Demandes d'etude de rapports d'analyse

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Demandes d'etude de rapports d'analyse

Messagede Martial35 » 14 Avr 2012, 09:25

Bonjour,

Suite à l'apparition de fenetre intempestives internet de chez kko-appli, je suis tombé par hasard chez vous, et j'espere que vous pourrez m'aider à remettre en forme mon ordinateur, qui, depuis un moment est fort long ou lent, devrais je dire, à reagir!

J'ai donc éffectué les differentes étapes que vous expliquez dans ce sujet: viewtopic.php?t=23982


et voici les deux rapports d'analyse qui en decoulent:



Le premier de chez Malwarebytes anti-malware:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Version de la base de données: v2012.04.13.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Durand :: MARTIAL [administrateur]

13/04/2012 21:29:07
mbam-log-2012-04-14 (00-24-22).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 257744
Temps écoulé: 1 heure(s), 27 minute(s), 28 seconde(s)

Processus mémoire détecté(s): 2
C:\Program Files\Tuto4pc\tuto4pc.exe (PUP.Tuto4PC) -> 1200 -> Aucune action effectuée.
C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Tuto4pc\Tuto4pc\UpdateTuto4PCHP.exe (PUP.Tuto4PC) -> 1212 -> Aucune action effectuée.

Module(s) mémoire détecté(s): 1
C:\Program Files\Tuto4pc\Tuto4pcBHO.dll (PUP.Tuto4PC) -> Aucune action effectuée.

Clé(s) du Registre détectée(s): 22
HKCR\CLSID\{7A66EB91-F7D3-4de2-8CA9-12C12AF3D5F2} (PUP.Tuto4PC) -> Aucune action effectuée.
HKCR\Tuto4pcFrSoftonicBHO.Tuto4pcBHO.1 (PUP.Tuto4PC) -> Aucune action effectuée.
HKCR\Tuto4pcFrSoftonicBHO.Tuto4pcBHO (PUP.Tuto4PC) -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A66EB91-F7D3-4DE2-8CA9-12C12AF3D5F2} (PUP.Tuto4PC) -> Aucune action effectuée.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7A66EB91-F7D3-4DE2-8CA9-12C12AF3D5F2} (PUP.Tuto4PC) -> Aucune action effectuée.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7A66EB91-F7D3-4DE2-8CA9-12C12AF3D5F2} (PUP.Tuto4PC) -> Aucune action effectuée.
HKCR\TypeLib\{18FB3DED-CD6D-4420-9DD5-8E531BDF666F} (PUP.Tuto4PC) -> Aucune action effectuée.
HKCR\Interface\{8F682661-3653-47FA-8713-9DF7424B6E09} (PUP.Tuto4PC) -> Aucune action effectuée.
HKCR\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Aucune action effectuée.
HKCR\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Aucune action effectuée.
HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Aucune action effectuée.
HKCR\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Aucune action effectuée.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Aucune action effectuée.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Aucune action effectuée.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Aucune action effectuée.
HKCR\ShopperReports.Reporter (Adware.ShopperReports) -> Aucune action effectuée.
HKCR\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Aucune action effectuée.
HKLM\SOFTWARE\ResultBar (Adware.ResultBar) -> Aucune action effectuée.
HKLM\SOFTWARE\Tuto4pc (PUP.Tuto4PC) -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ResultBar (Adware.ResultBar) -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tuto4pc_is1 (PUP.Tuto4PC) -> Aucune action effectuée.
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RESULTBAR_SERVICE (Adware.ResultBar) -> Aucune action effectuée.

Valeur(s) du Registre détectée(s): 6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Tutorials (PUP.Tuto4PC) -> Données: "C:\Program Files\Tuto4pc\tuto4pc.exe" -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|UpdateTuto4PCHP (PUP.Tuto4PC) -> Données: C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Tuto4pc\Tuto4pc\UpdateTuto4PCHP.exe -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_XMLLookup (Hijacker.XMLLookup) -> Données: http://shell.windows.com/fileassoc/file ... =%04x&Ext=%s -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Données: http://shell.windows.com/fileassoc/%04x ... r.asp?Ext=%s -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_intl (Hijacker.intl) -> Données: http://shell.windows.com/fileassoc/file ... =%04x&Ext=%s -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E879057EB27654553EAF97 (Malware.Trace) -> Données: -> Aucune action effectuée.

Elément(s) de données du Registre détecté(s): 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|XMLLookup (Hijacker.XMLLookup) -> Mauvais: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Bon: (http://shell.windows.com/fileassoc/file ... =%04x&Ext=%s) -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Mauvais: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Bon: (http://shell.windows.com/fileassoc/%04x ... r.asp?Ext=%s) -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|intl (Hijacker.intl) -> Mauvais: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Bon: (http://shell.windows.com/fileassoc/file ... =%04x&Ext=%s) -> Aucune action effectuée.

Dossier(s) détecté(s): 3
C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Tuto4pc\Tuto4pc (PUP.Tuto4PC) -> Aucune action effectuée.
C:\Documents and Settings\All Users\Application Data\ResultBar (Adware.ResultBar) -> Aucune action effectuée.
C:\Program Files\ResultBar (Adware.ResultBar) -> Aucune action effectuée.

Fichier(s) détecté(s): 10
C:\Program Files\Tuto4pc\tuto4pc.exe (PUP.Tuto4PC) -> Aucune action effectuée.
C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Tuto4pc\Tuto4pc\UpdateTuto4PCHP.exe (PUP.Tuto4PC) -> Aucune action effectuée.
C:\Program Files\Tuto4pc\Tuto4pcBHO.dll (PUP.Tuto4PC) -> Aucune action effectuée.
C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Tuto4pc\Tuto4pc\UpdateTuto4PC.exe (PUP.Tuto4PC) -> Aucune action effectuée.
C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Local Settings\Temp\tuto4pc_fr_softonic_v3.exe (Adware.Eorezo) -> Aucune action effectuée.
C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Tuto4pc\Tuto4pc\user_profil.cyp (PUP.Tuto4PC) -> Aucune action effectuée.
C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Tuto4pc\Tuto4pc\shared.cyp (PUP.Tuto4PC) -> Aucune action effectuée.
C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Tuto4pc\Tuto4pc\user_config.cyp (PUP.Tuto4PC) -> Aucune action effectuée.
C:\Program Files\ResultBar\resultbar.exe (Adware.ResultBar) -> Aucune action effectuée.
C:\Program Files\ResultBar\uninstall.exe (Adware.ResultBar) -> Aucune action effectuée.

(fin)


-----------------------------------

Merci de votre aide!

