Demande d'analyse

Section d'analyse de rapports et de désinfection : malwares en tous genre et autres indésirables. Demandes de nettoyage uniquement. Prise en charge restreinte : équipe spécialisée.

Modérateur: Modérateurs

Règles du forum :arrow: Les désinfections sont prises en charge par un groupe spécifique, tout le monde ne peut pas intervenir pour désinfecter les machines (règles).
:arrow: Les procédures sont sur-mesure, ne faites pas la même chose chez vous (explications).
:arrow: Un topic par machine, chacun crée le sien. ;)

Demande d'analyse

Messagepar benoit.boudey » 23 Sep 2010 10:05

Bonjour,

J'ai visiblement chopé un malware. Les fichiers ntuser.dat. log 1&2 en font ils partie ?


Voici Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 20:51:41, on 20/09/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redire ... &site=home (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Users\Benoit\Desktop\Doc pr Site\xampp\apache\bin\httpd.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe
O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FileZilla Server - FileZilla Project - C:\Users\Benoit\Desktop\Doc pr Site\xampp\FileZillaFTP\FileZilla server.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: MySQL - MySQL AB - C:\Users\Benoit\Desktop\Doc pr Site\xampp\mysql\bin\mysqld.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 26493 bytese

D'avance merci
c
benoit.boudey
 
Messages: 12
Inscription: 20 Sep 2010 20:02

Re: Demande d'analyse

Messagepar nardino » 24 Sep 2010 09:49

Bonjour
Qu'est-ce qui t'amène à penser à une infection ?
Pourquoi penses-tu que ces deux fichiers sont malfaisants ?
Un rapport Hijackthis même s'il conserve une petite utilité pour certains trucs, est loin d'être suffisant.
Les explications sur la nature des symptômes rencontrés sont plus importantes.

Image Télécharge et installe Malwarebytes Anti-Malware de RubbeR DuckY

Image Double-clique sur le fichier mbam-setup-1.46.exe (sous Vista et 7 autorise les modifications)
A la fin de l'installation, veille à ce que les options suivantes soient cochées
    -Mettre à jour Malwarebytes' Anti-Malware
    -Exécuter Malwarebytes' Anti-Malware
Image Clique sur Terminer
Une fenêtre Mise à jour de Malwarebytes' Anti-Malware va s'ouvrir avec une barre de progression.
Puis une autre annonçant le succès de la mise à jour de la base de données. Clique sur OK.
Le programme s'ouvre sur l'onglet Recherche.
Coche Image Exécuter un examen rapide, clique sur le bouton Image

Image A la fin du scan, sélectionne tout et clique sur Supprimer la sélection

Image Poste le rapport qui s'ouvre après cette suppression.
Redémarre le pc si cela est demandé
Tu peux retrouver le rapport dans l'onglet Rapports/Logs avec la date et l'heure d'exécution.

Image Télécharge OTL de OldTimer sur ton bureau.
Image Clique sur OTL.exe
Image Coche :
En haut, à droite
    -Tous les utilisateurs
    -Avec analyse 64 bits sera coché automatiquement si c'est la cas de ton système.
    -Rapport standard
En bas, à droite
    -Recherche LOP
    -Recherche Purity

Processus, Services, Drivers, Registre:Standard, Modules, Pilotes doivent être sur [Avec liste blanche] par défaut.
Registre : approfondi est sur Aucun.

Image

Image Clique sur le bouton [Analyse] en haut en bleu.
L'analyse va prendre une ou deux minutes.
Une fois celle-ci terminée un rapport va s'ouvrir
Image Tu postes ce rapport par copier-coller et tu le fermes.
Tu fermes aussi le fichier Extras.txt dans la barre des tâches, il sera demandé en cas de nécessité.
Ils seront sauvegardés sur le bureau (OTL.txt et Extras.txt) ou dans le dossier où se trouve OTL.exe.
Image En cas de difficulté pour poster les rapports par copier-coller, tu peux les héberger sur Cjoint.com
Poste les liens obtenus dans ce cas.

Image Rappel pour faire un copier-coller.

