Sujet Précédent Sujet Suivant

PC trés lent

jojo -  
 Utilisateur anonyme -
Bonjour,
je vous écrit car le PC de bureau de la famille est devenu incroyablement lent, cela va faire maintenant une semaine, et il est quasiment impossible de faire quelque chose, le pire reste pour aller sur internet. Si quelqu'un pouvait m'aider ce serait vraiment très gentil car je commence vraiment a désespéré et je ne mis connait pas vraiment en informatique. Pour gagner un peu de temps voici le rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:15:05, on 24/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\fxstaller.exe
C:\WINDOWS\System32\rs32net.exe
C:\WINDOWS\system32\mldmm.exe
C:\WINDOWS\sysrest32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE
C:\WINDOWS\system32\winamp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Zango\bin\10.3.37.0\Weather.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE
C:\WINDOWS\System32\rs32net.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\YesMessenger\YesMessenger.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\Admin\Application Data\U3\0000187B85723A97\LaunchPad.exe
C:\Documents and Settings\Admin\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.37.0\ZangoSA.exe"
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\Run: [mmsass] mldmm.exe
O4 - HKLM\..\Run: [Secure System Restore] sysrest32.exe
O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\system32\winamp.exe
O4 - HKLM\..\RunServices: [mmsass] mldmm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SBB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.37.0\Weather.exe" -auto
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S3F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series (Copie 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S14.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe
O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL cghpfz.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
A voir également:

55 réponses

Précédent
Réponse 21 / 55
jojo
 
d'acord merci de ton aide quand même
0
Réponse 22 / 55
jojo
 
Tu veux que je mette tout le compte rendu, parce que il est très long ??
0
Réponse 23 / 55
Utilisateur anonyme
 
Re,

Oui poste le même enn deux fois si il le faut.
0
Réponse 24 / 55
jojo
 
Voila le compte rendu:

