Cheval de troie
sylar73
-
toto666 Messages postés 331 Statut Membre -
toto666 Messages postés 331 Statut Membre -
Bonjour, depuis deux jours j ai plusieurs chevaux de troie sur mon laptop que je n arrive pas a enlever......j ai fait tourner mon antivirus (avg) mais ce dernier n arrive pas a les supprimer.....je n arrive plus a ouvrir firefox et a la place j ai internet explorer qui s ouvre avec une page qui m offre les services d un antivirus........bref est ce que je dois reformater ou autres choses......
j attend de vos news
merci
j attend de vos news
merci
A voir également:
- Cheval de troie
- Antivirus cheval de troie gratuit - Télécharger - Antivirus & Antimalwares
- Ordinateur bloqué cheval de troie - Accueil - Arnaque
- Qu'est ce que le cheval au poker - Forum Virus
- Comment se débarrasser d'un cheval de troie ✓ - Forum Virus
- Retrouver son cheval skyrim - Forum Jeux PC
12 réponses
salut,
On va voir ce que tu a sur ton pc.
I)Telecharger random's system information tool: (RSIT)
http://images.malwareremoval.com/random/RSIT.exe
1)Double clique sur l’icône RSIT.exe
2)Clique sur continue.
3)L’analyse terminée, deux fichiers s’ouvriront, poste moi les 2 rapports stp.
Si les 2 fichiers ne s’ouvrent pas va dans C:\rsit , tu y trouvera les 2 fichiers info.txt et log.txt
On va voir ce que tu a sur ton pc.
I)Telecharger random's system information tool: (RSIT)
http://images.malwareremoval.com/random/RSIT.exe
1)Double clique sur l’icône RSIT.exe
2)Clique sur continue.
3)L’analyse terminée, deux fichiers s’ouvriront, poste moi les 2 rapports stp.
Si les 2 fichiers ne s’ouvrent pas va dans C:\rsit , tu y trouvera les 2 fichiers info.txt et log.txt
sylar73
je savais pas si il fallait que je t envois tout ca mais je l ai fait....
voila mon rapport avg
"C:\Documents and Settings\Florant\Application Data\ptidle\ptidle.exe";"Trojan horse Downloader.Generic8.ALDS";"Moved to Virus Vault"
"C:\Documents and Settings\Florant\Application Data\ptidle\ptidle.exe";"Trojan horse Downloader.Generic8.ALDS";"Moved to Virus Vault"
"C:\Documents and Settings\Florant\Application Data\ptidle\ptidle.exe";"Trojan horse Downloader.Generic8.ALDS";"Moved to Virus Vault"
"C:\Documents and Settings\Florant\Application Data\ptidle\ptidle.exe (3928)";"Trojan horse Downloader.Generic8.ALDS";"Reboot is required to finish the action"
"C:\WINDOWS\system32\ahtn.htm";"Trojan horse Downloader.Generic_c.AQA";"Moved to Virus Vault"
"C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0P2N49IF\warning[1].gif";"Trojan horse Generic_c.ABVY";"Moved to Virus Vault"
"C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\45EB4TQJ\winlogon[1].htm";"Trojan horse Downloader.Generic_c.AQA";"Moved to Virus Vault"
"C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GDEZ8HY3\lsp[1].exe";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"C:\WINDOWS\system32\dllcache\userinit.exe";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"C:\WINDOWS\system32\duziyano.dll";"Trojan horse SHeur2.AEOL";"Moved to Virus Vault"
"C:\WINDOWS\system32\frmwrk32.exe";"Trojan horse SHeur2.AEUE";"Moved to Virus Vault"
"C:\WINDOWS\system32\fuwijawa.dll";"Trojan horse SHeur2.AEOL";"Moved to Virus Vault"
"C:\WINDOWS\system32\loader49.exe";"Trojan horse SHeur2.AEUE";"Moved to Virus Vault"
"C:\WINDOWS\system32\ntdll64.exe";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"C:\WINDOWS\system32\prnet.tmp";"Trojan horse Downloader.Generic8.AMBO";"Moved to Virus Vault"
"C:\WINDOWS\system32\userinit.exe";"Virus identified Win32/Cryptor";"Object is white-listed (critical/system file that should not be removed)"
"C:\WINDOWS\system32\warning.gif";"Trojan horse Generic_c.ABVY";"Moved to Virus Vault"
"C:\WINDOWS\system32\wedoduje.dll";"Trojan horse SHeur2.AEOL";"Moved to Virus Vault"
"C:\Documents and Settings\Florant\Application Data\ptidle\ptidle.exe";"Trojan horse Downloader.Generic8.ALDS";"Moved to Virus Vault"
"C:\Documents and Settings\Florant\Application Data\ptidle\ptidle.exe";"Trojan horse Downloader.Generic8.ALDS";"Moved to Virus Vault"
"C:\Documents and Settings\Florant\Application Data\ptidle\ptidle.exe";"Trojan horse Downloader.Generic8.ALDS";"Moved to Virus Vault"
"C:\Documents and Settings\Florant\Application Data\ptidle\ptidle.exe (3928)";"Trojan horse Downloader.Generic8.ALDS";"Reboot is required to finish the action"
"C:\WINDOWS\system32\ahtn.htm";"Trojan horse Downloader.Generic_c.AQA";"Moved to Virus Vault"
"C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0P2N49IF\warning[1].gif";"Trojan horse Generic_c.ABVY";"Moved to Virus Vault"
"C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\45EB4TQJ\winlogon[1].htm";"Trojan horse Downloader.Generic_c.AQA";"Moved to Virus Vault"
"C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GDEZ8HY3\lsp[1].exe";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"C:\WINDOWS\system32\dllcache\userinit.exe";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"C:\WINDOWS\system32\duziyano.dll";"Trojan horse SHeur2.AEOL";"Moved to Virus Vault"
"C:\WINDOWS\system32\frmwrk32.exe";"Trojan horse SHeur2.AEUE";"Moved to Virus Vault"
"C:\WINDOWS\system32\fuwijawa.dll";"Trojan horse SHeur2.AEOL";"Moved to Virus Vault"
"C:\WINDOWS\system32\loader49.exe";"Trojan horse SHeur2.AEUE";"Moved to Virus Vault"
"C:\WINDOWS\system32\ntdll64.exe";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"C:\WINDOWS\system32\prnet.tmp";"Trojan horse Downloader.Generic8.AMBO";"Moved to Virus Vault"
"C:\WINDOWS\system32\userinit.exe";"Virus identified Win32/Cryptor";"Object is white-listed (critical/system file that should not be removed)"
"C:\WINDOWS\system32\warning.gif";"Trojan horse Generic_c.ABVY";"Moved to Virus Vault"
"C:\WINDOWS\system32\wedoduje.dll";"Trojan horse SHeur2.AEOL";"Moved to Virus Vault"
info.txt logfile of random's system information tool 1.06 2009-05-12 12:39:21
======Uninstall list======
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001}
Advertisement Service-->C:\WINDOWS\system32\prnet.tmp Uninstall
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Arena 10.0 (CPR 7)-->MsiExec.exe /I{BD78DE74-95DB-429D-A66F-6306BCEDA640}
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c
ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Broadcom 802.11 Wireless LAN Adapter-->C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo
Coffret de pilotes Logitech QuickCam-->"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.80" /clone_wait /hide_progress
Compaq Presario r4000 User Guides-->C:\PROGRA~1\CPQ\UNWISE.EXE C:\PROGRA~1\CPQ\INSTALL.LOG
Conexant AC-Link Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -Iqta3091.inf
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C\HXFSETUP.EXE -U -IVEN_1002&DEV_4378&SUBSYS_3091103C
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
HP Help and Support-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x40c -removeonly
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Pavillion zv6000 User Guides-->C:\PROGRA~1\HPQ\UNWISE.EXE C:\PROGRA~1\HPQ\INSTALL.LOG
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Wireless Assistant 1.01 A3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x40c hpquninst
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}
Magic ISO Maker v5.5 (build 0272)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.105-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 4.0 - SE-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534AA552-E1F1-4965-B2AA-FBDEB0730D60}\setup.exe" -l0x40c
Panneau de contrôle ATI-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
Quick Launch Buttons 5.10 B3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x40c -uninst
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0xc0c REMOVE
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1} /l1036
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D}
UserGuides-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02E22217-0E96-4C3F-B831-83AA942B7715}\setup.exe" -l0x40c
Winamax Poker (remove only)-->"C:\Program Files\WinamaxPoker\uninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Zango-->"C:\Program Files\Zango\bin\10.3.75.0\ZangoUninstaller.exe" Web
======Security center information======
AV: AVG Anti-Virus Free
======System event log======
Computer Name: FLORANT-D961033
Event Code: 7036
Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution.