    Appuie sur les touches CTRL+A pour sélectionner tout le rapport, puis sur CTRL+C pour tout copier dans le presse-papier.
    Dans ta réponse tu appuies sur CTRL+V pour coller le contenu du presse-papier.
    Tu renouvelles pour chaque rapport demandé.

Selon l'analyse des deux rapports, nous établirons une procédure pour la désinfection ou bien nous compléterons les recherches avec d'autres outils.

@+
Image
Avatar de l’utilisateur
nardino
Super Libellulien
Super Libellulien
 
Messages: 1103
Inscription: 03 Avr 2009 22:02

Re: Demande d'analyse

Messagepar benoit.boudey » 26 Sep 2010 21:39

Voici les rapports :

Visiblement infections trouvés...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4698

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

26/09/2010 20:00:43
mbam-log-2010-09-26 (20-00-43).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 250785
Temps écoulé: 30 minute(s), 28 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Astrocom (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NeoChronos (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
benoit.boudey
 
Messages: 12
Inscription: 20 Sep 2010 20:02

Re: Demande d'analyse

Messagepar benoit.boudey » 26 Sep 2010 21:44

OTL logfile created on: 26/09/2010 20:05:22 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Benoit\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 32,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,54 Gb Total Space | 49,60 Gb Free Space | 42,20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 113,88 Gb Total Space | 81,32 Gb Free Space | 71,41% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-BENOIT
Current User Name: Benoit
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/26 20:02:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Benoit\Downloads\OTL.exe
PRC - [2010/09/16 22:08:14 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/16 22:08:13 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/07 08:42:10 | 001,588,184 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2010/09/02 15:00:28 | 000,235,472 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2010/09/02 14:48:16 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\FGuard.exe
PRC - [2010/09/01 17:43:18 | 000,122,880 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\UAService7.exe
PRC - [2010/08/30 08:03:22 | 001,145,816 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/15 13:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2009/12/20 01:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\Users\Benoit\Desktop\Doc pr Site\xampp\mysql\bin\mysqld.exe
PRC - [2009/12/20 01:00:00 | 001,029,776 | ---- | M] (FileZilla Project) -- C:\Users\Benoit\Desktop\Doc pr Site\xampp\FileZillaFTP\FileZilla server.exe
PRC - [2009/12/20 01:00:00 | 000,148,112 | ---- | M] (Apache Friends) -- C:\Users\Benoit\Desktop\Doc pr Site\xampp\xampp-control.exe
PRC - [2009/12/20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\Users\Benoit\Desktop\Doc pr Site\xampp\apache\bin\httpd.exe
PRC - [2009/11/25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/01/09 20:58:08 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/01/09 20:57:02 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/09/26 11:02:04 | 002,356,088 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
PRC - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/07/03 12:47:37 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/06/25 15:05:58 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008/05/28 13:40:28 | 000,020,480 | ---- | M] ( ) -- C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
PRC - [2008/05/08 11:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/04/29 11:33:28 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/04/26 16:57:06 | 000,716,800 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2008/04/24 19:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/24 10:22:10 | 000,103,824 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
PRC - [2008/04/24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008/04/17 11:39:02 | 000,667,648 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2008/04/17 00:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 00:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/03/19 14:35:42 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/01/25 14:33:50 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/01/21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/17 17:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/01/17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/12/11 21:46:12 | 000,094,208 | ---- | M] (France Telecom SA) -- C:\Program Files\OrangeHSS\systray\systrayapp.exe
PRC - [2007/12/11 21:19:44 | 000,065,536 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2007/12/11 21:17:42 | 000,090,112 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
PRC - [2007/12/03 18:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/07/10 09:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
PRC - [2007/05/11 03:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006/11/02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/09/26 20:02:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Benoit\Downloads\OTL.exe
MOD - [2010/08/04 12:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctgmhk.dll
MOD - [2010/07/05 10:21:51 | 000,123,392 | ---- | M] (Google) -- C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
MOD - [2009/04/11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/09/02 15:00:28 | 000,235,472 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/09/01 17:43:18 | 000,122,880 | ---- | M] (Sony DADC Austria AG.) [Auto | Running] -- C:\Windows\System32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7)
SRV - [2010/08/30 08:03:22 | 001,145,816 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/07/05 10:21:51 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 13:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/12/20 01:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\Users\Benoit\Desktop\Doc pr Site\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009/12/20 01:00:00 | 001,029,776 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Users\Benoit\Desktop\Doc pr Site\xampp\FileZillaFTP\FileZilla server.exe -- (FileZilla Server)
SRV - [2009/12/20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Users\Benoit\Desktop\Doc pr Site\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009/11/25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/09/25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 19:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008/01/17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/11 21:19:44 | 000,065,536 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2007/12/03 18:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/30 01:35:40 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
benoit.boudey
 