ComboFix 08-12-23.01 - Admin 2008-12-24 1:01:44.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.80 [GMT 1:00]
Lancé depuis: c:\documents and settings\Admin\Bureau\C-Fix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Application Data\ShoppingReport
c:\documents and settings\Admin\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Admin\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Admin\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Admin\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Admin\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Admin\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Admin\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\Admin\Application Data\WeatherDPA
c:\documents and settings\Admin\Application Data\WeatherDPA\Weather\WeatherStartup.xml
c:\documents and settings\Admin\Application Data\Zango
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\1.sdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\1041655.sdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\1384900.sdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\1390732.sdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\1400879.sdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\1415040.sdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\1817352.sdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\1859639.sdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\1936389.sdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\1967082.sdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\2828477.sdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\2899632.sdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\297049.sdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\3251993.sdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\3404705.sdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\3893245.sdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\3893642.sdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\3895082.sdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\600583.sdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\898494.sdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000023690
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000023901
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000023964
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000024268
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000024690
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000024736
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000024806
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000025015
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000025243
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000025311
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000025635
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000025764
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000025975
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000026235
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000026287
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000027037
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000027865
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000027956
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000028063
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000032917
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000032930
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000032977
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000033027
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000033059
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000033070
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000033079
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000037209
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000037257
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000044868
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000051643
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000051994
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052008
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052451
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052615
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052875
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000053498
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000056860
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000058289
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000059554
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000061197
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000061367
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000063616
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000064073
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000068556
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000068631
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000069039
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000069497
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000078587
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000079006
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000079780
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000079933
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000082797
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000083256
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000091175
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000091308
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000091336
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000091386
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000091430
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000091806
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000093924
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000093943
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\104622
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\116977
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\12457
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13031
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17025
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17040
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\19052
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\199413
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\200804
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21669
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21889
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\22657
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\247895
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\266291
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\277907
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\306449
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33695
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\337118
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33912
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\374830
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4226
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44492
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\455904
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\456080
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\461315
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\472390
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\481176
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\505911
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\520094
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\528757
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\54189
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\553177
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\58804
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59287
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61367
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\624815
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6292
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\630279
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\652325
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\658110
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67469
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67560
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68041
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\69235
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\696893
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\704982
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\704984
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705022
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705206
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705286
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705328
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705334
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705541
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70779
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\710858
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\738022
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\73804
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\742100
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\746718
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\749354
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753426
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753427
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753530
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753541
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753573
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753582
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753593
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79989
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\81293
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\81392
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\8282
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\9974
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\dynamic\ustat\3793.dat
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\avatar.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\btntrans.idx
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\btntrans1.dat
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\buttondir.txt
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\components.cdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\cursors.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\d_icons_weather.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\default.cdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_categorize.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_comparison.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_favorites.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_Games.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_Hide.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_jemster.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_Mails.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_new.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_premium.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_reun.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_weather.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\editblbuttons.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\email-t1-bg.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\icons2.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\ie_games_icon.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\ie_video.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\keywords.idx
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\keywords1.dat
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\layout.cdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\linkpathlegal.txt
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\progress.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\s_icons_buttons.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\sales_buttons.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\sdfmodifier.xml
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\t2_bg.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\theweb.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\top7.cdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\tsd_bg.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\zango_btn.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\1\zango_ie_menu.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\avatar.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\btntrans.idx
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\btntrans1.dat
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\buttondir.txt
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\components.cdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\cursors.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_1000.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_2000.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_3000.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bar.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bbar1.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_logos.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_other.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\d_icons_weather.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\default.cdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_categorize.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_comparison.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_favorites.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_Games.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_Hide.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_hotbarcom.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_hsskin.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_jemster.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_jemsterie.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_jemsteruk.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_jobsearch.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_Mails.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_MobileSidewalk.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_new.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_premium.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_reun.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_ringtones.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_SearchBoxTrapper.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_searchfor.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_searchgo.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_weather.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Default_yellowpages.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\editblbuttons.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-548964.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-9595.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\email-t1-bg.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\icons2.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\ie_games_icon.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\ie_video.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\keywords.idx
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\keywords1.dat
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\layout.cdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\linkpathlegal.txt
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\progress.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\s_icons_buttons.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\sales_buttons.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\sdfmodifier.xml
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\t2_bg.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\theweb.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\top7.cdf
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\Top7_theweb.mnu
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\tsd_bg.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\zango_btn.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\2\zango_ie_menu.res
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
c:\documents and settings\Admin\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
c:\documents and settings\Admin\Local Settings\Application Data\qosyk.dat
c:\documents and settings\Admin\Local Settings\Application Data\qosyk.exe
c:\documents and settings\Admin\Local Settings\Application Data\qosyk_nav.dat
c:\documents and settings\Admin\Local Settings\Application Data\qosyk_navps.dat
c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\All Users\Application Data\ZangoSA
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSA.dat
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAau.dat
c:\documents and settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht
c:\program files\ShoppingReport
c:\program files\zango
c:\program files\zango\bin\10.3.37.0\OEAddOn.exe
c:\program files\zango\bin\10.3.37.0\Weather.exe
c:\program files\zango\bin\10.3.37.0\WeSkin.dll
c:\program files\zango\bin\10.3.37.0\ZangoSA.exe
c:\program files\zango\bin\10.3.37.0\ZangoSAHook.dll
c:\program files\zango\bin\10.3.37.0\ZangoUninstaller.exe
c:\windows\fxstaller.exe
c:\windows\system32\awtrqQGV.dll
c:\windows\system32\ayakvnav.dll
c:\windows\system32\cghpfz.dll
c:\windows\system32\ddcdCvUl.dll
c:\windows\system32\ehuuklxy.ini
c:\windows\system32\ekgpwaoh.ini
c:\windows\system32\fccyyVPj.dll
c:\windows\system32\geBqRLfD.dll
c:\windows\system32\hgGyvtQJ.dll
c:\windows\system32\iifgHaxy.dll
c:\windows\system32\jkkJdBqo.dll
c:\windows\system32\jkkKbCVM.dll
c:\windows\system32\jkkLEVoN.dll
c:\windows\system32\khfDstRk.dll
c:\windows\system32\khfEXnNe.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mlJAsSIc.dll
c:\windows\system32\mlJDuuVm.dll
c:\windows\system32\MVCbKkkj.ini
c:\windows\system32\MVCbKkkj.ini2
c:\windows\system32\nnnmnnoL.dll
c:\windows\system32\opnnkkJB.dll
c:\windows\system32\opnnnLbc.dll
c:\windows\system32\opnolIAr.dll
c:\windows\system32\ovslupbu.ini
c:\windows\system32\pjedinaq.dll
c:\windows\system32\pmnnOIyV.dll
c:\windows\system32\qanidejp.ini
c:\windows\system32\qyvipm.dll
c:\windows\system32\rqRIyYRH.dll
c:\windows\system32\rs32net.exe
c:\windows\system32\tuvSijHw.dll
c:\windows\system32\tuvTlmkL.dll
c:\windows\system32\tuvVLeDU.dll
c:\windows\system32\tuvVNDsT.dll
c:\windows\system32\urqNDSMc.dll
c:\windows\system32\urqNHAQj.dll
c:\windows\system32\urqnkihf.dll
c:\windows\system32\vtUlJYOI.dll
c:\windows\system32\vtUmLebb.dll
c:\windows\system32\vtUmMeed.dll
c:\windows\system32\winamp.exe
c:\windows\system32\wvUlljii.dll
c:\windows\system32\xxyvwUNH.dll
c:\windows\system32\yayvVOfC.dll
c:\windows\Tasks\rsbiwkjj.job

