Sujet Précédent Sujet Suivant

Virus Desktop security 2010

Fermé
gege89 Messages postés 286 Date d'inscription vendredi 7 novembre 2008 Statut Membre Dernière intervention 8 novembre 2013 - 4 mai 2010 à 22:57
 wallphone - 6 sept. 2010 à 14:31
Je suis perdu j'ai ce virus avec l'icone en bas a droite desktop security 2010, comment retirer ce virus, merci.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52:16, on 04/05/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\DOCUME~1\JEANNE~1\LOCALS~1\Temp\uNYN.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\program files\fichiers communs\xing shared\mpeg encode\xmencmp3module.exe
C:\program files\quicktime\qtsystem\quicktimecapture.resources\pt_pt.lproj\quicktimeresourcesquicktimeresources.exe
C:\program files\fichiers communs\microsoft shared\web folders\1033\nsextintportal11.0.5510.0.exe
C:\program files\fichiers communs\real\update_ob\installer\prjmcoinstallerprjmcoinstaller.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
D:\Documents and Settings\JEANNETFOOT\Application Data\Desktop Security 2010\securitycenter.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\program files\avira\antivir desktop\avcenter.exe
c:\program files\avira\antivir desktop\avscan.exe
D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\JEANNETFOOT\Mes documents\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://C:\APPS\IE\offline\fr.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [uNYN] D:\DOCUME~1\JEANNE~1\LOCALS~1\Temp\uNYN.exe
O4 - HKLM\..\Run: [xmencmp3xmencmp3] c:\program files\fichiers communs\xing shared\mpeg encode\xmencmp3module.exe
O4 - HKLM\..\Run: [QuickTimeResourcesQuickTimeResources] c:\program files\quicktime\qtsystem\quicktimecapture.resources\pt_pt.lproj\quicktimeresourcesquicktimeresources.exe
O4 - HKLM\..\Run: [SharePointnsextint] c:\program files\fichiers communs\microsoft shared\web folders\1033\nsextintportal11.0.5510.0.exe
O4 - HKLM\..\Run: [prjMCOInstallermcoinstall] c:\program files\fichiers communs\real\update_ob\installer\prjmcoinstallerprjmcoinstaller.exe
O4 - HKLM\..\Run: [nsextintServer] C:\program files\fichiers communs\microsoft shared\web folders\1033\nsextintportal11.0.5510.0.exe
O4 - HKLM\..\RunServices: [uNYN] D:\DOCUME~1\JEANNE~1\LOCALS~1\Temp\uNYN.exe
O4 - HKLM\..\RunServices: [QuickTimeStreamingQuickTimeStreaming] c:\program files\quicktime\qtsystem\quicktimestreaming.resources\fr.lproj\quicktimestreamingenchanement.exe
O4 - HKLM\..\RunServices: [OfficeOffice] c:\program files\fichiers communs\microsoft shared\smart tag\fdatefname.exe
O4 - HKLM\..\RunServices: [SharePointPortal] C:\program files\fichiers communs\microsoft shared\web folders\1033\nsextintportal11.0.5510.0.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [2svjs9uwemo3] D:\Documents and Settings\JEANNETFOOT\Local Settings\temp\m.2E6.tmp.exe
O4 - HKCU\..\Run: [Desktop Security 2010] "D:\Documents and Settings\JEANNETFOOT\Application Data\Desktop Security 2010\Desktop Security 2010.exe" /STARTUP
O4 - HKCU\..\Run: [SecurityCenter] D:\Documents and Settings\JEANNETFOOT\Application Data\Desktop Security 2010\securitycenter.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Raccourci vers msnmsgr.lnk = C:\Program Files\MSN Messenger\msnmsgr.exe
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:
A voir également:

8 réponses

Réponse 1 / 8
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
4 mai 2010 à 23:07
Bonsoir

Ton rapport n'est pas complet

Mais commence tout de m^me par ceci

◊◊◊ Télécharge Malwarebytes ◊◊◊

Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68


♦ Installe le
♦ Lance malwarebytes
♦ Coche "Exécuter un examen complet"
♦ Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
♦ Clique sur Supprimer la sélection
♦ Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
♦ Fait copier coller et poste le rapport

Utiliser https://www.cjoint.com/ pour poster les rapports.
Merci


Ensuite

◊◊◊ Télécharge OTL sur ton Bureau. ◊◊◊

♦ Double-clique sur l'icône pour le lancer. Assure toi que toutes les autres fenêtres de Windows soient fermées et de le laisser travailler.
♦ Lorsque la fenêtre apparaît, cochez Rapport minimal sous Rapport en haut de la fenêtre.
♦ Coche les cases Recherche Lop et Recherche purity. en bas de la fenêtre:
♦ Sous la zone Personnalisation, copie/colle ceci : 

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
cdrom.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT




♦Clique sur le bouton Run Scan. Ne chance aucun paramètre si on ne te l'a pas demandé. L'analyse prendra peu de temps.
♦ Une fois l'analyse terminée, cela ouvrira deux fenêtres du Bloc-notes Windows : OTL.txt et Extras.txt. Ils sont sauvegardés au même endroit que OtL.
♦ Copie/colle (Éditer -> Sélectionner Tout, Éditer -> Copier) le contenu des deux fichiers ici, un par message stp.

