Se connecter / S'enregistrer
Votre question

Csrss.exe

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
8 Juin 2011 17:52:15

Bonjour,

Suite à des téléchargements douteux, plusieurs problèmes apparaissent:

Lors du démarrage les deux messages suivant s'affichent successivement:
-c:\DOCUME~1\Perso\LOCALS~1\Temp\csrss.exe
Windows ne trouve pas c:\DOCUME~1\Perso\LOCALS~1\Temp\csrss.exe. Vérifiez que vous avez entré le nom correctement et essayez à nouveau. Pour rechercher un fichier, cliquez sur le bouton Démarrer, puis sur rechercher.

-Bureau
Impossible de charger ou d'exécuter c:\DOCUME~1\Perso\LOCALS~1\Temp\csrss.exe spécifié dans le registre. Vérifiez que le fichier existe sur votre ordinateur ou supprimez la référence dans le registre.

Ensuite impossible de lire un fichier .pdf

Des problème de certificat lors de l'affichage de page sous firefox.

J'ai exécuté successivement:
Microsoft security essential: 0 problème
AVG Antivirus: 0 problème
Malwarebytes: une centaine d'objet suspect détectés.

Voilà, je pense que l'infection est assez importante et ne sait comment la réparer.
2spérant que quelqu'un puisse m'aider...

Autres pages sur : csrss exe

a b 8 Sécurité
8 Juin 2011 18:37:16

Bonjour, ton PC est infecté, on va voir ça de plus près.

Tu pourrais poster le rapport de Malwarebytes avec la centaine d'objets détectés s'il te plaît ?

Ensuite :


__________________


Pour le bon déroulement de la désinfection :[/#ff]


  • Utilise le moins possible ton PC pendant la procédure, afin de faciliter la désinfection.

  • Suis les procédures données, mais ne tente rien par toi-même : si il y a un souci pendant une procédure, fais-m'en part plutôt que de cliquer au hasard et provoquer une panne sur ton système.

  • Si tu suis déjà une procédure sur un autre forum, merci de le signaler, il est important de ne suivre qu'une seule désinfection à la fois.

  • Même si les symptômes de l'infection ont disparu, le PC n'est pas forcément clean : attends bien que l'on t'ait dit que le PC est désinfecté avant de l'utiliser à nouveau.

  • Même si les désinfections sont faites par des personnes ayant des connaissances approfondies dans la désinfection, il est toujours possible que ton PC plante. Pense à bien sauvegarder tes données ;) 

  • Pour finir, sache que je suis actuellement en formation, ce qui signifie que mes réponses doivent être validées par un helper confirmé avant de les poster, le temps entre mes réponses pourrait donc être allongé.

    __________________


    Si tu es prêt(e), allons-y :

    Ensuite :

    [#ff9000]Diagnostic :


  • Télécharge OTL (de [#ff9000]OldTimer[/#ff]) sur ton Bureau.

  • Si tu es sous XP, double-clique dessus pour le lancer, si tu es sous Vista/7, fais un clic droit dessus et fais Exécuter en tant qu'administrateur pour le lancer.

  • Une fenêtre apparaît.

  • Coche la case : Tous les utilisateurs

  • Coche les cases correspondant à la Recherche LOP et à la Recherche Purity (En bleu vers le bas de la fenêtre).

  • Sous Personnalisation, copie-colle l'ensemble du texte ci-dessous, laisse les autres options par défaut.

    netsvcs
    msconfig
    drivers32
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    %systemroot%\System32\config\*.sav
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.dll /lockedfiles
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    iexplore.exe
    /md5stop
    CREATERESTOREPOINT


  • Enfin, clique sur le bouton Analyse. Pendant la durée du scanne, ne touche à rien. Le scan prendra quelques temps.

  • A la fin du scan, deux rapports s'ouvriront : OTL.Txt et Extras.Txt. Copie/colle ici l'ensemble des rapports.

    Pour les rapports, qui ont tendance à être trop longs pour le forum, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
    9 Juin 2011 11:07:45

    Merci pour ta réponse.