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-24 au 2008-12-24 ))))))))))))))))))))))))))))))))))))
.

2008-12-24 00:55 . 2008-12-24 00:55 69,682 --a------ c:\windows\system32\cyupxnm.exe
2008-12-24 00:16 . 2008-12-24 00:16 69,682 --a------ c:\windows\system32\ckcvrotc.exe
2008-12-23 22:31 . 2008-12-23 22:30 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-23 20:55 . 2008-12-24 00:55 32,768 --a------ c:\windows\system32\drivers\ati0vyxx.sys
2008-12-23 19:20 . 2008-12-23 19:20 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-23 19:20 . 2008-12-23 19:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-23 19:20 . 2008-12-23 19:20 <REP> d-------- c:\documents and settings\Admin\Application Data\Malwarebytes
2008-12-23 19:20 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-23 19:20 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-23 15:26 . 2008-12-23 15:26 <REP> d-------- c:\documents and settings\Administrateur\Application Data\U3
2008-12-23 15:15 . 2008-12-23 18:56 <REP> d-------- c:\program files\a-squared Free
2008-12-20 20:08 . 2008-12-20 20:07 55,858 -r-hs---- c:\windows\sysrest32.exe
2008-12-20 20:07 . 2008-12-20 20:07 55,858 --a------ C:\reps.exe
2008-12-20 18:23 . 2007-12-13 18:39 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2008-12-20 18:23 . 2007-12-13 18:39 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2008-12-20 18:23 . 2007-12-13 17:45 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2008-12-20 18:23 . 2008-12-23 15:15 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2008-12-20 18:23 . 2007-12-13 18:39 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2008-12-20 18:23 . 2007-12-13 18:39 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2008-12-20 18:23 . 2008-12-23 15:27 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2008-12-20 18:22 . 2008-12-20 18:23 <REP> d-------- c:\documents and settings\Administrateur
2008-12-11 20:30 . 2008-12-11 20:30 <REP> d-------- c:\documents and settings\Admin\Application Data\Apple Computer
2008-12-11 20:29 . 2008-12-12 00:04 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-11 19:59 . 2008-12-11 19:59 <REP> d-------- c:\documents and settings\Admin\Application Data\ArcSoft
2008-12-11 19:57 . 2008-12-11 19:57 26 --a------ C:\UpdaterforApp.ini
2008-12-11 19:56 . 2008-12-11 19:57 <REP> d-------- c:\program files\Fichiers communs\ArcSoft
2008-12-11 19:56 . 2005-04-27 16:36 245,408 --a------ c:\windows\system32\unicows.dll
2008-12-11 19:56 . 2007-03-07 16:05 126,976 --a------ c:\windows\system32\MediaImpression Slideshow.scr
2008-12-11 19:56 . 2005-02-23 14:58 11,776 --a------ c:\windows\system32\drivers\afc.sys
2008-12-11 19:55 . 2008-12-11 19:58 <REP> d-------- c:\windows\system32\MediaImpression Slideshow
2008-12-11 19:55 . 2008-12-11 19:55 <REP> d-------- c:\program files\ArcSoft
2008-12-11 19:52 . 2008-12-11 19:53 <REP> d-------- c:\program files\QuickTime
2008-12-11 19:52 . 2008-12-11 19:52 <REP> d-------- c:\program files\Apple Software Update
2008-12-11 19:52 . 2008-12-11 19:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-11 19:52 . 2008-12-11 19:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-12-04 13:26 . 2008-12-04 13:26 <REP> d-------- c:\documents and settings\Admin\Application Data\Panasonic
2008-11-28 12:22 . 2006-03-02 13:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-27 16:31 . 2008-11-27 16:31 <REP> d-------- c:\windows\system32\fr
2008-11-27 16:31 . 2008-11-27 16:31 <REP> d-------- c:\windows\system32\bits
2008-11-27 16:31 . 2008-11-27 16:31 <REP> d-------- c:\windows\l2schemas
2008-11-27 16:24 . 2008-11-27 16:32 <REP> d-------- c:\windows\ServicePackFiles
2008-11-27 16:04 . 2008-11-27 16:04 <REP> d-------- c:\windows\EHome