La suite suit.....
Martial35
 
Messages: 6
Inscription: 14 Avr 2012, 09:05

Re: Demandes d'etude de rapports d'analyse

Messagede Martial35 » 14 Avr 2012, 09:27


le second de chez OTL:


OTL logfile created on: 14/04/2012 09:05:02 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1022,42 Mb Total Physical Memory | 466,15 Mb Available Physical Memory | 45,59% Memory free
2,40 Gb Paging File | 1,76 Gb Available in Paging File | 73,14% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,79 Gb Total Space | 27,56 Gb Free Space | 24,65% Space Free | Partition Type: NTFS

Computer Name: MARTIAL | User Name: Durand | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/13 20:58:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\OTL.exe
PRC - [2012/03/27 15:05:36 | 000,990,056 | ---- | M] (Tuto4PC) -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Tuto4pc\Tuto4pc\UpdateTuto4PCHP.exe
PRC - [2012/03/27 15:05:34 | 004,651,880 | ---- | M] (Tuto4PC) -- C:\Program Files\Tuto4pc\tuto4pc.exe
PRC - [2012/03/07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/02/27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012/01/18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2012/01/02 11:07:56 | 000,843,712 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2011/10/14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/10/14 08:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/06/10 08:23:52 | 000,959,880 | ---- | M] (SFR) -- C:\Program Files\SFR\Kit\9props.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/04/30 00:08:14 | 000,742,720 | ---- | M] (SFR) -- C:\Program Files\SFR\Media Center\MediaCenter.exe
PRC - [2010/03/25 03:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/08/24 14:22:34 | 000,069,632 | ---- | M] (France Telecom SA) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2009/08/24 14:22:26 | 000,090,112 | ---- | M] (France Telecom SA) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
PRC - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/11/19 12:19:12 | 000,128,352 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2007/09/05 08:59:02 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\Program Files\SFR\Media Center\httpd\httpd.exe
PRC - [2005/09/06 14:04:52 | 000,671,744 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\E-KEY\CeEKey.exe
PRC - [2005/08/30 12:31:20 | 001,077,328 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Touch and Launch\PadExe.exe
PRC - [2005/08/25 19:11:58 | 000,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\TouchPad\TPTray.exe
PRC - [2005/08/22 16:49:28 | 000,028,672 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\TCtrlIOHook.exe
PRC - [2005/08/12 11:14:16 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/08/06 11:18:38 | 000,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2005/06/06 09:58:44 | 000,024,576 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\ZoomingHook.exe
PRC - [2005/05/17 13:28:14 | 000,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Commandes TOSHIBA\TFncKy.exe
PRC - [2005/05/17 09:24:50 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Utilitaire de zoom TOSHIBA\SmoothView.exe
PRC - [2005/04/11 16:08:00 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2005/04/05 16:25:34 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2005/03/22 22:50:50 | 000,262,144 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2005/03/22 21:48:04 | 000,487,424 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2005/03/11 12:48:54 | 000,217,088 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2005/01/18 01:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2003/09/06 19:16:30 | 000,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/13 21:39:31 | 001,755,648 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12041301\algo.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/10 08:24:04 | 000,079,240 | ---- | M] () -- C:\Program Files\SFR\Kit\9unelevate.dll
MOD - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2010/05/07 18:37:50 | 000,290,648 | ---- | M] () -- C:\Program Files\Fichiers communs\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2008/01/22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2005/06/13 09:11:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll
MOD - [2005/06/06 09:51:24 | 000,024,576 | ---- | M] () -- C:\Program Files\Toshiba\TouchPad\TPECioctl.dll
MOD - [2005/06/06 09:39:40 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\EKECioCtl.dll
MOD - [2005/06/03 19:32:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\EBLib.DLL
MOD - [2004/10/01 14:13:24 | 000,045,056 | ---- | M] () -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtLoad.dll
MOD - [2004/09/22 10:09:06 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll
MOD - [2004/07/20 17:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2003/07/29 15:33:26 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\TosHidAPI.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/13 20:32:44 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/10/14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/08/24 14:22:34 | 000,069,632 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2005/01/18 01:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/13 21:26:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/03/07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 02:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 02:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/07 01:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/09/01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/24 14:22:58 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)
DRV - [2009/08/24 14:22:58 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
DRV - [2005/08/04 08:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/29 09:55:46 | 000,030,592 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/06/23 18:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/06/21 07:08:44 | 002,324,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/06/03 19:49:42 | 000,009,600 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005/04/30 16:01:56 | 003,281,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Pilote de carte de connexion réseau Intel(R)
DRV - [2005/03/24 16:36:54 | 000,008,192 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec)
DRV - [2005/03/05 14:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/03/04 20:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/11/16 01:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2004/07/30 15:05:08 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2003/01/29 23:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.fr/
IE - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll ()
IE - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=E46784E6-7CE6-40E3-A00F-F4829246D4AD&apn_sauid=9242EE0A-F793-4797-94BE-6B77BE8EAED7
IE - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006\..\SearchScopes\{24B96F51-78FF-40A5-9085-5C3086C5BF68}: "URL" = http://fr.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20100835,0,0,0,0
IE - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_frCH352
IE - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006\..\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}: "URL" = http://www.bing.com/search?q={searchTerms}&mkt=fr-FR&form=MIMWA5
IE - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006\..\SearchScopes\{C406EEE9-D44F-4789-BDFF-FA7B8AF04CA9}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\offerboxffx@offerbox.com: C:\Program Files\OfferBox\offerboxffx@offerbox.com [2010/12/05 14:09:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2010/06/26 12:52:47 | 000,000,000 | ---D | M]

