Bugs suspects

Drakkars -  
 gen-hackman -
Bonjour,
Salut à tous,

Mon PC bug de plus en plus.
Constamment quand j'ouvre une PJ d'un Email
De plus en plus en consultation Internet
Aurais je chopé un virus ???
Si oui comment faire pour s'en débarrasser ?
J'ai pourtant un anti virus ?????
Merci à ceux qui pourraient m'aider.

HC
Configuration: Windows XP Internet Explorer 7.0

8 réponses

  1. gen-hackman
     
    salut :

    Salut,

    commences par ceci pour voir ce qu'il en est,avoir un diagnostic précis et donc repérer les infections possibles et les neutraliser:

    Télécharges et installes le logiciel de diagnostic :

    ici Hijackthis
    ou ici Hijackthis
    ou ici Hijackthis

    1- Cliques sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation .
    A la fin de l'installe , le prg ce lance automatiquement : fermes le en cliquant sur la croix rouge .
    Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
    "C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

    tuto pour utilisation :(merci balltrap34)
    Regardes ici, c'est parfaitement expliqué en images ,

    2- !! Déconnectes toi et fermes toute tes applications en cours !!

    Cliques sur le raccourci du bureau pour lancer le prg :

    S'il ne se lance pas clique ici

    fais un scan HijackThis en cliquant sur : "Do a system scan and save a logfile"

    --->copies-colles le rapport généré pour analyse
    0
    1. Drakkars
       
      Merci beaucoup de m'aider.
      Je pense avoir fait comme tu m'as expliqué.

      HC

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:57:43, on 07/05/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16827)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Trend Micro\BM\TMBMSRV.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
      C:\WINDOWS\system32\Atiptaxx.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
      C:\Program Files\Microsoft ActiveSync\wcescomm.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Documents and Settings\Henry\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
      C:\PROGRA~1\MI3AA1~1\rapimgr.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
      O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Henry\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
      O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
      O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
      0
  2. gen-hackman
     
    je ne bois aucun souci dans ce log

    on creuse :

    Télécharge OTListIt2 de OLDTimer

    http://oldtimer.geekstogo.com/OTListIt2.exe

    et enregistre le sur ton Bureau.

    Double clic sur OTListIt2.exe pour le lancer.

    Coche les 2 cases Lop et Purity

    Coche la case devant "scan all users"

    Clic sur Run Scan.

    A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport.

    Copie le dans ta prochaine réponse
    0
    1. Drakkars
       
      J'ai eu 2 blocs notes ouvert, j'ai donc collé les deux
      Encore Merci
      HC

      OTListIt Extras logfile created on: 07/05/2009 23:12:30 - Run 1
      OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\Henry\Bureau
      Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
      Internet Explorer (Version = 7.0.5730.13)
      Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

      767,48 Mb Total Physical Memory | 470,27 Mb Available Physical Memory | 61,27% Memory free
      1,83 Gb Paging File | 1,56 Gb Available in Paging File | 85,10% Paging File free
      Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
      Drive C: | 9,31 Gb Total Space | 0,99 Gb Free Space | 10,61% Space Free | Partition Type: NTFS
      Drive D: | 19,00 Gb Total Space | 11,85 Gb Free Space | 62,39% Space Free | Partition Type: NTFS
      E: Drive not present or media not loaded
      F: Drive not present or media not loaded
      G: Drive not present or media not loaded
      Drive H: | 488,84 Mb Total Space | 270,47 Mb Free Space | 55,33% Space Free | Partition Type: FAT
      I: Drive not present or media not loaded

      Computer Name: ADMINIST-49C1BF
      Current User Name: Henry
      Logged in as Administrator.

      Current Boot Mode: Normal
      Scan Mode: All users
      Output = Standard
      File Age = 30 Days
      Company Name Whitelist: On

      [color=orange]========== File Associations ==========[/color]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
      .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

      [color=orange]========== Security Center Settings ==========[/color]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
      "FirstRunDisabled" = 1
      "AntiVirusDisableNotify" = 0
      "FirewallDisableNotify" = 0
      "UpdatesDisableNotify" = 0
      "AntiVirusOverride" = 1
      "FirewallOverride" = 0
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
      "DisableMonitoring" = 1
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
      "DisableMonitoring" = 1
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
      "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
      "EnableFirewall" = 1

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
      "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
      "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
      "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

      [color=orange]========== Authorized Applications List ==========[/color]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
      [2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
      [2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
      [2009/02/06 19:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
      [2006/11/13 14:06:52 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
      [2006/11/13 14:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
      [2006/11/13 14:07:04 | 04,291,368 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      [2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
      [2008/04/14 04:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
      File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
      [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
      [2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
      [2009/02/06 19:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
      [2006/11/13 14:06:52 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
      [2006/11/13 14:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
      [2006/11/13 14:07:04 | 04,291,368 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

