cliqué sur le lien correspondant à votre version de Windows, vous serez dirigé sur une page:

cliquez sur le bouton Télécharger afin de récupérer le package d'installation sur leBureau:

Ne modifiez pas le nom du fichier

Windows XP Service Pack 2 (SP2) > Microsoft Windows XP Professionnel SP2

* Faites un glisser/déposer de ce fichier sur le fichier ComboFix.exe

 

 

* Suivre les indications à l'écran pour lancer ComboFix et lorsqu'on le demande, accepter le Contrat de Licence d'Utilisateur Final pour installer la Console de Récupération Microsoft.

Après installation,vous devriez voir ce message:

The Recovery Console was successfully installed.

 

Fermez ou désactivez tous les programmes Antivirus, Antispyware, Pare-feu actifs ,Teatimer de Spybot car ils pourraient perturber le fonctionnement de cet outil

Vous devez désactiver vos protections et ne savez pas comment faire

 

Sur Bleeping Computers en Anglais:

 

Sur PCA,En Français

Cela est absolument nécessaire au succès de la procédure.

Bien évidemment, vous les rétablirez ensuite.

Connecter tous les disques amovibles (disque dur externe, clé USB…).

*Double cliquer sur combofix.exe pour le lancer.

 

Ne pas fermer la fenêtre qui vient de s'ouvrir , le bureau serait vide et cela pourrait entraîner un plantage du programme!

Pour lancer le scan

 

* Taper sur la touche 1 pour démarrer le scan.

Si pour une raison quelconque combofix ne se lançait pas,

Démarrez en mode sans échec, choisissez le compte Administrateur,(sous Vista désactivez UAC) lancez Combofix

Lorsque ComboFix tourne, ne touchez plus du tout à votre ordinateur, vous risqueriez de planter le programme.

 

* Le scan pourrait prendre un certain temps:

Patientez au moins 30 minutes pendant l'analyse.

Si le programme gèle (+ de 30 minutes), fermez le en cliquant le "X" au haut à droite de la fenêtre.

A la fin,,un rapport sera généré : postez en le contenu dans un prochain message.

* Si le rapport est trop long, postez le en deux fois.

Il se trouve à c:\combofix.txt

[NIKO74]

le voici.

 

 

ComboFix 10-02-12.01 - Nico 16/02/2010 17:44:22.1.2 - x86

Lancé depuis: c:\users\Nico\Desktop\Cipro\facture 2009\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-2300031439-3791799157-2081733281-500

c:\$recycle.bin\S-1-5-21-918056312-2952985149-2686913973-500

c:\$recycle.bin\S-1-5-21-942300725-971121800-4008021340-500

c:\users\Nico\AppData\Local\av.exe

c:\users\Nico\AppData\Local\KSTKLec.dll

c:\users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\B1Y40.jpg

c:\users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\B8bAy.jpg

c:\users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\x515A.jpg

c:\users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\yXOmyOkO.jpg

c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-01-16 au 2010-02-16 ))))))))))))))))))))))))))))))))))))

.

 

2010-02-16 16:54 . 2010-02-16 16:54 -------- d-----w- c:\users\Nico\AppData\Local\temp

2010-02-16 16:54 . 2010-02-16 16:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-02-16 16:16 . 2010-02-16 16:40 -------- d-----w- C:\21075-CF

2010-02-16 14:00 . 2010-02-16 14:08 -------- d-----w- c:\program files\ZHPDiag

2010-02-12 15:54 . 2010-02-12 15:54 -------- d-----w- c:\users\Nico\AppData\Roaming\Malwarebytes

2010-02-12 15:54 . 2010-02-12 15:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-12 15:54 . 2010-02-12 15:54 -------- d-----w- c:\programdata\Malwarebytes

2010-02-11 15:15 . 2010-02-11 15:15 -------- d-----w- c:\program files\Trend Micro

2010-02-11 14:13 . 2010-02-11 14:13 -------- d-----w- c:\windows\Sun

2010-02-11 10:12 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys

2010-02-11 10:12 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-02-11 10:11 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-02-11 10:11 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2010-02-11 10:07 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll

2010-02-11 10:07 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll

2010-02-11 10:07 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll

2010-02-11 10:07 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll

2010-02-11 10:07 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll

2010-02-11 10:07 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2010-02-11 10:07 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll

2010-02-11 10:07 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll

2010-02-11 10:07 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll

2010-02-11 10:06 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-02-11 10:06 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-10 23:56 . 2010-02-10 23:56 -------- d-----w- c:\program files\MiCô-Soft

2010-02-10 23:37 . 2010-02-10 23:37 92 ----a-w- c:\users\Nico\AppData\Local\fusioncache.dat

2010-02-10 23:37 . 2010-02-10 23:37 -------- d-----w- c:\users\Nico\AppData\Local\Microsoft Help

2010-02-10 23:30 . 2010-02-10 23:30 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2003

2010-02-10 23:30 . 2010-02-10 23:41 -------- d-----w- c:\programdata\Microsoft Help

2010-02-10 23:13 . 2010-02-10 23:13 -------- d-----w- c:\windows\system32\URTTEMP

2010-02-10 15:07 . 2010-02-10 15:07 75776 ----a-w- c:\windows\bxkuh0258.exe

2010-02-10 15:07 . 2010-02-10 15:07 40960 ----a-w- c:\windows\cvmq66434.exe

2010-02-10 14:38 . 2010-02-11 10:09 -------- d-----w- c:\program files\LimeWire

2010-02-08 23:21 . 2010-02-11 10:12 -------- d-----w- c:\program files\adslTV

2010-02-08 15:52 . 2010-02-08 15:52 40960 ----a-r- c:\users\Nico\AppData\Roaming\Microsoft\Installer\{EDA1C1F7-F27E-4B20-B9BC-39964452DBB1}\NewShortcut2_EDA1C1F7F27E4B20B9BC39964452DBB1.exe

2010-02-08 15:52 . 2010-02-08 15:52 40960 ----a-r- c:\users\Nico\AppData\Roaming\Microsoft\Installer\{EDA1C1F7-F27E-4B20-B9BC-39964452DBB1}\NewShortcut1_EDA1C1F7F27E4B20B9BC39964452DBB1.exe

2010-02-08 15:52 . 2010-02-08 15:52 10134 ----a-r- c:\users\Nico\AppData\Roaming\Microsoft\Installer\{EDA1C1F7-F27E-4B20-B9BC-39964452DBB1}\ARPPRODUCTICON.exe

2010-02-08 15:51 . 2010-02-08 15:51 -------- d-----w- c:\program files\CapAlpha

2010-02-08 15:49 . 2010-02-08 15:49 -------- d-----w- c:\windows\Downloaded Installations

2010-02-01 07:58 . 2010-02-01 07:58 -------- d-----w- c:\programdata\WindowsSearch

2010-02-01 07:54 . 2010-01-31 17:54 1260800 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe

2010-02-01 07:54 . 2010-01-31 17:54 3777280 ----a-w- c:\programdata\avg9\update\backup\setup.exe

2010-01-31 18:02 . 2010-01-31 18:02 -------- d-----w- c:\users\Nico\AppData\Local\AVG Security Toolbar

2010-01-31 17:55 . 2010-02-11 13:43 -------- d-----w- C:\$AVG

2010-01-31 17:55 . 2010-01-31 17:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-01-31 17:55 . 2010-01-31 17:55 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-01-31 17:55 . 2010-01-31 17:55 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-01-31 17:55 . 2010-01-31 17:55 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-01-31 17:55 . 2010-02-16 12:53 -------- d-----w- c:\windows\system32\drivers\Avg

2010-01-31 17:55 . 2010-01-31 17:55 -------- d-----w- c:\programdata\AVG Security Toolbar

2010-01-31 17:54 . 2010-01-31 17:54 -------- d-----w- c:\program files\AVG

2010-01-31 17:54 . 2010-02-12 14:11 -------- d-----w- c:\programdata\avg9

2010-01-31 17:17 . 2010-01-31 17:17 -------- d-----w- c:\program files\CCleaner

2010-01-25 09:31 . 2010-01-25 09:31 -------- d-----w- c:\users\Nico\AppData\Roaming\EBP

2010-01-25 09:23 . 2006-05-10 12:18 1929216 ----a-w- c:\windows\system32\cdintf250.dll