[2010/12/26 11:06:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Mozilla\Extensions
[2010/12/26 11:06:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/09/26 23:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Mozilla\Extensions\mozswing@mozswing.org
File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2004/08/05 12:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Tuto4pcBHO Class) - {7A66EB91-F7D3-4de2-8CA9-12C12AF3D5F2} - C:\Program Files\Tuto4pc\Tuto4pcBHO.dll (Tuto4PC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (OfferBox) - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files\OfferBox\OfferBoxBHO.dll (Secure Digital Services Limited)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\Utilitaire de zoom TOSHIBA\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TPNF] C:\Program Files\Toshiba\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tutorials] C:\Program Files\Tuto4pc\tuto4pc.exe (Tuto4PC)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UpdateTuto4PCHP] C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Tuto4pc\Tuto4pc\UpdateTuto4PCHP.exe (Tuto4PC)
O4 - HKLM..\Run: [Zooming] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006..\Run: [Connexion SFR 9props.exe] C:\Program Files\SFR\Kit\9props.exe (SFR)
O4 - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006..\Run: [Neuf Media Center] C:\Program Files\SFR\Media Center\MediaCenter.exe (SFR)
O4 - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" File not found
O4 - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Menu Démarrer\Programmes\Démarrage\Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006\..Trusted Domains: citegay.fr ([www] http in Sites de confiance)
O15 - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006\..Trusted Domains: gaydar.co.uk ([]http in Sites de confiance)
O15 - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006\..Trusted Domains: gayromeo.com ([www] http in Sites de confiance)
O15 - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006\..Trusted Domains: xtremboy.com ([]http in Sites de confiance)
O15 - HKU\S-1-5-21-1776749526-2021909839-1806042266-1006\..Trusted Domains: yahoo.com ([fr] http in Sites de confiance)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 4004349281 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AAED1DE-1BCA-4F1B-889F-28890AE9D943}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - http://www.gayromeo.com/C8p40kFM4iDGtbx ... 00fc9d.jpg
O24 - Desktop Components:1 () - http://77.67.26.45/193/1/3/2/174468186/ ... 1279221436
O24 - Desktop Components:2 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/16 08:37:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b14a11e6-10ce-11e0-9c1a-00166f8c055d}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2012/04/13 21:26:34 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/04/13 21:16:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/13 21:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ERUNT
[2012/04/13 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/04/13 21:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\erunt-loc_fr
[2012/04/13 21:07:44 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\erunt-setup.exe
[2012/04/13 21:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Malwarebytes
[2012/04/13 21:05:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2012/04/13 21:05:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/13 21:05:28 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/13 21:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/13 21:04:21 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\mbam-setup-1.61.0.1400.exe
[2012/04/13 20:58:47 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\OTL.exe
[2012/04/12 21:54:56 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Mes documents\My Stationery
[2012/04/09 18:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2012/04/09 18:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Local Settings\Application Data\LogiShrd
[2012/04/09 18:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Leadertech
[2012/04/09 18:06:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\logishrd
[2012/04/09 18:05:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2012/04/09 18:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\LWS
[2012/04/09 18:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2012/04/09 18:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Logitech
[2012/04/09 18:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012/04/09 18:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\LogiShrd
[2012/04/09 18:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Local Settings\Application Data\Tuto4PC
[2012/04/09 18:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Tuto4pc
[2012/04/09 18:03:27 | 000,000,000 | ---D | C] -- C:\Program Files\Tuto4pc
[2012/04/09 18:03:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Tuto4pc
[2012/04/09 17:59:03 | 120,124,752 | ---- | C] (Logitech, Inc.) -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\lws201_full.exe
[2012/04/05 11:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\iTunes
[2012/04/05 11:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/04 09:14:20 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/03/31 21:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\VideoLAN
[2012/03/26 20:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\Raccourcis Bureau non utilisés
[2012/03/20 10:46:37 | 000,000,000 | ---D | C] -- C:\ddcd7d20e9dcfc9c56aad93c6c06
[2012/03/20 10:30:38 | 000,000,000 | ---D | C] -- C:\8aa49beb2794ff5eb24724
[2012/03/20 00:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Local Settings\Application Data\Neuf
[2012/03/20 00:38:33 | 000,000,000 | ---D | C] -- C:\3a4535d11e6352fd3a1014
[2012/03/19 23:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SFR
[2012/03/19 23:26:53 | 000,000,000 | ---D | C] -- C:\Program Files\SFR
[2012/03/19 09:16:00 | 000,000,000 | ---D | C] -- C:\0d869c025cc81d564ced0d51c1b4
[2012/03/15 19:06:03 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/14 09:09:14 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/04/14 09:01:24 | 068,839,972 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012/04/14 09:01:07 | 007,757,714 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012/04/14 09:00:44 | 060,062,088 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/14 09:00:34 | 025,242,192 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/14 08:59:28 | 000,000,618 | ---- | M] () -- C:\WINDOWS\tasks\Durand Local Autobackup 5 4.job
[2012/04/14 08:49:24 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/14 08:49:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2012/04/14 08:49:23 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1776749526-2021909839-1806042266-1006.job
[2012/04/14 08:49:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/14 08:49:13 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/14 00:31:16 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/13 23:20:09 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/13 21:26:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/04/13 21:13:39 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2012/04/13 21:13:36 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\NTREGOPT.lnk
[2012/04/13 21:13:36 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\ERUNT.lnk
[2012/04/13 21:10:06 | 000,005,024 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\erunt-loc_fr.zip
[2012/04/13 21:07:50 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\erunt-setup.exe
[2012/04/13 21:05:32 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2012/04/13 21:04:23 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\mbam-setup-1.61.0.1400.exe
[2012/04/13 20:58:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\OTL.exe
[2012/04/13 20:55:00 | 000,002,071 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\Tutorial OTL malekal's site.url
[2012/04/13 20:32:43 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/13 20:32:43 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/13 15:12:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/13 14:38:34 | 000,166,881 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\DSC02368+copie[2].jpg
[2012/04/11 19:03:55 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Menu Démarrer\Programmes\Démarrage\Logitech . Enregistrement du produit.lnk
[2012/04/10 20:55:48 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/09 21:37:22 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/09 18:16:26 | 000,001,646 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Logitech Vid HD.lnk
[2012/04/09 18:04:51 | 000,001,289 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Logitech Webcam Software .lnk
[2012/04/09 18:01:19 | 120,124,752 | ---- | M] (Logitech, Inc.) -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\lws201_full.exe
[2012/04/06 00:46:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TPTray.INI
[2012/04/05 11:27:31 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/03 09:06:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1776749526-2021909839-1806042266-1006.job
[2012/03/31 21:29:03 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2012/03/15 19:06:03 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/14 09:09:14 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/04/13 21:13:39 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2012/04/13 21:13:36 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\NTREGOPT.lnk
[2012/04/13 21:13:36 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\ERUNT.lnk
[2012/04/13 21:10:05 | 000,005,024 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\erunt-loc_fr.zip
[2012/04/13 21:05:32 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2012/04/13 20:55:00 | 000,002,071 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\Tutorial OTL malekal's site.url
[2012/04/13 14:39:07 | 000,166,881 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\DSC02368+copie[2].jpg
[2012/04/11 19:03:54 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Menu Démarrer\Programmes\Démarrage\Logitech . Enregistrement du produit.lnk
[2012/04/09 21:31:06 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/09 18:16:26 | 000,001,646 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Logitech Vid HD.lnk
[2012/04/09 18:04:51 | 000,001,289 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Logitech Webcam Software .lnk
[2012/04/06 00:46:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2012/04/05 11:27:31 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2012/04/04 09:15:13 | 000,001,002 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/31 21:19:45 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2012/03/11 21:21:09 | 000,000,030 | ---- | C] () -- C:\Program Files\Exiferupdate.ini
[2012/02/16 21:07:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/09/07 21:27:33 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/07/17 23:18:23 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/06/03 22:40:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