0
Réponse 2 / 8
gege89 Messages postés 286 Date d'inscription vendredi 7 novembre 2008 Statut Membre Dernière intervention 8 novembre 2013 104
4 mai 2010 à 23:17
J'ai supprimé

" O4 - HKCU\..\Run: [Desktop Security 2010] "D:\Documents and Settings\JEANNETFOOT\Application Data\Desktop Security 2010\Desktop Security 2010.exe" /STARTUP
O4 - HKCU\..\Run: [SecurityCenter] D:\Documents and Settings\JEANNETFOOT\Application Data\Desktop Security 2010\securitycenter.exe "

j'ai plus le pb, mais je vais faire tes tests, ça va prendre du temps malwarebytes, pas avant minuit
0
Réponse 3 / 8
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
4 mai 2010 à 23:53
Si tu veux que t'aide je te déconseille de supprimer des choses toi même car je ne serais plus ou j'en suis et cela va devenir très difficile.

Malwarebytes va faire un premier ménages mais ils faudra bien évidemment le rapport pour surveiller ce qui vire, ensuite le diag de ton PC pour le reste des infections.

@+ :)
0
gege89 Messages postés 286 Date d'inscription vendredi 7 novembre 2008 Statut Membre Dernière intervention 8 novembre 2013 104
5 mai 2010 à 00:01
je l'ai fait avant que tu me reponds, mais la ça scan malwarebytes
0
Réponse 4 / 8
gege89 Messages postés 286 Date d'inscription vendredi 7 novembre 2008 Statut Membre Dernière intervention 8 novembre 2013 104
5 mai 2010 à 02:41
http://cjoint.com/data/ffcOWp68Ha.htm
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
5 mai 2010 à 21:16
Bonjour,

Il faut le rapport de OTL
0
Réponse 6 / 8
jojo
7 mai 2010 à 14:31
j'ai reussi avec ad-aware, il faut trouver ou se trouve le dossier,

C:\Documents and Settings\propriaitaire\Application Data\desktop security 2010

clic droit, analyse avec ad-aware, ensuite mettre le tout a la corbeille.

bon surf bye!
0
Réponse 7 / 8
wallphone
6 sept. 2010 à 14:22
OTL logfile created on: 06/09/2010 13:59:20 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

991,00 Mb Total Physical Memory | 264,00 Mb Available Physical Memory | 27,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 17,43 Gb Free Space | 46,77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SERVEUR
Current User Name: Serveur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========/color

PRC - C:\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Serveur\Local Settings\Temp\Google Toolbar\gtb176.tmp.exe (Google Inc.)
PRC - C:\MOBILYSIM\MOBILYNE\MeR_me_PcRetailer.exe (MOBILYSIM)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\epson\EpsonCustomerResearchParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe (Yahoo! Inc.)
PRC - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Data-Concept\Cyberlux Serveur 7 Fusion\Cyberlux.exe (Data-Concept)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\MOBILYSIM\MOBILYNE\MeR_me_PcRetailer_Launcher.exe (MOBILYSIM)
PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\CL10 Evolution\CL10W.exe (Jusan S.A.)
PRC - C:\Program Files\CL10 Evolution\CL10AudioCodes.exe (Jusan S.A.)
PRC - C:\Program Files\Hercules\Deluxe Optical Glass\CamService.exe (Guillemot Corporation S.A.)
PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


[color=#E56717]========== Modules (SafeList) ==========/color

MOD - C:\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll (RealPlayer)
MOD - C:\WINDOWS\system32\msvcp71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========/color

SRV - (MySQLS1) -- E:\UniServer\usr\local\mysql\bin\mysqld-opt.exe File not found
SRV - (ApacheS1) -- E:\UniServer\usr\local\apache2\bin\Apache.exe File not found
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (EpsonCustomerResearchParticipation) -- C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (MDM) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========/color

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (hwinterface) -- C:\WINDOWS\system32\drivers\hwinterface.sys (Buzz)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\WINDOWS\system32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\WINDOWS\system32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\WINDOWS\system32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\WINDOWS\system32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\WINDOWS\system32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\WINDOWS\system32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (camfilt2) -- C:\WINDOWS\system32\drivers\camfilt2.sys (Guillemot Corporation)
DRV - (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksusb) -- C:\WINDOWS\system32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV - (akshasp) -- C:\WINDOWS\system32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (seckeys) -- C:\WINDOWS\System32\drivers\SECKEYS.sys ()


[color=#E56717]========== Standard Registry (SafeList) ==========/color


[color=#E56717]========== Internet Explorer ==========/color

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ftp://ftp.mobilysim.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========/color

FF - prefs.js..browser.startup.homepage: "https://www.google.fr/?gws_rd=ssl"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/30 11:31:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/22 12:16:20 | 000,000,000 | ---D | M]