2010-01-25 09:23 . 2006-11-28 21:03 1196032 ----a-w- c:\programdata\EBP\Gestion\Modeles\UpdateWG.exe

2010-01-25 09:23 . 2010-01-25 09:23 -------- d-----w- c:\programdata\EBP

2010-01-25 09:22 . 2010-01-25 09:22 -------- d-----w- c:\program files\Common Files\EBP

2010-01-25 09:22 . 1998-06-16 23:00 57344 ------w- c:\windows\system32\Mfc42loc.dll

2010-01-25 09:22 . 2010-01-25 09:23 -------- d-----w- c:\program files\EBP

2010-01-22 19:34 . 2010-02-11 10:11 -------- d-----w- c:\users\Nico\AppData\Roaming\vlc

2010-01-22 19:33 . 2010-01-22 19:33 -------- d-----w- c:\program files\VideoLAN

2010-01-22 09:38 . 2009-12-16 11:44 834048 ----a-w- c:\windows\system32\wininet.dll

2010-01-22 09:38 . 2009-12-18 13:01 78336 ----a-w- c:\windows\system32\ieencode.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-11 14:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-02-11 13:58 . 2006-11-02 15:47 679418 ----a-w- c:\windows\system32\perfh00C.dat

2010-02-11 13:58 . 2006-11-02 15:47 128418 ----a-w- c:\windows\system32\perfc00C.dat

2010-02-10 23:56 . 2010-02-10 23:56 -------- d-----w- c:\program files\MiCô-Soft

2010-02-10 23:30 . 2009-11-26 11:30 -------- d-----w- c:\program files\Microsoft.NET

2010-02-02 19:39 . 2009-11-18 22:30 -------- d-----w- c:\program files\Google

2010-01-31 17:02 . 2007-01-02 09:57 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-01-25 09:22 . 2007-01-02 07:49 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-21 10:37 . 2009-12-17 16:30 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-14 10:12 . 2009-10-03 23:57 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-05 08:48 . 2010-01-05 08:10 -------- d-----w- c:\users\Nico\AppData\Roaming\PhotoFiltre Studio X

2010-01-05 08:10 . 2010-01-05 08:10 -------- d-----w- c:\program files\PhotoFiltre Studio X

2009-12-19 17:06 . 2009-12-19 17:06 -------- d-----w- c:\users\Nico\AppData\Roaming\InterVideo

2009-12-19 14:45 . 2009-12-19 14:45 -------- d-----w- c:\program files\OTB_one touch backup

2009-12-19 14:18 . 2009-12-19 14:18 -------- d-----w- c:\program files\ma-config.com

2009-12-19 14:18 . 2009-12-19 14:18 -------- d-----w- c:\programdata\ma-config.com

2009-11-28 02:29 . 2009-09-23 17:37 112408 ----a-w- c:\users\Nico\AppData\Local\GDIPFONTCACHEV1.DAT

.

 

------- Sigcheck -------

 

[7] 2009-09-27 . B35CFCEF838382AB6490B321C87EDF17 . 21560 . . [6.0.6000.16632] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys

[-] 2009-04-11 06:32 . 96EE10617D6ECB02C45D9208CB9CD8D4 . 19944 . . [------] . . c:\windows\System32\drivers\atapi.sys

[7] 2009-04-11 . 1F05B78AB91C9075565A9D8A4B880BC4 . 19944 . . [6.0.6002.18005] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[7] 2008-01-19 . 2D9C903DC76A66813D350A562DE40ED9 . 21560 . . [6.0.6001.18000] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[7] 2006-11-02 . 4F4FCB8B6EA06784FB6D475B7EC7300F . 19048 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

"NokiaPCInternetAccess"="c:\program files\Nokia\PC Internet Access\NPCIA.exe" [2008-09-29 536576]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"TOSDCR"="c:\program files\TOSHIBA\PasswordUtility\TOSDCR.exe" [2006-12-29 173624]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 411768]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-14 493688]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-15 530552]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]

"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]

"NDSTray.exe"="NDSTray.exe" [bU]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 577536]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2006-12-13 554640]

"P1130Cfg.exe Config"="P1130Cfg.exe" [2004-05-04 53248]

"MRT"="c:\windows\system32\MRT.exe" [2010-02-01 30364104]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