      [color=orange]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger
      "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
      "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
      "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
      "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
      "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
      "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
      "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
      "{44E54A81-9D91-4AA1-9417-80AFF134F5FF}" = Galerie de photos Windows Live
      "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
      "{63DC2DA0-2A6C-4C38-9249-B75395458657}" = Windows Live Mail
      "{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
      "{7370DF47-B4F9-4279-BFC3-3F09919F720D}" = Installation Windows Live
      "{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
      "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
      "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
      "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
      "{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
      "{90120000-0020-040C-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
      "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
      "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
      "{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}" = Windows Live Sync
      "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
      "{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro Internet Security
      "{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
      "{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
      "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
      "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
      "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
      "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
      "ATI Display Driver" = ATI Display Driver
      "CCleaner" = CCleaner (remove only)
      "EPSON Printer and Utilities" = EPSON Logiciel imprimante
      "HijackThis" = HijackThis 2.0.2
      "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
      "ie7" = Windows Internet Explorer 7
      "ie8" = Windows Internet Explorer 8
      "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
      "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
      "PC Wizard 2008_is1" = PC Wizard 2008.1.82
      "Windows Media Format Runtime" = Windows Media Format 11 runtime
      "Windows Media Player" = Lecteur Windows Media 11
      "Windows Mobile Device Handbook" = Manuel de l'appareil Windows Mobile®
      "Windows XP Service" = Windows XP Service Pack 3
      "WinLiveSuite_Wave3" = Installation Windows Live
      "WMFDist11" = Windows Media Format 11 runtime
      "wmp11" = Windows Media Player 11
      "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

      [color=orange]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
      "Notification de cadeaux MSN" = Notification de cadeaux MSN

      [color=orange]========== HKEY_USERS Uninstall List ==========[/color]

      [HKEY_USERS\S-1-5-21-1343024091-706699826-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
      "Notification de cadeaux MSN" = Notification de cadeaux MSN

      [color=orange]========== Last 10 Event Log Errors ==========[/color]

      [ Application Events ]
      Error - 23/04/2009 10:53:46 | Computer Name = ADMINIST-49C1BF | Source = Application Hang | ID = 1002
      Description = Application bloquée WINWORD.EXE, version 11.0.8237.0, module bloqué
      hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

      Error - 25/04/2009 09:45:03 | Computer Name = ADMINIST-49C1BF | Source = WindowsLiveMessenger | ID = 15728647
      Description =

      Error - 25/04/2009 09:45:04 | Computer Name = ADMINIST-49C1BF | Source = WindowsLiveMessenger | ID = 15728647
      Description =

      Error - 27/04/2009 00:56:35 | Computer Name = ADMINIST-49C1BF | Source = Application Hang | ID = 1002
      Description = Application bloquée iexplore.exe, version 7.0.6000.16827, module bloqué
      hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

      Error - 27/04/2009 00:56:39 | Computer Name = ADMINIST-49C1BF | Source = Application Hang | ID = 1002
      Description = Application bloquée iexplore.exe, version 7.0.6000.16827, module bloqué
      hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

      Error - 27/04/2009 00:56:39 | Computer Name = ADMINIST-49C1BF | Source = Application Hang | ID = 1002
      Description = Application bloquée iexplore.exe, version 7.0.6000.16827, module bloqué
      hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

      Error - 27/04/2009 00:56:40 | Computer Name = ADMINIST-49C1BF | Source = Application Hang | ID = 1002
      Description = Application bloquée iexplore.exe, version 7.0.6000.16827, module bloqué
      hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

      Error - 05/05/2009 08:41:30 | Computer Name = ADMINIST-49C1BF | Source = Application Hang | ID = 1002
      Description = Application bloquée iexplore.exe, version 7.0.6000.16827, module bloqué
      hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

      [ System Events ]
      Error - 15/04/2009 14:07:42 | Computer Name = ADMINIST-49C1BF | Source = Windows Update Agent | ID = 20
      Description = Échec de l'installation : l'installation de la mise à jour suivante
      a échoué avec l'erreur 0x800706ba : Mise à jour de sécurité cumulative pour Internet
      Explorer 7 pour Windows XP (KB963027).

      Error - 15/04/2009 14:07:42 | Computer Name = ADMINIST-49C1BF | Source = Windows Update Agent | ID = 20
      Description = Échec de l'installation : l'installation de la mise à jour suivante
      a échoué avec l'erreur 0x800706ba : Mise à jour de sécurité pour Windows XP (KB961373).

      Error - 15/04/2009 14:07:42 | Computer Name = ADMINIST-49C1BF | Source = Windows Update Agent | ID = 20
      Description = Échec de l'installation : l'installation de la mise à jour suivante
      a échoué avec l'erreur 0x800706ba : Mise à jour de sécurité pour Windows XP (KB959426).