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 00:12 --------- d-----w c:\documents and settings\Admin\Application Data\OpenOffice.org2
2008-12-24 00:11 --------- d-----w c:\program files\lg_fwupdate
2008-12-23 21:52 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-23 21:30 --------- d-----w c:\program files\Java
2008-12-23 18:19 --------- d-----w c:\documents and settings\Admin\Application Data\U3
2008-12-23 14:46 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-12 23:47 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-11 18:55 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-28 23:31 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-11-28 23:30 --------- d-----w c:\program files\Norton Security Scan
2008-11-20 17:02 --------- d-----w c:\program files\YesMessenger
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-04-09 19:50 135,680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus DX8400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 182272]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-07 68856]
"EPSON Stylus DX8400 Series (Copie 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 182272]
"EPSON Stylus DX8400 Series (Copie 2)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 182272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-01-12 249856]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-23 136600]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-09 1836544]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-09 185632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"Secure System Restore"="sysrest32.exe" [2008-12-20 c:\windows\sysrest32.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Admin\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
YesMessenger.lnk - c:\program files\YesMessenger\YesMessenger.exe [2008-11-07 2772992]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-06-03 40960]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2007-12-14 585728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mp42"= c:\windows\Mpg4c32.dll
"vidc.mp43"= c:\windows\Mpg4c32.dll
"vidc.mpg4"= c:\windows\Mpg4c32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0vyxx.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\mldmm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12935:TCP"= 12935:TCP:NortonAV
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 ati0vyxx;ati0vyxx;c:\windows\system32\Drivers\ati0vyxx.sys [2008-12-23 32768]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-11 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-06-11 20560]
S3 ADM8511;Convertisseur USB vers Fast Ethernet ADMtek ADM8511/AN986;c:\windows\system32\DRIVERS\ADM8511.SYS [2007-12-13 20160]
S3 AGV;AGV;c:\windows\system32\drivers\AGV.sys [2008-02-08 180617]
S3 GV600V2;GV600V2;c:\windows\system32\drivers\GV600V2.sys [2008-02-08 47014]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-23 38496]
.
Contenu du dossier 'Tâches planifiées'

2008-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]

2008-11-28 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 22:42]

2008-12-23 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{2F550F99-7875-4C88-BD24-37B1D9C96AEB} - c:\windows\system32\jkkKbCVM.dll
BHO-{8f35e492-43b3-493c-aeae-d77c2e7566aa} - c:\windows\system32\cghpfz.dll
HKCU-Run-qosyk - c:\documents and settings\admin\local settings\application data\qosyk.exe
HKCU-Run-rs32net - c:\windows\System32\rs32net.exe
HKLM-Run-EoEngine - c:\program files\EoRezo\EoEngine.exe
HKLM-Run-ItsTV - c:\program files\ItsLabel\ItsTV.exe
HKLM-Run-EoWeather - (no file)
Notify-__c003EBFA - c:\windows\system32\__c003EBFA.dat

.
------- Examen supplémentaire -------
.
mStart Page = hxxp://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\8cph11l4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.orange.fr/
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 01:10:52
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\logishrd\LVCOMSER\LVComSer.exe
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\program files\OpenOffice.org 2.3\program\soffice.bin
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Fichiers communs\logishrd\LQCVFX\COCIManager.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Fichiers communs\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Heure de fin: 2008-12-24 1:20:14 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-24 00:20:07

Avant-CF: 19 547 058 176 octets libres
Après-CF: 20,347,817,984 octets libres

604 --- E O F --- 2008-12-12 23:47:55
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 55
Utilisateur anonyme
 
Re,

▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.

▶ Double clique sur RSIT.exe pour lancer l'outil.

▶ Clique sur ' continue ' à l'écran Disclaimer.

Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports
( log.txt & info.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 26 / 55
nowhere_ Messages postés 262 Statut Membre 50
 
sources officiels pour telecharger combofix :

--> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
--> https://forospyware.com
--> http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

certaines versions ont un trojan

suivre avec attention le tutoriel : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
c'est un outil puissant.

un interprete des log d'hijackthis : http://www.hijackthis.de/fr
vous donnera une idee : une tache inconnue n'est pas bon signe
*verifier en postant ici
0
Réponse 27 / 55
jojo
 
voici le rapport info:

info.txt logfile of random's system information tool 1.05 2008-12-24 01:34:21

======Uninstall list======

-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\NuNInst.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Angelina Jolie 1-->C:\WINDOWS\ss3unstl.exe "Angelina Jolie 1"
Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
a-squared Free 4.0-->"C:\Program Files\a-squared Free\unins000.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x40c UNINST
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Dofus 1.22.0-->C:\Program Files\Dofus\uninstall.exe
eoEngine 5.1-->"C:\Program Files\EoRezo\unins000.exe"
EoWeather 5.1-->"C:\Program Files\EoRezo\EoWeather\unins000.exe"
EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x40c UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x40c UNINST
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manuel-->C:\Program Files\EPSON\TPMANUAL\ES_CX_DX\FRA\USE_G\DOCUNINS.EXE
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"H:\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Essentials-->MsiExec.exe /X{9B4E6CB9-E54D-47F7-A414-E2D5740E1036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton Security Scan-->MsiExec.exe /I{230C4A45-2586-4161-84EF-5C0D75D5B270}
OpenOffice.org 2.3-->MsiExec.exe /I{B087B0C3-F595-485A-B86B-73326BA8693A}
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
PHOTOfunSTUDIO -viewer--->C:\Program Files\InstallShield Installation Information\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}\setup.exe -runfromtemp -l0x040c -z"Uninstall" -removeonly
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Sagem Wi-Fi 11g USB adapter (driver)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2ED60C17-4568-4CD5-830A-03C4688B09A1}\setup.exe" -l0x40c
SAGEM Wi-Fi 11g USB adapter (pilote)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7421E270-0140-4F62-AE39-ECB9F1C81B35}\setup.exe" -l0x40c
SAGEM Wi-Fi 11g USB adapter (pilote)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E2AA331E-E10E-438C-B1C0-24B2FFD3D9C4}\setup.exe" -l0x40c
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Software Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{497A1721-088F-41EF-8876-B43C9DA5528B}\Setup.exe" -l0x40c
SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
VIA Gestionnaire de périphériques de plate-forme-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
YesMessenger 2.2.40-->"C:\Program Files\YesMessenger\unins000.exe"

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 080930-0] (outdated)

System event log

Computer Name: ADMIN-DBBDDBA8D
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 12574
Source Name: EventLog
Time Written: 20081215181325.000000+060
Event Type: Informations
User:

Computer Name: ADMIN-DBBDDBA8D
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.

Record Number: 12573
Source Name: EventLog
Time Written: 20081215181325.000000+060
Event Type: Informations
User:

Computer Name: ADMIN-DBBDDBA8D
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.

Record Number: 12572
Source Name: Tcpip
Time Written: 20081215175842.000000+060
Event Type: Avertissement
User:

Computer Name: ADMIN-DBBDDBA8D
Event Code: 7036
Message: Le service Service de transfert intelligent en arrière-plan est entré dans l'état : en cours d'exécution.

Record Number: 12571
Source Name: Service Control Manager
Time Written: 20081215174952.000000+060
Event Type: Informations
User:

Computer Name: ADMIN-DBBDDBA8D
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de transfert intelligent en arrière-plan.

Record Number: 12570
Source Name: Service Control Manager
Time Written: 20081215174950.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Application event log

Computer Name: ADMIN-DBBDDBA8D
Event Code: 0
Message:
Record Number: 7630
Source Name: LVCOMSer
Time Written: 20081103151455.000000+060
Event Type: Informations
User:

Computer Name: ADMIN-DBBDDBA8D
Event Code: 1001
Message: Échec de détection du produit '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', fonctionnalité 'QuickCam' lors de la demande du composant '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Record Number: 7629
Source Name: MsiInstaller
Time Written: 20081103151455.000000+060
Event Type: Avertissement
User: AUTORITE NT\SERVICE RÉSEAU

Computer Name: ADMIN-DBBDDBA8D
Event Code: 1004
Message: Échec de détection du produit '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', fonctionnalité 'QuickCam', composant '{B52C7B4D-F46F-438C-ADF2-05A138C57757}. La ressource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' n'existe pas