Messages: 12
Inscription: 20 Sep 2010 20:02

Re: Demande d'analyse

Messagepar benoit.boudey » 26 Sep 2010 21:46

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/09/01 19:14:19 | 000,006,432 | ---- | M] (Sony DADC Austria AG.) [Kernel | On_Demand | Stopped] -- C:\Users\Benoit\AppData\Local\Temp\sony_ssm.sys -- (sony_ssm.sys)
DRV - [2010/08/18 13:51:26 | 000,237,632 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/11/25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/25 01:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/11/25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/07/18 19:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/06/20 12:37:06 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/06/12 18:43:16 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/04/18 01:54:16 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/15 10:13:14 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/04/04 11:57:00 | 000,310,272 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/03/25 15:41:30 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/03/25 15:39:20 | 000,207,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/03/25 15:38:32 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/03/04 10:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/17 12:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/11/29 18:58:56 | 000,196,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/11/09 15:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/17 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/08/31 18:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/04/09 17:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2006/11/28 21:46:22 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50)
DRV - [2006/11/28 21:46:20 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... bmod=TSEA;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=TSEA


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2421266921-2386169579-3608711863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... bmod=TSEA;
IE - HKU\S-1-5-21-2421266921-2386169579-3608711863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2421266921-2386169579-3608711863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2421266921-2386169579-3608711863-1000\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll ()
IE - HKU\S-1-5-21-2421266921-2386169579-3608711863-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-2421266921-2386169579-3608711863-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2010/09/20 20:00:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/16 22:08:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 22:08:16 | 000,000,000 | ---D | M]