    OTL logfile created on: 09/06/2069 10:56:38 - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = D:\Mes documents\Téléchargements
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1015,17 Mb Total Physical Memory | 284,56 Mb Available Physical Memory | 28,03% Memory free
    2,40 Gb Paging File | 1,78 Gb Available in Paging File | 74,41% Paging File free
    Paging file location(s): C:\pagefile.sys 1535 7620 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 97,65 Gb Total Space | 56,22 Gb Free Space | 57,57% Space Free | Partition Type: NTFS
    Drive D: | 51,39 Gb Total Space | 27,86 Gb Free Space | 54,22% Space Free | Partition Type: NTFS

    Computer Name: JULIEN-BUREAU | User Name: Perso | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2069/06/09 10:54:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Mes documents\Téléchargements\OTL.exe
    PRC - [2011/06/07 10:08:15 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
    PRC - [2011/05/06 10:58:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2011/02/18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
    PRC - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
    PRC - [2010/09/17 16:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    PRC - [2009/10/19 04:12:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    PRC - [2009/05/19 17:11:52 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    PRC - [2008/05/02 00:41:38 | 000,136,488 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    PRC - [2008/05/02 00:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
    PRC - [2008/04/14 04:34:03 | 001,370,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/04/01 14:21:56 | 000,061,440 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
    PRC - [2007/05/15 18:13:10 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
    PRC - [2006/09/21 05:01:00 | 000,139,264 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIBEE.EXE
    PRC - [2006/04/18 05:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    PRC - [2006/04/03 17:07:04 | 001,466,368 | ---- | M] (Inventel) -- C:\Program Files\Inventel\Gateway\WLANCFG.EXE
    PRC - [2006/02/24 04:51:00 | 000,172,032 | ---- | M] (Y'z@Home) -- C:\Program Files\YzShadow\YzShadow.exe
    PRC - [2006/02/24 02:32:22 | 000,188,416 | ---- | M] () -- C:\Program Files\UberIcon\UberIcon Manager.exe
    PRC - [2006/01/02 00:27:46 | 000,015,872 | ---- | M] () -- C:\Program Files\WinRoll\winroll.exe
    PRC - [2005/12/18 21:14:24 | 000,027,648 | ---- | M] () -- C:\WINDOWS\Alt+Q Hotkey.exe
    PRC - [2005/10/19 09:40:30 | 000,393,216 | ---- | M] (RaduKing) -- C:\Program Files\RK Launcher\RKLauncher.exe
    PRC - [2005/08/01 08:05:04 | 000,094,208 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2300 Series\ezprint.exe
    PRC - [2005/07/25 15:25:18 | 000,491,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcgcoms.exe
    PRC - [2005/07/21 02:07:34 | 000,200,704 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
    PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE


    ========== Modules (SafeList) ==========

    MOD - [2069/06/09 10:54:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Mes documents\Téléchargements\OTL.exe
    MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2005/10/19 08:58:08 | 000,053,248 | ---- | M] (RaduKing) -- C:\Program Files\RK Launcher\RKLauncher.dll
    MOD - [2005/08/14 09:26:14 | 000,065,536 | ---- | M] () -- C:\Program Files\UberIcon\UberIcon.dll
    MOD - [2004/04/06 18:00:00 | 000,008,704 | ---- | M] () -- C:\Program Files\WinRoll\winroll.dll
    MOD - [2002/10/01 04:08:58 | 000,053,248 | ---- | M] () -- C:\Program Files\YzShadow\YzShadow.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (getPlusHelper) getPlus(R)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/02/18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
    SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2010/01/26 18:45:08 | 000,243,056 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
    SRV - [2009/02/10 18:01:49 | 000,116,104 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
    SRV - [2008/11/04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
    SRV - [2008/05/02 00:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
    SRV - [2006/10/26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
    SRV - [2006/04/18 05:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
    SRV - [2006/04/03 17:07:04 | 001,466,368 | ---- | M] (Inventel) [Auto | Running] -- C:\Program Files\Inventel\Gateway\wlancfg.exe -- (Wlancfg)
    SRV - [2005/07/25 15:25:18 | 000,491,520 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\lxcgcoms.exe -- (lxcg_device)
    SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
    SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