      Error - 19/04/2009 13:46:14 | Computer Name = ADMINIST-49C1BF | Source = N100 | ID = 262171
      Description = Carte Carte réseau Compaq NC3120 Fast Ethernet : Le lien à la carte
      est hors service

      Error - 19/04/2009 13:47:30 | Computer Name = ADMINIST-49C1BF | Source = N100 | ID = 262171
      Description = Carte Carte réseau Compaq NC3120 Fast Ethernet : Le lien à la carte
      est hors service

      Error - 19/04/2009 17:19:21 | Computer Name = ADMINIST-49C1BF | Source = N100 | ID = 262171
      Description = Carte Carte réseau Compaq NC3120 Fast Ethernet : Le lien à la carte
      est hors service

      Error - 19/04/2009 17:20:25 | Computer Name = ADMINIST-49C1BF | Source = N100 | ID = 262171
      Description = Carte Carte réseau Compaq NC3120 Fast Ethernet : Le lien à la carte
      est hors service

      Error - 20/04/2009 13:19:21 | Computer Name = ADMINIST-49C1BF | Source = Dhcp | ID = 1002
      Description = Le bail de l'adresse IP 192.168.1.10 pour la carte réseau dont l'adresse
      réseau est 00508B5B055A a été refusé par le serveur DHCP 192.168.1.254 (celui-ci
      a envoyé un message DHCPNACK).

      Error - 21/04/2009 09:31:03 | Computer Name = ADMINIST-49C1BF | Source = Dhcp | ID = 1002
      Description = Le bail de l'adresse IP 192.168.1.10 pour la carte réseau dont l'adresse
      réseau est 00508B5B055A a été refusé par le serveur DHCP 192.168.1.254 (celui-ci
      a envoyé un message DHCPNACK).

      Error - 21/04/2009 12:52:04 | Computer Name = ADMINIST-49C1BF | Source = Dhcp | ID = 1002
      Description = Le bail de l'adresse IP 192.168.1.10 pour la carte réseau dont l'adresse
      réseau est 00508B5B055A a été refusé par le serveur DHCP 192.168.1.254 (celui-ci
      a envoyé un message DHCPNACK).


      < End of report >

      no 2

      OTListIt logfile created on: 07/05/2009 23:12:29 - Run 1
      OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\Henry\Bureau
      Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
      Internet Explorer (Version = 7.0.5730.13)
      Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

      767,48 Mb Total Physical Memory | 470,27 Mb Available Physical Memory | 61,27% Memory free
      1,83 Gb Paging File | 1,56 Gb Available in Paging File | 85,10% Paging File free
      Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
      Drive C: | 9,31 Gb Total Space | 0,99 Gb Free Space | 10,61% Space Free | Partition Type: NTFS
      Drive D: | 19,00 Gb Total Space | 11,85 Gb Free Space | 62,39% Space Free | Partition Type: NTFS
      E: Drive not present or media not loaded
      F: Drive not present or media not loaded
      G: Drive not present or media not loaded
      Drive H: | 488,84 Mb Total Space | 270,47 Mb Free Space | 55,33% Space Free | Partition Type: FAT
      I: Drive not present or media not loaded

      Computer Name: ADMINIST-49C1BF
      Current User Name: Henry
      Logged in as Administrator.

      Current Boot Mode: Normal
      Scan Mode: All users
      Output = Standard
      File Age = 30 Days
      Company Name Whitelist: On

      [color=orange]========== Processes (SafeList) ==========[/color]

      PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
      PRC - [2009/02/20 19:27:34 | 00,700,760 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
      PRC - [2007/12/24 17:41:06 | 00,333,064 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
      PRC - [2008/07/29 20:39:00 | 01,398,024 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
      PRC - [2008/04/14 04:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
      PRC - [2001/10/10 15:59:26 | 00,270,336 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\system32\Atiptaxx.exe
      PRC - [2006/11/17 05:42:52 | 00,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
      PRC - [2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      PRC - [2005/02/08 06:00:00 | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
      PRC - [2007/11/06 09:19:06 | 00,492,808 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
      PRC - [2006/11/13 14:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
      PRC - [2009/04/02 01:45:03 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      PRC - [2009/05/05 23:36:23 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Henry\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
      PRC - [2006/11/13 14:06:52 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
      PRC - [2008/03/14 20:14:52 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
      PRC - [2008/03/14 20:14:54 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
      PRC - [2009/02/28 06:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
      PRC - [2009/05/07 23:11:18 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Henry\Bureau\OTListIt2.exe

      [color=orange]========== Win32 Services (SafeList) ==========[/color]

      SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
      SRV - [2009/04/25 21:16:33 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
      SRV - [2008/04/14 04:33:38 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
      SRV - [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
      SRV - [2009/02/20 19:27:34 | 00,700,760 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Running])
      SRV - [2007/12/24 17:41:06 | 00,333,064 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Running])
      SRV - [2008/03/14 20:14:52 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw [On_Demand | Running])
      SRV - [2008/03/14 20:14:54 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy [On_Demand | Running])
      SRV - [2006/11/03 10:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

      [color=orange]========== Driver Services (SafeList) ==========[/color]