Record Number: 9232
Source Name: Service Control Manager
Time Written: 20090313171518.000000-360
Event Type: Informations
User:
Computer Name: FLORANT-D961033
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).
Record Number: 9231
Source Name: Service Control Manager
Time Written: 20090313171518.000000-360
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: FLORANT-D961033
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service iPod Service.
Record Number: 9230
Source Name: Service Control Manager
Time Written: 20090313171518.000000-360
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: FLORANT-D961033
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.
Record Number: 9229
Source Name: Service Control Manager
Time Written: 20090313171518.000000-360
Event Type: Informations
User:
Computer Name: FLORANT-D961033
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.
Record Number: 9228
Source Name: Service Control Manager
Time Written: 20090313171518.000000-360
Event Type: Informations
User: AUTORITE NT\SYSTEM
=====Application event log=====
Computer Name: FLORANT-D961033
Event Code: 1003
Message: Le service Windows Search a été démarré.
Record Number: 1083
Source Name: Windows Search Service
Time Written: 20081208110546.000000-360
Event Type: Informations
User:
Computer Name: FLORANT-D961033
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 1082
Source Name: SecurityCenter
Time Written: 20081208110546.000000-360
Event Type: Informations
User:
Computer Name: FLORANT-D961033
Event Code: 102
Message: Windows (368) Windows: Le moteur de base de données a démarré une nouvelle instance (0).
Record Number: 1081
Source Name: ESENT
Time Written: 20081208110542.000000-360
Event Type: Informations
User:
Computer Name: FLORANT-D961033
Event Code: 100
Message: SearchIndexer (368) Le moteur de base de données 5.01.2600.5512 est démarré.
Record Number: 1080
Source Name: ESENT
Time Written: 20081208110542.000000-360
Event Type: Informations
User:
Computer Name: FLORANT-D961033
Event Code: 0
Message:
Record Number: 1079
Source Name: btwdins
Time Written: 20081208110539.000000-360
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Rockwell Software\RSCommon;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\Panneau de contrôle ATI
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2402
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\
-----------------EOF-----------------
======Uninstall list======
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001}
Advertisement Service-->C:\WINDOWS\system32\prnet.tmp Uninstall
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Arena 10.0 (CPR 7)-->MsiExec.exe /I{BD78DE74-95DB-429D-A66F-6306BCEDA640}
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c
ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Broadcom 802.11 Wireless LAN Adapter-->C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo
Coffret de pilotes Logitech QuickCam-->"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.80" /clone_wait /hide_progress
Compaq Presario r4000 User Guides-->C:\PROGRA~1\CPQ\UNWISE.EXE C:\PROGRA~1\CPQ\INSTALL.LOG
Conexant AC-Link Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -Iqta3091.inf
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C\HXFSETUP.EXE -U -IVEN_1002&DEV_4378&SUBSYS_3091103C
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
HP Help and Support-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x40c -removeonly
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Pavillion zv6000 User Guides-->C:\PROGRA~1\HPQ\UNWISE.EXE C:\PROGRA~1\HPQ\INSTALL.LOG
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Wireless Assistant 1.01 A3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x40c hpquninst
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}
Magic ISO Maker v5.5 (build 0272)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.105-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 4.0 - SE-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534AA552-E1F1-4965-B2AA-FBDEB0730D60}\setup.exe" -l0x40c
Panneau de contrôle ATI-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
Quick Launch Buttons 5.10 B3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x40c -uninst
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0xc0c REMOVE
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1} /l1036
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D}
UserGuides-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02E22217-0E96-4C3F-B831-83AA942B7715}\setup.exe" -l0x40c
Winamax Poker (remove only)-->"C:\Program Files\WinamaxPoker\uninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Zango-->"C:\Program Files\Zango\bin\10.3.75.0\ZangoUninstaller.exe" Web
======Security center information======
AV: AVG Anti-Virus Free
======System event log======
Computer Name: FLORANT-D961033
Event Code: 7036
Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution.
Record Number: 9232
Source Name: Service Control Manager
Time Written: 20090313171518.000000-360
Event Type: Informations
User:
Computer Name: FLORANT-D961033
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).
Record Number: 9231
Source Name: Service Control Manager
Time Written: 20090313171518.000000-360
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: FLORANT-D961033
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service iPod Service.
Record Number: 9230
Source Name: Service Control Manager
Time Written: 20090313171518.000000-360
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: FLORANT-D961033
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.
Record Number: 9229
Source Name: Service Control Manager
Time Written: 20090313171518.000000-360
Event Type: Informations
User:
Computer Name: FLORANT-D961033
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.
Record Number: 9228
Source Name: Service Control Manager
Time Written: 20090313171518.000000-360
Event Type: Informations
User: AUTORITE NT\SYSTEM
=====Application event log=====
Computer Name: FLORANT-D961033
Event Code: 1003
Message: Le service Windows Search a été démarré.
Record Number: 1083
Source Name: Windows Search Service
Time Written: 20081208110546.000000-360
Event Type: Informations
User:
Computer Name: FLORANT-D961033
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 1082
Source Name: SecurityCenter
Time Written: 20081208110546.000000-360
Event Type: Informations
User:
Computer Name: FLORANT-D961033
Event Code: 102
Message: Windows (368) Windows: Le moteur de base de données a démarré une nouvelle instance (0).
Record Number: 1081
Source Name: ESENT
Time Written: 20081208110542.000000-360
Event Type: Informations
User:
Computer Name: FLORANT-D961033
Event Code: 100
Message: SearchIndexer (368) Le moteur de base de données 5.01.2600.5512 est démarré.
Record Number: 1080
Source Name: ESENT
Time Written: 20081208110542.000000-360
Event Type: Informations
User:
Computer Name: FLORANT-D961033
Event Code: 0
Message:
Record Number: 1079
Source Name: btwdins
Time Written: 20081208110539.000000-360
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Rockwell Software\RSCommon;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\Panneau de contrôle ATI
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2402
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\
-----------------EOF-----------------
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Logfile of random's system information tool 1.06 (written by random/random)
Run by Florant at 2009-05-12 12:39:06
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 91 GB (79%) free of 114 GB
Total RAM: 1918 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:18, on 2009-05-12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Florant\Bureau\RSIT.exe
C:\Program Files\trend micro\Florant.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hec.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4320d5f5-7cbf-40b0-a720-fec05d5eef37} - C:\WINDOWS\system32\wedoduje.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe"
O4 - HKLM\..\Run: [fahukeyumi] Rundll32.exe "C:\WINDOWS\system32\yadusura.dll",s
O4 - HKLM\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp"
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [28295a77] rundll32.exe "C:\WINDOWS\system32\meyobuha.dll",b
O4 - HKLM\..\Run: [CPM2b1a69eb] Rundll32.exe "c:\windows\system32\yiriyidi.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.75.0\Weather.exe" -auto
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wibijomi.dll C:\WINDOWS\system32\nanuyona.dll C:\WINDOWS\system32\miyokonu.dll c:\windows\system32\yiriyidi.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yiriyidi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yiriyidi.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
Run by Florant at 2009-05-12 12:39:06
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 91 GB (79%) free of 114 GB
Total RAM: 1918 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:18, on 2009-05-12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Florant\Bureau\RSIT.exe
C:\Program Files\trend micro\Florant.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hec.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4320d5f5-7cbf-40b0-a720-fec05d5eef37} - C:\WINDOWS\system32\wedoduje.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe"
O4 - HKLM\..\Run: [fahukeyumi] Rundll32.exe "C:\WINDOWS\system32\yadusura.dll",s
O4 - HKLM\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp"
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [28295a77] rundll32.exe "C:\WINDOWS\system32\meyobuha.dll",b
O4 - HKLM\..\Run: [CPM2b1a69eb] Rundll32.exe "c:\windows\system32\yiriyidi.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.75.0\Weather.exe" -auto
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wibijomi.dll C:\WINDOWS\system32\nanuyona.dll C:\WINDOWS\system32\miyokonu.dll c:\windows\system32\yiriyidi.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yiriyidi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yiriyidi.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
Ree,
ton pc est bien infecté.
I)Télécharger Toolbar S&D :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
1)Double clique sur l’icone ToolbarSD.exe, le menu s’ouvre tape « f » puis entrée.(un message d’avertissement arrivera clique sur ok)
2)Choisit l’option 1 pour la recherche (tape 1)
3)Laisse chercher le logiciel….