Record Number: 7628
Source Name: MsiInstaller
Time Written: 20081103151455.000000+060
Event Type: Avertissement
User: AUTORITE NT\SERVICE RÉSEAU

Computer Name: ADMIN-DBBDDBA8D
Event Code: 0
Message:
Record Number: 7627
Source Name: gusvc
Time Written: 20081103151451.000000+060
Event Type: Informations
User:

Computer Name: ADMIN-DBBDDBA8D
Event Code: 1001
Message: Échec de détection du produit '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', fonctionnalité 'QuickCam' lors de la demande du composant '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Record Number: 7626
Source Name: MsiInstaller
Time Written: 20081103151432.000000+060
Event Type: Avertissement
User: AUTORITE NT\SERVICE RÉSEAU

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 28 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=1c00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------
0
Réponse 28 / 55
jojo
 
voici le rapport log:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Admin at 2008-12-24 01:34:01
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 19 GB (50%) free of 39 GB
Total RAM: 511 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:34:16, on 24/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\YesMessenger\YesMessenger.exe
C:\WINDOWS\sysrest32.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Bureau\RSIT.exe
C:\Documents and Settings\Admin\Bureau\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Secure System Restore] sysrest32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SBB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S3F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series (Copie 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S14.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe
O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0
Réponse 29 / 55
Utilisateur anonyme
 
Re,

@nowhere_,

c bon pas besoin c déjà passer et la .

@JOJO:

1. Fermez tous les navigateurs ouverts.

2. Fermez/désactivez tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

3. Ouvrez le Bloc-notes et faites un copier/coller du texte en gras situé dans la boîte Citation ci-dessous dans le Bloc-notes:


File::
c:\documents and settings\admin\application data\zango\v3.0\zango\dynamic\ustat\3793.dat
c:\documents and settings\admin\application data\zango\v3.0\zango\static\1\btntrans1.dat
c:\documents and settings\admin\application data\zango\v3.0\zango\static\1\keywords1.dat
c:\documents and settings\admin\application data\zango\v3.0\zango\static\2\btntrans1.dat
c:\documents and settings\admin\application data\zango\v3.0\zango\static\2\keywords1.dat
c:\documents and settings\admin\local settings\application data\qosyk_nav.dat
c:\documents and settings\admin\local settings\application data\qosyk_navps.dat
c:\documents and settings\all users\application data\zangosa\zangosa.dat
c:\documents and settings\all users\application data\zangosa\zangosa_kyf.dat
c:\documents and settings\all users\application data\zangosa\zangosaau.dat
c:\program files\zango\bin\10.3.37.0\oeaddon.exe
c:\program files\zango\bin\10.3.37.0\weather.exe
c:\program files\zango\bin\10.3.37.0\weskin.dll
c:\program files\zango\bin\10.3.37.0\zangosa.exe
c:\program files\zango\bin\10.3.37.0\zangosahook.dll
c:\program files\zango\bin\10.3.37.0\zangouninstaller.exe
c:\windows\fxstaller.exe
c:\windows\system32\mvcbkkkj.ini
c:\windows\system32\rs32net.exe
c:\windows\system32\vtuljyoi.dll
c:\windows\system32\vtumlebb.dll
c:\windows\system32\vtummeed.dll
c:\windows\system32\winamp.exe
c:\windows\system32\__c003ebfa.dat

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

Enregistrez le fichier sous le nom CFScript.txt, au même endroit que ComboFix.exe

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Comme sur l'image ci-dessus, faites glisser CFScript puis déposez-le sur ComboFix.exe

Lorsque l'outil aura terminé, il vous affichera un rapport nommé C:\ComboFix.txt que vous devez m'envoyer dans votre prochain message.
0
Réponse 30 / 55
nowhere_ Messages postés 262 Statut Membre 50
 
je trouve que ça donne beaucoup d'information sur un systeme... distant.. tout ces logs
0
Réponse 31 / 55
Utilisateur anonyme
 
Re,

Ben regarde les pas alors!!