[2009/12/26 11:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Serveur\Application Data\Mozilla\Extensions
[2010/08/29 19:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Serveur\Application Data\Mozilla\Firefox\Profiles\ef1drq3p.default\extensions
[2009/12/27 10:54:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Serveur\Application Data\Mozilla\Firefox\Profiles\ef1drq3p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/26 11:50:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/22 12:16:12 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/08/22 12:16:12 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/08/22 12:16:12 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/08/22 12:16:12 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/08/22 12:16:12 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2001/10/02 18:16:28 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CamserviceDeluxe2] C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe (Guillemot Corporation S.A.)
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Desktop Security] C:\Documents and Settings\Serveur\Application Data\Desktop Security\Desktop Security 2010.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunServices: [0.9820823744860736] c:\docume~1\serveur\locals~1\temp\0.9820823744860736.exe File not found
O4 - HKLM..\RunServices: [GRDPCr2KissDNDecoder] c:\program files\epson software\easy photo print\imgplugin\cameraplugin2\p0000011\genericepson.exe File not found
O4 - HKLM..\RunServices: [GRDPE1Decoder] c:\program files\epson software\easy photo print\imgplugin\cameraplugin2\p0000003\genericgrdpe12.0.2.0.exe File not found
O4 - HKLM..\RunServices: [MicrosoftRMicrosoftR] c:\program files\fichiers communs\microsoft shared\office11\1033\msxml5rmsxml.exe File not found
O4 - HKLM..\RunServices: [nouvelleConnexion] c:\program files\microsoft office\office10\1036\dataservices\connexiondonnes.exe File not found
O4 - HKLM..\RunServices: [QuickTimeQuickTime] c:\program files\quicktime\qtsystem\quicktime.resources\ru.lproj\quicktimequicktime.exe File not found
O4 - HKLM..\RunServices: [QuickTimeResourcesQuickTimeResources] c:\program files\quicktime\qtsystem\quicktimeimage.resources\zh_tw.lproj\quicktimeresourcesquicktimeresources.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Intranet local)
O15 - HKCU\..Trusted Ranges: GD ([http] in Intranet local)
O16 - DPF: {50DC58D0-C870-4BE6-BC41-971ED2D5F022} http://www.super-messenger.fr/tab/HookWlmEx.cab (HookWlmEx Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\google\google~3\goec62~1.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Serveur\ctfmon.exe) - C:\Documents and Settings\Serveur\ctfmon.exe File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - .rnd ()
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/19 01:34:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0b88cfce-f204-11de-b2a9-00b0c40088fa}\Shell - "" = AutoRun
O33 - MountPoints2\{0c0e1e32-5277-11de-b1ce-00b0c40088fa}\Shell\AutoRun\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{0c0e1e32-5277-11de-b1ce-00b0c40088fa}\Shell\explore\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{0c0e1e32-5277-11de-b1ce-00b0c40088fa}\Shell\open\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{1c28e705-22c4-11df-b2ec-00b0c40088fa}\Shell - "" = AutoRun
O33 - MountPoints2\{41666d59-438d-11de-b1ba-00b0c40088fa}\Shell\AutoRun\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{41666d59-438d-11de-b1ba-00b0c40088fa}\Shell\explore\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{41666d59-438d-11de-b1ba-00b0c40088fa}\Shell\open\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{4e1fc612-7834-11de-b206-00b0c40088fa}\Shell - "" = AutoRun
O33 - MountPoints2\{4e1fc612-7834-11de-b206-00b0c40088fa}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5c8a46ed-b26e-11de-b252-00b0c40088fa}\Shell\AutoRun\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{5c8a46ed-b26e-11de-b252-00b0c40088fa}\Shell\OpEN\cOMMaND - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{5e505134-d030-11dd-b0fd-00b0c40088fa}\Shell\AutoRun\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{5e505134-d030-11dd-b0fd-00b0c40088fa}\Shell\explore\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{5e505134-d030-11dd-b0fd-00b0c40088fa}\Shell\open\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{65828834-9a22-11de-b233-00b0c40088fa}\Shell - "" = AutoRun
O33 - MountPoints2\{7a0ab12c-4ecd-11df-b32c-00b0c40088fa}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{7a0ab12c-4ecd-11df-b32c-00b0c40088fa}\Shell\open\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{809dc3d1-194b-11df-b2e0-00b0c40088fa}\Shell - "" = AutoRun
O33 - MountPoints2\{809dc3d2-194b-11df-b2e0-00b0c40088fa}\Shell - "" = AutoRun
O33 - MountPoints2\{9395b562-b59c-11de-b256-00b0c40088fa}\Shell\AutoRun\command - "" = E:\EmDesk.exe -- File not found
O33 - MountPoints2\{9395b562-b59c-11de-b256-00b0c40088fa}\Shell\EmDesk\command - "" = E:\EmDesk.exe -- File not found
O33 - MountPoints2\{9a5f71c2-5a9b-11df-b33c-00b0c40088fa}\Shell\AutoRun\command - "" = E:\UDRI\\\\\MUJO.exe -- File not found
O33 - MountPoints2\{9a5f71c2-5a9b-11df-b33c-00b0c40088fa}\Shell\explore\command - "" = E:\UDRI\\\\\\MUJO.exe -- File not found
O33 - MountPoints2\{9a5f71c2-5a9b-11df-b33c-00b0c40088fa}\Shell\open\command - "" = E:\UDRI\\\\\\MUJO.exe -- File not found
O33 - MountPoints2\{9cf38558-39b8-11df-b30f-00b0c40088fa}\Shell - "" = AutoRun
O33 - MountPoints2\{aa7c2b38-30e5-11df-b302-00b0c40088fa}\Shell\AutoRun\command - "" = E:\k1d.exe -- File not found
O33 - MountPoints2\{aa7c2b38-30e5-11df-b302-00b0c40088fa}\Shell\open\Command - "" = E:\k1d.exe -- File not found
O33 - MountPoints2\{af8c397a-a079-11df-b398-00b0c40088fa}\Shell\AutoRun\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{af8c397a-a079-11df-b398-00b0c40088fa}\Shell\open\Command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{b63d21eb-ab58-11de-b249-00b0c40088fa}\Shell\AutoRun\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{b63d21eb-ab58-11de-b249-00b0c40088fa}\Shell\explore\Command - "" = C:\WINDOWS\explorer.exe -- [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{b63d21eb-ab58-11de-b249-00b0c40088fa}\Shell\help\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{b63d21eb-ab58-11de-b249-00b0c40088fa}\Shell\install\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{b63d21eb-ab58-11de-b249-00b0c40088fa}\Shell\Open\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{b63d21eb-ab58-11de-b249-00b0c40088fa}\Shell\readme\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{b63d21eb-ab58-11de-b249-00b0c40088fa}\Shell\Run\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{b63d21eb-ab58-11de-b249-00b0c40088fa}\Shell\uninstall\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{bdc13ac2-37e5-11df-b30d-00b0c40088fa}\Shell\AutoRun\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{bdc13ac2-37e5-11df-b30d-00b0c40088fa}\Shell\explore\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{bdc13ac2-37e5-11df-b30d-00b0c40088fa}\Shell\open\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{d91764f2-b369-11df-b3b0-00b0c40088fa}\Shell - "" = AutoRun
O33 - MountPoints2\{d91764f2-b369-11df-b3b0-00b0c40088fa}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{dff3a030-ce94-11dd-b0f6-00b0c40088fa}\Shell - "" = AutoRun
O33 - MountPoints2\{dff3a030-ce94-11dd-b0f6-00b0c40088fa}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e426fc3b-da69-11de-b28a-00b0c40088fa}\Shell - "" = AutoRun
O33 - MountPoints2\{e54fff70-80d2-11de-b212-00b0c40088fa}\Shell\AutoRun\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{e54fff70-80d2-11de-b212-00b0c40088fa}\Shell\open\Command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{fa346c34-ac03-11de-b24a-00b0c40088fa}\Shell - "" = AutoRun
O33 - MountPoints2\{fc8dca9b-20ff-11de-b18c-00b0c40088fa}\Shell\AuToPlAy\cOmmaND - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{fc8dca9b-20ff-11de-b18c-00b0c40088fa}\Shell\AutoRun\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{fc8dca9b-20ff-11de-b18c-00b0c40088fa}\Shell\ExPLoRe\COmmaNd - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{fc8dca9b-20ff-11de-b18c-00b0c40088fa}\Shell\oPEN\commANd - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{fea8f6cf-90b2-11df-b384-00b0c40088fa}\Shell\AutoRun\command - "" = E:\EmDesk.exe -- File not found
O33 - MountPoints2\{fea8f6cf-90b2-11df-b384-00b0c40088fa}\Shell\EmDesk\command - "" = E:\EmDesk.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Unable to start service SrService!

