Cheval de troie

sylar73 -  
toto666 Messages postés 331 Statut Membre -
Bonjour, depuis deux jours j ai plusieurs chevaux de troie sur mon laptop que je n arrive pas a enlever......j ai fait tourner mon antivirus (avg) mais ce dernier n arrive pas a les supprimer.....je n arrive plus a ouvrir firefox et a la place j ai internet explorer qui s ouvre avec une page qui m offre les services d un antivirus........bref est ce que je dois reformater ou autres choses......

j attend de vos news

merci
Configuration: Windows XP
Firefox 3.0.10

12 réponses

  1. toto666 Messages postés 331 Statut Membre 14
     
    salut,

    On va voir ce que tu a sur ton pc.

    I)Telecharger random's system information tool: (RSIT)

    http://images.malwareremoval.com/random/RSIT.exe

    1)Double clique sur l’icône RSIT.exe
    2)Clique sur continue.
    3)L’analyse terminée, deux fichiers s’ouvriront, poste moi les 2 rapports stp.
    Si les 2 fichiers ne s’ouvrent pas va dans C:\rsit , tu y trouvera les 2 fichiers info.txt et log.txt
    0
    1. sylar73
       
      je savais pas si il fallait que je t envois tout ca mais je l ai fait....
      0
  2. sylar73
     
    voila mon rapport avg

    "C:\Documents and Settings\Florant\Application Data\ptidle\ptidle.exe";"Trojan horse Downloader.Generic8.ALDS";"Moved to Virus Vault"
    "C:\Documents and Settings\Florant\Application Data\ptidle\ptidle.exe";"Trojan horse Downloader.Generic8.ALDS";"Moved to Virus Vault"
    "C:\Documents and Settings\Florant\Application Data\ptidle\ptidle.exe";"Trojan horse Downloader.Generic8.ALDS";"Moved to Virus Vault"
    "C:\Documents and Settings\Florant\Application Data\ptidle\ptidle.exe (3928)";"Trojan horse Downloader.Generic8.ALDS";"Reboot is required to finish the action"
    "C:\WINDOWS\system32\ahtn.htm";"Trojan horse Downloader.Generic_c.AQA";"Moved to Virus Vault"
    "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0P2N49IF\warning[1].gif";"Trojan horse Generic_c.ABVY";"Moved to Virus Vault"
    "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\45EB4TQJ\winlogon[1].htm";"Trojan horse Downloader.Generic_c.AQA";"Moved to Virus Vault"
    "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GDEZ8HY3\lsp[1].exe";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
    "C:\WINDOWS\system32\dllcache\userinit.exe";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
    "C:\WINDOWS\system32\duziyano.dll";"Trojan horse SHeur2.AEOL";"Moved to Virus Vault"
    "C:\WINDOWS\system32\frmwrk32.exe";"Trojan horse SHeur2.AEUE";"Moved to Virus Vault"
    "C:\WINDOWS\system32\fuwijawa.dll";"Trojan horse SHeur2.AEOL";"Moved to Virus Vault"
    "C:\WINDOWS\system32\loader49.exe";"Trojan horse SHeur2.AEUE";"Moved to Virus Vault"
    "C:\WINDOWS\system32\ntdll64.exe";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
    "C:\WINDOWS\system32\prnet.tmp";"Trojan horse Downloader.Generic8.AMBO";"Moved to Virus Vault"
    "C:\WINDOWS\system32\userinit.exe";"Virus identified Win32/Cryptor";"Object is white-listed (critical/system file that should not be removed)"
    "C:\WINDOWS\system32\warning.gif";"Trojan horse Generic_c.ABVY";"Moved to Virus Vault"
    "C:\WINDOWS\system32\wedoduje.dll";"Trojan horse SHeur2.AEOL";"Moved to Virus Vault"
    0
  3. sylar73
     