========== LOP Check ==========

[2009/09/27 00:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\toshiba
[2010/03/23 20:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/03/02 22:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2011/11/12 14:13:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/11/09 14:04:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/11/12 13:54:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2012/04/01 08:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2011/10/02 22:54:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/04/21 21:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/10/12 17:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/04/06 21:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ResultBar
[2010/12/26 11:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/06/01 14:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tpfmon
[2009/10/04 23:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/06/26 12:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2010/03/31 21:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/26 20:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/27 00:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2009/09/27 00:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand\Application Data\toshiba
[2011/10/02 22:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Canon
[2010/11/01 01:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\CassiniVision
[2011/12/03 10:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Concept2
[2009/10/04 23:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\CopyTrans
[2009/10/05 00:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\CopyTransPhoto
[2012/03/13 20:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\ElevatedDiagnostics
[2010/06/26 12:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\FinalMediaPlayer
[2010/06/06 22:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\gtk-2.0
[2009/11/12 12:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\InterVideo
[2011/10/02 22:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\JAM Software
[2012/04/09 18:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Leadertech
[2011/12/05 00:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\MSNInstaller
[2010/12/21 18:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\My Games
[2010/12/02 22:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\OfferBox
[2009/11/28 00:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\OpenOffice.org
[2012/01/27 00:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\PDF Software
[2012/04/14 09:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\PriceGong
[2010/12/26 11:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\TomTom
[2009/09/27 00:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\toshiba
[2012/04/09 18:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Tuto4pc
[2009/10/05 00:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\WindSolutions
[2011/04/21 22:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\XnView
[2010/06/15 20:24:31 | 000,000,594 | ---- | M] () -- C:\WINDOWS\Tasks\Bodin's one.job
[2012/04/14 08:59:28 | 000,000,618 | ---- | M] () -- C:\WINDOWS\Tasks\Durand Local Autobackup 5 4.job
[2010/06/15 19:29:31 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\Durand NBAgent 5 4.job
[2012/04/14 08:49:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\PCConfidential.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/09/27 00:43:56 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/09/27 00:43:56 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/09/27 00:43:56 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/09/27 00:43:56 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/05 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: CTFMON.EXE >
[2004/08/05 12:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5584247B568C2E53934873F4B655FE6A -- C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
[2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe

< MD5 for: EVENTLOG.DLL >
[2004/08/05 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004/08/05 12:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/05 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/05 12:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/05 12:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004/08/05 12:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[13 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >

-------------------------------------------------


Le dernier suit toujours .... :wink:
Martial35
 
Messages: 6
Inscription: 14 Avr 2012, 09:05

Re: Demandes d'etude de rapports d'analyse

Messagede Martial35 » 14 Avr 2012, 09:30


et le troisieme du nom de Extras:



OTL Extras logfile created on: 14/04/2012 09:05:02 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1022,42 Mb Total Physical Memory | 466,15 Mb Available Physical Memory | 45,59% Memory free
2,40 Gb Paging File | 1,76 Gb Available in Paging File | 73,14% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,79 Gb Total Space | 27,56 Gb Free Space | 24,65% Space Free | Partition Type: NTFS

Computer Name: MARTIAL | User Name: Durand | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1776749526-2021909839-1806042266-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Parcourir avec XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58890:TCP" = 58890:TCP:*:Enabled:Pando Media Booster
"58890:UDP" = 58890:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"58890:TCP" = 58890:TCP:*:Enabled:Pando Media Booster
"58890:UDP" = 58890:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe" = C:\Program Files\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\adslTV\adsltv.exe" = C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsl TV (EXE) -- (adsl TV / FM)
"C:\Program Files\adslTV\VLC\vlc.exe" = C:\Program Files\adslTV\VLC\vlc.exe:*:Enabled:adsl TV (VLC) -- ()
"D:\fscommand\CKSocketServer.exe" = D:\fscommand\CKSocketServer.exe:*:Enabled:Socket Server
"C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Program Files\SFR\Media Center\httpd\httpd.exe" = C:\Program Files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR) -- (Apache Software Foundation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = Panneau de contrôle ATI
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = Assist TOSHIBA
"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2C8574B5-6935-4FCE-860E-F4E8602378FF}" = OfferBox
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"{3AFDD2C6-8663-46B5-B195-6CEB00D44768}" = adsl TV
"{3EB6332B-AF02-457C-A31C-835458C5B48B}" = Manuels TOSHIBA
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = Formatage de carte mémoire SD TOSHIBA
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{59FDFDFB-52FE-45B1-8A2A-A00079B07FF0}" = TOSHIBA Power Saver Driver
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls Driver
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{6068A42A-C1CF-45F2-9859-5DB16287FE5D}" = msvcrt_installer
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = Utilitaire de zoom TOSHIBA
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = Son virtuel TOSHIBA
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{91A1040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Réducteur de bruit lect. CD/DVD
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = Commandes TOSHIBA
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A95000000001}" = Adobe Reader 9.5.0 - Français
"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E18E644D-4FC1-4E7F-87B7-A0288A14A322}" = TIxx21/x515
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE19796-1ADF-42DF-81D8-3563867FC2C2}" = TOSHIBA Zooming Hook
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{ORAHSS}.UninstallSuite" = Connexion Internet Orange
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"CopyTrans Suite" = CopyTrans Suite désinstallation uniquement
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Mot de passe responsable
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = Utilitaire Hotkey TOSHIBA
"InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = Utilitaire TouchPad ON/OFF
"InstallShield_{E18E644D-4FC1-4E7F-87B7-A0288A14A322}" = Texas Instruments PCIxx21/x515 drivers.
"LogCard Utility Uninstaller_is1" = LogCard Utility Uninstaller 1.0
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Outil de diagnostic PC" = Outil de diagnostic PC TOSHIBA
"Power Saver" = Gestion d'énergie TOSHIBA
"PriceGong" = PriceGong 2.1.0
"ResultBar" = ResultBar 1.0 build 137 powered by FIRST SEARCHBAR
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SFR_Kit" = SFR - Kit de connexion
"SFR_Media Center" = SFR - Media Center
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TreeSize Personal_is1" = TreeSize Personal V5.5.2
"Tuto Avast_is1" = Tuto Avast1.0.0.0
"Tuto Firefox_is1" = Tuto Firefox1.0.0.0
"Tuto4pc_is1" = Tuto4pc
"VLC media player" = VLC media player 1.1.11
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.97.8
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1776749526-2021909839-1806042266-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 05/11/2009 09:29:30 | Computer Name = YOUR-AB6CD29F8E | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 13/04/2012 19:06:19 | Computer Name = MARTIAL | Source = LoadPerf | ID = 3011
Description = Le déchargement des chaînes de compteurs de performances pour le service
aspnet_state (ASP.NET State Service) a échoué. Le code d'erreur est le premier DWORD
de la section Data.

Error - 13/04/2012 19:06:36 | Computer Name = MARTIAL | Source = LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.

Error - 13/04/2012 19:06:37 | Computer Name = MARTIAL | Source = LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.

Error - 13/04/2012 19:06:37 | Computer Name = MARTIAL | Source = LoadPerf | ID = 3011
Description = Le déchargement des chaînes de compteurs de performances pour le service
ASP.NET (ASP.NET) a échoué. Le code d'erreur est le premier DWORD de la section
Data.

Error - 14/04/2012 02:53:21 | Computer Name = MARTIAL | Source = Application Error | ID = 1000
Description = Application défaillante launcher.exe, version 3.5.1.0, module défaillant
pluginlnhpromptmanager2.dll, version 3.5.1.0, adresse de défaillance 0x0000c9b1.