[2009/08/22 22:25:55 | 000,000,000 | ---D | M] -- C:\Users\Benoit\AppData\Roaming\mozilla\Extensions
[2010/09/26 19:22:05 | 000,000,000 | ---D | M] -- C:\Users\Benoit\AppData\Roaming\mozilla\Firefox\Profiles\ylxrul6s.default\extensions
[2010/04/28 21:08:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Benoit\AppData\Roaming\mozilla\Firefox\Profiles\ylxrul6s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/20 20:31:33 | 000,002,689 | ---- | M] () -- C:\Users\Benoit\AppData\Roaming\Mozilla\FireFox\Profiles\ylxrul6s.default\searchplugins\search-defender.xml
[2010/09/26 19:22:05 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/08/31 15:15:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/31 15:14:45 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/03/26 19:05:41 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/03/26 19:05:41 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/03/26 19:05:41 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/03/26 19:05:41 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/03/30 13:06:06 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-2421266921-2386169579-3608711863-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2421266921-2386169579-3608711863-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe File not found
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files\Jumpstart\jswtrayutil.exe File not found
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2421266921-2386169579-3608711863-1000..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe File not found
O4 - HKU\S-1-5-21-2421266921-2386169579-3608711863-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Invité\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-2421266921-2386169579-3608711863-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2421266921-2386169579-3608711863-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2421266921-2386169579-3608711863-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2421266921-2386169579-3608711863-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2421266921-2386169579-3608711863-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game02.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\automne2-1024.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\automne2-1024.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/26 19:25:44 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\Malwarebytes
[2010/09/26 19:25:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/26 19:25:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/26 19:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/26 19:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/24 09:58:51 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\Usingit
[2010/09/24 09:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Web Designers Toolkit with Image Rotator
[2010/09/23 21:25:34 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\Notepad++
[2010/09/23 21:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2010/09/23 08:01:26 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/09/21 19:18:21 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Local\Threat Expert
[2010/09/20 21:10:05 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\Systenance
[2010/09/20 21:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\Index.dat Analyzer
[2010/09/20 20:00:40 | 001,865,680 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/09/20 20:00:40 | 000,739,280 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/09/20 20:00:40 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/09/20 19:38:26 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2010/09/20 19:38:26 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2010/09/20 19:38:26 | 000,247,824 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/09/20 19:38:26 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/09/20 19:38:21 | 000,237,632 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/09/20 19:38:21 | 000,159,296 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/09/20 19:38:11 | 000,123,968 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys
[2010/09/20 19:38:11 | 000,087,400 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys
[2010/09/20 19:38:11 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/09/20 19:38:11 | 000,031,960 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys
[2010/09/20 19:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2010/09/20 19:37:53 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\PC Tools
[2010/09/20 19:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/20 19:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/09/20 19:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/09/20 19:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/09/16 12:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\FACTOURE72
[2010/09/16 11:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\Ord-ixSofts
[2010/09/15 23:19:52 | 000,000,000 | ---D | C] -- C:\Users\Benoit\Desktop\informatique
[2010/09/15 12:19:35 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010/09/13 13:22:04 | 000,000,000 | ---D | C] -- C:\Users\Benoit\Desktop\Rech. Emploi
[2010/09/08 13:29:12 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\EPSON
[2010/09/08 13:18:32 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK2.dll
[2010/09/08 13:18:32 | 000,120,992 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EpPicPrt.dll
[2010/09/08 13:18:32 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICEntry.dll
[2010/09/08 13:18:32 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK.dll
[2010/09/08 13:18:31 | 000,071,840 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EPPicMgr.dll
[2010/09/08 12:58:07 | 000,064,000 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FBCBACE.DLL
[2010/09/08 12:58:07 | 000,049,152 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\E_DCINST.DLL
[2010/09/08 12:58:07 | 000,034,304 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FBCHACE.DLL
[2010/09/08 12:58:05 | 000,079,679 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FLMACE.DLL
[2010/09/08 12:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2010/09/08 12:56:43 | 000,046,080 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\escimgd.dll
[2010/09/08 12:56:43 | 000,029,696 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\escwiad.dll