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

[2010/09/06 13:56:41 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2010/09/06 11:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Serveur\Application Data\Malwarebytes
[2010/09/06 11:56:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/06 11:56:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/06 11:56:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/06 11:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/06 11:29:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/09/06 11:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Serveur\Bureau\lyne v1
[2010/09/04 18:23:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Serveur\Application Data\Desktop Security
[2008/12/19 02:13:20 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2008/12/19 02:13:20 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========/color

[2010/09/06 14:02:10 | 000,003,471 | ---- | M] () -- C:\WINDOWS\CL102K.INI
[2010/09/06 13:54:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2010/09/06 13:46:09 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\oksyx.sys
[2010/09/06 13:27:14 | 000,001,041 | ---- | M] () -- C:\WINDOWS\COSTE2.INI
[2010/09/06 13:14:02 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-884357618-682003330-1003UA.job
[2010/09/06 12:25:24 | 000,001,876 | ---- | M] () -- C:\WINDOWS\COSTE1.INI
[2010/09/06 11:57:39 | 000,000,900 | ---- | M] () -- C:\WINDOWS\COSTE3.INI
[2010/09/06 11:57:00 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/09/06 11:44:00 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mobilyne.lnk
[2010/09/06 11:24:54 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Serveur\NTUSER.DAT
[2010/09/06 09:50:38 | 000,000,032 | ---- | M] () -- C:\WINDOWS\JUSLNG.INI
[2010/09/06 09:05:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/06 09:01:46 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/06 09:00:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/06 09:00:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/05 22:05:14 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\Serveur\ntuser.ini
[2010/09/05 22:05:01 | 029,682,304 | -H-- | M] () -- C:\Documents and Settings\Serveur\Local Settings\Application Data\IconCache.db
[2010/09/05 14:14:00 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-884357618-682003330-1003Core.job
[2010/09/03 17:55:49 | 000,063,181 | ---- | M] () -- C:\Documents and Settings\Serveur\Bureau\32452_135776676433185_100000025611065_390633_3944468_n.jpg
[2010/08/27 11:11:34 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Serveur\Mes documents\classeur.xls
[2010/08/21 09:14:29 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Serveur\Bureau\Google Chrome.lnk
[2010/08/21 09:14:29 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Serveur\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/16 13:40:23 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Serveur\Mes documents\semaine.xls
[2010/08/14 09:00:42 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 22:12:42 | 000,000,584 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/13 22:11:15 | 001,059,530 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 22:11:15 | 000,503,988 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/08/13 22:11:15 | 000,435,710 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/13 22:11:15 | 000,081,974 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/08/13 22:11:15 | 000,068,606 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========/color