      DRV - [2007/03/08 14:34:46 | 04,027,840 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
      DRV - [2002/02/18 14:19:46 | 00,303,360 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mpad.sys -- (ati2mpad [On_Demand | Running])
      DRV - [2001/08/23 18:59:36 | 00,075,392 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\atimpae.sys -- (atirage3 [On_Demand | Stopped])
      DRV - [2008/04/13 20:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
      DRV - [2001/08/18 00:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
      DRV - [2001/08/23 19:09:02 | 00,131,072 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\system32\DRIVERS\n100325.sys -- (N100 [On_Demand | Running])
      DRV - [2004/08/05 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
      DRV - [2007/11/13 12:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
      DRV - [2008/04/13 20:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
      DRV - [2007/12/24 17:37:20 | 00,052,496 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon [Auto | Running])
      DRV - [2007/11/06 09:18:36 | 00,333,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\DRIVERS\TM_CFW.sys -- (tmcfw [On_Demand | Running])
      DRV - [2007/12/24 17:37:00 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
      DRV - [2007/12/24 17:37:12 | 00,052,240 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr [Auto | Running])
      DRV - [2008/08/16 04:00:46 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\DRIVERS\tmpreflt.sys -- (tmpreflt [Auto | Running])
      DRV - [2007/11/06 09:18:38 | 00,065,936 | ---- | M] (trend_company_name) -- C:\WINDOWS\system32\DRIVERS\tmtdi.sys -- (tmtdi [System | Running])
      DRV - [2008/08/16 04:00:52 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\DRIVERS\tmxpflt.sys -- (tmxpflt [Auto | Running])
      DRV - [2008/04/13 20:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
      DRV - [2008/08/16 03:53:50 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\DRIVERS\vsapint.sys -- (vsapint [Auto | Running])

      [color=orange]========== Standard Registry (SafeList) ==========[/color]


      [color=orange]========== Internet Explorer ==========[/color]

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm


      IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



      IE - HKU\S-1-5-21-1343024091-706699826-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
      IE - HKU\S-1-5-21-1343024091-706699826-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      IE - HKU\S-1-5-21-1343024091-706699826-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      IE - HKU\S-1-5-21-1343024091-706699826-854245398-1004\S-1-5-21-1343024091-706699826-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKU\S-1-5-21-1343024091-706699826-854245398-1004\S-1-5-21-1343024091-706699826-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

      [color=orange]========== FireFox ==========[/color]



      [2008/06/08 19:41:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\mozilla\Firefox\Profiles\mvvtpd41.default\extensions

      O1 HOSTS File: (790 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
      O1 - Hosts: 127.0.0.1 localhost
      O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
      O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
      O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
      O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
      O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
      O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
      O3 - HKU\S-1-5-21-1343024091-706699826-854245398-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
      O3 - HKU\S-1-5-21-1343024091-706699826-854245398-1004\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Key error. File not found
      O3 - HKU\S-1-5-21-1343024091-706699826-854245398-1004\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - Reg Error: Key error. File not found
      O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
      O4 - HKLM..\Run: [AtiPTA] Atiptaxx.exe (ATI Technologies, Inc.)
      O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" (SEIKO EPSON CORPORATION)
      O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
      O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
      O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
      O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
      O4 - HKLM..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" (Trend Micro Inc.)
      O4 - HKU\S-1-5-21-1343024091-706699826-854245398-1004..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
      O4 - HKU\S-1-5-21-1343024091-706699826-854245398-1004..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" (Trend Micro Inc.)
      O4 - HKU\S-1-5-21-1343024091-706699826-854245398-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
      O4 - Startup: C:\Documents and Settings\Henry\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk = C:\Documents and Settings\Henry\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (Microsoft Corporation)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
      O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKU\S-1-5-21-1343024091-706699826-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
      O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
      O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
      O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
      O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
      O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
      O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
      O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
      O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
      O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
      O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
      O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
      O31 - SafeBoot: AlternateShell - cmd.exe
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2008/06/05 16:54:23 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
      O33 - MountPoints2\{a0552150-33ad-11dd-bb74-00508b5b055a}\Shell\AutoRun\command - "" = RavMon.exe
      O33 - MountPoints2\{db09ba75-aa59-11dd-bc7d-00508b5b055a}\Shell\AutoRun\command - "" = RavMon.exe
      O34 - HKLM BootExecute: (autocheck) - File not found
      O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
      O34 - HKLM BootExecute: (*) - File not found

      [color=orange]========== Files/Folders - Created Within 30 Days ==========[/color]

      [4 C:\WINDOWS\*.tmp files]
      [2009/05/07 23:11:01 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Henry\Bureau\OTListIt2.exe
      [2009/05/05 23:41:51 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
      [2009/05/05 23:37:13 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
      [2009/05/05 23:36:25 | 00,001,060 | ---- | C] () -- C:\Documents and Settings\Henry\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk
      [2009/04/23 22:45:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\Mes vidéos
      [2009/04/15 19:14:14 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
      [2009/04/15 19:14:12 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
      [2009/04/15 19:14:12 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
      [2009/04/15 19:14:12 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
      [2009/04/15 19:14:11 | 00,685,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
      [2009/04/15 19:14:11 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
      [2009/04/15 19:14:10 | 00,739,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
      [2009/04/15 19:14:10 | 00,735,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
      [2009/04/15 19:14:10 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
      [2009/04/15 19:08:51 | 00,354,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll
      [2009/04/15 19:06:38 | 00,219,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
      [2009/03/21 17:00:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\spmsg.dll
      [2009/03/01 19:09:49 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX3800EFGIPSD.ini
      [2008/07/15 13:05:34 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
      [2008/07/13 10:27:04 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
      [2008/07/13 10:16:55 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX5000EFDG.ini
      [2008/06/05 19:50:26 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
      [2008/06/05 18:14:54 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
      [2008/06/05 18:14:29 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
      [2008/03/04 19:52:34 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
      [2007/10/31 10:39:54 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
      [2007/05/17 14:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
      [2004/08/05 14:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
      [2004/08/05 14:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
      [2003/04/01 10:58:02 | 00,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
      [2001/12/21 09:33:54 | 00,066,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Atinrvxx.sys
      [2001/12/21 09:32:08 | 00,060,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\Atinbtxx.sys
      [2001/12/21 08:30:32 | 00,032,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\Atinxsxx.sys
      [2001/12/21 08:30:20 | 00,021,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\Atinttxx.sys
      [2001/12/21 08:30:14 | 00,011,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\Atinpdxx.sys
      [2001/12/21 08:30:08 | 00,011,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\Atinmdxx.sys
      [2001/12/21 08:30:02 | 00,033,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\Atinraxx.sys
      [2001/12/21 08:29:12 | 00,030,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\Atinxbxx.sys
      [2001/12/21 08:29:02 | 00,026,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\Atinsnxx.sys
      [2001/12/21 08:28:52 | 00,036,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\Atintuxx.sys

      [color=orange]========== Files - Modified Within 30 Days ==========[/color]

      [1 C:\WINDOWS\System32\*.tmp files]
      [4 C:\WINDOWS\*.tmp files]
      [2009/05/07 23:11:18 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Henry\Bureau\OTListIt2.exe
      [2009/05/07 23:08:05 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Henry\Local Settings\desktop.ini
      [2009/05/07 23:07:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
      [2009/05/07 23:07:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
      [2009/05/07 23:07:49 | 80,483,5328 | -HS- | M] () -- C:\hiberfil.sys
      [2009/05/06 00:12:37 | 00,000,479 | ---- | M] () -- C:\Documents and Settings\Henry\Bureau\Sport.lnk
      [2009/05/05 23:44:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\spmsg.dll
      [2009/05/05 23:36:25 | 00,001,060 | ---- | M] () -- C:\Documents and Settings\Henry\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk
      [2009/05/03 12:10:57 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
      [2009/05/01 10:05:26 | 00,002,573 | ---- | M] () -- C:\Documents and Settings\Henry\Bureau\Word.lnk
      [2009/05/01 02:06:42 | 00,081,920 | ---- | M] () -- C:\Documents and Settings\Henry\Bureau\Joueurs Loisir 2008 2009.xls
      [2009/04/25 18:52:19 | 00,000,495 | ---- | M] () -- C:\Documents and Settings\Henry\Bureau\Courriers.lnk
      [2009/04/16 19:25:14 | 00,370,414 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
      [2009/04/16 19:25:14 | 00,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
      [2009/04/16 19:25:14 | 00,049,494 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
      [2009/04/16 19:25:14 | 00,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
      [2009/04/16 19:25:13 | 00,782,924 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
      [2009/04/15 20:02:24 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
      [2009/04/15 13:08:01 | 00,294,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
      [2009/04/13 01:43:19 | 00,002,551 | ---- | M] () -- C:\Documents and Settings\Henry\Bureau\Excel.lnk
      [2009/04/12 12:49:07 | 00,000,492 | ---- | M] () -- C:\Documents and Settings\Henry\Bureau\Bretagne.lnk
      [2009/04/11 12:25:37 | 00,000,498 | ---- | M] () -- C:\Documents and Settings\Henry\Bureau\Population.lnk

      [color=orange]========== LOP Check ==========[/color]

      [2009/03/23 23:25:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
      [2008/06/22 01:01:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
      [2009/02/02 21:05:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
      [2009/02/14 16:41:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
      [2009/04/02 00:55:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
      [2008/12/17 19:25:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
      [2009/03/03 22:54:49 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
      [2008/06/05 17:57:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
      [2009/02/09 23:44:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
      [2008/07/13 10:32:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
      [2009/03/23 23:25:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
      [2008/11/05 14:33:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
      [2008/06/05 18:38:38 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
      [2008/06/05 16:54:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft
      [2009/04/02 00:21:09 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Henry\Application Data
      [2008/06/09 16:30:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Adobe
      [2009/02/02 23:10:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Apple Computer
      [2008/07/15 14:03:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\ConvertTemp
      [2008/06/22 01:03:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Google
      [2008/06/05 17:37:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Help
      [2008/06/05 17:00:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Identities
      [2008/12/07 18:54:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\LimeWire
      [2008/06/05 19:08:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Macromedia
      [2009/05/05 23:36:23 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Henry\Application Data\Microsoft
      [2009/04/09 18:38:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Move Networks
      [2008/06/08 19:40:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Mozilla
      [2009/01/15 01:22:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Samsung
      [2008/07/16 12:54:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Sun
      [2009/03/03 22:59:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Template
      [2008/07/15 14:23:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Temporary
      [2008/07/15 14:03:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\TransRender
      [2008/06/05 16:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
      [2008/06/05 16:58:49 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
      [2008/06/05 16:58:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
      [2008/06/05 16:58:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
      [2004/08/05 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
      [2009/05/07 23:07:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

      [color=orange]========== Purity Check ==========[/color]

      < End of report >
      0
  3. gen-hackman
     
    ######## | XP _ Instal & recherche | #######

    Telecharge et install UsbFix (de C_XX & Chiquitine29)

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir

    # Double clic sur le raccourci UsbFix présent sur ton bureau .

    # Choisi l option 1 ( Recherche )

    # Laisse travailler l outil.

    # Ensuite post le rapport UsbFix.txt qui apparaitra.

    # Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    # Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    0
    1. Dacinjo
       
      Petit problème
      J'ai bien télécharger USBFIX.exe, il est sur mon bureau, mais je ne peux pas le lancer en double cliquant car
      il me demande dans la fenetre si je veux executer ce logitiel, ce à quoi je répond exécuter et la il me lance une instal avec l'accord licence ect ect
      J'ai beau doucle cliquer a chaque fois, je ne trouve pas l'option 1 comme tu me l'a décrite.
      Que dois je faire ?

      Merci encore
      0
    2. Dacinjo
       
      ############################## [ UsbFix V3.017 # Scan ]

      # User : Henry (Administrateurs) # ADMINIST-49C1BF
      # Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
      # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
      # Start at: 00:07:33 | 08/05/2009

      # Intel(R) Celeron(R) CPU 2.00GHz
      # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
      # Internet Explorer 7.0.5730.13
      # Windows Firewall Status : Enabled
      # AV : Trend Micro Internet Security 16.10.1210 [ Enabled | Updated ]
      # FW : Pare-feu personnel de Trend Micro[ Enabled ]5.2

      # C:\ # Disque fixe local # 9,31 Go (1003,99 Mo free) # NTFS
      # D:\ # Disque fixe local # 19 Go (11,85 Go free) # NTFS
      # F:\ # Disque CD-ROM
      # G:\ # Disque CD-ROM
      # H:\ # Disque amovible # 488,84 Mo (270,47 Mo free) [CLÉ USB] # FAT

      ############################## [ Processus actifs ]

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Trend Micro\BM\TMBMSRV.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
      C:\WINDOWS\system32\Atiptaxx.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
      C:\Program Files\Microsoft ActiveSync\wcescomm.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\WINDOWS\System32\alg.exe
      C:\Documents and Settings\Henry\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
      C:\PROGRA~1\MI3AA1~1\rapimgr.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      ################## [ Registre # Startup ]

      HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
      HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      HKCU_Main: "Start Page"="https://www.google.fr/?gws_rd=ssl"
      HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
      HKLM_logon: "DefaultUserName"="Henry"
      HKLM_logon: "AltDefaultUserName"="Henry"
      HKLM_logon: "LegalNoticeCaption"=""
      HKLM_logon: "LegalNoticeText"=""
      HKLM_Run: IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      HKLM_Run: PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      HKLM_Run: PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      HKLM_Run: UfSeAgnt.exe="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
      HKLM_Run: AtiPTA=Atiptaxx.exe
      HKLM_Run: SoundMan=SOUNDMAN.EXE
      HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      HKLM_Run: EPSON Stylus DX3800 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
      HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
      HKCU_Run: CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
      HKCU_Run: OE="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
      HKCU_Run: H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

      ################## [ Informations ]

      Je pense que j'avais bien pigé

      Merci
      HC
      ################## [ Fichiers # Dossiers infectieux ]


      ################## [ Registre # Clés Run infectieuses ]

      Found ! HKLM\software\microsoft\security center\\ "AntiVirusOverride"
      # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )

      ################## [ Registre # Mountpoints2 ]

      HKCU\Software\Microsoft\....\MountPoints2\{a0552150-33ad-11dd-bb74-00508b5b055a}\Shell\AutoRun\command
      HKCU\Software\Microsoft\....\MountPoints2\{db09ba75-aa59-11dd-bc7d-00508b5b055a}\Shell\AutoRun\command

      ################## [ ! Fin du rapport # UsbFix V3.017 ! ]
      0
  4. gen-hackman
     
    bien sur il faut l installer d'abord :)
    0
    1. Dacinjo
       
      Je pense qu'il est installé, mais quand je clic deux fois sur l'icone du bureau il me relance a chaque fois l'instalation.
      Désolé, je ne suis pas un dieu en informatique
      0
    2. Dacinjo
       
      je crois que j'ai pigé
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. gen-hackman
     
    et oui c est plus le meme icone qu il faut cliquer ensuite :)
    0
  7. gen-hackman
     
    ######## | Suppression | ########

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir

    # Double clic sur le raccourci UsbFix présent sur ton bureau

    # choisi l option 2 ( Suppression )

    # Ton bureau disparaitra et le pc redémarrera .

    # Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

    # Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

    # Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    ######### | Désinstallation | #######

    # Double clic sur le raccourci UsbFix présent sur ton bureau

    # Choisi l option Désinstaller ....
    0
    1. Dacinjo
       
      Voila le dernier en date,
      Je lance la désintalation
      Merci
      ############################## [ UsbFix V3.017 # Cleaning ]

      # User : Henry (Administrateurs) # ADMINIST-49C1BF
      # Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
      # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
      # Start at: 00:31:46 | 08/05/2009

      # Intel(R) Celeron(R) CPU 2.00GHz
      # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
      # Internet Explorer 7.0.5730.13
      # Windows Firewall Status : Enabled
      # AV : Trend Micro Internet Security 16.10.1210 [ Enabled | Updated ]
      # FW : Pare-feu personnel de Trend Micro[ (!) Disabled ]5.2

      # C:\ # Disque fixe local # 9,31 Go (1003,12 Mo free) # NTFS
      # D:\ # Disque fixe local # 19 Go (11,85 Go free) # NTFS
      # F:\ # Disque CD-ROM
      # G:\ # Disque CD-ROM
      # H:\ # Disque amovible # 488,84 Mo (270,47 Mo free) [CLÉ USB] # FAT

      ############################## [ Processus actifs ]

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\logonui.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
      C:\Program Files\Trend Micro\BM\TMBMSRV.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      ################## [ Fichiers # Dossiers infectieux ]


      ################## [ Registre # Clés Run infectieuses ]

      # HKLM\software\microsoft\security center\\ "AntiVirusOverride"
      # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !

      ################## [ Registre # Mountpoints2 ]

      Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{a0552150-33ad-11dd-bb74-00508b5b055a}\Shell\AutoRun\command
      Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{db09ba75-aa59-11dd-bc7d-00508b5b055a}\Shell\AutoRun\command

      ################## [ Listing des fichiers présent ]