4)A la fin de la recherche le bloc notes s’ouvrira, fait moi un copier-coller de ce rapport dans ta prochaine réponse.
(note :le rapport se trouve dans C:\TB.txt)
(Attention :Pour l’instant n’effectue pas l’option 2 avant que je te le dise)
Puis,
▶ Télécharge et install UsbFix : http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Choisis l' option 1 ( Recherche )
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
ton pc est bien infecté.
I)Télécharger Toolbar S&D :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
1)Double clique sur l’icone ToolbarSD.exe, le menu s’ouvre tape « f » puis entrée.(un message d’avertissement arrivera clique sur ok)
2)Choisit l’option 1 pour la recherche (tape 1)
3)Laisse chercher le logiciel….
4)A la fin de la recherche le bloc notes s’ouvrira, fait moi un copier-coller de ce rapport dans ta prochaine réponse.
(note :le rapport se trouve dans C:\TB.txt)
(Attention :Pour l’instant n’effectue pas l’option 2 avant que je te le dise)
Puis,
▶ Télécharge et install UsbFix : http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Choisis l' option 1 ( Recherche )
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Turion(tm) 64 Mobile Technology ML-37 )
BIOS : wPhoenix NoteBIOS 4.0 Release 6.1
USER : Florant ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.5 (Activated)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:88 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD) - CDFS - Total:1 Go (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 2009-05-12|12:55 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\DOCUME~1\Florant\Cookies\florant@contentcatalog.hotbar[1].txt
C:\DOCUME~1\Florant\Cookies\florant@hotbar[2].txt
C:\WINDOWS\Prefetch\WAVVSNET.TMP-1F171260.pf
C:\DOCUME~1\Florant\APPLIC~1\WeatherDPA
C:\DOCUME~1\Florant\APPLIC~1\WeatherDPA\Weather
C:\DOCUME~1\Florant\APPLIC~1\WeatherDPA\Weather\WeatherDPA
C:\DOCUME~1\Florant\APPLIC~1\WeatherDPA\Weather\WeatherStartup.xml
C:\DOCUME~1\Florant\APPLIC~1\WeatherDPA\Weather\WeatherDPA\Weather_XML
C:\DOCUME~1\Florant\APPLIC~1\Zango
C:\DOCUME~1\Florant\APPLIC~1\Zango\IESkins
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\HostOI
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\HostOL
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\HostOI\dynamic
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\HostOI\static
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\HostOL\dynamic
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\HostOL\static
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\1.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\1055978.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\1224397.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\1383704.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\1383771.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\1383918.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\1390909.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\2894097.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\3284506.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\3852296.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\3893447.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\601935.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\domains.txt
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\ustat
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000024131
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000032748
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000035683
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000090992
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000091139
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000091333
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000091383
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000091460
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000091752
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000091803
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\11297
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\11891
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\12776
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\13608
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1491
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\159294
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\166651
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\193409
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\249916
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\260609
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\26656
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\29115
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\29642
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\32290
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\324832
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\32541
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\33146
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\35006
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\35017
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\389687
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\39072
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\41333
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\455563
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\477253
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\477779
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\510935
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\53060
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\532492
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\53481
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\54473
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\547723
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\552212
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\56815
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\56829
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\57904
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\64646
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\65770
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\69156
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\69263
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\71531
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\72072
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\73282
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\737665
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\73861
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\745144
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\748176
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\751223
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\752698
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\753266
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\753469
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\753576
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\79819
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\82292
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\83216
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\83706
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\84369
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\90711
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\94844
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\95825
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\ustat\3827.dat
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\ustat\3828.dat
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\avatar.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\btntrans.idx
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\btntrans1.dat
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\buttondir.txt
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\components.cdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\cursors.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\default.cdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_categorize.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_comparison.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_favorites.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_Games.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_Hide.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_jemster.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_Mails.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_new.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_premium.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_reun.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_weather.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_weather.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\editblbuttons.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\email-t1-bg.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\hotbar-premium-hotbar-premium.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\hotbar-premium.cdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\icons2.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\ie_games_icon.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\ie_video.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\keywords.idx
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\keywords1.dat
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\layout.cdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\linkpathlegal.txt
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\progress.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\sales_buttons.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\sdfmodifier.xml
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\s_icons_buttons.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\t2_bg.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\theweb.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\top7.cdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\tsd_bg.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\zango_btn.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\zango_ie_menu.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\avatar.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\btntrans.idx
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\btntrans1.dat
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\buttondir.txt
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\components.cdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\cursors.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\default.cdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_categorize.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_comparison.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_favorites.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_Games.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_Hide.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_hotbarcom.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_hsskin.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_jemster.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_jemsterie.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_jemsteruk.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_jobsearch.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_Mails.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_MobileSidewalk.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_new.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_premium.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_reun.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_ringtones.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_SearchBoxTrapper.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_searchfor.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_searchgo.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_weather.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_yellowpages.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_buttons_1000.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_buttons_2000.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_buttons_3000.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_buttons_bar.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_buttons_bbar1.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_buttons_logos.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_buttons_other.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_weather.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\editblbuttons.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\email-def-511724-548964.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\email-def-511724-9595.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\email-t1-bg.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\hotbar-premium-hotbar-premium.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\hotbar-premium.cdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\icons2.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\ie_games_icon.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\ie_video.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\keywords.idx
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\keywords1.dat
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\layout.cdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\linkpathlegal.txt
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\progress.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\sales_buttons.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\sdfmodifier.xml
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\s_icons_buttons.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\t2_bg.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\theweb.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\top7.cdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Top7_theweb.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\tsd_bg.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\zango_btn.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\zango_ie_menu.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\avatar.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\cursors.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\default.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\hotbar-premium.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\icons2.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\keywords.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\layout.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\progress.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\samplegroups2.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\top7.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
C:\Program Files\Zango
C:\Program Files\Zango\bin
C:\Program Files\Zango\bin\10.3.75.0
C:\Program Files\Zango\bin\10.3.75.0\arrow.ico
C:\Program Files\Zango\bin\10.3.75.0\CntntCntr.dll
C:\Program Files\Zango\bin\10.3.75.0\copyright.txt
C:\Program Files\Zango\bin\10.3.75.0\CoreSrv.dll
C:\Program Files\Zango\bin\10.3.75.0\firefox
C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll
C:\Program Files\Zango\bin\10.3.75.0\HostOE.dll
C:\Program Files\Zango\bin\10.3.75.0\HostOL.dll
C:\Program Files\Zango\bin\10.3.75.0\link.ico
C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
C:\Program Files\Zango\bin\10.3.75.0\Srv.exe
C:\Program Files\Zango\bin\10.3.75.0\Toolbar.dll
C:\Program Files\Zango\bin\10.3.75.0\Wallpaper.dll
C:\Program Files\Zango\bin\10.3.75.0\Weather.exe
C:\Program Files\Zango\bin\10.3.75.0\WeSkin.dll
C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe
C:\Program Files\Zango\bin\10.3.75.0\ZangoSAAX.dll
C:\Program Files\Zango\bin\10.3.75.0\ZangoSADF.exe
C:\Program Files\Zango\bin\10.3.75.0\ZangoSAHook.dll
C:\Program Files\Zango\bin\10.3.75.0\ZangoUninstaller.exe
C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions
C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions\chrome.manifest
C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions\components
C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions\install.rdf
C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions\plugins
C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions\components\npclntax.xpt
C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions\plugins\npclntax_ZangoSA.dll
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Zango
C:\DOCUME~1\Florant\Cookies\florant@hosted.zango[2].txt
C:\DOCUME~1\Florant\Cookies\florant@www.zango[2].txt
C:\DOCUME~1\ALLUSE~1\APPLIC~1\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.hec.ca/"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 2009-05-12|12:56 - Option : [1]
-----------\\ Fin du rapport a 12:56:03,85
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Turion(tm) 64 Mobile Technology ML-37 )
BIOS : wPhoenix NoteBIOS 4.0 Release 6.1
USER : Florant ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.5 (Activated)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:88 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD) - CDFS - Total:1 Go (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 2009-05-12|12:55 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\DOCUME~1\Florant\Cookies\florant@contentcatalog.hotbar[1].txt
C:\DOCUME~1\Florant\Cookies\florant@hotbar[2].txt
C:\WINDOWS\Prefetch\WAVVSNET.TMP-1F171260.pf
C:\DOCUME~1\Florant\APPLIC~1\WeatherDPA
C:\DOCUME~1\Florant\APPLIC~1\WeatherDPA\Weather
C:\DOCUME~1\Florant\APPLIC~1\WeatherDPA\Weather\WeatherDPA
C:\DOCUME~1\Florant\APPLIC~1\WeatherDPA\Weather\WeatherStartup.xml
C:\DOCUME~1\Florant\APPLIC~1\WeatherDPA\Weather\WeatherDPA\Weather_XML
C:\DOCUME~1\Florant\APPLIC~1\Zango
C:\DOCUME~1\Florant\APPLIC~1\Zango\IESkins
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\HostOI
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\HostOL
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\HostOI\dynamic
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\HostOI\static
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\HostOL\dynamic
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\HostOL\static
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\1.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\1055978.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\1224397.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\1383704.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\1383771.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\1383918.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\1390909.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\2894097.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\3284506.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\3852296.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\3893447.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\601935.sdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\domains.txt
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\ustat
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000024131
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000032748
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000035683
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000090992
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000091139
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000091333
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000091383
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000091460
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000091752
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000091803
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\11297
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\11891
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\12776
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\13608
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1491
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\159294
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\166651
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\193409
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\249916
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\260609
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\26656
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\29115
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\29642
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\32290
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\324832
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\32541
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\33146
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\35006
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\35017
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\389687
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\39072
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\41333
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\455563
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\477253
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\477779
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\510935
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\53060
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\532492
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\53481
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\54473
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\547723
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\552212
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\56815
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\56829
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\57904
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\64646
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\65770
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\69156
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\69263
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\71531
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\72072
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\73282
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\737665
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\73861
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\745144
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\748176
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\751223
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\752698
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\753266
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\753469
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\753576
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\79819
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\82292
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\83216
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\83706
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\84369
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\90711
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\94844
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\95825
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\ustat\3827.dat
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\ustat\3828.dat
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\avatar.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\btntrans.idx
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\btntrans1.dat
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\buttondir.txt
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\components.cdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\cursors.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\default.cdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_categorize.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_comparison.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_favorites.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_Games.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_Hide.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_jemster.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_Mails.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_new.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_premium.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_reun.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_weather.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_weather.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\editblbuttons.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\email-t1-bg.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\hotbar-premium-hotbar-premium.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\hotbar-premium.cdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\icons2.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\ie_games_icon.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\ie_video.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\keywords.idx
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\keywords1.dat
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\layout.cdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\linkpathlegal.txt
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\progress.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\sales_buttons.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\sdfmodifier.xml
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\s_icons_buttons.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\t2_bg.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\theweb.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\top7.cdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\tsd_bg.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\zango_btn.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\zango_ie_menu.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\avatar.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\btntrans.idx
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\btntrans1.dat
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\buttondir.txt
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\components.cdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\cursors.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\default.cdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_categorize.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_comparison.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_favorites.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_Games.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_Hide.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_hotbarcom.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_hsskin.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_jemster.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_jemsterie.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_jemsteruk.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_jobsearch.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_Mails.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_MobileSidewalk.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_new.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_premium.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_reun.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_ringtones.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_SearchBoxTrapper.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_searchfor.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_searchgo.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_weather.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_yellowpages.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_buttons_1000.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_buttons_2000.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_buttons_3000.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_buttons_bar.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_buttons_bbar1.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_buttons_logos.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_buttons_other.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_weather.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\editblbuttons.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\email-def-511724-548964.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\email-def-511724-9595.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\email-t1-bg.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\hotbar-premium-hotbar-premium.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\hotbar-premium.cdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\icons2.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\ie_games_icon.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\ie_video.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\keywords.idx
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\keywords1.dat
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\layout.cdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\linkpathlegal.txt
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\progress.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\sales_buttons.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\sdfmodifier.xml
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\s_icons_buttons.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\t2_bg.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\theweb.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\top7.cdf
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Top7_theweb.mnu
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\tsd_bg.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\zango_btn.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\zango_ie_menu.res
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\avatar.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\cursors.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\default.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\hotbar-premium.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\icons2.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\keywords.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\layout.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\progress.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\samplegroups2.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\top7.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