Error - 14/04/2012 02:53:37 | Computer Name = MARTIAL | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 14/04/2012 02:54:06 | Computer Name = MARTIAL | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs 1180947459.

Error - 14/04/2012 02:54:16 | Computer Name = MARTIAL | Source = LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.

Error - 14/04/2012 02:55:18 | Computer Name = MARTIAL | Source = LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.

Error - 14/04/2012 02:55:18 | Computer Name = MARTIAL | Source = LoadPerf | ID = 3011
Description = Le déchargement des chaînes de compteurs de performances pour le service
WmiApRpl (WmiApRpl) a échoué. Le code d'erreur est le premier DWORD de la section
Data.

[ System Events ]
Error - 13/04/2012 14:41:49 | Computer Name = MARTIAL | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 13/04/2012 14:41:49 | Computer Name = MARTIAL | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 13/04/2012 14:41:49 | Computer Name = MARTIAL | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 13/04/2012 14:41:49 | Computer Name = MARTIAL | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 13/04/2012 14:41:50 | Computer Name = MARTIAL | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur : %%126

Error - 14/04/2012 02:49:22 | Computer Name = MARTIAL | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 192.168.1.88 pour la carte réseau dont l'adresse
réseau est 00166F8C055D a été refusé par le serveur DHCP 192.168.2.1 (celui-ci a
envoyé un message DHCPNACK).

Error - 14/04/2012 02:51:21 | Computer Name = MARTIAL | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1053" lors de la mise en route du service iPod
Service avec les arguments "" pour démarrer le serveur : {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 14/04/2012 02:51:21 | Computer Name = MARTIAL | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
Service de l’iPod.

Error - 14/04/2012 02:51:21 | Computer Name = MARTIAL | Source = Service Control Manager | ID = 7000
Description = Le service Service de l’iPod n'a pas pu démarrer en raison de l'erreur :
%%1053

Error - 14/04/2012 03:01:25 | Computer Name = MARTIAL | Source = Service Control Manager | ID = 7023
Description = Le service Carte de performance WMI s'est arrêté avec l'erreur : %%2147500037


< End of report >


---------------------


Dans tous les cas, un tres grand MERCI, pour votre AIDE si precieuse.

MD :wink:
Martial35
 
Messages: 6
Inscription: 14 Avr 2012, 09:05

Re: Demandes d'etude de rapports d'analyse

Messagede nickW » 16 Avr 2012, 21:12

Bonsoir,

C'est toi qui as accepté l'installation de Tuto4PC sans lire les conditions d'utilisation!

La société Tuto4pc est un distributeur de publicités.
Tuto4pc.com Group est spécialisé dans le développement de publicités commerciales sur Internet via un service qui propose des tutoriaux téléchargeables gratuitement. En contrepartie, l'utilisateur accepte de recevoir des publicités pour son navigateur Internet.
En échange de l'installation gratuite d'un logiciel appelé tutoriel ou didacticiel, l'utilisateur accepte de recevoir des affichages publicitaires, en plein écran, après confirmation de son inscription dans une base de données et après acceptation des conditions générales de la licence de l'application.
http://www.boursorama.com/bourse/profil ... =1rEPALTUT




Premier nettoyage, recherche de nuisibles:

Étape 1: Désinstallation
Démarrer-->Paramètres-->Panneau de Configuration-->Ajout/Suppression de programmes
Rechercher et désinstaller (si trouvé) Tuto4pc


Étape 2: AdwCleaner (de Xplode), téléchargement
Télécharger AdwCleaner depuis la page ci-dessous:
http://general-changelog-team.fr/telech ... adwcleaner
Enregistrer le fichier adwcleaner.exe sur le Bureau.


Étape 3: AdwCleaner (de Xplode), analyse
Faire un double clic sur adwcleaner.exe pour lancer l'outil.

L'écran principal d'AdwCleaner s'affiche:
Image

Cliquer sur le bouton Recherche.

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer la fenêtre d'AdwCleaner.
Fermer le Bloc-notes.


Étape 4: Résultat
Envoyer en réponse:
*- le rapport d'analyse d'AdwCleaner (contenu du fichier %SystemDrive%\AdwCleaner[Rn].txt, n étant un numéro d'ordre).
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: Demandes d'etude de rapports d'analyse

Messagede Martial35 » 16 Avr 2012, 21:26

Merci de ton aide! voici la Suite....


# AdwCleaner v1.600 - Rapport créé le 16/04/2012 à 22:24:09
# Mis à jour le 15/04/2012 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : Durand - MARTIAL
# Exécuté depuis : C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\adwcleaner.exe
# Option [Recherche]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Présent : C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Local Settings\Application Data\Conduit
Dossier Présent : C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Local Settings\Application Data\Tuto4pc
Dossier Présent : C:\DOCUME~1\Durand~1.YOU\LOCALS~1\Temp\Iminent
Dossier Présent : C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\OfferBox
Dossier Présent : C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\PriceGong
Dossier Présent : C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Tuto4pc
Dossier Présent : C:\Documents and Settings\All Users\Application Data\Ask
Dossier Présent : C:\Documents and Settings\All Users\Application Data\ResultBar
Dossier Présent : C:\Program Files\Ask.com
Dossier Présent : C:\Program Files\Babylon
Dossier Présent : C:\Program Files\OfferBox
Dossier Présent : C:\Program Files\PriceGong
Dossier Présent : C:\Program Files\ResultBar
Dossier Présent : C:\Program Files\Tuto4pc
Fichier Présent : C:\WINDOWS\system32\conduitEngine.tmp

***** [H. Navipromo] *****


***** [Registre] *****

[*] Clé Présente : HKLM\SOFTWARE\Classes\Toolbar.CT2365905
Clé Présente : HKCU\Software\Offerbox
Clé Présente : HKCU\Software\PriceGong
Clé Présente : HKCU\Software\Softonic
Clé Présente : HKCU\Software\Tuto4PC
Clé Présente : HKLM\SOFTWARE\Conduit
Clé Présente : HKLM\SOFTWARE\Iminent
Clé Présente : HKLM\SOFTWARE\Offerbox
Clé Présente : HKLM\SOFTWARE\Tuto4pc
Clé Présente : HKLM\SOFTWARE\Classes\Conduit.Engine
Clé Présente : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Clé Présente : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Clé Présente : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Clé Présente : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Clé Présente : HKLM\SOFTWARE\Classes\ShopperReports.Reporter
Clé Présente : HKLM\SOFTWARE\Classes\ShopperReports.Reporter.1
Clé Présente : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Clé Présente : HKLM\SOFTWARE\Classes\Installer\Products\5B4758C25396ECF468E04F8E063287FF
Clé Présente : HKLM\SOFTWARE\Classes\Installer\Features\5B4758C25396ECF468E04F8E063287FF
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\5B4758C25396ECF468E04F8E063287FF
Clé Présente : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C8574B5-6935-4FCE-860E-F4E8602378FF}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Valeur Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Tutorials]
Valeur Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [UpdateTuto4PCHP]
Valeur Présente : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [offerboxffx@offerbox.com]

***** [Registre - GUID] *****

Clé Présente : HKLM\SOFTWARE\Classes\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{7025E484-D4B0-441A-9F0B-69063BD679CE}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{8258B35C-05B8-4C0E-9525-9BCCC70F8F2D}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{A89256AD-EC17-4A83-BEF5-4B8BC4F39306}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37F4A335-D085-423E-A425-0370799166FB}
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Valeur Présente : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Google Chrome v [Impossible d'obtenir la version]

## Fichier : C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [6643 octets] - [16/04/2012 22:22:03]
AdwCleaner[R2].txt - [6574 octets] - [16/04/2012 22:24:09]

########## EOF - C:\AdwCleaner[R2].txt - [6702 octets] ##########





Cordialement.