    ========== Driver Services (SafeList) ==========

    DRV - [2069/06/09 10:47:52 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C713F3E6-4EF5-4563-8FC9-9C4D8ED05E65}\MpKslc754f832.sys -- (MpKslc754f832)
    DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2010/09/17 16:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2010/09/17 16:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2010/02/11 15:28:26 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
    DRV - [2009/08/31 18:18:16 | 005,891,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2009/05/29 13:36:06 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
    DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2008/06/13 16:59:30 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.sys -- (PCANDIS5)
    DRV - [2008/03/17 22:14:52 | 000,015,144 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
    DRV - [2008/01/15 22:11:46 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
    DRV - [2007/02/16 21:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
    DRV - [2007/02/16 02:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
    DRV - [2006/11/01 13:10:06 | 000,035,840 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
    DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
    DRV - [2005/11/02 12:53:40 | 000,215,552 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sis163u.sys -- (SIS163u)
    DRV - [2004/08/14 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
    DRV - [2003/02/12 13:28:14 | 000,008,576 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wncpkt.sys -- (WNCPKT)
    DRV - [2002/10/01 11:49:00 | 000,606,720 | ---- | M] ( Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EU3USB.sys -- (EU3_USB)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-73586283-2049760794-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-73586283-2049760794-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-21-73586283-2049760794-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/bin/frame.cgi?u=http://webmail.ora...
    IE - HKU\S-1-5-21-73586283-2049760794-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-73586283-2049760794-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-73586283-2049760794-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-73586283-2049760794-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKU\S-1-5-21-73586283-2049760794-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49152

    ========== FireFox ==========


    FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/05/14 10:18:12 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\offerbox@spointer.com: C:\Program Files\OfferBox\extensions-3.1.4075.144\offerbox@spointer.com
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/06 10:58:21 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2069/06/07 18:34:57 | 000,000,000 | ---D | M]

    [2010/05/14 17:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Perso\Application Data\Mozilla\Extensions
    [2010/05/14 17:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Perso\Application Data\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
    [2011/06/07 10:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Perso\Application Data\Mozilla\Firefox\Profiles\sicpjr8l.default\extensions
    [2010/05/07 11:12:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Perso\Application Data\Mozilla\Firefox\Profiles\sicpjr8l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/11/05 16:01:49 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Documents and Settings\Perso\Application Data\Mozilla\Firefox\Profiles\sicpjr8l.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
    [2011/06/07 10:41:57 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Documents and Settings\Perso\Application Data\Mozilla\Firefox\Profiles\sicpjr8l.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
    [2010/03/05 14:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/05/06 10:58:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    [2011/05/06 10:58:15 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
    [2011/05/06 10:58:15 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
    [2011/05/06 10:58:15 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2011/05/06 10:58:15 | 000,001,154 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
    [2011/05/06 10:58:15 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
    [2011/05/06 10:58:15 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2008/12/03 15:51:14 | 000,000,799 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (no name) - {C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} - No CLSID value found.
    O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O2 - BHO: (no name) - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKU\S-1-5-21-73586283-2049760794-839522115-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-73586283-2049760794-839522115-1004\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKU\S-1-5-21-73586283-2049760794-839522115-1004\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