One Touch Backup.lnk - c:\program files\OTB_one touch backup\OTB_one touch backup\OTB_one touch backup.exe [2009-12-19 421888]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):6c,65,a6,d0,8f,5f,ca,01

 

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\System32\drivers\thpdrv.sys [30/10/2006 15:47 16384]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\System32\drivers\Thpevm.sys [04/09/2007 01:30 13336]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [31/01/2010 18:55 333192]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [31/01/2010 18:55 360584]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [31/01/2010 18:54 285392]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 15:40 3668480]

S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18/11/2009 23:30 135664]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/12/2009 19:00 243056]

S3 P1130VID;Creative WebCam NX Pro;c:\windows\System32\drivers\P1130Vid.sys [04/05/2004 05:48 90229]

S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [26/09/2009 11:13 217088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contenu du dossier 'Tâches planifiées'

 

2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 22:30]

 

2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 22:30]

 

2010-02-16 c:\windows\Tasks\User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}.job

- c:\windows\system32\msfeedssync.exe [2009-10-01 07:33]

.

.

------- Examen supplémentaire -------

.

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR

FF - ProfilePath - c:\users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\soit9tc5.default\

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKCU-Run-Xnemuvogepuwido - c:\users\Nico\AppData\Local\KSTKLec.dll

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-16 17:54

Windows 6.0.6002 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????S*pX????????????????( ??P

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uftqlmiuhusmcjp]

"imagepath"="\??\c:\windows\TEMP\AC75.tmp"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Heure de fin: 2010-02-16 17:57:39

ComboFix-quarantined-files.txt 2010-02-16 16:57

 

Avant-CF: 69 083 734 016 octets libres

Après-CF: 68 974 026 752 octets libres

 

- - End Of File - - A780E08E1479E17B73013AF94D4C54C5

 

 

 

 

Encore merci

[pear]

Bonjour,

 

Rendez vous à cette addresse:

 

Cliquez sur parcourir pour trouver ces fichiers

C:\21075-CF

et cliquez sur "envoyer le fichier"

Copiez /collez la réponse dans votre prochain message.

 

Note: il peut arriver que le fichier ait déjà été analysé. Si c'est le cas, cliquez sur le bouton Reanalyse file now

 

Combo, Nettoyage

Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Connecter tous les disques amovibles (disque dur externe, clé USB…).

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Vérifiez que l'antivirus soit bien désactivé car un redémarrage le réactive

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

KillAll::

Folder::

Driver::

npggsvc

File::

c:\windows\bxkuh0258.exe

c:\windows\cvmq66434.exe

c:\windows\TEMP\AC75.tmp

Fcopy::

c:\windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys|c:\windows\System32\drivers\atapi.sys

 

Registry::

[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uftqlmiuhusmcjp]

 

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

 

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

[NIKO74]

salut, désolé j etais absent ces dernier temps. je n'ai pas se fichier: 21075-CF

 

comment faire?

 

merci nico

[pear]

Bonsoir,

Il y avait une procédure à exécuter.

 

je n'ai pas se fichier: 21075-CF

Il apparait là:

 

Rapport Combofix:

((((((((((((((((((((((((((((( Fichiers créés du 2010-01-16 au 2010-02-16 ))))))))))))))))))))))))))))))))))))

.

 

2010-02-16 16:54 . 2010-02-16 16:54 -------- d-----w- c:\users\Nico\AppData\Local\temp

2010-02-16 16:54 . 2010-02-16 16:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-02-16 16:16 . 2010-02-16 16:40 -------- d-----w- C:\21075-CF

 

Si vous ne le voyez pas:

 

Poste de travail->Outils ->Options des dossiers ->Affichage

Cocher "Afficher les dossiers cachés"

Décocher" Masquer les extension des fichiers dont le type est connus "ainsi que "Masquer les fichiers protégés du système d exploitation"

--> un message dit que cela peut endommager le système, ne pas en tenir compte, valider par oui

Modifié le 22 février 2010 par pear

[NIKO74]

c'est un dossier mais je n'ai rien dedant.... Pourquoi?

[pear]

Il aurait pu ne pas être vide mais bourré de malwares.

J'attens Combofix.

[NIKO74]

voici le rapport, par contre je n'ai pas eu le choix entre le 1 et le 2 comme tu disais en debut d ouvrir combofix.