[2010/09/06 13:46:09 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\oksyx.sys
[2010/09/06 11:57:00 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/09/06 11:28:38 | 000,002,287 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mobilyne.lnk
[2010/09/03 17:56:37 | 000,063,181 | ---- | C] () -- C:\Documents and Settings\Serveur\Bureau\32452_135776676433185_100000025611065_390633_3944468_n.jpg
[2010/08/27 10:44:06 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Serveur\Mes documents\classeur.xls
[2009/07/15 11:08:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\INPOUT32.DLL
[2009/07/15 11:08:15 | 000,003,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\SECKEYS.sys
[2009/07/15 11:02:18 | 000,003,471 | ---- | C] () -- C:\WINDOWS\CL102K.INI
[2009/05/06 12:14:19 | 000,000,076 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2009/05/06 12:14:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2009/04/27 14:43:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/04/27 14:42:05 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEBX300DEFGIPS.ini
[2009/04/15 10:50:24 | 000,000,311 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini
[2009/04/13 12:35:27 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2009/04/13 12:35:27 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2009/01/16 20:40:23 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Serveur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/14 13:39:27 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2008/12/19 19:03:42 | 000,001,244 | ---- | C] () -- C:\WINDOWS\COSTE4.INI
[2008/12/19 18:22:26 | 000,001,251 | ---- | C] () -- C:\WINDOWS\COSTE5.INI
[2008/12/19 16:47:44 | 000,000,900 | ---- | C] () -- C:\WINDOWS\COSTE3.INI
[2008/12/19 16:33:39 | 000,001,876 | ---- | C] () -- C:\WINDOWS\COSTE1.INI
[2008/12/19 16:30:46 | 000,001,041 | ---- | C] () -- C:\WINDOWS\COSTE2.INI
[2008/12/19 02:25:28 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/19 02:13:20 | 000,015,478 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2008/12/19 02:01:00 | 000,000,032 | ---- | C] () -- C:\WINDOWS\JUSLNG.INI
[2008/12/19 01:51:59 | 000,000,052 | ---- | C] () -- C:\WINDOWS\WIN32C.INI
[2008/12/19 01:51:54 | 000,001,122 | ---- | C] () -- C:\WINDOWS\CYBERLUX.INI
[2008/12/19 01:01:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll

[color=#E56717]========== LOP Check ==========/color

[2009/07/15 10:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/04/27 14:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/04/02 10:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2008/12/19 02:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/01/02 15:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/04/27 14:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/01/02 15:47:54 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/09/06 11:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Serveur\Application Data\Desktop Security
[2009/12/23 14:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Serveur\Application Data\EPSON
[2010/02/10 14:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Serveur\Application Data\Facebook
[2009/11/14 16:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Serveur\Application Data\live-player
[2010/02/05 14:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Serveur\Application Data\TeamViewer
[2009/01/02 15:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Serveur\Application Data\TuneUp Software
[2008/12/21 21:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Serveur\Application Data\uTorrent
[2009/01/30 21:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Serveur\Application Data\Windows Live Writer
[2010/09/06 09:05:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[color=#E56717]========== Purity Check ==========/color



[color=#E56717]========== Custom Scans ==========/color


[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >/color
[2010/09/06 13:54:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\OTL.exe


[color=#A23BEC]< MD5 for: AGP440.SYS >/color
[2006/01/09 13:34:20 | 022,340,735 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/21 14:54:12 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/12/21 14:54:12 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >/color
[2006/01/09 13:34:20 | 022,340,735 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/21 14:54:12 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/12/21 14:54:12 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >/color
[2006/01/09 13:34:20 | 022,340,735 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008/12/21 14:54:12 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008/12/21 14:54:12 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004/08/03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >/color
[2004/08/19 16:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NETLOGON.DLL >/color
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/19 16:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[color=#A23BEC]< MD5 for: SCECLI.DLL >/color
[2004/08/19 16:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

[color=#A23BEC]< %systemroot%\*. /mp /s >/color
< End of report >
0
Réponse 8 / 8
wallphone
6 sept. 2010 à 14:31
bonjour ep44
j'ai suivi ttes les etapes et voila ce ke je trouve
avec un grand merci
OTL logfile created on: 06/09/2010 13:59:20 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

991,00 Mb Total Physical Memory | 264,00 Mb Available Physical Memory | 27,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 17,43 Gb Free Space | 46,77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SERVEUR
Current User Name: Serveur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Serveur\Local Settings\Temp\Google Toolbar\gtb176.tmp.exe (Google Inc.)
PRC - C:\MOBILYSIM\MOBILYNE\MeR_me_PcRetailer.exe (MOBILYSIM)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\epson\EpsonCustomerResearchParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe (Yahoo! Inc.)
PRC - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Data-Concept\Cyberlux Serveur 7 Fusion\Cyberlux.exe (Data-Concept)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\MOBILYSIM\MOBILYNE\MeR_me_PcRetailer_Launcher.exe (MOBILYSIM)
PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\CL10 Evolution\CL10W.exe (Jusan S.A.)
PRC - C:\Program Files\CL10 Evolution\CL10AudioCodes.exe (Jusan S.A.)
PRC - C:\Program Files\Hercules\Deluxe Optical Glass\CamService.exe (Guillemot Corporation S.A.)
PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll (RealPlayer)
MOD - C:\WINDOWS\system32\msvcp71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (MySQLS1) -- E:\UniServer\usr\local\mysql\bin\mysqld-opt.exe File not found
SRV - (ApacheS1) -- E:\UniServer\usr\local\apache2\bin\Apache.exe File not found
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (EpsonCustomerResearchParticipation) -- C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (MDM) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (hwinterface) -- C:\WINDOWS\system32\drivers\hwinterface.sys (Buzz)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\WINDOWS\system32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\WINDOWS\system32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\WINDOWS\system32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\WINDOWS\system32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\WINDOWS\system32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\WINDOWS\system32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (camfilt2) -- C:\WINDOWS\system32\drivers\camfilt2.sys (Guillemot Corporation)
DRV - (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksusb) -- C:\WINDOWS\system32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV - (akshasp) -- C:\WINDOWS\system32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (seckeys) -- C:\WINDOWS\System32\drivers\SECKEYS.sys ()