    O3 - HKU\S-1-5-21-73586283-2049760794-839522115-1004\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4 - HKLM..\Run: [EoEngine] File not found
    O4 - HKLM..\Run: [EoWeather] File not found
    O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2300 Series\ezprint.exe (Lexmark International Inc.)
    O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
    O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
    O4 - HKLM..\Run: [lxcgmon.exe] C:\Program Files\Lexmark 2300 Series\lxcgmon.exe (Lexmark International, Inc.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe ()
    O4 - HKU\S-1-5-21-73586283-2049760794-839522115-1004..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe ()
    O4 - HKU\S-1-5-21-73586283-2049760794-839522115-1004..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe ( )
    O4 - HKU\S-1-5-21-73586283-2049760794-839522115-1004..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION)
    O4 - HKU\S-1-5-21-73586283-2049760794-839522115-1004..\Run: [EPSON Stylus DX4000 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION)
    O4 - HKU\S-1-5-21-73586283-2049760794-839522115-1004..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe (RaduKing)
    O4 - HKU\S-1-5-21-73586283-2049760794-839522115-1004..\Run: [UberIcon] C:\Program Files\UberIcon\UberIcon Manager.exe ()
    O4 - HKU\S-1-5-21-73586283-2049760794-839522115-1004..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe ()
    O4 - HKU\S-1-5-21-73586283-2049760794-839522115-1004..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe (Y'z@Home)
    O4 - Startup: C:\Documents and Settings\Perso\Menu Démarrer\Programmes\Démarrage\Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
    F3 - HKU\S-1-5-21-73586283-2049760794-839522115-1004 WinNT: Load - (C:\DOCUME~1\Perso\LOCALS~1\Temp\csrss.exe) - File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-73586283-2049760794-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
    O9 - Extra 'Tools' menuitem : Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
    O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
    O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab.com/audio/bi... (System Requirements Lab Class)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/... (DLM Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Cont... (WUWebControl Class)
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://www.ma-config.com/plugins/MaConfig_4_0_2_0.cab (Ma-Config control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u6-b90/jinstal... (Java Plug-in 1.6.0_06)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
    O16 - DPF: {A06BE318-C096-11D4-964F-0010A4D06F69} https://tva.dgi.minefi.gouv.fr/activeX/TeleTVA.tva (TeleTVA Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-wind... (Java Plug-in 1.6.0_06)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-wind... (Java Plug-in 1.6.0_06)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKU\S-1-5-21-73586283-2049760794-839522115-1004 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKU\S-1-5-21-73586283-2049760794-839522115-1004 Winlogon: Shell - (C:\Documents and Settings\Perso\Application Data\dwm.exe) - File not found
    O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Perso\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Perso\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/06/04 17:09:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{1097d2a5-bfa1-11de-bf55-001e8c7879d3}\Shell - "" = AutoRun
    O33 - MountPoints2\{1097d2a5-bfa1-11de-bf55-001e8c7879d3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{1097d2a6-bfa1-11de-bf55-001e8c7879d3}\Shell\AutoRun\command - "" = U3ROM/flyhigh.exe
    O33 - MountPoints2\{1097d2a6-bfa1-11de-bf55-001e8c7879d3}\Shell\Explore\Command - "" = U3ROM/flyhigh.exe
    O33 - MountPoints2\{1097d2a6-bfa1-11de-bf55-001e8c7879d3}\Shell\opeN\commanD - "" = U3ROM/flyhigh.exe
    O33 - MountPoints2\{234f1e1e-4744-11dd-a594-0018e7136860}\Shell - "" = AutoRun
    O33 - MountPoints2\{234f1e1e-4744-11dd-a594-0018e7136860}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
    O33 - MountPoints2\{2958b2ba-f086-11de-bf93-001e8c7879d3}\Shell\AutoRun\command - "" = G:\WDSetup.exe
    O33 - MountPoints2\{3d6dddd2-7c2b-11dd-8095-806d6172696f}\Shell\Auto\command - "" = F:\AdobeR.exe e
    O33 - MountPoints2\{3d6dddd2-7c2b-11dd-8095-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
    O33 - MountPoints2\{82648163-800c-11de-bee5-001e8c7879d3}\Shell - "" = AutoRun
    O33 - MountPoints2\{82648163-800c-11de-bee5-001e8c7879d3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\{8b90c5d8-3883-11dd-a578-001e8c7879d3}\Shell\AutoRun\command - "" = F:\setupSNK.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    MsConfig - Services: "gusvc"
    MsConfig - Services: "usnjsvc"
    MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
    MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
    MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
    MsConfig - StartUpReg: swg - hkey= - key= - File not found
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 2
    MsConfig - State: "startup" - 2

    Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
    Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902053519425536)

    ========== Files/Folders - Created Within 30 Days ==========

    [2069/06/08 17:29:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2069/06/07 16:21:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Perso\Application Data\HDRsoft
    [2069/06/07 16:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Perso\Local Settings\Application Data\Halite
    [2069/06/07 16:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Perso\Local Settings\Application Data\PackageAware
    [2069/06/07 16:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\PhotomatixPro3
    [2069/06/07 16:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\PhotomatixPro3
    [2008/06/13 17:14:38 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgserv.dll
    [2008/06/13 17:14:38 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgusb1.dll
    [2008/06/13 17:14:38 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcoms.exe
    [2008/06/13 17:14:38 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomm.dll
    [2008/06/13 17:14:38 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgih.exe
    [2008/06/13 17:14:38 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgprox.dll
    [2008/06/13 17:14:38 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgpplc.dll
    [2008/06/13 17:14:37 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomc.dll
    [2008/06/13 17:14:37 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcglmpm.dll
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2069/06/09 10:52:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2069/06/09 10:47:49 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2069/06/09 10:47:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2069/06/09 10:43:47 | 000,002,243 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2069/06/09 10:39:00 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2069/06/08 18:13:00 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2069/06/07 18:09:29 | 002,149,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2069/06/07 16:03:59 | 000,001,691 | ---- | M] () -- C:\Documents and Settings\Perso\Bureau\Photomatix Pro 3.lnk
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2069/06/07 16:03:59 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\Perso\Bureau\Photomatix Pro 3.lnk
    [2011/06/07 10:43:26 | 000,012,252 | ---- | C] () -- C:\Documents and Settings\Perso\Application Data\64DE.EB2
    [2010/11/22 15:18:45 | 000,000,846 | ---- | C] () -- C:\WINDOWS\xvs_ilop.dll
    [2010/09/23 15:09:47 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2010/03/05 14:01:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2009/12/03 12:20:14 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WD.INI
    [2009/11/30 19:04:55 | 000,000,060 | ---- | C] () -- C:\Documents and Settings\Perso\Application Data\tigersetting.dll
    [2009/11/30 19:03:34 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\Perso\Application Data\init.dll
    [2009/11/30 19:03:34 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Perso\Application Data\SYSTEM32.dll
    [2009/11/30 19:03:27 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\Perso\Application Data\sound.dll
    [2009/11/30 19:02:24 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
    [2009/11/30 19:02:21 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
    [2009/09/14 17:26:33 | 000,053,208 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/04/07 15:23:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\RmDevice.exe
    [2009/04/07 06:32:10 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
    [2009/03/30 18:20:43 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Perso\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/07/11 15:40:12 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Smooth Strings
    [2008/07/11 15:40:12 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Perso\Application Data\Screen Savers
    [2008/07/11 15:40:12 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
    [2008/07/11 15:40:12 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Spacious
    [2008/06/16 15:15:32 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
    [2008/06/13 17:14:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcgvs.dll
    [2008/06/13 17:14:36 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\lxcgjswr.dll
    [2008/06/13 17:14:36 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\lxcginsr.dll
    [2008/06/13 17:14:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxcgcur.dll
    [2008/06/12 16:40:59 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/06/12 15:43:31 | 000,278,528 | ---- | C] () -- C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    [2008/06/05 00:45:10 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2008/06/05 00:45:08 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2008/06/05 00:45:08 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2008/06/05 00:45:08 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2008/06/05 00:45:07 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2008/06/04 18:10:07 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/06/04 18:07:21 | 002,149,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2008/06/04 17:26:36 | 000,459,664 | R--- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
    [2008/06/04 17:26:36 | 000,192,512 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
    [2008/06/04 17:22:28 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
    [2008/06/04 17:22:27 | 000,010,530 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2008/06/04 17:22:14 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2008/06/04 17:11:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/06/04 17:07:29 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2006/03/02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2006/03/02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2006/03/02 14:00:00 | 000,503,628 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
    [2006/03/02 14:00:00 | 000,435,396 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2006/03/02 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
    [2006/03/02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2006/03/02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2006/03/02 14:00:00 | 000,081,626 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
    [2006/03/02 14:00:00 | 000,068,292 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2006/03/02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2006/03/02 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
    [2006/03/02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2006/03/02 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006/03/02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2006/03/02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2006/03/02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2005/12/18 21:14:24 | 000,027,648 | ---- | C] () -- C:\WINDOWS\Alt+Q Hotkey.exe
    [2005/01/06 16:04:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\unwlsdrv.exe

    ========== LOP Check ==========

    [2011/05/14 10:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2069/06/08 17:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2008/06/16 15:15:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2010/10/18 18:34:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
    [2010/10/15 14:34:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
    [2011/03/01 11:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
    [2010/10/15 14:34:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
    [2011/06/08 12:06:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2008/07/11 15:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
    [2008/11/25 11:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2069/06/09 10:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2010/02/26 11:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
    [2069/06/08 17:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2009/03/27 17:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    [2008/07/11 15:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
    [2011/05/30 12:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2008/07/11 15:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
    [2010/02/09 16:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
    [2069/06/07 17:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2010/07/20 18:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/11 10:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/06/08 11:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2011/06/08 12:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\AVG10
    [2009/09/07 16:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\Blitware
    [2010/10/15 14:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\Canon Easy-WebPrint EX
    [2011/06/08 11:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2009/09/07 11:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\CopyTrans
    [2009/04/08 16:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\EPSON
    [2011/05/19 17:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\FileZilla
    [2010/04/14 10:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\FindeXer
    [2069/06/07 16:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\HDRsoft
    [2010/10/07 09:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\Icones
    [2008/10/08 11:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\Nikon
    [2010/06/12 15:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\Office Depot Labels Software
    [2011/03/05 19:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\TeamViewer
    [2010/02/09 16:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\WindSolutions
    [2011/05/08 02:06:00 | 000,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
    [2069/06/09 10:52:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %APPDATA%\*. >
    [2069/06/07 18:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\Adobe
    [2011/04/26 08:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\Apple Computer
    [2011/06/08 12:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\AVG10
    [2009/09/07 16:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\Blitware
    [2010/10/15 14:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\Canon Easy-WebPrint EX
    [2011/06/08 11:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2009/09/07 11:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\CopyTrans
    [2009/09/08 12:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\Download Manager
    [2009/04/08 16:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\EPSON
    [2011/05/19 17:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\FileZilla
    [2010/04/14 10:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\FindeXer
    [2010/05/14 17:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\Google
    [2069/06/07 16:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\HDRsoft
    [2010/10/07 09:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\Icones
    [2008/06/04 17:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\Identities
    [2010/10/13 11:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\InstallShield
    [2008/06/05 01:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\Macromedia
    [2011/06/08 14:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\Malwarebytes
    [2011/06/07 20:08:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Perso\Application Data\Microsoft
    [2010/03/05 14:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\Mozilla
    [2008/10/08 11:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\Nikon
    [2010/06/12 15:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\Office Depot Labels Software
    [2011/05/20 11:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\OpenOffice.org2
    [2010/10/13 11:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\Sony Corporation
    [2008/06/05 01:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\Sun
    [2011/03/05 19:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\TeamViewer
    [2010/03/10 19:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\U3
    [2010/02/09 16:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\WindSolutions
    [2069/06/09 10:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\WTablet
    [2009/09/08 17:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Perso\Application Data\Yahoo!