;)
0
Réponse 32 / 55
jojo
 
j'ai des boite de dialogue qui s'affiche, Windows - lecteur non pret
exception processing message c00000a3 parameters .....
que dois je faire ??
0
Réponse 33 / 55
Utilisateur anonyme
 
Re,

desactivé en decochant la premiere case "connect at power on" de la fenetre qui s'ouvre lorsqu'on double click sur floopy disk.
0
Réponse 34 / 55
Utilisateur anonyme
 
moi je regarde et ça trip de voir enfin des fichiers plutot qu'un avartar de virus ^^

...c'est pour comprendre HiJackThis et tous ceux qui en ont peur aussi, lol
0
Réponse 35 / 55
jojo
 
Mais avec le message je peux juste annule recommencer ou continuer
0
Réponse 36 / 55
Utilisateur anonyme
 
Re,

Laisse tomber le script et fait ceci dans l'ordre:

▶ Télécharge UsbFix (de Chiquitine29) sur ton Bureau :

▶ Lance l'installation avec les paramètres par défaut.

▶ Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

▶ Double-clique sur le raccourci UsbFix sur ton Bureau.

Choisit l'option 1

▶ Le PC va redémarrer.

▶ Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte

Mets le à jour

▶ Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.

▶ Sélectionne Exécuter un examen complet si ce n'est pas déjà fait

▶ clique sur Rechercher

▶ Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

Tutoriel pour MalwareByte's
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Une fois que tu auras fait malwarebyte et supprimer la quarantaine,tu redémarre ton pc normalement et tu poste le rapport de malwarebyte et tu refais un rapport avec RSIT.
0
Utilisateur anonyme
 
svp X-V,

existe-t'il des prduits type Malewarebyte's dans le commerce ?
0
Réponse 37 / 55
Utilisateur anonyme
 
Re,

Mawarebyte et a une version payante et il et pas trop mal.
0
Réponse 38 / 55
jojo
 
rapport UsbFix.txt :

-------------- UsbFix V2.413.7 ---------------

* User : Admin - ADMIN-DBBDDBA8D
* Outils mis a jours le 24/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 2:12:02 le 2008-12-24
* Windows Xp - Internet Explorer 7.0.5730.13

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur de CD-ROM

F: - Lecteur de CD-ROM

G: - Lecteur de CD-ROM

H: - Lecteur amovible

+- Contenu de l'autorun : G:\autorun.inf

[AutoRun]
open=LaunchU3.exe -a
icon=LaunchU3.exe,0
action=Run U3 Launchpad

[Definitions]
Launchpad=LaunchPad.exe
Vtype=2

[CopyFiles]
FileNumber=1
File1=LaunchPad.zip

[Update]
URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.6.1.2&brand=PelicanBFG

[Comment]
brand=PelicanBFG

+- Contenu de l'autorun : H:\autorun.inf

[autorun]
open=RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\sysrest32.exe
icon=%SystemRoot%\system32\SHELL32.dll,4
action=Open folder to view files
shell\open=Open
shell\open\command=RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\sysrest32.exe
shell\open\default=1

--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe

+- Listing des fichiers présents :

[2007-12-13 17:50][--a------] C:\AUTOEXEC.BAT
[2006-03-02 13:00][-rahs----] C:\NTDETECT.COM
[2008-12-20 20:07][--a------] C:\reps.exe
[2007-12-13 17:43][---hs----] C:\boot.ini
[2007-12-13 17:43][---hs----] C:\UpdaterforApp.ini
[2008-12-24 02:12][--a------] C:\UsbFix.txt
[2007-12-13 17:50][--a------] C:\CONFIG.SYS
[2007-12-13 17:50][--a------] C:\hiberfil.sys
[2007-12-13 17:50][--a------] C:\IO.SYS
[2007-12-13 17:50][--a------] C:\MSDOS.SYS
[2007-12-13 17:50][--a------] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur fixe

+- Listing des fichiers présents :

[2007-10-26 13:57][--a------] D:\AUTOEXEC.BAT
[][] D:\NTDETECT.COM
[2007-10-26 13:44][---hs----] D:\boot.ini
[2007-10-26 13:57][--a------] D:\CONFIG.SYS
[2007-10-26 13:57][--a------] D:\hiberfil.sys
[2007-10-26 13:57][--a------] D:\IO.SYS
[2007-10-26 13:57][--a------] D:\MSDOS.SYS
[2007-10-26 13:57][--a------] D:\pagefile.sys

--------------- [ Lecteur E ] ----------------

E: - Lecteur de CD-ROM

+- Listing des fichiers présents :

--------------- [ Lecteur F ] ----------------

F: - Lecteur de CD-ROM

+- Listing des fichiers présents :

--------------- [ Lecteur G ] ----------------

G: - Lecteur de CD-ROM

+- Listing des fichiers présents :