[2010/09/08 12:56:43 | 000,022,016 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\esccmd.dll
[2010/09/01 17:43:18 | 000,122,880 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\UAService7.exe
[2010/09/01 17:43:18 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010/09/01 17:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Giant
[2010/08/31 18:49:58 | 000,000,000 | ---D | C] -- C:\Users\Benoit\Documents\NeroVision
[2010/08/31 18:49:15 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Local\Nero
[2010/08/31 18:48:52 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Local\Nero_AG
[2010/08/31 18:46:54 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\Nero
[2010/08/31 15:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/31 15:15:01 | 000,423,656 | ---- | C] (Oracle) -- C:\Windows\System32\deployJava1.dll
[2010/08/31 15:15:00 | 000,153,376 | ---- | C] (Oracle) -- C:\Windows\System32\javaws.exe
[2010/08/31 15:15:00 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\System32\javaw.exe
[2010/08/31 15:15:00 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\System32\java.exe
[2010/08/31 14:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/08/31 14:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/08/31 14:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/08/31 14:07:39 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010/08/31 14:06:54 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010/08/31 14:06:10 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010/08/31 14:05:20 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010/08/31 14:04:38 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010/08/31 10:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\OSCheck
[2010/08/30 18:45:31 | 000,000,000 | ---D | C] -- C:\Users\Benoit\Documents\PassMark
[2010/08/30 18:45:17 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Local\PassMark
[2010/08/30 18:44:59 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010/08/30 18:44:59 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010/08/30 18:44:58 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010/08/30 18:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PassMark
[2010/08/30 18:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\PerformanceTest
[2010/08/30 18:27:00 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\Uniblue
[2009/10/26 20:14:33 | 000,958,464 | ---- | C] (TLC-Edusoft) -- C:\Program Files\5THAD32.EXE
[2009/10/26 20:14:33 | 000,057,344 | ---- | C] (The Learning Company) -- C:\Program Files\UNINSTALL.EXE
[2009/10/26 20:14:32 | 000,021,504 | ---- | C] (The Learning Company) -- C:\Program Files\TLCRUN.EXE
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/26 20:11:47 | 002,359,296 | -HS- | M] () -- C:\Users\Benoit\ntuser.dat
[2010/09/26 20:11:02 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E958E029-E8F4-49E1-B797-39FC0240CDAC}.job
[2010/09/26 19:25:33 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/26 19:18:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/26 19:11:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/26 19:11:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/26 19:11:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/24 12:18:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/23 21:25:39 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2010/09/23 10:45:43 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/09/23 08:19:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/23 08:19:21 | 3077,423,104 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/23 08:18:27 | 000,524,288 | -HS- | M] () -- C:\Users\Benoit\ntuser.dat{86e71323-a936-11de-8d15-00238b59bbe1}.TMContainer00000000000000000001.regtrans-ms
[2010/09/23 08:18:27 | 000,065,536 | -HS- | M] () -- C:\Users\Benoit\ntuser.dat{86e71323-a936-11de-8d15-00238b59bbe1}.TM.blf
[2010/09/21 00:02:07 | 000,129,536 | ---- | M] () -- C:\Users\Benoit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/20 21:08:36 | 000,001,742 | ---- | M] () -- C:\Users\Benoit\Desktop\ .lnk
[2010/09/20 20:51:27 | 000,002,519 | ---- | M] () -- C:\Users\Benoit\Desktop\  Hijack.lnk
[2010/09/20 20:00:43 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2010/09/20 19:39:21 | 002,037,702 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2010/09/08 13:01:08 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/09/08 12:57:49 | 000,008,284 | ---- | M] () -- C:\Windows\System32\eps_icon.avi
[2010/09/08 12:56:32 | 000,000,027 | ---- | M] () -- C:\Windows\CDE DX3800EFGIPSD.ini
[2010/09/03 11:28:54 | 000,087,400 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys
[2010/09/02 15:00:30 | 000,739,280 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/09/02 15:00:28 | 001,865,680 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/09/01 18:05:12 | 297,109,612 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/01 17:43:18 | 000,122,880 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\UAService7.exe
[2010/09/01 17:43:18 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010/09/01 11:21:04 | 000,159,296 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/09/01 10:13:04 | 000,247,824 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/08/31 18:49:33 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/08/31 15:14:45 | 000,423,656 | ---- | M] (Oracle) -- C:\Windows\System32\deployJava1.dll
[2010/08/31 15:14:45 | 000,153,376 | ---- | M] (Oracle) -- C:\Windows\System32\javaws.exe
[2010/08/31 15:14:45 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\System32\javaw.exe
[2010/08/31 15:14:45 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\System32\java.exe
[2010/08/31 12:14:04 | 000,000,000 | ---- | M] () -- C:\Windows\ToDisc.INI
[2010/08/30 13:57:00 | 000,767,952 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2010/08/29 19:26:53 | 000,260,440 | ---- | M] () -- C:\Program Files\SoftonicDownloader4549.exe
[2010/08/29 14:13:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\musique relaxation massage
[2010/08/29 14:12:00 | 000,002,774 | ---- | M] () -- C:\Users\Benoit\musique relaxation.xspf
[2010/08/29 14:07:28 | 000,000,943 | ---- | M] () -- C:\Users\Benoit\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/28 11:28:48 | 000,102,184 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/26 19:25:33 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/23 21:25:39 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2010/09/23 08:19:21 | 3077,423,104 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/20 21:08:36 | 000,001,742 | ---- | C] () -- C:\Users\Benoit\Desktop\ .lnk