MD
Martial35
 
Messages: 6
Inscription: 14 Avr 2012, 09:05

Re: Demandes d'etude de rapports d'analyse

Messagede nickW » 16 Avr 2012, 21:54

Re-

Je te conseille d'imprimer la procédure, ou d'en sélectionner toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC (Note: tu n'auras pas accès à Internet lors des étapes 2 et 3, et des redémarrages sont possibles).
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.



Étape 1: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image avast!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Gestion des Agents avast!" puis "Désactiver définitivement" et confirmer en cliquant sur Oui


Étape 2: AdwCleaner (de Xplode), nettoyage

Fermer tous les navigateurs internet (Internet Explorer, Firefox, Opera, Google Chrome, etc).

Faire un double clic sur adwcleaner.exe pour lancer l'outil.

L'écran principal d'AdwCleaner s'affiche:
Image

Cliquer sur le bouton Suppression.

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer la fenêtre d'AdwCleaner.
Fermer le Bloc-notes.


Étape 3: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher, comme ceci:

Image

Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats":
Image


Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection": Image

Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 5: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 6: Résultats
Envoyer en réponse:
*- le rapport de nettoyage d'AdwCleaner (contenu du fichier %SystemDrive%\AdwCleaner[Sn].txt, n étant un numéro d'ordre).
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier %SystemDrive%\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End of report>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: Demandes d'etude de rapports d'analyse

Messagede Martial35 » 02 Mai 2012, 10:37

Avec un peu de retard, voici la suite, ...


# AdwCleaner v1.600 - Rapport créé le 02/05/2012 à 09:08:00
# Mis à jour le 15/04/2012 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : Durand - MARTIAL
# Exécuté depuis : C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\adwcleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Local Settings\Application Data\Conduit
Dossier Supprimé : C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Local Settings\Application Data\Tuto4pc
Dossier Supprimé : C:\DOCUME~1\Durand~1.YOU\LOCALS~1\Temp\Iminent
Dossier Supprimé : C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\OfferBox
Dossier Supprimé : C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\PriceGong
Dossier Supprimé : C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Tuto4pc
Dossier Supprimé : C:\Documents and Settings\All Users\Application Data\Ask
Dossier Supprimé : C:\Documents and Settings\All Users\Application Data\ResultBar
Dossier Supprimé : C:\Program Files\Ask.com
Dossier Supprimé : C:\Program Files\Babylon
Dossier Supprimé : C:\Program Files\OfferBox
Dossier Supprimé : C:\Program Files\PriceGong
Dossier Supprimé : C:\Program Files\ResultBar
Dossier Supprimé : C:\Program Files\Tuto4pc
Fichier Supprimé : C:\WINDOWS\system32\conduitEngine.tmp

***** [H. Navipromo] *****


***** [Registre] *****

[*] Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT2365905
Clé Supprimée : HKCU\Software\Offerbox
Clé Supprimée : HKCU\Software\PriceGong
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\Tuto4PC
Clé Supprimée : HKLM\SOFTWARE\Conduit
Clé Supprimée : HKLM\SOFTWARE\Iminent
Clé Supprimée : HKLM\SOFTWARE\Offerbox
Clé Supprimée : HKLM\SOFTWARE\Tuto4pc
Clé Supprimée : HKLM\SOFTWARE\Classes\Conduit.Engine
Clé Supprimée : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Clé Supprimée : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Clé Supprimée : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Clé Supprimée : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Clé Supprimée : HKLM\SOFTWARE\Classes\ShopperReports.Reporter
Clé Supprimée : HKLM\SOFTWARE\Classes\ShopperReports.Reporter.1
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\Products\5B4758C25396ECF468E04F8E063287FF
Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\Features\5B4758C25396ECF468E04F8E063287FF
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\5B4758C25396ECF468E04F8E063287FF
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C8574B5-6935-4FCE-860E-F4E8602378FF}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Tutorials]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [UpdateTuto4PCHP]
Valeur Supprimée : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [offerboxffx@offerbox.com]

***** [Registre - GUID] *****

Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{7025E484-D4B0-441A-9F0B-69063BD679CE}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{8258B35C-05B8-4C0E-9525-9BCCC70F8F2D}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{A89256AD-EC17-4A83-BEF5-4B8BC4F39306}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37F4A335-D085-423E-A425-0370799166FB}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Google Chrome v [Impossible d'obtenir la version]

## Fichier : C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [6643 octets] - [16/04/2012 22:22:03]
AdwCleaner[R2].txt - [6703 octets] - [16/04/2012 22:24:09]
AdwCleaner[S1].txt - [6704 octets] - [02/05/2012 09:08:00]

########## EOF - C:\AdwCleaner[S1].txt - [6832 octets] ##########


---------------------------------------------



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Version de la base de données: v2012.05.02.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Durand :: MARTIAL [administrateur]

02/05/2012 09:15:05
mbam-log-2012-05-02 (09-15-05).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 288244
Temps écoulé: 1 heure(s), 26 minute(s), 12 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 3
HKLM\SOFTWARE\ResultBar (Adware.ResultBar) -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ResultBar (Adware.ResultBar) -> Mis en quarantaine et supprimé avec succès.
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RESULTBAR_SERVICE (Adware.ResultBar) -> Mis en quarantaine et supprimé avec succès.

Valeur(s) du Registre détectée(s): 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_XMLLookup (Hijacker.XMLLookup) -> Données: http://shell.windows.com/fileassoc/file ... =%04x&Ext=%s -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Données: http://shell.windows.com/fileassoc/%04x ... r.asp?Ext=%s -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_intl (Hijacker.intl) -> Données: http://shell.windows.com/fileassoc/file ... =%04x&Ext=%s -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E879057EB27654553EAF97 (Malware.Trace) -> Données: -> Mis en quarantaine et supprimé avec succès.