 

 

 

ComboFix 10-02-23.04 - Nico 24/02/2010 18:17:24.2.2 - x86

Microsoft® Windows Vista™ Professionnel 6.0.6002.2.1252.33.1036.18.1014.301 [GMT 1:00]

Lancé depuis: c:\users\Nico\Desktop\ComboFix.exe

Commutateurs utilisés :: c:\users\Nico\Desktop\CFScript.txt

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

FILE ::

"c:\windows\bxkuh0258.exe"

"c:\windows\cvmq66434.exe"

"c:\windows\TEMP\AC75.tmp"

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\pdfforge Toolbar\SearchSettings.dll

c:\windows\bxkuh0258.exe

c:\windows\cvmq66434.exe

 

.

--------------- FCopy ---------------

 

c:\windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys --> c:\windows\System32\drivers\atapi.sys

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-01-24 au 2010-02-24 ))))))))))))))))))))))))))))))))))))

.

 

2010-02-24 17:28 . 2010-02-24 17:35 -------- d-----w- c:\users\Nico\AppData\Local\temp

2010-02-24 17:28 . 2010-02-24 17:28 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-02-24 17:28 . 2010-02-24 17:28 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-02-24 16:58 . 2010-02-24 16:58 -------- d-sh--w- c:\users\Nico\Phone Browser

2010-02-24 15:56 . 2010-02-24 15:56 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS

2010-02-19 12:33 . 2010-02-19 12:33 -------- d-----w- c:\program files\Application Updater

2010-02-19 12:33 . 2010-02-24 17:27 -------- d-----w- c:\program files\pdfforge Toolbar

2010-02-19 12:32 . 2010-02-19 12:32 -------- d-----w- c:\users\Nico\AppData\Local\ApplicationHistory

2010-02-19 12:32 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll

2010-02-19 12:32 . 1998-07-13 00:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL

2010-02-19 12:32 . 1998-07-13 00:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL

2010-02-19 12:32 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL

2010-02-19 12:32 . 2010-02-19 12:34 -------- d-----w- c:\program files\PDFCreator

2010-02-17 23:02 . 2006-12-12 09:04 167936 ----a-w- c:\windows\system32\igfxres.dll

2010-02-16 16:16 . 2010-02-16 16:40 -------- d-----w- C:\21075-CF

2010-02-16 14:00 . 2010-02-16 14:08 -------- d-----w- c:\program files\ZHPDiag

2010-02-12 15:54 . 2010-02-12 15:54 -------- d-----w- c:\users\Nico\AppData\Roaming\Malwarebytes

2010-02-12 15:54 . 2010-02-12 15:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-12 15:54 . 2010-02-12 15:54 -------- d-----w- c:\programdata\Malwarebytes

2010-02-11 15:15 . 2010-02-11 15:15 -------- d-----w- c:\program files\Trend Micro

2010-02-11 14:13 . 2010-02-11 14:13 -------- d-----w- c:\windows\Sun

2010-02-11 10:12 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys

2010-02-11 10:12 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-02-11 10:11 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-02-11 10:11 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2010-02-11 10:07 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll

2010-02-11 10:07 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll

2010-02-11 10:07 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll

2010-02-11 10:07 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll

2010-02-11 10:07 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll

2010-02-11 10:07 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2010-02-11 10:07 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll

2010-02-11 10:07 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll

2010-02-11 10:07 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll

2010-02-11 10:06 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-02-11 10:06 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-10 23:56 . 2010-02-10 23:56 -------- d-----w- c:\program files\MiCô-Soft

2010-02-10 23:37 . 2010-02-10 23:37 92 ----a-w- c:\users\Nico\AppData\Local\fusioncache.dat

2010-02-10 23:37 . 2010-02-10 23:37 -------- d-----w- c:\users\Nico\AppData\Local\Microsoft Help

2010-02-10 23:30 . 2010-02-10 23:30 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2003

2010-02-10 23:30 . 2010-02-10 23:41 -------- d-----w- c:\programdata\Microsoft Help

2010-02-10 23:13 . 2010-02-10 23:13 -------- d-----w- c:\windows\system32\URTTEMP