[2010/09/20 20:47:49 | 000,002,519 | ---- | C] () -- C:\Users\Benoit\Desktop\  Hijack.lnk
[2010/09/20 20:00:40 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/09/20 20:00:40 | 000,002,074 | ---- | C] () -- C:\Windows\UDB.zip
[2010/09/20 20:00:40 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/09/20 20:00:40 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/09/20 20:00:40 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/09/20 19:38:27 | 002,037,702 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2010/09/08 13:18:32 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/09/08 13:18:32 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/09/08 13:18:32 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010/09/08 13:18:32 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010/09/08 13:18:32 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/09/08 13:18:32 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/09/08 13:18:31 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/09/08 13:18:31 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/09/08 13:18:31 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/09/08 13:18:31 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/09/08 13:18:31 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/09/08 13:18:31 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/09/08 13:18:31 | 000,013,732 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg
[2010/09/08 13:18:31 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/09/08 13:18:31 | 000,006,442 | ---- | C] () -- C:\Windows\System32\EPPICLocal_IT.cfg
[2010/09/08 13:18:31 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg
[2010/09/08 13:18:31 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg
[2010/09/08 13:18:31 | 000,006,335 | ---- | C] () -- C:\Windows\System32\EPPICLocal_GE.cfg
[2010/09/08 13:18:31 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg
[2010/09/08 13:18:31 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg
[2010/09/08 13:18:31 | 000,006,122 | ---- | C] () -- C:\Windows\System32\EPPICLocal_DU.cfg
[2010/09/08 13:18:31 | 000,006,103 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg
[2010/09/08 13:18:31 | 000,005,817 | ---- | C] () -- C:\Windows\System32\EPPICLocal_KO.cfg
[2010/09/08 13:18:31 | 000,005,436 | ---- | C] () -- C:\Windows\System32\EPPICLocal_SC.cfg
[2010/09/08 13:18:31 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/09/08 13:18:31 | 000,002,889 | ---- | C] () -- C:\Windows\System32\EPPICLocal_RU.cfg
[2010/09/08 13:18:31 | 000,002,426 | ---- | C] () -- C:\Windows\System32\EPPICLocal_TC.cfg
[2010/09/08 13:18:31 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010/09/08 13:18:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/09/08 13:18:31 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/09/08 13:18:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/09/08 13:18:31 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/09/08 12:57:49 | 000,008,284 | ---- | C] () -- C:\Windows\System32\eps_icon.avi
[2010/09/08 12:56:45 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/09/08 12:56:32 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX3800EFGIPSD.ini
[2010/08/31 18:49:31 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/08/31 12:14:04 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2010/08/29 19:26:40 | 000,260,440 | ---- | C] () -- C:\Program Files\SoftonicDownloader4549.exe
[2010/08/29 14:13:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\musique relaxation massage
[2010/08/29 14:11:59 | 000,002,774 | ---- | C] () -- C:\Users\Benoit\musique relaxation.xspf
[2010/02/25 19:13:09 | 000,000,680 | ---- | C] () -- C:\Users\Benoit\AppData\Local\d3d9caps.dat
[2010/01/03 21:54:23 | 000,000,040 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/10/26 20:17:28 | 000,006,915 | ---- | C] () -- C:\Program Files\5THADV.DAT
[2009/10/26 20:14:44 | 000,000,194 | ---- | C] () -- C:\Program Files\UNINSTALL.INF
[2009/10/26 20:14:33 | 000,096,256 | ---- | C] () -- C:\Program Files\SMACKW32.DLL
[2009/10/26 20:14:33 | 000,000,082 | ---- | C] () -- C:\Program Files\5thadv.ini
[2009/10/26 20:14:32 | 000,000,219 | ---- | C] () -- C:\Program Files\TLCRUN.INI
[2009/10/26 20:14:28 | 000,005,771 | ---- | C] () -- C:\Program Files\Uninst.isu
[2009/10/26 20:12:27 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2009/09/17 11:56:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/24 08:53:56 | 000,029,239 | ---- | C] () -- C:\Users\Benoit\AppData\Roaming\UserTile.png
[2009/04/19 15:10:10 | 000,129,536 | ---- | C] () -- C:\Users\Benoit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/10 22:48:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/08/14 17:26:00 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/08/14 17:25:59 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/07/03 12:36:43 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/07/03 12:36:43 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/07/03 12:36:43 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/07/03 12:36:43 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/07/03 12:36:43 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/07/03 12:36:43 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/07/03 12:29:37 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/07/03 12:10:38 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/07/03 12:10:38 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/07/03 12:10:38 | 000,009,496 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/07/03 12:10:38 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/07/03 12:08:39 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/24 19:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 19:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 19:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 19:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 19:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 19:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/12/21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2005/02/25 06:15:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\EPSPTDV.DLL