    < %APPDATA%\*.exe /s >
    [2011/06/08 11:07:56 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Perso\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    [2011/05/05 19:09:04 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Perso\Application Data\Microsoft\Installer\{8E125268-38C1-417E-A2F5-F8F8916D3A23}\_6FEFF9B68218417F98F549.exe
    [2011/05/05 19:09:04 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Perso\Application Data\Microsoft\Installer\{8E125268-38C1-417E-A2F5-F8F8916D3A23}\_D6EF22EBD34DCFE86C0FCD.exe
    [2008/07/11 15:39:09 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Perso\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
    [2008/07/11 15:40:33 | 000,450,560 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Perso\Application Data\Microsoft\Installer\{E9757890-7EC5-46C8-99AB-B00F07B6525C}\NewShortcut2_E97578907EC546C899ABB00F07B6525C.exe
    [2008/07/11 15:40:33 | 000,008,854 | R--- | M] () -- C:\Documents and Settings\Perso\Application Data\Microsoft\Installer\{E9757890-7EC5-46C8-99AB-B00F07B6525C}\New_Shortcut_E97578907EC546C899ABB00F07B6525C_1.exe
    [2006/09/01 15:53:32 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Perso\Application Data\U3\000017501B608E64\cleanup.exe
    [2006/10/04 14:21:22 | 003,072,000 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Perso\Application Data\U3\000017501B608E64\Launchpad Removal.exe
    [2006/10/04 14:20:22 | 004,595,712 | ---- | M] () -- C:\Documents and Settings\Perso\Application Data\U3\000017501B608E64\LaunchPad.exe
    [2007/10/23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Perso\Application Data\U3\0572900C808050E1\cleanup.exe
    [2007/10/23 09:22:56 | 003,350,528 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Perso\Application Data\U3\0572900C808050E1\Launchpad Removal.exe
    [2007/10/23 10:14:38 | 004,632,576 | ---- | M] () -- C:\Documents and Settings\Perso\Application Data\U3\0572900C808050E1\LaunchPad.exe
    [2007/10/23 09:44:48 | 000,054,584 | ---- | M] () -- C:\Documents and Settings\Perso\Application Data\U3\0572900C808050E1\U3AccessGrant.exe
    [2007/10/23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Perso\Application Data\U3\temp\cleanup.exe
    [2007/10/23 09:22:56 | 003,350,528 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\Perso\Application Data\U3\temp\Launchpad Removal.exe