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ftp://ftp.mobilysim.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "https://www.google.fr/?gws_rd=ssl"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/30 11:31:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/22 12:16:20 | 000,000,000 | ---D | M]

[2009/12/26 11:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Serveur\Application Data\Mozilla\Extensions
[2010/08/29 19:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Serveur\Application Data\Mozilla\Firefox\Profiles\ef1drq3p.default\extensions
[2009/12/27 10:54:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Serveur\Application Data\Mozilla\Firefox\Profiles\ef1drq3p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/26 11:50:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/22 12:16:12 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/08/22 12:16:12 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/08/22 12:16:12 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/08/22 12:16:12 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/08/22 12:16:12 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2001/10/02 18:16:28 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CamserviceDeluxe2] C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe (Guillemot Corporation S.A.)
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Desktop Security] C:\Documents and Settings\Serveur\Application Data\Desktop Security\Desktop Security 2010.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunServices: [0.9820823744860736] c:\docume~1\serveur\locals~1\temp\0.9820823744860736.exe File not found
O4 - HKLM..\RunServices: [GRDPCr2KissDNDecoder] c:\program files\epson software\easy photo print\imgplugin\cameraplugin2\p0000011\genericepson.exe File not found
O4 - HKLM..\RunServices: [GRDPE1Decoder] c:\program files\epson software\easy photo print\imgplugin\cameraplugin2\p0000003\genericgrdpe12.0.2.0.exe File not found
O4 - HKLM..\RunServices: [MicrosoftRMicrosoftR] c:\program files\fichiers communs\microsoft shared\office11\1033\msxml5rmsxml.exe File not found
O4 - HKLM..\RunServices: [nouvelleConnexion] c:\program files\microsoft office\office10\1036\dataservices\connexiondonnes.exe File not found
O4 - HKLM..\RunServices: [QuickTimeQuickTime] c:\program files\quicktime\qtsystem\quicktime.resources\ru.lproj\quicktimequicktime.exe File not found
O4 - HKLM..\RunServices: [QuickTimeResourcesQuickTimeResources] c:\program files\quicktime\qtsystem\quicktimeimage.resources\zh_tw.lproj\quicktimeresourcesquicktimeresources.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Intranet local)
O15 - HKCU\..Trusted Ranges: GD ([http] in Intranet local)
O16 - DPF: {50DC58D0-C870-4BE6-BC41-971ED2D5F022} http://www.super-messenger.fr/tab/HookWlmEx.cab (HookWlmEx Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\google\google~3\goec62~1.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Serveur\ctfmon.exe) - C:\Documents and Settings\Serveur\ctfmon.exe File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - .rnd ()
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/19 01:34:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0b88cfce-f204-11de-b2a9-00b0c40088fa}\Shell - "" = AutoRun
O33 - MountPoints2\{0c0e1e32-5277-11de-b1ce-00b0c40088fa}\Shell\AutoRun\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{0c0e1e32-5277-11de-b1ce-00b0c40088fa}\Shell\explore\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{0c0e1e32-5277-11de-b1ce-00b0c40088fa}\Shell\open\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{1c28e705-22c4-11df-b2ec-00b0c40088fa}\Shell - "" = AutoRun
O33 - MountPoints2\{41666d59-438d-11de-b1ba-00b0c40088fa}\Shell\AutoRun\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{41666d59-438d-11de-b1ba-00b0c40088fa}\Shell\explore\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{41666d59-438d-11de-b1ba-00b0c40088fa}\Shell\open\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{4e1fc612-7834-11de-b206-00b0c40088fa}\Shell - "" = AutoRun
O33 - MountPoints2\{4e1fc612-7834-11de-b206-00b0c40088fa}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5c8a46ed-b26e-11de-b252-00b0c40088fa}\Shell\AutoRun\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{5c8a46ed-b26e-11de-b252-00b0c40088fa}\Shell\OpEN\cOMMaND - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{5e505134-d030-11dd-b0fd-00b0c40088fa}\Shell\AutoRun\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{5e505134-d030-11dd-b0fd-00b0c40088fa}\Shell\explore\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{5e505134-d030-11dd-b0fd-00b0c40088fa}\Shell\open\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{65828834-9a22-11de-b233-00b0c40088fa}\Shell - "" = AutoRun
O33 - MountPoints2\{7a0ab12c-4ecd-11df-b32c-00b0c40088fa}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{7a0ab12c-4ecd-11df-b32c-00b0c40088fa}\Shell\open\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{809dc3d1-194b-11df-b2e0-00b0c40088fa}\Shell - "" = AutoRun
O33 - MountPoints2\{809dc3d2-194b-11df-b2e0-00b0c40088fa}\Shell - "" = AutoRun
O33 - MountPoints2\{9395b562-b59c-11de-b256-00b0c40088fa}\Shell\AutoRun\command - "" = E:\EmDesk.exe -- File not found
O33 - MountPoints2\{9395b562-b59c-11de-b256-00b0c40088fa}\Shell\EmDesk\command - "" = E:\EmDesk.exe -- File not found
O33 - MountPoints2\{9a5f71c2-5a9b-11df-b33c-00b0c40088fa}\Shell\AutoRun\command - "" = E:\UDRI\\\\\MUJO.exe -- File not found
O33 - MountPoints2\{9a5f71c2-5a9b-11df-b33c-00b0c40088fa}\Shell\explore\command - "" = E:\UDRI\\\\\\MUJO.exe -- File not found
O33 - MountPoints2\{9a5f71c2-5a9b-11df-b33c-00b0c40088fa}\Shell\open\command - "" = E:\UDRI\\\\\\MUJO.exe -- File not found
O33 - MountPoints2\{9cf38558-39b8-11df-b30f-00b0c40088fa}\Shell - "" = AutoRun
O33 - MountPoints2\{aa7c2b38-30e5-11df-b302-00b0c40088fa}\Shell\AutoRun\command - "" = E:\k1d.exe -- File not found
O33 - MountPoints2\{aa7c2b38-30e5-11df-b302-00b0c40088fa}\Shell\open\Command - "" = E:\k1d.exe -- File not found
O33 - MountPoints2\{af8c397a-a079-11df-b398-00b0c40088fa}\Shell\AutoRun\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{af8c397a-a079-11df-b398-00b0c40088fa}\Shell\open\Command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{b63d21eb-ab58-11de-b249-00b0c40088fa}\Shell\AutoRun\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{b63d21eb-ab58-11de-b249-00b0c40088fa}\Shell\explore\Command - "" = C:\WINDOWS\explorer.exe -- [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{b63d21eb-ab58-11de-b249-00b0c40088fa}\Shell\help\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{b63d21eb-ab58-11de-b249-00b0c40088fa}\Shell\install\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{b63d21eb-ab58-11de-b249-00b0c40088fa}\Shell\Open\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{b63d21eb-ab58-11de-b249-00b0c40088fa}\Shell\readme\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{b63d21eb-ab58-11de-b249-00b0c40088fa}\Shell\Run\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{b63d21eb-ab58-11de-b249-00b0c40088fa}\Shell\uninstall\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{bdc13ac2-37e5-11df-b30d-00b0c40088fa}\Shell\AutoRun\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{bdc13ac2-37e5-11df-b30d-00b0c40088fa}\Shell\explore\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{bdc13ac2-37e5-11df-b30d-00b0c40088fa}\Shell\open\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{d91764f2-b369-11df-b3b0-00b0c40088fa}\Shell - "" = AutoRun
O33 - MountPoints2\{d91764f2-b369-11df-b3b0-00b0c40088fa}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{dff3a030-ce94-11dd-b0f6-00b0c40088fa}\Shell - "" = AutoRun
O33 - MountPoints2\{dff3a030-ce94-11dd-b0f6-00b0c40088fa}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e426fc3b-da69-11de-b28a-00b0c40088fa}\Shell - "" = AutoRun
O33 - MountPoints2\{e54fff70-80d2-11de-b212-00b0c40088fa}\Shell\AutoRun\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{e54fff70-80d2-11de-b212-00b0c40088fa}\Shell\open\Command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{fa346c34-ac03-11de-b24a-00b0c40088fa}\Shell - "" = AutoRun
O33 - MountPoints2\{fc8dca9b-20ff-11de-b18c-00b0c40088fa}\Shell\AuToPlAy\cOmmaND - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{fc8dca9b-20ff-11de-b18c-00b0c40088fa}\Shell\AutoRun\command - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{fc8dca9b-20ff-11de-b18c-00b0c40088fa}\Shell\ExPLoRe\COmmaNd - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{fc8dca9b-20ff-11de-b18c-00b0c40088fa}\Shell\oPEN\commANd - "" = .rnd -- [2010/04/02 10:20:54 | 000,001,024 | ---- | M] ()
O33 - MountPoints2\{fea8f6cf-90b2-11df-b384-00b0c40088fa}\Shell\AutoRun\command - "" = E:\EmDesk.exe -- File not found
O33 - MountPoints2\{fea8f6cf-90b2-11df-b384-00b0c40088fa}\Shell\EmDesk\command - "" = E:\EmDesk.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Unable to start service SrService!