========== LOP Check ==========

[2010/09/08 13:29:12 | 000,000,000 | ---D | M] -- C:\Users\Benoit\AppData\Roaming\EPSON
[2009/03/09 22:54:34 | 000,000,000 | ---D | M] -- C:\Users\Benoit\AppData\Roaming\myphotobook
[2010/09/23 22:03:54 | 000,000,000 | ---D | M] -- C:\Users\Benoit\AppData\Roaming\Notepad++
[2009/03/11 13:34:01 | 000,000,000 | ---D | M] -- C:\Users\Benoit\AppData\Roaming\OpenOffice.org
[2009/08/24 08:53:55 | 000,000,000 | ---D | M] -- C:\Users\Benoit\AppData\Roaming\PeerNetworking
[2009/04/17 19:10:48 | 000,000,000 | ---D | M] -- C:\Users\Benoit\AppData\Roaming\SpinTop Games
[2010/09/20 21:10:05 | 000,000,000 | ---D | M] -- C:\Users\Benoit\AppData\Roaming\Systenance
[2009/04/19 09:14:30 | 000,000,000 | ---D | M] -- C:\Users\Benoit\AppData\Roaming\Template
[2009/04/11 09:08:48 | 000,000,000 | ---D | M] -- C:\Users\Benoit\AppData\Roaming\Toshiba
[2010/08/30 18:27:00 | 000,000,000 | ---D | M] -- C:\Users\Benoit\AppData\Roaming\Uniblue
[2010/09/24 09:58:53 | 000,000,000 | ---D | M] -- C:\Users\Benoit\AppData\Roaming\Usingit
[2009/04/17 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\Benoit\AppData\Roaming\Zylom
[2010/09/23 08:01:43 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/26 20:11:02 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E958E029-E8F4-49E1-B797-39FC0240CDAC}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:430C6D84
< End of report >

D'AVANCE MERCI !!
benoit.boudey
 
Messages: 12
Inscription: 20 Sep 2010 20:02

Re: Demande d'analyse

Messagepar nardino » 26 Sep 2010 23:02

Bonsoir,
A part des clés de registre, pas grand chose à moudre dans ton café. :mrgreen:
Qu'est-ce qui te fait penser à une infection ?
Quels symptômes constates-tu ?
@+
Image
Avatar de l’utilisateur
nardino
Super Libellulien
Super Libellulien
 
Messages: 1103
Inscription: 03 Avr 2009 22:02

Re: Demande d'analyse

Messagepar benoit.boudey » 28 Sep 2010 21:45

Bonsoir,

Lorsqu'il s'éteint une fenêtre adobe s'ouvre. Je ois alors annuler sinon il ne s'éteint pas.

Et j'ai parfois des soucis pour démarrer des applications (java, shockwave).

Encore Merci
benoit.boudey
 
Messages: 12
Inscription: 20 Sep 2010 20:02

Re: Demande d'analyse

Messagepar nardino » 29 Sep 2010 09:02

Bonjour
Pourrais-tu poster une copie d'écran ?
Ton explication n'est pas très claire. :wink:
@+
Image
Avatar de l’utilisateur
nardino
Super Libellulien
Super Libellulien
 
Messages: 1103
Inscription: 03 Avr 2009 22:02


Retourner vers Désinfections et demandes d'analyse

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 0 invités