    < %SYSTEMDRIVE%\*.* >
    [2011/02/17 11:08:18 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2004/06/18 14:07:33 | 000,656,542 | ---- | M] () -- C:\271_icol.dll
    [2008/06/04 17:09:51 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/12/29 18:45:25 | 000,608,256 | ---- | M] () -- C:\blackra1n.exe
    [2009/12/30 12:29:46 | 000,003,279 | ---- | M] () -- C:\blackra1n.log
    [2008/06/05 01:14:14 | 000,000,216 | RHS- | M] () -- C:\boot.ini
    [2006/03/02 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
    [2008/06/04 17:09:51 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2008/06/04 17:09:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/05/13 09:23:44 | 000,000,327 | ---- | M] () -- C:\lxcg.log
    [2008/06/13 17:14:34 | 000,000,278 | ---- | M] () -- C:\lxcgfire.csv
    [2008/06/13 17:14:52 | 000,001,004 | ---- | M] () -- C:\lxcginst.csv
    [2069/06/09 11:01:20 | 001,156,797 | ---- | M] () -- C:\lxcgscan.log
    [2008/06/04 17:09:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2006/03/02 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/06/04 18:43:56 | 000,252,240 | RHS- | M] () -- C:\ntldr
    [2004/02/29 17:44:34 | 000,052,576 | ---- | M] () -- C:\orange.bmp
    [2069/06/09 10:47:44 | 1609,564,160 | -HS- | M] () -- C:\pagefile.sys
    [2011/06/08 18:30:46 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
    [2008/06/05 01:14:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2008/06/12 16:45:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2009/07/07 17:36:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
    [2009/07/08 10:45:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
    [2009/07/09 12:45:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
    [2009/07/31 16:28:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
    [2009/07/31 16:52:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
    [2009/07/31 18:43:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
    [2009/08/07 15:59:31 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
    [2009/08/13 11:11:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
    [2009/08/13 11:16:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
    [2009/08/14 10:12:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
    [2009/08/14 14:36:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
    [2008/06/05 01:14:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2008/06/12 16:45:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2009/07/07 17:36:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2009/07/08 10:45:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2009/07/09 12:45:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2009/07/31 16:28:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2009/07/31 16:52:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2009/07/31 18:43:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2009/08/07 15:59:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2009/08/13 11:11:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2009/08/13 11:16:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2009/08/14 10:12:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2009/08/14 14:36:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/06/04 18:06:29 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2008/06/04 18:06:29 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2008/06/04 18:06:29 | 000,430,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\*.dll /lockedfiles >
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]


    < MD5 for: EXPLORER.EXE >
    [2006/03/02 14:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    [2008/04/14 04:34:03 | 001,370,624 | ---- | M] (Microsoft Corporation) MD5=78588F2C1FE8030E9535E6467F803316 -- C:\WINDOWS\explorer.exe
    [2008/04/14 04:34:03 | 001,370,624 | ---- | M] (Microsoft Corporation) MD5=78588F2C1FE8030E9535E6467F803316 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\FlyakiteOSX\Backup\explorer.exe