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/09/06 13:56:41 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2010/09/06 11:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Serveur\Application Data\Malwarebytes
[2010/09/06 11:56:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/06 11:56:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/06 11:56:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/06 11:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/06 11:29:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/09/06 11:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Serveur\Bureau\lyne v1
[2010/09/04 18:23:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Serveur\Application Data\Desktop Security
[2008/12/19 02:13:20 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2008/12/19 02:13:20 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/09/06 14:02:10 | 000,003,471 | ---- | M] () -- C:\WINDOWS\CL102K.INI
[2010/09/06 13:54:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2010/09/06 13:46:09 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\oksyx.sys
[2010/09/06 13:27:14 | 000,001,041 | ---- | M] () -- C:\WINDOWS\COSTE2.INI
[2010/09/06 13:14:02 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-884357618-682003330-1003UA.job
[2010/09/06 12:25:24 | 000,001,876 | ---- | M] () -- C:\WINDOWS\COSTE1.INI
[2010/09/06 11:57:39 | 000,000,900 | ---- | M] () -- C:\WINDOWS\COSTE3.INI
[2010/09/06 11:57:00 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/09/06 11:44:00 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mobilyne.lnk
[2010/09/06 11:24:54 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Serveur\NTUSER.DAT
[2010/09/06 09:50:38 | 000,000,032 | ---- | M] () -- C:\WINDOWS\JUSLNG.INI
[2010/09/06 09:05:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/06 09:01:46 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/06 09:00:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/06 09:00:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/05 22:05:14 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\Serveur\ntuser.ini
[2010/09/05 22:05:01 | 029,682,304 | -H-- | M] () -- C:\Documents and Settings\Serveur\Local Settings\Application Data\IconCache.db
[2010/09/05 14:14:00 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-884357618-682003330-1003Core.job
[2010/09/03 17:55:49 | 000,063,181 | ---- | M] () -- C:\Documents and Settings\Serveur\Bureau\32452_135776676433185_100000025611065_390633_3944468_n.jpg
[2010/08/27 11:11:34 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Serveur\Mes documents\classeur.xls
[2010/08/21 09:14:29 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Serveur\Bureau\Google Chrome.lnk
[2010/08/21 09:14:29 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Serveur\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/16 13:40:23 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Serveur\Mes documents\semaine.xls
[2010/08/14 09:00:42 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 22:12:42 | 000,000,584 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/13 22:11:15 | 001,059,530 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 22:11:15 | 000,503,988 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/08/13 22:11:15 | 000,435,710 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/13 22:11:15 | 000,081,974 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/08/13 22:11:15 | 000,068,606 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/09/06 13:46:09 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\oksyx.sys
[2010/09/06 11:57:00 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/09/06 11:28:38 | 000,002,287 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mobilyne.lnk
[2010/09/03 17:56:37 | 000,063,181 | ---- | C] () -- C:\Documents and Settings\Serveur\Bureau\32452_135776676433185_100000025611065_390633_3944468_n.jpg
[2010/08/27 10:44:06 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Serveur\Mes documents\classeur.xls
[2009/07/15 11:08:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\INPOUT32.DLL
[2009/07/15 11:08:15 | 000,003,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\SECKEYS.sys
[2009/07/15 11:02:18 | 000,003,471 | ---- | C] () -- C:\WINDOWS\CL102K.INI
[2009/05/06 12:14:19 | 000,000,076 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2009/05/06 12:14:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2009/04/27 14:43:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/04/27 14:42:05 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEBX300DEFGIPS.ini
[2009/04/15 10:50:24 | 000,000,311 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini
[2009/04/13 12:35:27 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2009/04/13 12:35:27 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2009/01/16 20:40:23 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Serveur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/14 13:39:27 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2008/12/19 19:03:42 | 000,001,244 | ---- | C] () -- C:\WINDOWS\COSTE4.INI
[2008/12/19 18:22:26 | 000,001,251 | ---- | C] () -- C:\WINDOWS\COSTE5.INI
[2008/12/19 16:47:44 | 000,000,900 | ---- | C] () -- C:\WINDOWS\COSTE3.INI
[2008/12/19 16:33:39 | 000,001,876 | ---- | C] () -- C:\WINDOWS\COSTE1.INI
[2008/12/19 16:30:46 | 000,001,041 | ---- | C] () -- C:\WINDOWS\COSTE2.INI
[2008/12/19 02:25:28 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/19 02:13:20 | 000,015,478 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2008/12/19 02:01:00 | 000,000,032 | ---- | C] () -- C:\WINDOWS\JUSLNG.INI
[2008/12/19 01:51:59 | 000,000,052 | ---- | C] () -- C:\WINDOWS\WIN32C.INI
[2008/12/19 01:51:54 | 000,001,122 | ---- | C] () -- C:\WINDOWS\CYBERLUX.INI
[2008/12/19 01:01:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll

[color=#E56717]========== LOP Check ==========[/color]

[2009/07/15 10:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/04/27 14:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/04/02 10:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2008/12/19 02:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/01/02 15:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/04/27 14:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/01/02 15:47:54 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/09/06 11:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Serveur\Application Data\Desktop Security
[2009/12/23 14:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Serveur\Application Data\EPSON
[2010/02/10 14:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Serveur\Application Data\Facebook
[2009/11/14 16:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Serveur\Application Data\live-player
[2010/02/05 14:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Serveur\Application Data\TeamViewer
[2009/01/02 15:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Serveur\Application Data\TuneUp Software
[2008/12/21 21:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Serveur\Application Data\uTorrent
[2009/01/30 21:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Serveur\Application Data\Windows Live Writer
[2010/09/06 09:05:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2010/09/06 13:54:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\OTL.exe


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2006/01/09 13:34:20 | 022,340,735 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/21 14:54:12 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/12/21 14:54:12 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2006/01/09 13:34:20 | 022,340,735 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/21 14:54:12 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/12/21 14:54:12 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2006/01/09 13:34:20 | 022,340,735 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008/12/21 14:54:12 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008/12/21 14:54:12 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004/08/03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2004/08/19 16:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/19 16:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2004/08/19 16:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
< End of report >




le 2 eme et un peu plus haut
merci
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Boîte mail piratée ?
mike the llama -
mike the llama -

4 réponses
Code de réinitialisation mdp facebook sans le demander
Colonel_El_Moustachat -
Colonel_El_Moustachat -

4 réponses
Security boot fail lors du démarrage
Steu -
NBK -

4 réponses
Analyse de l'appli "AI SECURITY"
cl06 -
CCMBot -

1 réponse