C:\Program Files\Zango
C:\Program Files\Zango\bin
C:\Program Files\Zango\bin\10.3.75.0
C:\Program Files\Zango\bin\10.3.75.0\arrow.ico
C:\Program Files\Zango\bin\10.3.75.0\CntntCntr.dll
C:\Program Files\Zango\bin\10.3.75.0\copyright.txt
C:\Program Files\Zango\bin\10.3.75.0\CoreSrv.dll
C:\Program Files\Zango\bin\10.3.75.0\firefox
C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll
C:\Program Files\Zango\bin\10.3.75.0\HostOE.dll
C:\Program Files\Zango\bin\10.3.75.0\HostOL.dll
C:\Program Files\Zango\bin\10.3.75.0\link.ico
C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
C:\Program Files\Zango\bin\10.3.75.0\Srv.exe
C:\Program Files\Zango\bin\10.3.75.0\Toolbar.dll
C:\Program Files\Zango\bin\10.3.75.0\Wallpaper.dll
C:\Program Files\Zango\bin\10.3.75.0\Weather.exe
C:\Program Files\Zango\bin\10.3.75.0\WeSkin.dll
C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe
C:\Program Files\Zango\bin\10.3.75.0\ZangoSAAX.dll
C:\Program Files\Zango\bin\10.3.75.0\ZangoSADF.exe
C:\Program Files\Zango\bin\10.3.75.0\ZangoSAHook.dll
C:\Program Files\Zango\bin\10.3.75.0\ZangoUninstaller.exe
C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions
C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions\chrome.manifest
C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions\components
C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions\install.rdf
C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions\plugins
C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions\components\npclntax.xpt
C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions\plugins\npclntax_ZangoSA.dll
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Zango
C:\DOCUME~1\Florant\Cookies\florant@hosted.zango[2].txt
C:\DOCUME~1\Florant\Cookies\florant@www.zango[2].txt
C:\DOCUME~1\ALLUSE~1\APPLIC~1\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.hec.ca/"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 2009-05-12|12:56 - Option : [1]
-----------\\ Fin du rapport a 12:56:03,85
############################## [ UsbFix V3.018 # Scan ]
# User : Florant (Administrateurs) # FLORANT-D961033
# Update on 11/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 13:05:58 | 2009-05-12
# AMD Turion(tm) 64 Mobile Technology ML-37
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]
# C:\ # Disque fixe local # 111,78 Go (88,6 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# H:\ # Disque CD-ROM # 1,21 Go (0 Mo free) [MS Office 2007] # CDFS
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Zango\bin\10.3.75.0\Srv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="https://www.google.com/?gws_rd=ssl"
HKCU_Main: "Start Page"="https://www.hec.ca/"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Florant"
HKLM_logon: "AltDefaultUserName"="Florant"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
HKLM_Run: PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM_Run: PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM_Run: Cpqset=C:\Program Files\HPQ\Default Settings\cpqset.exe
HKLM_Run: HP Software Update=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
HKLM_Run: iTunesHelper=C:\Program Files\iTunes\iTunesHelper.exe
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM_Run: SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
HKLM_Run: SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM_Run: eabconfg.cpl=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
HKLM_Run: hpWirelessAssistant=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
HKLM_Run: ATIPTA="C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe"
HKLM_Run: AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
HKLM_Run: GrooveMonitor="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM_Run: LogitechCommunicationsManager="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
HKLM_Run: LogitechQuickCamRibbon="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
HKLM_Run: ZangoOE=C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
HKLM_Run: ZangoSA="C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe"
HKLM_Run: fahukeyumi=Rundll32.exe "C:\WINDOWS\system32\yadusura.dll",s
HKLM_Run: prnet="C:\WINDOWS\system32\prnet.tmp"
HKLM_Run: Framework Windows=frmwrk32.exe
HKLM_Run: 28295a77=rundll32.exe "C:\WINDOWS\system32\meyobuha.dll",b
HKLM_Run: CPM2b1a69eb=Rundll32.exe "c:\windows\system32\yiriyidi.dll",a
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
HKCU_Run: WeatherDPA="C:\Program Files\Zango\bin\10.3.75.0\Weather.exe" -auto
################## [ Informations ]
################## [ Fichiers # Dossiers infectieux ]
Found ! C:\WINDOWS\system32\ahtn.htm
Found ! C:\WINDOWS\system32\win32hlp.cnf
Found ! H:\autorun.inf
################## [ Registre # Clés Run infectieuses ]
Found ! HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Framework Windows"
################## [ Registre # Mountpoints2 ]
HKCU\Software\Microsoft\....\MountPoints2\{3bad0674-205c-11de-a630-0016412074a7}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{3bad0674-205c-11de-a630-0016412074a7}\Shell\install\Command
HKCU\Software\Microsoft\....\MountPoints2\{5c9cd36e-c7af-11dd-9da4-0016412074a7}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{5c9cd36e-c7af-11dd-9da4-0016412074a7}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{e0fbe5b0-9e93-11dd-9d48-0014a57aa623}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{e0fbe5b0-9e93-11dd-9d48-0014a57aa623}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{fc65a7b4-d124-11dd-9dad-0016412074a7}\Shell\AutoRun\command
################## [ ! Fin du rapport # UsbFix V3.018 ! ]
# User : Florant (Administrateurs) # FLORANT-D961033
# Update on 11/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 13:05:58 | 2009-05-12
# AMD Turion(tm) 64 Mobile Technology ML-37
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]
# C:\ # Disque fixe local # 111,78 Go (88,6 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# H:\ # Disque CD-ROM # 1,21 Go (0 Mo free) [MS Office 2007] # CDFS
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Zango\bin\10.3.75.0\Srv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="https://www.google.com/?gws_rd=ssl"
HKCU_Main: "Start Page"="https://www.hec.ca/"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Florant"
HKLM_logon: "AltDefaultUserName"="Florant"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
HKLM_Run: PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM_Run: PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM_Run: Cpqset=C:\Program Files\HPQ\Default Settings\cpqset.exe
HKLM_Run: HP Software Update=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
HKLM_Run: iTunesHelper=C:\Program Files\iTunes\iTunesHelper.exe
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM_Run: SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
HKLM_Run: SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM_Run: eabconfg.cpl=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
HKLM_Run: hpWirelessAssistant=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
HKLM_Run: ATIPTA="C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe"
HKLM_Run: AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
HKLM_Run: GrooveMonitor="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM_Run: LogitechCommunicationsManager="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
HKLM_Run: LogitechQuickCamRibbon="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
HKLM_Run: ZangoOE=C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
HKLM_Run: ZangoSA="C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe"
HKLM_Run: fahukeyumi=Rundll32.exe "C:\WINDOWS\system32\yadusura.dll",s
HKLM_Run: prnet="C:\WINDOWS\system32\prnet.tmp"
HKLM_Run: Framework Windows=frmwrk32.exe
HKLM_Run: 28295a77=rundll32.exe "C:\WINDOWS\system32\meyobuha.dll",b
HKLM_Run: CPM2b1a69eb=Rundll32.exe "c:\windows\system32\yiriyidi.dll",a
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
HKCU_Run: WeatherDPA="C:\Program Files\Zango\bin\10.3.75.0\Weather.exe" -auto
################## [ Informations ]
################## [ Fichiers # Dossiers infectieux ]
Found ! C:\WINDOWS\system32\ahtn.htm
Found ! C:\WINDOWS\system32\win32hlp.cnf
Found ! H:\autorun.inf
################## [ Registre # Clés Run infectieuses ]
Found ! HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Framework Windows"
################## [ Registre # Mountpoints2 ]
HKCU\Software\Microsoft\....\MountPoints2\{3bad0674-205c-11de-a630-0016412074a7}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{3bad0674-205c-11de-a630-0016412074a7}\Shell\install\Command
HKCU\Software\Microsoft\....\MountPoints2\{5c9cd36e-c7af-11dd-9da4-0016412074a7}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{5c9cd36e-c7af-11dd-9da4-0016412074a7}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{e0fbe5b0-9e93-11dd-9d48-0014a57aa623}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{e0fbe5b0-9e93-11dd-9d48-0014a57aa623}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{fc65a7b4-d124-11dd-9dad-0016412074a7}\Shell\AutoRun\command
################## [ ! Fin du rapport # UsbFix V3.018 ! ]
Ree,
On continu.suit bien la procédure dans l'ordre stp. :)
Relance Toolbar.
Cette fois choisit l’option2.
Poste moi le rapport.
puis,
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau
• choisis l' option 2 ( Suppression )
• Ton bureau disparaitra et le pc redémarrera .
• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
I)Télécharger sur ton bureau Malwarebyte's Anti-Malware :
telecharge malware's bytes a cette adresse:
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
1)Double-clic « mbam-setup »,l'installation se lance (installer sans rien changer).
2)Lance le programme,va dans l'onlet « mise à jour » puis clique « recherche de mise à jour ».
3)Va dans l'onglet « recherche » puis cocher « Exécuter un exament complet » >>clique « rechercher » puis lancer l'examen.
4)A la fin du scan ,si il y a des infections clique « afficher résultat ».
5)fermer toutes les autres applications.
6)Vérifier si tout est coché et clic « Supprimer la sélection ».
7)Un rapport s'ouvre copier-coller dans ta prochaine réponse
Puis poste moi un nouveau rapport RSIT stp.
On continu.suit bien la procédure dans l'ordre stp. :)
Relance Toolbar.
Cette fois choisit l’option2.
Poste moi le rapport.
puis,
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau
• choisis l' option 2 ( Suppression )
• Ton bureau disparaitra et le pc redémarrera .
• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
I)Télécharger sur ton bureau Malwarebyte's Anti-Malware :
telecharge malware's bytes a cette adresse:
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
1)Double-clic « mbam-setup »,l'installation se lance (installer sans rien changer).
2)Lance le programme,va dans l'onlet « mise à jour » puis clique « recherche de mise à jour ».
3)Va dans l'onglet « recherche » puis cocher « Exécuter un exament complet » >>clique « rechercher » puis lancer l'examen.
4)A la fin du scan ,si il y a des infections clique « afficher résultat ».
5)fermer toutes les autres applications.
6)Vérifier si tout est coché et clic « Supprimer la sélection ».
7)Un rapport s'ouvre copier-coller dans ta prochaine réponse
Puis poste moi un nouveau rapport RSIT stp.
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Turion(tm) 64 Mobile Technology ML-37 )
BIOS : wPhoenix NoteBIOS 4.0 Release 6.1
USER : Florant ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.5 (Activated)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:88 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD) - CDFS - Total:1 Go (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 2009-05-12|13:36 )
-----------\\ SUPPRESSION
Supprime! - C:\DOCUME~1\Florant\Cookies\florant@contentcatalog.hotbar[1].txt
Supprime! - C:\DOCUME~1\Florant\Cookies\florant@hotbar[2].txt
Supprime! - C:\WINDOWS\Prefetch\WAVVSNET.TMP-1F171260.pf
Supprime! - C:\DOCUME~1\Florant\APPLIC~1\WeatherDPA\Weather
Supprime! - C:\DOCUME~1\Florant\APPLIC~1\Zango\IESkins
Supprime! - C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0
Echec ! - C:\Program Files\Zango\bin
Echec ! - C:\Program Files\Zango\bin\10.3.75.0
Echec ! - C:\Program Files\Zango\bin\10.3.75.0\HostOE.dll
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Zango
Supprime! - C:\DOCUME~1\Florant\Cookies\florant@hosted.zango[2].txt
Supprime! - C:\DOCUME~1\Florant\Cookies\florant@www.zango[2].txt
Supprime! - C:\DOCUME~1\Florant\APPLIC~1\WeatherDPA
Supprime! - C:\DOCUME~1\Florant\APPLIC~1\Zango
Echec ! - C:\Program Files\Zango
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
-----------\\ DEUXIEME PASSAGE
Echec ! - C:\Program Files\Zango\bin
Echec ! - C:\Program Files\Zango\bin\10.3.75.0
Echec ! - C:\Program Files\Zango\bin\10.3.75.0\HostOE.dll
Echec ! - C:\Program Files\Zango
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\Zango
C:\Program Files\Zango\bin
C:\Program Files\Zango\bin\10.3.75.0
C:\Program Files\Zango\bin\10.3.75.0\HostOE.dll
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.hec.ca/"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 2009-05-12|12:56 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 2009-05-12|13:37 - Option : [2]
-----------\\ Fin du rapport a 13:37:55,98
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Turion(tm) 64 Mobile Technology ML-37 )
BIOS : wPhoenix NoteBIOS 4.0 Release 6.1
USER : Florant ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.5 (Activated)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:88 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD) - CDFS - Total:1 Go (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 2009-05-12|13:36 )
-----------\\ SUPPRESSION
Supprime! - C:\DOCUME~1\Florant\Cookies\florant@contentcatalog.hotbar[1].txt
Supprime! - C:\DOCUME~1\Florant\Cookies\florant@hotbar[2].txt
Supprime! - C:\WINDOWS\Prefetch\WAVVSNET.TMP-1F171260.pf
Supprime! - C:\DOCUME~1\Florant\APPLIC~1\WeatherDPA\Weather
Supprime! - C:\DOCUME~1\Florant\APPLIC~1\Zango\IESkins
Supprime! - C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0
Echec ! - C:\Program Files\Zango\bin
Echec ! - C:\Program Files\Zango\bin\10.3.75.0
Echec ! - C:\Program Files\Zango\bin\10.3.75.0\HostOE.dll
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Zango
Supprime! - C:\DOCUME~1\Florant\Cookies\florant@hosted.zango[2].txt
Supprime! - C:\DOCUME~1\Florant\Cookies\florant@www.zango[2].txt
Supprime! - C:\DOCUME~1\Florant\APPLIC~1\WeatherDPA
Supprime! - C:\DOCUME~1\Florant\APPLIC~1\Zango
Echec ! - C:\Program Files\Zango
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
-----------\\ DEUXIEME PASSAGE
Echec ! - C:\Program Files\Zango\bin
Echec ! - C:\Program Files\Zango\bin\10.3.75.0
Echec ! - C:\Program Files\Zango\bin\10.3.75.0\HostOE.dll
Echec ! - C:\Program Files\Zango
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\Zango
C:\Program Files\Zango\bin
C:\Program Files\Zango\bin\10.3.75.0
C:\Program Files\Zango\bin\10.3.75.0\HostOE.dll
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.hec.ca/"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 2009-05-12|12:56 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 2009-05-12|13:37 - Option : [2]
-----------\\ Fin du rapport a 13:37:55,98
L'option 2 l'a tu validé?