2010-02-10 14:38 . 2010-02-11 10:09 -------- d-----w- c:\program files\LimeWire

2010-02-08 23:21 . 2010-02-11 10:12 -------- d-----w- c:\program files\adslTV

2010-02-08 15:51 . 2010-02-08 15:51 -------- d-----w- c:\program files\CapAlpha

2010-02-08 15:49 . 2010-02-08 15:49 -------- d-----w- c:\windows\Downloaded Installations

2010-02-01 07:58 . 2010-02-01 07:58 -------- d-----w- c:\programdata\WindowsSearch

2010-01-31 18:02 . 2010-01-31 18:02 -------- d-----w- c:\users\Nico\AppData\Local\AVG Security Toolbar

2010-01-31 17:55 . 2010-02-11 13:43 -------- d-----w- C:\$AVG

2010-01-31 17:55 . 2010-01-31 17:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-01-31 17:55 . 2010-01-31 17:55 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-01-31 17:55 . 2010-01-31 17:55 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-01-31 17:55 . 2010-01-31 17:55 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-01-31 17:55 . 2010-02-24 16:46 -------- d-----w- c:\windows\system32\drivers\Avg

2010-01-31 17:55 . 2010-02-19 11:04 -------- d-----w- c:\programdata\AVG Security Toolbar

2010-01-31 17:54 . 2010-01-31 17:54 -------- d-----w- c:\program files\AVG

2010-01-31 17:54 . 2010-02-12 14:11 -------- d-----w- c:\programdata\avg9

2010-01-31 17:17 . 2010-01-31 17:17 -------- d-----w- c:\program files\CCleaner

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-11 14:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-02-11 13:58 . 2006-11-02 15:47 679418 ----a-w- c:\windows\system32\perfh00C.dat

2010-02-11 13:58 . 2006-11-02 15:47 128418 ----a-w- c:\windows\system32\perfc00C.dat

2010-02-11 10:11 . 2010-01-22 19:34 -------- d-----w- c:\users\Nico\AppData\Roaming\vlc

2010-02-10 23:56 . 2010-02-10 23:56 -------- d-----w- c:\program files\MiCô-Soft

2010-02-10 23:30 . 2009-11-26 11:30 -------- d-----w- c:\program files\Microsoft.NET

2010-02-08 15:52 . 2010-02-08 15:52 40960 ----a-r- c:\users\Nico\AppData\Roaming\Microsoft\Installer\{EDA1C1F7-F27E-4B20-B9BC-39964452DBB1}\NewShortcut2_EDA1C1F7F27E4B20B9BC39964452DBB1.exe

2010-02-08 15:52 . 2010-02-08 15:52 40960 ----a-r- c:\users\Nico\AppData\Roaming\Microsoft\Installer\{EDA1C1F7-F27E-4B20-B9BC-39964452DBB1}\NewShortcut1_EDA1C1F7F27E4B20B9BC39964452DBB1.exe

2010-02-08 15:52 . 2010-02-08 15:52 10134 ----a-r- c:\users\Nico\AppData\Roaming\Microsoft\Installer\{EDA1C1F7-F27E-4B20-B9BC-39964452DBB1}\ARPPRODUCTICON.exe

2010-02-02 19:39 . 2009-11-18 22:30 -------- d-----w- c:\program files\Google

2010-01-31 17:54 . 2010-02-01 07:54 3777280 ----a-w- c:\programdata\avg9\update\backup\setup.exe

2010-01-31 17:54 . 2010-02-01 07:54 1260800 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe

2010-01-31 17:02 . 2007-01-02 09:57 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-01-25 09:31 . 2010-01-25 09:31 -------- d-----w- c:\users\Nico\AppData\Roaming\EBP

2010-01-25 09:23 . 2010-01-25 09:23 -------- d-----w- c:\programdata\EBP

2010-01-25 09:23 . 2010-01-25 09:22 -------- d-----w- c:\program files\EBP

2010-01-25 09:22 . 2010-01-25 09:22 -------- d-----w- c:\program files\Common Files\EBP

2010-01-25 09:22 . 2007-01-02 07:49 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-22 19:33 . 2010-01-22 19:33 -------- d-----w- c:\program files\VideoLAN

2010-01-21 10:37 . 2009-12-17 16:30 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-14 10:12 . 2009-10-03 23:57 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-05 08:48 . 2010-01-05 08:10 -------- d-----w- c:\users\Nico\AppData\Roaming\PhotoFiltre Studio X