[2007-10-23 08:45][-r-------] G:\LaunchU3.exe
[2008-05-06 13:26][-r-------] G:\autorun.inf

--------------- [ Lecteur H ] ----------------

H: - Lecteur amovible

+- Listing des fichiers présents :

[2007-10-23 09:45][-ra------] H:\LaunchU3.exe
[2007-10-23 09:45][-ra------] H:\a2FreeSetup.exe
[2007-10-23 09:45][-ra------] H:\spybotsd160.exe
[2007-10-23 09:45][-ra------] H:\mbam-setup.exe
[2007-10-23 09:45][-ra------] H:\C-Fix.exe
[2007-10-23 09:45][-ra------] H:\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[2007-10-23 09:45][-ra------] H:\RSIT.exe
[2007-10-23 09:45][-ra------] H:\UsbFix.exe
[2008-12-24 02:08][--a------] H:\autorun.inf
[2008-12-24 01:21][--a------] H:\log.txt
[2008-12-24 01:21][--a------] H:\info111.txt
[2008-12-24 01:21][--a------] H:\log111.txt
[2008-12-24 01:21][--a------] H:\CFScript.txt

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
EPSON Stylus DX8400 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SBB.tmp" /EF "HKCU"
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
EPSON Stylus DX8400 Series (Copie 1)=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S3F.tmp" /EF "HKCU"
EPSON Stylus DX8400 Series (Copie 2)=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S14.tmp" /EF "HKCU"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
RemoteControl="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
LanguageShortcut="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
LGODDFU="C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
NeroFilterCheck=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
SecurDisc=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
InCD=C:\Program Files\Nero\Nero 7\InCD\InCD.exe
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Smapp=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
LogitechCommunicationsManager="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
ArcSoft Connection Service=C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
Secure System Restore=sysrest32.exe
UserFaultCheck=%systemroot%\system32\dumprep 0 -u
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Mountpoint2 ] ----------------

-> Recherche négative.

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [2008-04-14 03:34][--a------] C:\WINDOWS\system32\mldmm.exe
H:\autorun.inf ~> fichier appelé : "H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\sysrest32.exe" ( présent ! )
Supprimé ! - H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\sysrest32.exe
Echec de la supression !! - [2008-05-06 13:26] G:\autorun.inf
Echec de la supression !! - [2008-05-06 13:26] G:\autorun.inf
Echec de la supression !! - [2008-05-06 13:26] G:\autorun.inf
Supprimé ! - [2008-12-24 02:08][--a------] H:\autorun.inf

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[2007-12-13 17:50][--a------] C:\AUTOEXEC.BAT
[2006-03-02 13:00][-rahs----] C:\NTDETECT.COM
[2008-12-20 20:07][--a------] C:\reps.exe
[2007-12-13 17:43][---hs----] C:\boot.ini
[2007-12-13 17:43][---hs----] C:\UpdaterforApp.ini
[2007-10-26 13:57][--a------] D:\AUTOEXEC.BAT
[][] D:\NTDETECT.COM
[2007-10-26 13:44][---hs----] D:\boot.ini
[2007-10-23 08:45][-r-------] G:\LaunchU3.exe
[2008-05-06 13:26][-r-------] G:\autorun.inf
[2007-10-23 09:45][-ra------] H:\LaunchU3.exe
[2007-10-23 09:45][-ra------] H:\a2FreeSetup.exe
[2007-10-23 09:45][-ra------] H:\spybotsd160.exe
[2007-10-23 09:45][-ra------] H:\mbam-setup.exe
[2007-10-23 09:45][-ra------] H:\C-Fix.exe
[2007-10-23 09:45][-ra------] H:\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[2007-10-23 09:45][-ra------] H:\RSIT.exe
[2007-10-23 09:45][-ra------] H:\UsbFix.exe

Joyeuses fetes a tous de la part de T'Chiki et Chimay ...et merci a toutes les personnes ayant,
de pret ou de loin participé a UsbFix durant l annee 2008 , merci a eux !

--------------- ! Fin du rapport ! ----------------
0
Réponse 39 / 55
jojo
 
Re,
Malware est toujours entrain de scanné, je sais pas si c'est normal que ce soit aussi long, ??
0
Réponse 40 / 55
Utilisateur anonyme
 
Re,

Le plus long que j'ai vue c'est 15 heures de scans.

Mais bon laisse tourner et va te coucher.

A++
0