Elément(s) de données du Registre détecté(s): 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|XMLLookup (Hijacker.XMLLookup) -> Mauvais: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Bon: (http://shell.windows.com/fileassoc/file ... =%04x&Ext=%s) -> Mis en quarantaine et réparé avec succès
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Mauvais: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Bon: (http://shell.windows.com/fileassoc/%04x ... r.asp?Ext=%s) -> Mis en quarantaine et réparé avec succès
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|intl (Hijacker.intl) -> Mauvais: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Bon: (http://shell.windows.com/fileassoc/file ... =%04x&Ext=%s) -> Mis en quarantaine et réparé avec succès

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 1
C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Local Settings\Temp\tuto4pc_fr_softonic_v3.exe (Adware.Eorezo) -> Mis en quarantaine et supprimé avec succès.

(fin)
Martial35
 
Messages: 6
Inscription: 14 Avr 2012, 09:05

Re: Demandes d'etude de rapports d'analyse

Messagede Martial35 » 02 Mai 2012, 10:39

et OTL ....


OTL logfile created on: 02/05/2012 11:10:03 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\Dossiers\Méthode nettoyage des virus sur ordinateur
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1022,42 Mb Total Physical Memory | 174,83 Mb Available Physical Memory | 17,10% Memory free
2,40 Gb Paging File | 1,64 Gb Available in Paging File | 68,10% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,79 Gb Total Space | 22,21 Gb Free Space | 19,87% Space Free | Partition Type: NTFS

Computer Name: MARTIAL | User Name: Durand | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/13 20:58:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\Dossiers\Méthode nettoyage des virus sur ordinateur\OTL.exe
PRC - [2012/03/07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/02/27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012/01/18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2012/01/02 11:07:56 | 000,843,712 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2011/10/14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/10/14 08:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/06/10 08:23:52 | 000,959,880 | ---- | M] (SFR) -- C:\Program Files\SFR\Kit\9props.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/03/25 03:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/08/24 14:22:34 | 000,069,632 | ---- | M] (France Telecom SA) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/11/19 12:19:12 | 000,128,352 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2005/09/06 14:04:52 | 000,671,744 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\E-KEY\CeEKey.exe
PRC - [2005/08/30 12:31:20 | 001,077,328 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Touch and Launch\PadExe.exe
PRC - [2005/08/25 19:11:58 | 000,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\TouchPad\TPTray.exe
PRC - [2005/08/22 16:49:28 | 000,028,672 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\TCtrlIOHook.exe
PRC - [2005/08/12 11:14:16 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/08/06 11:18:38 | 000,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2005/06/06 09:58:44 | 000,024,576 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\ZoomingHook.exe
PRC - [2005/05/17 13:28:14 | 000,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Commandes TOSHIBA\TFncKy.exe
PRC - [2005/05/17 09:24:50 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Utilitaire de zoom TOSHIBA\SmoothView.exe
PRC - [2005/04/11 16:08:00 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2005/04/05 16:25:34 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2005/03/22 22:50:50 | 000,262,144 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2005/03/22 21:48:04 | 000,487,424 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2005/03/11 12:48:54 | 000,217,088 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2005/01/18 01:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2003/09/06 19:16:30 | 000,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/01 19:24:32 | 001,771,520 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12050101\algo.dll
MOD - [2012/03/15 19:02:58 | 000,213,552 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2010/05/07 18:37:50 | 000,290,648 | ---- | M] () -- C:\Program Files\Fichiers communs\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2009/02/27 17:37:16 | 000,311,296 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.FRA
MOD - [2008/01/22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2005/06/13 09:11:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll
MOD - [2005/06/06 09:51:24 | 000,024,576 | ---- | M] () -- C:\Program Files\Toshiba\TouchPad\TPECioctl.dll
MOD - [2005/06/06 09:39:40 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\EKECioCtl.dll
MOD - [2005/06/03 19:32:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\EBLib.DLL
MOD - [2004/10/01 14:13:24 | 000,045,056 | ---- | M] () -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtLoad.dll
MOD - [2004/09/22 10:09:06 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll
MOD - [2004/07/20 17:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2003/07/29 15:33:26 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\TosHidAPI.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/13 20:32:44 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/10/14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/08/24 14:22:34 | 000,069,632 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2005/01/18 01:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 02:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 02:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/07 01:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/09/01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/24 14:22:58 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)
DRV - [2009/08/24 14:22:58 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
DRV - [2005/08/04 08:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/29 09:55:46 | 000,030,592 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/06/23 18:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/06/21 07:08:44 | 002,324,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/06/03 19:49:42 | 000,009,600 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005/04/30 16:01:56 | 003,281,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Pilote de carte de connexion réseau Intel(R)
DRV - [2005/03/24 16:36:54 | 000,008,192 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec)
DRV - [2005/03/05 14:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/03/04 20:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/11/16 01:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2004/07/30 15:05:08 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2003/01/29 23:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.fr/
IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - SOFTWARE\Classes\CLSID\{08C06D61-F1F3-4799-86F8-BE1A89362C85}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{24B96F51-78FF-40A5-9085-5C3086C5BF68}: "URL" = http://fr.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20100835,0,0,0,0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_frCH352
IE - HKCU\..\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}: "URL" = http://www.bing.com/search?q={searchTerms}&mkt=fr-FR&form=MIMWA5
IE - HKCU\..\SearchScopes\{C406EEE9-D44F-4789-BDFF-FA7B8AF04CA9}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF

[2010/12/26 11:06:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Mozilla\Extensions
[2010/12/26 11:06:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/09/26 23:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Mozilla\Extensions\mozswing@mozswing.org
File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2004/08/05 12:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [ORAHSSSessionManager] "C:\Program Files\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe" File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\Utilitaire de zoom TOSHIBA\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TPNF] C:\Program Files\Toshiba\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Zooming] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA)
O4 - HKCU..\Run: [Connexion SFR 9props.exe] C:\Program Files\SFR\Kit\9props.exe (SFR)
O4 - HKCU..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe" File not found
O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" File not found
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Menu Démarrer\Programmes\Démarrage\Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: citegay.fr ([www] http in Sites de confiance)
O15 - HKCU\..Trusted Domains: gaydar.co.uk ([]http in Sites de confiance)
O15 - HKCU\..Trusted Domains: gayromeo.com ([www] http in Sites de confiance)
O15 - HKCU\..Trusted Domains: xtremboy.com ([]http in Sites de confiance)
O15 - HKCU\..Trusted Domains: yahoo.com ([fr] http in Sites de confiance)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 4004349281 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AAED1DE-1BCA-4F1B-889F-28890AE9D943}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - http://www.gayromeo.com/C8p40kFM4iDGtbx ... 00fc9d.jpg
O24 - Desktop Components:1 () - http://77.67.26.45/193/1/3/2/174468186/ ... 1279221436
O24 - Desktop Components:2 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/16 08:37:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b14a11e6-10ce-11e0-9c1a-00166f8c055d}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/29 23:37:00 | 000,000,000 | ---D | C] -- C:\5a3ec3e822698f378294ba
[2012/04/26 23:42:35 | 000,000,000 | ---D | C] -- C:\2bf5628ef78eb40febb64cdb
[2012/04/24 14:26:44 | 000,000,000 | ---D | C] -- C:\facf42910a497e551c87db
[2012/04/21 00:30:12 | 000,000,000 | ---D | C] -- C:\21ed2b765f47cbf27afe
[2012/04/16 00:24:07 | 000,000,000 | ---D | C] -- C:\90253693b17da250ae
[2012/04/13 21:16:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/13 21:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ERUNT
[2012/04/13 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/04/13 21:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Malwarebytes
[2012/04/13 21:05:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2012/04/13 21:05:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/13 21:05:28 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/13 21:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/12 21:54:56 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Mes documents\My Stationery
[2012/04/09 18:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2012/04/09 18:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Local Settings\Application Data\LogiShrd
[2012/04/09 18:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Leadertech
[2012/04/09 18:06:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\logishrd
[2012/04/09 18:05:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2012/04/09 18:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\LWS
[2012/04/09 18:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2012/04/09 18:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Logitech
[2012/04/09 18:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012/04/09 18:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\LogiShrd
[2012/04/05 11:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\iTunes
[2012/04/05 11:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/02 11:20:11 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/02 11:10:16 | 070,471,108 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012/05/02 11:09:23 | 008,519,666 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012/05/02 11:08:02 | 061,480,128 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/02 11:07:35 | 025,854,252 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/02 11:04:01 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/02 11:03:59 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2012/05/02 11:03:59 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1776749526-2021909839-1806042266-1006.job
[2012/05/02 11:03:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/02 11:03:50 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/02 10:59:00 | 000,000,618 | ---- | M] () -- C:\WINDOWS\tasks\Durand Local Autobackup 5 4.job
[2012/05/02 10:31:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/01 09:06:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1776749526-2021909839-1806042266-1006.job
[2012/04/25 20:47:04 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Menu Démarrer\Programmes\Démarrage\Logitech . Enregistrement du produit.lnk
[2012/04/23 22:26:54 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/23 22:23:12 | 000,098,560 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\Picture 1.JPG
[2012/04/23 22:22:47 | 000,122,344 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\Picture 3.JPG
[2012/04/18 23:20:32 | 000,000,172 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\long-dark-blonde-hair.jpg.url
[2012/04/18 23:19:34 | 000,000,576 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\123.url
[2012/04/18 23:17:00 | 000,000,639 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\267.url
[2012/04/18 23:15:47 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\137.url
[2012/04/16 22:21:12 | 000,582,123 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\adwcleaner.exe
[2012/04/16 00:15:23 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\173.url
[2012/04/16 00:15:12 | 000,207,005 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\100716124107766970[1].jpg
[2012/04/16 00:05:33 | 000,100,497 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\z_xx_410[1].jpg
[2012/04/16 00:04:13 | 000,000,559 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\114.url
[2012/04/15 23:57:25 | 000,029,815 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\dsc_0176[1].jpg
[2012/04/15 23:47:28 | 000,053,192 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\calendrier-aviron-2011-cru-L-a2EWMT[1].jpg
[2012/04/15 23:43:05 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\135.url
[2012/04/14 09:09:14 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/04/13 21:13:39 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2012/04/13 15:12:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/10 20:55:48 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/06 00:46:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TPTray.INI
[2012/04/05 11:27:31 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/25 20:47:04 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Menu Démarrer\Programmes\Démarrage\Logitech . Enregistrement du produit.lnk
[2012/04/23 22:23:12 | 000,098,560 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\Picture 1.JPG
[2012/04/23 22:22:47 | 000,122,344 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\Picture 3.JPG
[2012/04/18 23:20:32 | 000,000,172 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\long-dark-blonde-hair.jpg.url
[2012/04/18 23:19:34 | 000,000,576 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\123.url
[2012/04/18 23:17:00 | 000,000,639 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\267.url
[2012/04/18 23:14:47 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\137.url
[2012/04/16 22:21:06 | 000,582,123 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\adwcleaner.exe
[2012/04/16 00:15:26 | 000,207,005 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\100716124107766970[1].jpg
[2012/04/16 00:05:47 | 000,100,497 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\z_xx_410[1].jpg
[2012/04/16 00:04:13 | 000,000,559 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\114.url
[2012/04/16 00:01:55 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\173.url
[2012/04/15 23:57:35 | 000,029,815 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\dsc_0176[1].jpg
[2012/04/15 23:47:39 | 000,053,192 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\calendrier-aviron-2011-cru-L-a2EWMT[1].jpg
[2012/04/15 23:43:05 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Bureau\135.url
[2012/04/14 09:09:14 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/04/13 21:13:39 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2012/04/09 21:31:06 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/06 00:46:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2012/04/05 11:27:31 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2012/04/04 09:15:13 | 000,001,002 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/11 21:21:09 | 000,000,030 | ---- | C] () -- C:\Program Files\Exiferupdate.ini
[2012/02/16 21:07:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/09/07 21:27:33 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/07/17 23:18:23 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/06/03 22:40:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

========== LOP Check ==========

[2010/03/23 20:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/11/12 14:13:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/11/09 14:04:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/11/12 13:54:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2012/05/01 09:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2011/10/02 22:54:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/04/21 21:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/10/12 17:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/12/26 11:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/06/01 14:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tpfmon
[2009/10/04 23:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/06/26 12:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2010/03/31 21:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/26 20:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/10/02 22:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Canon
[2010/11/01 01:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\CassiniVision
[2011/12/03 10:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Concept2
[2009/10/04 23:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\CopyTrans
[2009/10/05 00:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\CopyTransPhoto
[2012/03/13 20:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\ElevatedDiagnostics
[2010/06/26 12:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\FinalMediaPlayer
[2010/06/06 22:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\gtk-2.0
[2009/11/12 12:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\InterVideo
[2011/10/02 22:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\JAM Software
[2012/04/09 18:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\Leadertech
[2011/12/05 00:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\MSNInstaller
[2010/12/21 18:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\My Games
[2009/11/28 00:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\OpenOffice.org
[2012/01/27 00:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\PDF Software
[2010/12/26 11:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\TomTom
[2009/09/27 00:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\toshiba
[2009/10/05 00:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\WindSolutions
[2011/04/21 22:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Durand.YOUR-AB6CD29F8E\Application Data\XnView
[2010/06/15 20:24:31 | 000,000,594 | ---- | M] () -- C:\WINDOWS\Tasks\Bodin's one.job
[2012/05/02 10:59:00 | 000,000,618 | ---- | M] () -- C:\WINDOWS\Tasks\Durand Local Autobackup 5 4.job
[2010/06/15 19:29:31 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\Durand NBAgent 5 4.job
[2012/05/02 11:03:59 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\PCConfidential.job

========== Purity Check ==========



< End of report >



Merci, Merci, Merci, ....

Cordialement!

Martial
Martial35
 
Messages: 6
Inscription: 14 Avr 2012, 09:05

Re: Demandes d'etude de rapports d'analyse

Messagede nickW » 03 Mai 2012, 15:37

Bonjour,

Tu as oublié ceci .....

nickW a écrit:Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.


:wink:

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 14 invités