    < MD5 for: IEXPLORE.EXE >
    [2010/06/17 17:12:57 | 000,634,656 | ---- | M] (Microsoft Corporation) MD5=203E897F843D56496E2CC101DFF6CE34 -- C:\WINDOWS\ie7updates\KB2360131-IE7\iexplore.exe
    [2008/02/29 10:57:05 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2D0E5592AB5A46C27DAF7CCAFF4F5B59 -- C:\WINDOWS\ie7updates\KB978207-IE7\iexplore.exe
    [2008/02/29 10:57:05 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2D0E5592AB5A46C27DAF7CCAFF4F5B59 -- C:\WINDOWS\SoftwareDistribution\Download\eaa17b1d205a9fb8b12c43359acd2d18\SP2GDR\iexplore.exe
    [2006/03/02 14:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=385D1644E676C96EB07848ADA63E37FA -- C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe
    [2008/04/14 04:34:06 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=3D3C316BD1E112F3B9C532D8B9939BDC -- C:\WINDOWS\ie7\iexplore.exe
    [2011/02/14 14:17:08 | 000,411,928 | ---- | M] (Microsoft Corporation) MD5=477B8D24C6C8894CF87605741F156C67 -- C:\Program Files\Internet Explorer\iexplore.exe
    [2011/02/14 14:17:08 | 000,411,928 | ---- | M] (Microsoft Corporation) MD5=477B8D24C6C8894CF87605741F156C67 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
    [2011/02/14 14:17:08 | 000,411,928 | ---- | M] (Microsoft Corporation) MD5=477B8D24C6C8894CF87605741F156C67 -- C:\WINDOWS\system32\dllcache\iexplore.exe
    [2009/12/18 15:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=53C291F3B01EECECBD7FD358EA3ACC94 -- C:\WINDOWS\ie7updates\KB980182-IE7\iexplore.exe
    [2008/02/22 11:40:22 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=6E0888626E0CAC79F57149814E22DB4D -- C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
    [2008/02/22 11:40:22 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=6E0888626E0CAC79F57149814E22DB4D -- C:\WINDOWS\SoftwareDistribution\Download\eaa17b1d205a9fb8b12c43359acd2d18\SP2QFE\iexplore.exe
    [2010/10/18 13:07:43 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=72D1F43C4146D312B0DB6AB98C21340E -- C:\WINDOWS\ie7updates\KB2482017-IE7\iexplore.exe
    [2010/06/17 16:45:15 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B0BC6DC9C9277250C5C8F7B7A48A02CC -- C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\iexplore.exe
    [2010/04/16 13:08:29 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B24A4E23A2FEDB6976EB04D334AD82B2 -- C:\WINDOWS\$hf_mig$\KB982381-IE7\SP3QFE\iexplore.exe
    [2010/02/23 07:20:02 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B5116340B84824DDD0A641E36B126194 -- C:\WINDOWS\ie7updates\KB982381-IE7\iexplore.exe
    [2010/12/20 12:49:55 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B74CBEBA34E3CAA2CCACC87FEE8A16C0 -- C:\WINDOWS\$hf_mig$\KB2482017-IE7\SP3QFE\iexplore.exe
    [2010/04/16 13:43:25 | 000,634,656 | ---- | M] (Microsoft Corporation) MD5=C4BA5E36FB57F547117305BF1E0FE454 -- C:\WINDOWS\ie7updates\KB2183461-IE7\iexplore.exe
    [2010/02/23 07:19:59 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=C8DDA4028065D5CE39CBE7A156B72AB9 -- C:\WINDOWS\$hf_mig$\KB980182-IE7\SP3QFE\iexplore.exe
    [2009/12/18 09:00:27 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=D19E56D5930C37CF211867DF450C372A -- C:\WINDOWS\$hf_mig$\KB978207-IE7\SP3QFE\iexplore.exe
    [2010/10/18 12:36:30 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=DA6E1F0F1932B62DD2F6ED05541C555C -- C:\WINDOWS\$hf_mig$\KB2416400-IE7\SP3QFE\iexplore.exe
    [2007/08/13 18:43:56 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=DE49B348A18369B4626FBA1D49B07FB4 -- C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
    [2011/02/14 13:36:55 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=E3CC8CCF21BFDC954255BB17083FB9F0 -- C:\WINDOWS\$hf_mig$\KB2497640-IE7\SP3QFE\iexplore.exe
    [2011/02/14 14:17:08 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=E4A798DFDE7FE6E79F23548F0EF0F844 -- C:\WINDOWS\FlyakiteOSX\Backup\iexplore.exe
    [2010/08/25 13:30:33 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=E5412ED9E07C42C20C48D3FF71E6B1E8 -- C:\WINDOWS\ie7updates\KB2416400-IE7\iexplore.exe
    [2010/12/20 13:25:27 | 000,411,928 | ---- | M] (Microsoft Corporation) MD5=EDC6610613E0F1197B377E0ABD5F0D2D -- C:\WINDOWS\ie7updates\KB2497640-IE7\iexplore.exe
    [2010/08/25 13:07:58 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=F047BEB9771E45A05F425499A30F9BBA -- C:\WINDOWS\$hf_mig$\KB2360131-IE7\SP3QFE\iexplore.exe

    < MD5 for: SVCHOST.EXE >
    [2006/03/02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=2979B03D5382A602623C0535B16AB9C0 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
    [2008/04/14 04:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    [2008/04/14 04:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\system32\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2006/03/02 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2006/03/02 14:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    [2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

    < End of report >

    OTL Extras logfile created on: 09/06/2069 10:56:38 - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = D:\Mes documents\Téléchargements
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1015,17 Mb Total Physical Memory | 284,56 Mb Available Physical Memory | 28,03% Memory free
    2,40 Gb Paging File | 1,78 Gb Available in Paging File | 74,41% Paging File free
    Paging file location(s): C:\pagefile.sys 1535 7620 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 97,65 Gb Total Space | 56,22 Gb Free Space | 57,57% Space Free | Partition Type: NTFS
    Drive D: | 51,39 Gb Total Space | 27,86 Gb Free Space | 54,22% Space Free | Partition Type: NTFS

    Computer Name: JULIEN-BUREAU | User Name: Perso | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-73586283-2049760794-839522115-1004\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
    "48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSub
    a b 8 Sécurité
    9 Juin 2011 16:08:15

    Re,

    Comme dit précédemment ce genre de rapport est trop long pour le fofo, du coup j'ai pas la fin de extras.txt.

    Rappel :


    Pour les rapports, qui ont tendance à être trop longs pour le forum, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.


    Merci
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS