Bugs suspects

Fermé
Drakkars - 7 mai 2009 à 22:50
 Utilisateur anonyme - 8 mai 2009 à 00:58
Bonjour,
Salut à tous,

Mon PC bug de plus en plus.
Constamment quand j'ouvre une PJ d'un Email
De plus en plus en consultation Internet
Aurais je chopé un virus ???
Si oui comment faire pour s'en débarrasser ?
J'ai pourtant un anti virus ?????
Merci à ceux qui pourraient m'aider.

HC

8 réponses

Utilisateur anonyme
7 mai 2009 à 22:51
salut :

Salut,


commences par ceci pour voir ce qu'il en est,avoir un diagnostic précis et donc repérer les infections possibles et les neutraliser:


Télécharges et installes le logiciel de diagnostic :

ici Hijackthis
ou ici Hijackthis
ou ici Hijackthis


1- Cliques sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation .
A la fin de l'installe , le prg ce lance automatiquement : fermes le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

tuto pour utilisation :(merci balltrap34)
Regardes ici, c'est parfaitement expliqué en images ,

2- !! Déconnectes toi et fermes toute tes applications en cours !!

Cliques sur le raccourci du bureau pour lancer le prg :

S'il ne se lance pas clique ici

fais un scan HijackThis en cliquant sur : "Do a system scan and save a logfile"

--->copies-colles le rapport généré pour analyse
0
Merci beaucoup de m'aider.
Je pense avoir fait comme tu m'as expliqué.

HC

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:57:43, on 07/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\Atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Henry\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Henry\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
0
Utilisateur anonyme
7 mai 2009 à 23:03
je ne bois aucun souci dans ce log

on creuse :

Télécharge OTListIt2 de OLDTimer

http://oldtimer.geekstogo.com/OTListIt2.exe

et enregistre le sur ton Bureau.

Double clic sur OTListIt2.exe pour le lancer.

Coche les 2 cases Lop et Purity

Coche la case devant "scan all users"

Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport.

Copie le dans ta prochaine réponse
0
J'ai eu 2 blocs notes ouvert, j'ai donc collé les deux
Encore Merci
HC

OTListIt Extras logfile created on: 07/05/2009 23:12:30 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\Henry\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

767,48 Mb Total Physical Memory | 470,27 Mb Available Physical Memory | 61,27% Memory free
1,83 Gb Paging File | 1,56 Gb Available in Paging File | 85,10% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,31 Gb Total Space | 0,99 Gb Free Space | 10,61% Space Free | Partition Type: NTFS
Drive D: | 19,00 Gb Total Space | 11,85 Gb Free Space | 62,39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 488,84 Mb Total Space | 270,47 Mb Free Space | 55,33% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: ADMINIST-49C1BF
Current User Name: Henry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=orange]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[color=orange]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[color=orange]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2009/02/06 19:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2006/11/13 14:06:52 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 14:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 14:07:04 | 04,291,368 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 04:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2009/02/06 19:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2006/11/13 14:06:52 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 14:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 14:07:04 | 04,291,368 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[color=orange]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{44E54A81-9D91-4AA1-9417-80AFF134F5FF}" = Galerie de photos Windows Live
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{63DC2DA0-2A6C-4C38-9249-B75395458657}" = Windows Live Mail
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{7370DF47-B4F9-4279-BFC3-3F09919F720D}" = Installation Windows Live
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-040C-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro Internet Security
"{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner (remove only)
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Wizard 2008_is1" = PC Wizard 2008.1.82
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows Mobile Device Handbook" = Manuel de l'appareil Windows Mobile®
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[color=orange]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Notification de cadeaux MSN" = Notification de cadeaux MSN

[color=orange]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1343024091-706699826-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Notification de cadeaux MSN" = Notification de cadeaux MSN

[color=orange]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 23/04/2009 10:53:46 | Computer Name = ADMINIST-49C1BF | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 11.0.8237.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 25/04/2009 09:45:03 | Computer Name = ADMINIST-49C1BF | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 25/04/2009 09:45:04 | Computer Name = ADMINIST-49C1BF | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 27/04/2009 00:56:35 | Computer Name = ADMINIST-49C1BF | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16827, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 27/04/2009 00:56:39 | Computer Name = ADMINIST-49C1BF | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16827, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 27/04/2009 00:56:39 | Computer Name = ADMINIST-49C1BF | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16827, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 27/04/2009 00:56:40 | Computer Name = ADMINIST-49C1BF | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16827, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 05/05/2009 08:41:30 | Computer Name = ADMINIST-49C1BF | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16827, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 15/04/2009 14:07:42 | Computer Name = ADMINIST-49C1BF | Source = Windows Update Agent | ID = 20
Description = Échec de l'installation : l'installation de la mise à jour suivante
a échoué avec l'erreur 0x800706ba : Mise à jour de sécurité cumulative pour Internet
Explorer 7 pour Windows XP (KB963027).

Error - 15/04/2009 14:07:42 | Computer Name = ADMINIST-49C1BF | Source = Windows Update Agent | ID = 20
Description = Échec de l'installation : l'installation de la mise à jour suivante
a échoué avec l'erreur 0x800706ba : Mise à jour de sécurité pour Windows XP (KB961373).

Error - 15/04/2009 14:07:42 | Computer Name = ADMINIST-49C1BF | Source = Windows Update Agent | ID = 20
Description = Échec de l'installation : l'installation de la mise à jour suivante
a échoué avec l'erreur 0x800706ba : Mise à jour de sécurité pour Windows XP (KB959426).

Error - 19/04/2009 13:46:14 | Computer Name = ADMINIST-49C1BF | Source = N100 | ID = 262171
Description = Carte Carte réseau Compaq NC3120 Fast Ethernet : Le lien à la carte
est hors service

Error - 19/04/2009 13:47:30 | Computer Name = ADMINIST-49C1BF | Source = N100 | ID = 262171
Description = Carte Carte réseau Compaq NC3120 Fast Ethernet : Le lien à la carte
est hors service

Error - 19/04/2009 17:19:21 | Computer Name = ADMINIST-49C1BF | Source = N100 | ID = 262171
Description = Carte Carte réseau Compaq NC3120 Fast Ethernet : Le lien à la carte
est hors service

Error - 19/04/2009 17:20:25 | Computer Name = ADMINIST-49C1BF | Source = N100 | ID = 262171
Description = Carte Carte réseau Compaq NC3120 Fast Ethernet : Le lien à la carte
est hors service

Error - 20/04/2009 13:19:21 | Computer Name = ADMINIST-49C1BF | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 192.168.1.10 pour la carte réseau dont l'adresse
réseau est 00508B5B055A a été refusé par le serveur DHCP 192.168.1.254 (celui-ci
a envoyé un message DHCPNACK).

Error - 21/04/2009 09:31:03 | Computer Name = ADMINIST-49C1BF | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 192.168.1.10 pour la carte réseau dont l'adresse
réseau est 00508B5B055A a été refusé par le serveur DHCP 192.168.1.254 (celui-ci
a envoyé un message DHCPNACK).

Error - 21/04/2009 12:52:04 | Computer Name = ADMINIST-49C1BF | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 192.168.1.10 pour la carte réseau dont l'adresse
réseau est 00508B5B055A a été refusé par le serveur DHCP 192.168.1.254 (celui-ci
a envoyé un message DHCPNACK).


< End of report >

no 2

OTListIt logfile created on: 07/05/2009 23:12:29 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\Henry\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

767,48 Mb Total Physical Memory | 470,27 Mb Available Physical Memory | 61,27% Memory free
1,83 Gb Paging File | 1,56 Gb Available in Paging File | 85,10% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,31 Gb Total Space | 0,99 Gb Free Space | 10,61% Space Free | Partition Type: NTFS
Drive D: | 19,00 Gb Total Space | 11,85 Gb Free Space | 62,39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 488,84 Mb Total Space | 270,47 Mb Free Space | 55,33% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: ADMINIST-49C1BF
Current User Name: Henry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=orange]========== Processes (SafeList) ==========[/color]

PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/02/20 19:27:34 | 00,700,760 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2007/12/24 17:41:06 | 00,333,064 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2008/07/29 20:39:00 | 01,398,024 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2008/04/14 04:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2001/10/10 15:59:26 | 00,270,336 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\system32\Atiptaxx.exe
PRC - [2006/11/17 05:42:52 | 00,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
PRC - [2005/02/08 06:00:00 | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
PRC - [2007/11/06 09:19:06 | 00,492,808 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
PRC - [2006/11/13 14:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2009/04/02 01:45:03 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/05/05 23:36:23 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Henry\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
PRC - [2006/11/13 14:06:52 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2008/03/14 20:14:52 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2008/03/14 20:14:54 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2009/02/28 06:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/05/07 23:11:18 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Henry\Bureau\OTListIt2.exe

[color=orange]========== Win32 Services (SafeList) ==========[/color]

SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2009/04/25 21:16:33 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
SRV - [2008/04/14 04:33:38 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/02/20 19:27:34 | 00,700,760 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Running])
SRV - [2007/12/24 17:41:06 | 00,333,064 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Running])
SRV - [2008/03/14 20:14:52 | 00,488,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw [On_Demand | Running])
SRV - [2008/03/14 20:14:54 | 00,648,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy [On_Demand | Running])
SRV - [2006/11/03 10:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[color=orange]========== Driver Services (SafeList) ==========[/color]

DRV - [2007/03/08 14:34:46 | 04,027,840 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2002/02/18 14:19:46 | 00,303,360 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mpad.sys -- (ati2mpad [On_Demand | Running])
DRV - [2001/08/23 18:59:36 | 00,075,392 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\atimpae.sys -- (atirage3 [On_Demand | Stopped])
DRV - [2008/04/13 20:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2001/08/18 00:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
DRV - [2001/08/23 19:09:02 | 00,131,072 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\system32\DRIVERS\n100325.sys -- (N100 [On_Demand | Running])
DRV - [2004/08/05 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/11/13 12:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 20:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2007/12/24 17:37:20 | 00,052,496 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon [Auto | Running])
DRV - [2007/11/06 09:18:36 | 00,333,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\DRIVERS\TM_CFW.sys -- (tmcfw [On_Demand | Running])
DRV - [2007/12/24 17:37:00 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2007/12/24 17:37:12 | 00,052,240 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr [Auto | Running])
DRV - [2008/08/16 04:00:46 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\DRIVERS\tmpreflt.sys -- (tmpreflt [Auto | Running])
DRV - [2007/11/06 09:18:38 | 00,065,936 | ---- | M] (trend_company_name) -- C:\WINDOWS\system32\DRIVERS\tmtdi.sys -- (tmtdi [System | Running])
DRV - [2008/08/16 04:00:52 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\DRIVERS\tmxpflt.sys -- (tmxpflt [Auto | Running])
DRV - [2008/04/13 20:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2008/08/16 03:53:50 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\DRIVERS\vsapint.sys -- (vsapint [Auto | Running])

[color=orange]========== Standard Registry (SafeList) ==========[/color]


[color=orange]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1343024091-706699826-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1343024091-706699826-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1343024091-706699826-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-21-1343024091-706699826-854245398-1004\S-1-5-21-1343024091-706699826-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1343024091-706699826-854245398-1004\S-1-5-21-1343024091-706699826-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=orange]========== FireFox ==========[/color]



[2008/06/08 19:41:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\mozilla\Firefox\Profiles\mvvtpd41.default\extensions

O1 HOSTS File: (790 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-1343024091-706699826-854245398-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-1343024091-706699826-854245398-1004\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1343024091-706699826-854245398-1004\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AtiPTA] Atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" (Trend Micro Inc.)
O4 - HKU\S-1-5-21-1343024091-706699826-854245398-1004..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKU\S-1-5-21-1343024091-706699826-854245398-1004..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" (Trend Micro Inc.)
O4 - HKU\S-1-5-21-1343024091-706699826-854245398-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Henry\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk = C:\Documents and Settings\Henry\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-706699826-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/05 16:54:23 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a0552150-33ad-11dd-bb74-00508b5b055a}\Shell\AutoRun\command - "" = RavMon.exe
O33 - MountPoints2\{db09ba75-aa59-11dd-bc7d-00508b5b055a}\Shell\AutoRun\command - "" = RavMon.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

[color=orange]========== Files/Folders - Created Within 30 Days ==========[/color]

[4 C:\WINDOWS\*.tmp files]
[2009/05/07 23:11:01 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Henry\Bureau\OTListIt2.exe
[2009/05/05 23:41:51 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/05/05 23:37:13 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/05/05 23:36:25 | 00,001,060 | ---- | C] () -- C:\Documents and Settings\Henry\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk
[2009/04/23 22:45:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\Mes vidéos
[2009/04/15 19:14:14 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 19:14:12 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 19:14:12 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 19:14:12 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 19:14:11 | 00,685,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 19:14:11 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 19:14:10 | 00,739,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 19:14:10 | 00,735,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 19:14:10 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 19:08:51 | 00,354,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll
[2009/04/15 19:06:38 | 00,219,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/03/21 17:00:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\spmsg.dll
[2009/03/01 19:09:49 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX3800EFGIPSD.ini
[2008/07/15 13:05:34 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/07/13 10:27:04 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/07/13 10:16:55 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX5000EFDG.ini
[2008/06/05 19:50:26 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/05 18:14:54 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/06/05 18:14:29 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2008/03/04 19:52:34 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2007/10/31 10:39:54 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/05/17 14:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2004/08/05 14:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/05 14:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/04/01 10:58:02 | 00,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/12/21 09:33:54 | 00,066,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Atinrvxx.sys
[2001/12/21 09:32:08 | 00,060,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\Atinbtxx.sys
[2001/12/21 08:30:32 | 00,032,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\Atinxsxx.sys
[2001/12/21 08:30:20 | 00,021,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\Atinttxx.sys
[2001/12/21 08:30:14 | 00,011,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\Atinpdxx.sys
[2001/12/21 08:30:08 | 00,011,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\Atinmdxx.sys
[2001/12/21 08:30:02 | 00,033,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\Atinraxx.sys
[2001/12/21 08:29:12 | 00,030,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\Atinxbxx.sys
[2001/12/21 08:29:02 | 00,026,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\Atinsnxx.sys
[2001/12/21 08:28:52 | 00,036,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\Atintuxx.sys

[color=orange]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/05/07 23:11:18 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Henry\Bureau\OTListIt2.exe
[2009/05/07 23:08:05 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Henry\Local Settings\desktop.ini
[2009/05/07 23:07:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/07 23:07:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/07 23:07:49 | 80,483,5328 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/06 00:12:37 | 00,000,479 | ---- | M] () -- C:\Documents and Settings\Henry\Bureau\Sport.lnk
[2009/05/05 23:44:31 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\spmsg.dll
[2009/05/05 23:36:25 | 00,001,060 | ---- | M] () -- C:\Documents and Settings\Henry\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk
[2009/05/03 12:10:57 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/01 10:05:26 | 00,002,573 | ---- | M] () -- C:\Documents and Settings\Henry\Bureau\Word.lnk
[2009/05/01 02:06:42 | 00,081,920 | ---- | M] () -- C:\Documents and Settings\Henry\Bureau\Joueurs Loisir 2008 2009.xls
[2009/04/25 18:52:19 | 00,000,495 | ---- | M] () -- C:\Documents and Settings\Henry\Bureau\Courriers.lnk
[2009/04/16 19:25:14 | 00,370,414 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/04/16 19:25:14 | 00,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/16 19:25:14 | 00,049,494 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/04/16 19:25:14 | 00,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/16 19:25:13 | 00,782,924 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/15 20:02:24 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/15 13:08:01 | 00,294,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/13 01:43:19 | 00,002,551 | ---- | M] () -- C:\Documents and Settings\Henry\Bureau\Excel.lnk
[2009/04/12 12:49:07 | 00,000,492 | ---- | M] () -- C:\Documents and Settings\Henry\Bureau\Bretagne.lnk
[2009/04/11 12:25:37 | 00,000,498 | ---- | M] () -- C:\Documents and Settings\Henry\Bureau\Population.lnk

[color=orange]========== LOP Check ==========[/color]

[2009/03/23 23:25:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/06/22 01:01:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/02/02 21:05:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/02/14 16:41:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/04/02 00:55:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/12/17 19:25:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/03/03 22:54:49 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/06/05 17:57:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2009/02/09 23:44:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2008/07/13 10:32:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/03/23 23:25:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/11/05 14:33:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2008/06/05 18:38:38 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2008/06/05 16:54:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft
[2009/04/02 00:21:09 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Henry\Application Data
[2008/06/09 16:30:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Adobe
[2009/02/02 23:10:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Apple Computer
[2008/07/15 14:03:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\ConvertTemp
[2008/06/22 01:03:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Google
[2008/06/05 17:37:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Help
[2008/06/05 17:00:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Identities
[2008/12/07 18:54:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\LimeWire
[2008/06/05 19:08:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Macromedia
[2009/05/05 23:36:23 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Henry\Application Data\Microsoft
[2009/04/09 18:38:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Move Networks
[2008/06/08 19:40:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Mozilla
[2009/01/15 01:22:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Samsung
[2008/07/16 12:54:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Sun
[2009/03/03 22:59:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Template
[2008/07/15 14:23:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\Temporary
[2008/07/15 14:03:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Henry\Application Data\TransRender
[2008/06/05 16:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2008/06/05 16:58:49 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/06/05 16:58:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2008/06/05 16:58:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/08/05 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/05/07 23:07:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[color=orange]========== Purity Check ==========[/color]

< End of report >
0
Utilisateur anonyme
7 mai 2009 à 23:38
######## | XP _ Instal & recherche | #######


Telecharge et install UsbFix (de C_XX & Chiquitine29)

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau .

# Choisi l option 1 ( Recherche )

# Laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.



0
Petit problème
J'ai bien télécharger USBFIX.exe, il est sur mon bureau, mais je ne peux pas le lancer en double cliquant car
il me demande dans la fenetre si je veux executer ce logitiel, ce à quoi je répond exécuter et la il me lance une instal avec l'accord licence ect ect
J'ai beau doucle cliquer a chaque fois, je ne trouve pas l'option 1 comme tu me l'a décrite.
Que dois je faire ?

Merci encore
0
############################## [ UsbFix V3.017 # Scan ]

# User : Henry (Administrateurs) # ADMINIST-49C1BF
# Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 00:07:33 | 08/05/2009

# Intel(R) Celeron(R) CPU 2.00GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : Trend Micro Internet Security 16.10.1210 [ Enabled | Updated ]
# FW : Pare-feu personnel de Trend Micro[ Enabled ]5.2

# C:\ # Disque fixe local # 9,31 Go (1003,99 Mo free) # NTFS
# D:\ # Disque fixe local # 19 Go (11,85 Go free) # NTFS
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# H:\ # Disque amovible # 488,84 Mo (270,47 Mo free) [CLÉ USB] # FAT

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\Atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Henry\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="https://www.google.fr/?gws_rd=ssl"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Henry"
HKLM_logon: "AltDefaultUserName"="Henry"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
HKLM_Run: PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM_Run: PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM_Run: UfSeAgnt.exe="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
HKLM_Run: AtiPTA=Atiptaxx.exe
HKLM_Run: SoundMan=SOUNDMAN.EXE
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKLM_Run: EPSON Stylus DX3800 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: OE="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
HKCU_Run: H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

################## [ Informations ]

Je pense que j'avais bien pigé

Merci
HC
################## [ Fichiers # Dossiers infectieux ]


################## [ Registre # Clés Run infectieuses ]

Found ! HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )

################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{a0552150-33ad-11dd-bb74-00508b5b055a}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{db09ba75-aa59-11dd-bc7d-00508b5b055a}\Shell\AutoRun\command

################## [ ! Fin du rapport # UsbFix V3.017 ! ]
0
Utilisateur anonyme
8 mai 2009 à 00:01
bien sur il faut l installer d'abord :)
0
Je pense qu'il est installé, mais quand je clic deux fois sur l'icone du bureau il me relance a chaque fois l'instalation.
Désolé, je ne suis pas un dieu en informatique
0
je crois que j'ai pigé
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Utilisateur anonyme
8 mai 2009 à 00:13
et oui c est plus le meme icone qu il faut cliquer ensuite :)
0
Utilisateur anonyme
8 mai 2009 à 00:18
######## | Suppression | ########

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau

# choisi l option 2 ( Suppression )

# Ton bureau disparaitra et le pc redémarrera .

# Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


######### | Désinstallation | #######


# Double clic sur le raccourci UsbFix présent sur ton bureau

# Choisi l option Désinstaller ....
0
Voila le dernier en date,
Je lance la désintalation
Merci
############################## [ UsbFix V3.017 # Cleaning ]

# User : Henry (Administrateurs) # ADMINIST-49C1BF
# Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 00:31:46 | 08/05/2009

# Intel(R) Celeron(R) CPU 2.00GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : Trend Micro Internet Security 16.10.1210 [ Enabled | Updated ]
# FW : Pare-feu personnel de Trend Micro[ (!) Disabled ]5.2

# C:\ # Disque fixe local # 9,31 Go (1003,12 Mo free) # NTFS
# D:\ # Disque fixe local # 19 Go (11,85 Go free) # NTFS
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# H:\ # Disque amovible # 488,84 Mo (270,47 Mo free) [CLÉ USB] # FAT

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers # Dossiers infectieux ]


################## [ Registre # Clés Run infectieuses ]

# HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !

################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{a0552150-33ad-11dd-bb74-00508b5b055a}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{db09ba75-aa59-11dd-bc7d-00508b5b055a}\Shell\AutoRun\command

################## [ Listing des fichiers présent ]

[05/06/2008 16:54|--a------|0] - C:\AUTOEXEC.BAT
[01/03/2009 14:26|-r-hs----|241] - C:\boot.ini
[05/08/2004 14:00|-rahs----|4952] - C:\Bootfont.bin
[14/02/2009 16:18|--a--c---|3171208] - C:\ccsetup216.exe
[05/06/2008 16:54|--a------|0] - C:\CONFIG.SYS
[?|?|?] - C:\hiberfil.sys
[05/06/2008 16:54|-rahs----|0] - C:\IO.SYS
[05/06/2008 16:54|-rahs----|0] - C:\MSDOS.SYS
[05/08/2004 14:00|-rahs----|47564] - C:\NTDETECT.COM
[31/08/2008 11:27|-rahs----|252240] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[08/09/2008 13:53|--ah-----|268] - C:\sqmdata00.sqm
[08/09/2008 20:27|--ah-----|268] - C:\sqmdata01.sqm
[09/09/2008 08:34|--ah-----|268] - C:\sqmdata02.sqm
[09/09/2008 13:57|--ah-----|268] - C:\sqmdata03.sqm
[05/11/2008 14:47|--ah-----|268] - C:\sqmdata04.sqm
[21/07/2008 03:12|--ah-----|268] - C:\sqmdata05.sqm
[22/07/2008 01:15|--ah-----|268] - C:\sqmdata06.sqm
[22/07/2008 20:26|--ah-----|268] - C:\sqmdata07.sqm
[23/07/2008 18:30|--ah-----|268] - C:\sqmdata08.sqm
[25/07/2008 01:22|--ah-----|268] - C:\sqmdata09.sqm
[25/07/2008 15:50|--ah-----|268] - C:\sqmdata10.sqm
[26/07/2008 02:35|--ah-----|268] - C:\sqmdata11.sqm
[27/07/2008 02:33|--ah-----|268] - C:\sqmdata12.sqm
[28/07/2008 03:15|--ah-----|268] - C:\sqmdata13.sqm
[28/07/2008 08:45|--ah-----|268] - C:\sqmdata14.sqm
[28/07/2008 17:08|--ah-----|268] - C:\sqmdata15.sqm
[13/08/2008 02:32|--ah-----|268] - C:\sqmdata16.sqm
[14/08/2008 05:15|--ah-----|268] - C:\sqmdata17.sqm
[29/08/2008 11:55|--ah-----|268] - C:\sqmdata18.sqm
[08/09/2008 02:17|--ah-----|268] - C:\sqmdata19.sqm
[08/09/2008 13:53|--ah-----|244] - C:\sqmnoopt00.sqm
[08/09/2008 20:27|--ah-----|244] - C:\sqmnoopt01.sqm
[09/09/2008 08:34|--ah-----|244] - C:\sqmnoopt02.sqm
[09/09/2008 13:57|--ah-----|244] - C:\sqmnoopt03.sqm
[05/11/2008 14:47|--ah-----|244] - C:\sqmnoopt04.sqm
[21/07/2008 03:12|--ah-----|244] - C:\sqmnoopt05.sqm
[22/07/2008 01:15|--ah-----|244] - C:\sqmnoopt06.sqm
[22/07/2008 20:26|--ah-----|244] - C:\sqmnoopt07.sqm
[23/07/2008 18:30|--ah-----|244] - C:\sqmnoopt08.sqm
[25/07/2008 01:22|--ah-----|244] - C:\sqmnoopt09.sqm
[25/07/2008 15:50|--ah-----|244] - C:\sqmnoopt10.sqm
[26/07/2008 02:35|--ah-----|244] - C:\sqmnoopt11.sqm
[27/07/2008 02:33|--ah-----|244] - C:\sqmnoopt12.sqm
[28/07/2008 03:15|--ah-----|244] - C:\sqmnoopt13.sqm
[28/07/2008 08:45|--ah-----|244] - C:\sqmnoopt14.sqm
[28/07/2008 17:08|--ah-----|244] - C:\sqmnoopt15.sqm
[13/08/2008 02:32|--ah-----|244] - C:\sqmnoopt16.sqm
[14/08/2008 05:15|--ah-----|244] - C:\sqmnoopt17.sqm
[29/08/2008 11:55|--ah-----|244] - C:\sqmnoopt18.sqm
[08/09/2008 02:17|--ah-----|244] - C:\sqmnoopt19.sqm
[08/05/2009 00:36|--a--c---|4896] - C:\UsbFix.txt
[27/10/2008 19:37|--a------|192307] - C:\wubildr
[27/10/2008 19:37|--a------|8192] - C:\wubildr.mbr
[27/04/2009 06:53|--a------|1614] - H:\BOOTEX.LOG
[31/03/2009 14:19|--a------|147968] - H:\ZZZ.xls
[30/03/2009 18:16|--a------|30720] - H:\Courrier FFHB.doc
[31/03/2008 09:20|--a------|1095416] - H:\lolp.jpg
[07/05/2009 21:51|--a------|140997] - H:\Copie de lolp.jpg
[17/04/2009 11:25|--a------|16384] - H:\Bagadou.xls
[13/04/2009 03:36|--a------|22016] - H:\Classeur1.xls
[17/04/2009 09:49|--a------|20992] - H:\Courrier Autocars.doc
[14/04/2009 19:13|--a------|500336] - H:\Affiche Bretagne v RD Congo.jpg
[27/04/2009 16:17|--a------|61644] - H:\Copie de Affiche Bretagne v RD Congo.jpg
[16/04/2009 11:11|--a------|23552] - H:\grille cadi.doc
[23/04/2009 10:04|--a------|20992] - H:\CV COLLIOT Cindy.doc
[01/05/2009 12:40|--a------|40088] - H:\Copie (2) de Affiche Bretagne v RD Congo.jpg
[01/05/2009 18:29|--a------|146078] - H:\Affiche Bretagne v RD Congo (La Bonne).jpg
[01/05/2009 16:18|--a------|28160] - H:\Concours pompiers 2009.doc
[01/05/2009 19:15|--a------|23552] - H:\Dossier Sponsoring BFA.doc
[03/05/2009 13:39|--a------|86288] - H:\ETicket_214583455.pdf

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# H:\autorun.inf -> Folder created by UsbFix.

################## [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! Fin du rapport # UsbFix V3.017 ! ]
0
Utilisateur anonyme
8 mai 2009 à 00:43
télécharge GenProc sur ton bureau

dézippe le dossier, double-clique sur GenProc.exe (le".exe" peut ne pas apparaitre)

et poste le contenu du rapport qui s'ouvre
0
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :



Poste un rapport Nod32 (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt


----------------------------------------------------------------------
Sites officiels GenProc : alt-shift-return.org et GenProc.com
----------------------------------------------------------------------
0
Utilisateur anonyme
8 mai 2009 à 00:58
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.



Télécharges :
Malwarebytes ou :
Malwarebytes

* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

* Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

* Lance Malwarebyte's .

Fais un examen dit "Complet" .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

0