      [05/06/2008 16:54|--a------|0] - C:\AUTOEXEC.BAT
      [01/03/2009 14:26|-r-hs----|241] - C:\boot.ini
      [05/08/2004 14:00|-rahs----|4952] - C:\Bootfont.bin
      [14/02/2009 16:18|--a--c---|3171208] - C:\ccsetup216.exe
      [05/06/2008 16:54|--a------|0] - C:\CONFIG.SYS
      [?|?|?] - C:\hiberfil.sys
      [05/06/2008 16:54|-rahs----|0] - C:\IO.SYS
      [05/06/2008 16:54|-rahs----|0] - C:\MSDOS.SYS
      [05/08/2004 14:00|-rahs----|47564] - C:\NTDETECT.COM
      [31/08/2008 11:27|-rahs----|252240] - C:\ntldr
      [?|?|?] - C:\pagefile.sys
      [08/09/2008 13:53|--ah-----|268] - C:\sqmdata00.sqm
      [08/09/2008 20:27|--ah-----|268] - C:\sqmdata01.sqm
      [09/09/2008 08:34|--ah-----|268] - C:\sqmdata02.sqm
      [09/09/2008 13:57|--ah-----|268] - C:\sqmdata03.sqm
      [05/11/2008 14:47|--ah-----|268] - C:\sqmdata04.sqm
      [21/07/2008 03:12|--ah-----|268] - C:\sqmdata05.sqm
      [22/07/2008 01:15|--ah-----|268] - C:\sqmdata06.sqm
      [22/07/2008 20:26|--ah-----|268] - C:\sqmdata07.sqm
      [23/07/2008 18:30|--ah-----|268] - C:\sqmdata08.sqm
      [25/07/2008 01:22|--ah-----|268] - C:\sqmdata09.sqm
      [25/07/2008 15:50|--ah-----|268] - C:\sqmdata10.sqm
      [26/07/2008 02:35|--ah-----|268] - C:\sqmdata11.sqm
      [27/07/2008 02:33|--ah-----|268] - C:\sqmdata12.sqm
      [28/07/2008 03:15|--ah-----|268] - C:\sqmdata13.sqm
      [28/07/2008 08:45|--ah-----|268] - C:\sqmdata14.sqm
      [28/07/2008 17:08|--ah-----|268] - C:\sqmdata15.sqm
      [13/08/2008 02:32|--ah-----|268] - C:\sqmdata16.sqm
      [14/08/2008 05:15|--ah-----|268] - C:\sqmdata17.sqm
      [29/08/2008 11:55|--ah-----|268] - C:\sqmdata18.sqm
      [08/09/2008 02:17|--ah-----|268] - C:\sqmdata19.sqm
      [08/09/2008 13:53|--ah-----|244] - C:\sqmnoopt00.sqm
      [08/09/2008 20:27|--ah-----|244] - C:\sqmnoopt01.sqm
      [09/09/2008 08:34|--ah-----|244] - C:\sqmnoopt02.sqm
      [09/09/2008 13:57|--ah-----|244] - C:\sqmnoopt03.sqm
      [05/11/2008 14:47|--ah-----|244] - C:\sqmnoopt04.sqm
      [21/07/2008 03:12|--ah-----|244] - C:\sqmnoopt05.sqm
      [22/07/2008 01:15|--ah-----|244] - C:\sqmnoopt06.sqm
      [22/07/2008 20:26|--ah-----|244] - C:\sqmnoopt07.sqm
      [23/07/2008 18:30|--ah-----|244] - C:\sqmnoopt08.sqm
      [25/07/2008 01:22|--ah-----|244] - C:\sqmnoopt09.sqm
      [25/07/2008 15:50|--ah-----|244] - C:\sqmnoopt10.sqm
      [26/07/2008 02:35|--ah-----|244] - C:\sqmnoopt11.sqm
      [27/07/2008 02:33|--ah-----|244] - C:\sqmnoopt12.sqm
      [28/07/2008 03:15|--ah-----|244] - C:\sqmnoopt13.sqm
      [28/07/2008 08:45|--ah-----|244] - C:\sqmnoopt14.sqm
      [28/07/2008 17:08|--ah-----|244] - C:\sqmnoopt15.sqm
      [13/08/2008 02:32|--ah-----|244] - C:\sqmnoopt16.sqm
      [14/08/2008 05:15|--ah-----|244] - C:\sqmnoopt17.sqm
      [29/08/2008 11:55|--ah-----|244] - C:\sqmnoopt18.sqm
      [08/09/2008 02:17|--ah-----|244] - C:\sqmnoopt19.sqm
      [08/05/2009 00:36|--a--c---|4896] - C:\UsbFix.txt
      [27/10/2008 19:37|--a------|192307] - C:\wubildr
      [27/10/2008 19:37|--a------|8192] - C:\wubildr.mbr
      [27/04/2009 06:53|--a------|1614] - H:\BOOTEX.LOG
      [31/03/2009 14:19|--a------|147968] - H:\ZZZ.xls
      [30/03/2009 18:16|--a------|30720] - H:\Courrier FFHB.doc
      [31/03/2008 09:20|--a------|1095416] - H:\lolp.jpg
      [07/05/2009 21:51|--a------|140997] - H:\Copie de lolp.jpg
      [17/04/2009 11:25|--a------|16384] - H:\Bagadou.xls
      [13/04/2009 03:36|--a------|22016] - H:\Classeur1.xls
      [17/04/2009 09:49|--a------|20992] - H:\Courrier Autocars.doc
      [14/04/2009 19:13|--a------|500336] - H:\Affiche Bretagne v RD Congo.jpg
      [27/04/2009 16:17|--a------|61644] - H:\Copie de Affiche Bretagne v RD Congo.jpg
      [16/04/2009 11:11|--a------|23552] - H:\grille cadi.doc
      [23/04/2009 10:04|--a------|20992] - H:\CV COLLIOT Cindy.doc
      [01/05/2009 12:40|--a------|40088] - H:\Copie (2) de Affiche Bretagne v RD Congo.jpg
      [01/05/2009 18:29|--a------|146078] - H:\Affiche Bretagne v RD Congo (La Bonne).jpg
      [01/05/2009 16:18|--a------|28160] - H:\Concours pompiers 2009.doc
      [01/05/2009 19:15|--a------|23552] - H:\Dossier Sponsoring BFA.doc
      [03/05/2009 13:39|--a------|86288] - H:\ETicket_214583455.pdf

      ################## [ Vaccination ]

      # C:\autorun.inf -> Folder created by UsbFix.
      # D:\autorun.inf -> Folder created by UsbFix.
      # H:\autorun.inf -> Folder created by UsbFix.

      ################## [ Cracks / Keygens / Serials ]

      # -> Nothing found !

      ################## [ ! Fin du rapport # UsbFix V3.017 ! ]
      0
  8. gen-hackman
     
    télécharge GenProc sur ton bureau

    dézippe le dossier, double-clique sur GenProc.exe (le".exe" peut ne pas apparaitre)

    et poste le contenu du rapport qui s'ouvre
    0
    1. Dacinjo
       
      GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :



      Poste un rapport Nod32 (il faut utiliser Internet Explorer)
      - coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
      - C:\Program Files\EsetOnlineScanner\log.txt


      ----------------------------------------------------------------------
      Sites officiels GenProc : alt-shift-return.org et GenProc.com
      ----------------------------------------------------------------------
      0
  9. gen-hackman
     
    Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

    Télécharges :
    Malwarebytes ou :
    Malwarebytes

    * Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

    (NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

    * Potasses le Tuto pour te familiariser avec le prg :

    ( cela dit, il est très simple d'utilisation ).

    relance malwarebytes en suivant scrupuleusement ces consignes :

    ! Déconnecte toi et ferme toutes applications en cours !

    * Lance Malwarebyte's .

    Fais un examen dit "Complet" .

    --> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
    --> à la fin tu cliques sur "résultat" .
    --> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

    Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

    Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

    0