2010-01-05 08:10 . 2010-01-05 08:10 -------- d-----w- c:\program files\PhotoFiltre Studio X

2009-12-18 13:01 . 2010-01-22 09:38 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-12-16 11:44 . 2010-01-22 09:38 834048 ----a-w- c:\windows\system32\wininet.dll

2009-11-28 02:29 . 2009-09-23 17:37 112408 ----a-w- c:\users\Nico\AppData\Local\GDIPFONTCACHEV1.DAT

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]

2010-01-08 02:17 700416 ----a-w- c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll" [2010-01-08 700416]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

"NokiaPCInternetAccess"="c:\program files\Nokia\PC Internet Access\NPCIA.exe" [2008-09-29 536576]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"TOSDCR"="c:\program files\TOSHIBA\PasswordUtility\TOSDCR.exe" [2006-12-29 173624]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 411768]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-14 493688]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-15 530552]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]

"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]

"NDSTray.exe"="NDSTray.exe" [bU]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 577536]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2006-12-13 554640]

"P1130Cfg.exe Config"="P1130Cfg.exe" [2004-05-04 53248]

"MRT"="c:\windows\system32\MRT.exe" [2010-02-01 30364104]

"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

One Touch Backup.lnk - c:\program files\OTB_one touch backup\OTB_one touch backup\OTB_one touch backup.exe [2009-12-19 421888]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):6c,65,a6,d0,8f,5f,ca,01

 

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\System32\drivers\thpdrv.sys [30/10/2006 15:47 16384]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\System32\drivers\Thpevm.sys [04/09/2007 01:30 13336]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [31/01/2010 18:55 333192]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [31/01/2010 18:55 360584]

R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 00:51 380928]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [31/01/2010 18:54 285392]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 15:40 3668480]

S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18/11/2009 23:30 135664]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/12/2009 19:00 243056]

S3 P1130VID;Creative WebCam NX Pro;c:\windows\System32\drivers\P1130Vid.sys [04/05/2004 05:48 90229]

S3 PROCEXP113;PROCEXP113;c:\windows\System32\drivers\PROCEXP113.SYS [24/02/2010 16:56 12568]

S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [26/09/2009 11:13 217088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contenu du dossier 'Tâches planifiées'

 

2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 22:30]

 

2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 22:30]

 

2010-02-24 c:\windows\Tasks\User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}.job

- c:\windows\system32\msfeedssync.exe [2009-10-01 07:33]

.

.

------- Examen supplémentaire -------

.

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR

FF - ProfilePath - c:\users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\soit9tc5.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll

FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHELINS SUPPRIMES - - - -

 

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\pdfforge Toolbar\SearchSettings.dll

BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\pdfforge Toolbar\SearchSettings.dll

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-24 18:36

Windows 6.0.6002 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????S*pX????????????????( ??P

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'Explorer.exe'(2180)

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\agrsmsvc.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\ThpSrv.exe

c:\windows\system32\TODDSrv.exe

c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\windows\system32\conime.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\RtHDVCpl.exe

c:\program files\TOSHIBA\ConfigFree\NDSTray.exe

c:\windows\System32\ThpSrv.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe

c:\program files\Apoint2K\ApMsgFwd.exe

c:\program files\Apoint2K\Apntex.exe

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\system32\RacAgent.exe

.

**************************************************************************

.

Heure de fin: 2010-02-24 18:49:04 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-02-24 17:48

ComboFix2.txt 2010-02-16 16:57

 

Avant-CF: 68 299 415 552 octets libres

Après-CF: 68 317 974 528 octets libres

 

- - End Of File - - A5C8209371B85793DF2C7E438CBCB266

 

 

 

Merci

[pear]

C'est bien.

Comment se comportele pc ?

 

Java n'est pas à jour,donc vulnérable.

Téléchargez Javara

ou là:

Javara

clic sur Download Windows binary.zip vers le bureau.

Dézippez.

lancez Javara.exe

clic sur mise à jour via jucheck

clic sur installer

 

Revenez dans JavaRa

 

Cliquez Effacer les anciennes versions

Puis..... Autres Options ->Cocher Effacer les fichiers JRE Inutiles ->Exécuter