As tu suivi la procédure de l'option 2 de usbfix? as tu un rapport ??
1) Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau.
http://oldtimer.geekstogo.com/OTMoveIt3.exe
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste Instructions for Items to be Moved.
:processes
explorer.exe
:Files
C:\Program Files\Zango
C:\Program Files\Zango\bin
C:\Program Files\Zango\bin\10.3.75.0
C:\Program Files\Zango\bin\10.3.75.0\HostOE.dll
:commands
[emptytemp]
[start explorer]
[reboot]
clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport ( fichier .log ) situé dans C:\_OTMoveIt\MovedFiles.
Passe ensuite a malwarebyte's stp.
As tu suivi la procédure de l'option 2 de usbfix? as tu un rapport ??
1) Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau.
http://oldtimer.geekstogo.com/OTMoveIt3.exe
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste Instructions for Items to be Moved.
:processes
explorer.exe
:Files
C:\Program Files\Zango
C:\Program Files\Zango\bin
C:\Program Files\Zango\bin\10.3.75.0
C:\Program Files\Zango\bin\10.3.75.0\HostOE.dll
:commands
[emptytemp]
[start explorer]
[reboot]
clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport ( fichier .log ) situé dans C:\_OTMoveIt\MovedFiles.
Passe ensuite a malwarebyte's stp.
j ai fait malwarebyte en premier sans faire oldtimer voici le rapport.....je t envoie le rpport rsit puis je v reprendre dans l ordre que tu ma marquer oldtimer et son rapport puis malware.....desole j avais du mal lire et ou comprendre
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2117
Windows 5.1.2600 Service Pack 3
2009-05-12 14:21:12
mbam-log-2009-05-12 (14-21-12).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 124443
Temps écoulé: 27 minute(s), 54 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 14
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 20
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\meyobuha.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\yiriyidi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Florant\Local Settings\Temp\mousehook.dll (Trojan.Tibs) -> Delete on reboot.
C:\WINDOWS\Temp\ntdll64.dll (Trojan.Tibs) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4320d5f5-7cbf-40b0-a720-fec05d5eef37} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4320d5f5-7cbf-40b0-a720-fec05d5eef37} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\setup.player (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Zango (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
KHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\28295a77 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fahukeyumi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm2b1a69eb (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.75.0 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\yiriyidi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Documents and Settings\Florant\Application Data\ptidle (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.75.0 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\meyobuha.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ahuboyem.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\yiriyidi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Florant\Local Settings\Temp\mousehook.dll (Trojan.Tibs) -> Delete on reboot.
C:\WINDOWS\Temp\ntdll64.dll (Trojan.Tibs) -> Delete on reboot.
C:\Documents and Settings\Florant\Local Settings\Temp\erwmnxcoas.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Florant\Local Settings\Temp\ntdll64.dll (Trojan.Tibs) -> Quarantined and deleted successfully.
C:\Documents and Settings\Florant\Local Settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Florant\Local Settings\Temp\rasesnet.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Florant\Local Settings\Temp\samrxowenc.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD60D253-EE35-4D23-8233-D6242CE1E8D7}\RP187\A0041263.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mousehook.dll (Trojan.Tibs) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.75.0\HostOE.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2117
Windows 5.1.2600 Service Pack 3
2009-05-12 14:21:12
mbam-log-2009-05-12 (14-21-12).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 124443
Temps écoulé: 27 minute(s), 54 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 14
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 20
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\meyobuha.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\yiriyidi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Florant\Local Settings\Temp\mousehook.dll (Trojan.Tibs) -> Delete on reboot.
C:\WINDOWS\Temp\ntdll64.dll (Trojan.Tibs) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4320d5f5-7cbf-40b0-a720-fec05d5eef37} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4320d5f5-7cbf-40b0-a720-fec05d5eef37} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\setup.player (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Zango (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
KHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\28295a77 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fahukeyumi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm2b1a69eb (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.75.0 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\yiriyidi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Documents and Settings\Florant\Application Data\ptidle (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.75.0 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\meyobuha.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ahuboyem.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\yiriyidi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Florant\Local Settings\Temp\mousehook.dll (Trojan.Tibs) -> Delete on reboot.
C:\WINDOWS\Temp\ntdll64.dll (Trojan.Tibs) -> Delete on reboot.
C:\Documents and Settings\Florant\Local Settings\Temp\erwmnxcoas.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Florant\Local Settings\Temp\ntdll64.dll (Trojan.Tibs) -> Quarantined and deleted successfully.
C:\Documents and Settings\Florant\Local Settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Florant\Local Settings\Temp\rasesnet.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Florant\Local Settings\Temp\samrxowenc.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD60D253-EE35-4D23-8233-D6242CE1E8D7}\RP187\A0041263.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mousehook.dll (Trojan.Tibs) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.75.0\HostOE.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Florant at 2009-05-12 14:32:08
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 91 GB (79%) free of 114 GB
Total RAM: 1918 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:32:12, on 2009-05-12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Florant\Bureau\RSIT.exe
C:\Program Files\trend micro\Florant.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hec.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.75.0\Weather.exe" -auto
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wibijomi.dll C:\WINDOWS\system32\nanuyona.dll C:\WINDOWS\system32\miyokonu.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
Run by Florant at 2009-05-12 14:32:08
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 91 GB (79%) free of 114 GB
Total RAM: 1918 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:32:12, on 2009-05-12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Florant\Bureau\RSIT.exe
C:\Program Files\trend micro\Florant.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hec.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.75.0\Weather.exe" -auto
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wibijomi.dll C:\WINDOWS\system32\nanuyona.dll C:\WINDOWS\system32\miyokonu.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
ree,
Fait juste otmoveit3 puis ensuite RSIT stp.
Tu n'a pas trouvé le rapport usbfix ici ?? C:\UsbFix.txt
Si non refait l'option 2 avant le RSIT stp.
a++
Fait juste otmoveit3 puis ensuite RSIT stp.
Tu n'a pas trouvé le rapport usbfix ici ?? C:\UsbFix.txt
Si non refait l'option 2 avant le RSIT stp.
a++
voivi le rapport OTM je fais rsit tou de suite
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Program Files\Zango not found.
File/Folder C:\Program Files\Zango\bin not found.
File/Folder C:\Program Files\Zango\bin\10.3.75.0 not found.
File/Folder C:\Program Files\Zango\bin\10.3.75.0\HostOE.dll not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Florant\LOCALS~1\Temp\etilqs_hSltaHiL3s663an93LtM scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Florant\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05122009_143502
Files moved on Reboot...
File C:\DOCUME~1\Florant\LOCALS~1\Temp\etilqs_hSltaHiL3s663an93LtM not found!
DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\XUL.mfl moved successfully.
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Program Files\Zango not found.
File/Folder C:\Program Files\Zango\bin not found.
File/Folder C:\Program Files\Zango\bin\10.3.75.0 not found.
File/Folder C:\Program Files\Zango\bin\10.3.75.0\HostOE.dll not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Florant\LOCALS~1\Temp\etilqs_hSltaHiL3s663an93LtM scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Florant\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05122009_143502
Files moved on Reboot...
File C:\DOCUME~1\Florant\LOCALS~1\Temp\etilqs_hSltaHiL3s663an93LtM not found!
DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\XUL.mfl moved successfully.
############################## [ UsbFix V3.018 # Cleaning ]
# User : Florant (Administrateurs) # FLORANT-D961033
# Update on 11/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 14:49:51 | 2009-05-12
# AMD Turion(tm) 64 Mobile Technology ML-37
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]
# C:\ # Disque fixe local # 111,78 Go (90,86 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# H:\ # Disque CD-ROM # 1,21 Go (0 Mo free) [MS Office 2007] # CDFS
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\init32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Fichiers # Dossiers infectieux ]
Deleted ! C:\WINDOWS\system32\win32hlp.cnf
(!) Not Deleted ! H:\autorun.inf
################## [ Registre # Clés Run infectieuses ]
################## [ Registre # Mountpoints2 ]
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{3bad0674-205c-11de-a630-0016412074a7}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{5c9cd36e-c7af-11dd-9da4-0016412074a7}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{e0fbe5b0-9e93-11dd-9d48-0014a57aa623}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{fc65a7b4-d124-11dd-9dad-0016412074a7}\Shell\AutoRun\command
################## [ Listing des fichiers présent ]
[2008-10-08 12:39|--a------|50] - C:\AUTOEXEC.BAT
[2008-10-08 05:49|---hs----|216] - C:\boot.ini
[2004-08-05 07:00|-rahs----|4952] - C:\Bootfont.bin
[2008-10-08 05:55|--a------|0] - C:\CONFIG.SYS
[2008-10-08 06:14|--a------|3227460] - C:\DNSP1.LOG
[?|?|?] - C:\hiberfil.sys
[2008-10-08 06:17|--a------|171] - C:\HSC.log
[2008-10-08 05:55|-rahs----|0] - C:\IO.SYS
[2008-10-08 12:38|--a------|161] - C:\mscuxp.log
[2008-10-08 05:55|-rahs----|0] - C:\MSDOS.SYS
[2008-10-08 12:54|--a------|192] - C:\muvee.log
[2004-08-05 07:00|-rahs----|47564] - C:\NTDETECT.COM
[2008-10-09 06:13|-rahs----|252240] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[2008-10-08 12:41|--a------|200] - C:\sedinst2.log
[2008-10-08 12:45|--a------|171] - C:\setup.log
[2009-04-18 11:27|--ah-----|268] - C:\sqmdata00.sqm
[2009-04-20 09:30|--ah-----|268] - C:\sqmdata01.sqm
[2009-04-20 17:29|--ah-----|268] - C:\sqmdata02.sqm
[2009-04-20 22:48|--ah-----|268] - C:\sqmdata03.sqm
[2009-04-23 23:19|--ah-----|268] - C:\sqmdata04.sqm
[2009-04-24 14:09|--ah-----|268] - C:\sqmdata05.sqm
[2009-04-26 18:50|--ah-----|268] - C:\sqmdata06.sqm
[2009-04-26 22:17|--ah-----|268] - C:\sqmdata07.sqm
[2009-04-29 11:20|--ah-----|268] - C:\sqmdata08.sqm
[2009-04-03 09:05|--ah-----|268] - C:\sqmdata09.sqm
[2009-04-04 12:44|--ah-----|268] - C:\sqmdata10.sqm
[2009-04-06 17:54|--ah-----|268] - C:\sqmdata11.sqm
[2009-04-09 17:35|--ah-----|268] - C:\sqmdata12.sqm
[2009-04-09 19:38|--ah-----|268] - C:\sqmdata13.sqm
[2009-04-11 11:07|--ah-----|268] - C:\sqmdata14.sqm
[2009-04-14 17:53|--ah-----|268] - C:\sqmdata15.sqm
[2009-04-14 23:05|--ah-----|268] - C:\sqmdata16.sqm
[2009-04-15 20:36|--ah-----|268] - C:\sqmdata17.sqm
[2009-04-17 17:32|--ah-----|268] - C:\sqmdata18.sqm
[2009-04-17 20:03|--ah-----|268] - C:\sqmdata19.sqm
[2009-04-18 11:27|--ah-----|244] - C:\sqmnoopt00.sqm
[2009-04-20 09:30|--ah-----|244] - C:\sqmnoopt01.sqm
[2009-04-20 17:29|--ah-----|244] - C:\sqmnoopt02.sqm
[2009-04-20 22:48|--ah-----|244] - C:\sqmnoopt03.sqm
[2009-04-23 23:19|--ah-----|244] - C:\sqmnoopt04.sqm
[2009-04-24 14:09|--ah-----|244] - C:\sqmnoopt05.sqm
[2009-04-26 18:50|--ah-----|244] - C:\sqmnoopt06.sqm
[2009-04-26 22:17|--ah-----|244] - C:\sqmnoopt07.sqm
[2009-04-29 11:20|--ah-----|244] - C:\sqmnoopt08.sqm
[2009-04-03 09:05|--ah-----|244] - C:\sqmnoopt09.sqm
[2009-04-04 12:44|--ah-----|244] - C:\sqmnoopt10.sqm
[2009-04-06 17:54|--ah-----|244] - C:\sqmnoopt11.sqm
[2009-04-09 17:35|--ah-----|244] - C:\sqmnoopt12.sqm
[2009-04-09 19:38|--ah-----|244] - C:\sqmnoopt13.sqm
[2009-04-11 11:07|--ah-----|244] - C:\sqmnoopt14.sqm
[2009-04-14 17:53|--ah-----|244] - C:\sqmnoopt15.sqm
[2009-04-14 23:05|--ah-----|244] - C:\sqmnoopt16.sqm
[2009-04-15 20:36|--ah-----|244] - C:\sqmnoopt17.sqm
[2009-04-17 17:32|--ah-----|244] - C:\sqmnoopt18.sqm
[2009-04-17 20:03|--ah-----|244] - C:\sqmnoopt19.sqm
[2008-10-08 12:45|--a------|24082] - C:\sunjava.log
[2008-10-08 12:36|--a------|190] - C:\syntp.log
[2009-05-12 13:37|--a------|3008] - C:\TB.txt
[2008-10-08 06:04|--a------|32] - C:\ticrdbus.log
[2009-05-12 14:50|--a------|5821] - C:\UsbFix.txt
[2009-01-07 20:17|--a------|27] - C:\wizard.txt
[2007-04-10 19:10|-r-------|80] - H:\autorun.inf
[2007-04-20 05:34|-r-------|243834] - H:\Launcher.exe
[2007-04-20 05:34|-r-------|6979] - H:\Launcher.txt
[2006-06-30 16:14|-r-------|26694] - H:\Office.ico
[2007-04-10 20:29|-r-------|1082] - H:\Readme.txt
################## [ Vaccination ]
# C:\autorun.inf -> Folder created by UsbFix.
################## [ Cracks / Keygens / Serials ]
# -> Nothing found !
################## [ ! Fin du rapport # UsbFix V3.018 ! ]
# User : Florant (Administrateurs) # FLORANT-D961033
# Update on 11/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 14:49:51 | 2009-05-12
# AMD Turion(tm) 64 Mobile Technology ML-37
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]
# C:\ # Disque fixe local # 111,78 Go (90,86 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# H:\ # Disque CD-ROM # 1,21 Go (0 Mo free) [MS Office 2007] # CDFS
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\init32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Fichiers # Dossiers infectieux ]
Deleted ! C:\WINDOWS\system32\win32hlp.cnf
(!) Not Deleted ! H:\autorun.inf
################## [ Registre # Clés Run infectieuses ]
################## [ Registre # Mountpoints2 ]
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{3bad0674-205c-11de-a630-0016412074a7}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{5c9cd36e-c7af-11dd-9da4-0016412074a7}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{e0fbe5b0-9e93-11dd-9d48-0014a57aa623}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{fc65a7b4-d124-11dd-9dad-0016412074a7}\Shell\AutoRun\command
################## [ Listing des fichiers présent ]
[2008-10-08 12:39|--a------|50] - C:\AUTOEXEC.BAT
[2008-10-08 05:49|---hs----|216] - C:\boot.ini
[2004-08-05 07:00|-rahs----|4952] - C:\Bootfont.bin
[2008-10-08 05:55|--a------|0] - C:\CONFIG.SYS
[2008-10-08 06:14|--a------|3227460] - C:\DNSP1.LOG
[?|?|?] - C:\hiberfil.sys
[2008-10-08 06:17|--a------|171] - C:\HSC.log
[2008-10-08 05:55|-rahs----|0] - C:\IO.SYS
[2008-10-08 12:38|--a------|161] - C:\mscuxp.log
[2008-10-08 05:55|-rahs----|0] - C:\MSDOS.SYS
[2008-10-08 12:54|--a------|192] - C:\muvee.log
[2004-08-05 07:00|-rahs----|47564] - C:\NTDETECT.COM
[2008-10-09 06:13|-rahs----|252240] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[2008-10-08 12:41|--a------|200] - C:\sedinst2.log
[2008-10-08 12:45|--a------|171] - C:\setup.log
[2009-04-18 11:27|--ah-----|268] - C:\sqmdata00.sqm
[2009-04-20 09:30|--ah-----|268] - C:\sqmdata01.sqm
[2009-04-20 17:29|--ah-----|268] - C:\sqmdata02.sqm
[2009-04-20 22:48|--ah-----|268] - C:\sqmdata03.sqm
[2009-04-23 23:19|--ah-----|268] - C:\sqmdata04.sqm
[2009-04-24 14:09|--ah-----|268] - C:\sqmdata05.sqm
[2009-04-26 18:50|--ah-----|268] - C:\sqmdata06.sqm
[2009-04-26 22:17|--ah-----|268] - C:\sqmdata07.sqm
[2009-04-29 11:20|--ah-----|268] - C:\sqmdata08.sqm
[2009-04-03 09:05|--ah-----|268] - C:\sqmdata09.sqm
[2009-04-04 12:44|--ah-----|268] - C:\sqmdata10.sqm
[2009-04-06 17:54|--ah-----|268] - C:\sqmdata11.sqm
[2009-04-09 17:35|--ah-----|268] - C:\sqmdata12.sqm
[2009-04-09 19:38|--ah-----|268] - C:\sqmdata13.sqm
[2009-04-11 11:07|--ah-----|268] - C:\sqmdata14.sqm
[2009-04-14 17:53|--ah-----|268] - C:\sqmdata15.sqm
[2009-04-14 23:05|--ah-----|268] - C:\sqmdata16.sqm
[2009-04-15 20:36|--ah-----|268] - C:\sqmdata17.sqm
[2009-04-17 17:32|--ah-----|268] - C:\sqmdata18.sqm
[2009-04-17 20:03|--ah-----|268] - C:\sqmdata19.sqm
[2009-04-18 11:27|--ah-----|244] - C:\sqmnoopt00.sqm
[2009-04-20 09:30|--ah-----|244] - C:\sqmnoopt01.sqm
[2009-04-20 17:29|--ah-----|244] - C:\sqmnoopt02.sqm
[2009-04-20 22:48|--ah-----|244] - C:\sqmnoopt03.sqm
[2009-04-23 23:19|--ah-----|244] - C:\sqmnoopt04.sqm
[2009-04-24 14:09|--ah-----|244] - C:\sqmnoopt05.sqm
[2009-04-26 18:50|--ah-----|244] - C:\sqmnoopt06.sqm
[2009-04-26 22:17|--ah-----|244] - C:\sqmnoopt07.sqm
[2009-04-29 11:20|--ah-----|244] - C:\sqmnoopt08.sqm
[2009-04-03 09:05|--ah-----|244] - C:\sqmnoopt09.sqm
[2009-04-04 12:44|--ah-----|244] - C:\sqmnoopt10.sqm
[2009-04-06 17:54|--ah-----|244] - C:\sqmnoopt11.sqm
[2009-04-09 17:35|--ah-----|244] - C:\sqmnoopt12.sqm
[2009-04-09 19:38|--ah-----|244] - C:\sqmnoopt13.sqm
[2009-04-11 11:07|--ah-----|244] - C:\sqmnoopt14.sqm
[2009-04-14 17:53|--ah-----|244] - C:\sqmnoopt15.sqm
[2009-04-14 23:05|--ah-----|244] - C:\sqmnoopt16.sqm
[2009-04-15 20:36|--ah-----|244] - C:\sqmnoopt17.sqm
[2009-04-17 17:32|--ah-----|244] - C:\sqmnoopt18.sqm
[2009-04-17 20:03|--ah-----|244] - C:\sqmnoopt19.sqm
[2008-10-08 12:45|--a------|24082] - C:\sunjava.log
[2008-10-08 12:36|--a------|190] - C:\syntp.log
[2009-05-12 13:37|--a------|3008] - C:\TB.txt
[2008-10-08 06:04|--a------|32] - C:\ticrdbus.log
[2009-05-12 14:50|--a------|5821] - C:\UsbFix.txt
[2009-01-07 20:17|--a------|27] - C:\wizard.txt
[2007-04-10 19:10|-r-------|80] - H:\autorun.inf
[2007-04-20 05:34|-r-------|243834] - H:\Launcher.exe
[2007-04-20 05:34|-r-------|6979] - H:\Launcher.txt
[2006-06-30 16:14|-r-------|26694] - H:\Office.ico
[2007-04-10 20:29|-r-------|1082] - H:\Readme.txt
################## [ Vaccination ]
# C:\autorun.inf -> Folder created by UsbFix.
################## [ Cracks / Keygens / Serials ]
# -> Nothing found !
################## [ ! Fin du rapport # UsbFix V3.018 ! ]
et voila le rsit
Logfile of random's system information tool 1.06 (written by random/random)
Run by Florant at 2009-05-12 14:52:19
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 93 GB (81%) free of 114 GB
Total RAM: 1918 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:52:23, on 2009-05-12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Florant\Bureau\RSIT.exe
C:\Program Files\trend micro\Florant.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.75.0\Weather.exe" -auto
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wibijomi.dll C:\WINDOWS\system32\nanuyona.dll C:\WINDOWS\system32\miyokonu.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by Florant at 2009-05-12 14:52:19
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 93 GB (81%) free of 114 GB
Total RAM: 1918 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:52:23, on 2009-05-12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Florant\Bureau\RSIT.exe
C:\Program Files\trend micro\Florant.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.75.0\Weather.exe" -auto
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wibijomi.dll C:\WINDOWS\system32\nanuyona.dll C:\WINDOWS\system32\miyokonu.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
salut,
On a bien avancer.
I)Telecharge et enregistre sur ton bureau Hijackthis :
http://www.trendsecure.com/portal/fr/_download/HiJackThis.exe
Lance le logiciel hijackthis.
Au menu, « clique sur do a system scan only ».
Coche moi ces lignes en gras :
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe"
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.75.0\Weather.exe" -auto
O20 - AppInit_DLLs: C:\WINDOWS\system32\wibijomi.dll C:\WINDOWS\system32\nanuyona.dll C:\WINDOWS\system32\miyokonu.dll
Clique sur « fix checked ».
Puis refait moi un nouveau rapport RSIT stp.
On a bien avancer.
I)Telecharge et enregistre sur ton bureau Hijackthis :
http://www.trendsecure.com/portal/fr/_download/HiJackThis.exe
Lance le logiciel hijackthis.
Au menu, « clique sur do a system scan only ».
Coche moi ces lignes en gras :
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe"
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.75.0\Weather.exe" -auto
O20 - AppInit_DLLs: C:\WINDOWS\system32\wibijomi.dll C:\WINDOWS\system32\nanuyona.dll C:\WINDOWS\system32\miyokonu.dll
Clique sur « fix checked ».
Puis refait moi un nouveau rapport RSIT stp.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Florant at 2009-05-13 18:30:40
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 93 GB (81%) free of 114 GB
Total RAM: 1918 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:43, on 2009-05-13
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Florant\Bureau\RSIT.exe
C:\Documents and Settings\Florant\Bureau\Florant.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
Run by Florant at 2009-05-13 18:30:40
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 93 GB (81%) free of 114 GB
Total RAM: 1918 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:43, on 2009-05-13
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Florant\Bureau\RSIT.exe
C:\Documents and Settings\Florant\Bureau\Florant.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
salut,
Je veut vérifier un fichier. :)
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\ahuboyem.tmp
Clique sur envoyer le fichier.
Un rapport va s'élaborer ligne à ligne.
Si le rapport ne s’affiche pas, clique sur afficher le dernier rapport.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant.
Je veut vérifier un fichier. :)
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\ahuboyem.tmp
Clique sur envoyer le fichier.
Un rapport va s'élaborer ligne à ligne.
Si le rapport ne s’affiche pas, clique sur afficher le dernier rapport.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant.