    info.txt logfile of random's system information tool 1.06 2009-05-12 12:39:21

    ======Uninstall list======

    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 6.0.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001}
    Advertisement Service-->C:\WINDOWS\system32\prnet.tmp Uninstall
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Arena 10.0 (CPR 7)-->MsiExec.exe /I{BD78DE74-95DB-429D-A66F-6306BCEDA640}
    Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
    Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c
    ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
    Broadcom 802.11 Wireless LAN Adapter-->C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo
    Coffret de pilotes Logitech QuickCam-->"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.80" /clone_wait /hide_progress
    Compaq Presario r4000 User Guides-->C:\PROGRA~1\CPQ\UNWISE.EXE C:\PROGRA~1\CPQ\INSTALL.LOG
    Conexant AC-Link Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -Iqta3091.inf
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C\HXFSETUP.EXE -U -IVEN_1002&DEV_4378&SUBSYS_3091103C
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
    HP Help and Support-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x40c -removeonly
    HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
    HP Pavillion zv6000 User Guides-->C:\PROGRA~1\HPQ\UNWISE.EXE C:\PROGRA~1\HPQ\INSTALL.LOG
    HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
    HP Wireless Assistant 1.01 A3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x40c hpquninst
    InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
    iTunes-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
    J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}
    Magic ISO Maker v5.5 (build 0272)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
    MagicDisc 2.7.105-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
    Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
    Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
    Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    muvee autoProducer 4.0 - SE-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534AA552-E1F1-4965-B2AA-FBDEB0730D60}\setup.exe" -l0x40c
    Panneau de contrôle ATI-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
    Quick Launch Buttons 5.10 B3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x40c -uninst
    QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
    REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0xc0c REMOVE
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
    Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
    Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
    Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
    Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
    Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
    Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1} /l1036
    TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
    Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
    Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
    Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D}
    UserGuides-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02E22217-0E96-4C3F-B831-83AA942B7715}\setup.exe" -l0x40c
    Winamax Poker (remove only)-->"C:\Program Files\WinamaxPoker\uninst.exe"
    Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    Zango-->"C:\Program Files\Zango\bin\10.3.75.0\ZangoUninstaller.exe" Web

    ======Security center information======

    AV: AVG Anti-Virus Free

    ======System event log======

    Computer Name: FLORANT-D961033
    Event Code: 7036
    Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution.

    Record Number: 9232
    Source Name: Service Control Manager
    Time Written: 20090313171518.000000-360
    Event Type: Informations
    User:

    Computer Name: FLORANT-D961033
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).

    Record Number: 9231
    Source Name: Service Control Manager
    Time Written: 20090313171518.000000-360
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: FLORANT-D961033
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service iPod Service.

    Record Number: 9230
    Source Name: Service Control Manager
    Time Written: 20090313171518.000000-360
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: FLORANT-D961033
    Event Code: 7036
    Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.

    Record Number: 9229
    Source Name: Service Control Manager
    Time Written: 20090313171518.000000-360
    Event Type: Informations
    User:

    Computer Name: FLORANT-D961033
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.

    Record Number: 9228
    Source Name: Service Control Manager
    Time Written: 20090313171518.000000-360
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    =====Application event log=====

    Computer Name: FLORANT-D961033
    Event Code: 1003
    Message: Le service Windows Search a été démarré.

    Record Number: 1083
    Source Name: Windows Search Service
    Time Written: 20081208110546.000000-360
    Event Type: Informations
    User:

    Computer Name: FLORANT-D961033
    Event Code: 1800
    Message: Le service Centre de sécurité Windows a démarré.

    Record Number: 1082
    Source Name: SecurityCenter
    Time Written: 20081208110546.000000-360
    Event Type: Informations
    User:

    Computer Name: FLORANT-D961033
    Event Code: 102
    Message: Windows (368) Windows: Le moteur de base de données a démarré une nouvelle instance (0).

    Record Number: 1081
    Source Name: ESENT
    Time Written: 20081208110542.000000-360
    Event Type: Informations
    User:

    Computer Name: FLORANT-D961033
    Event Code: 100
    Message: SearchIndexer (368) Le moteur de base de données 5.01.2600.5512 est démarré.

    Record Number: 1080
    Source Name: ESENT
    Time Written: 20081208110542.000000-360
    Event Type: Informations
    User:

    Computer Name: FLORANT-D961033
    Event Code: 0
    Message:
    Record Number: 1079
    Source Name: btwdins
    Time Written: 20081208110539.000000-360
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=C:\Program Files\Rockwell Software\RSCommon;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\Panneau de contrôle ATI
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION"=2402
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "SonicCentral"=C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\

    -----------------EOF-----------------
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. sylar73
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Florant at 2009-05-12 12:39:06
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 91 GB (79%) free of 114 GB
    Total RAM: 1918 MB (69% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:39:18, on 2009-05-12
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
    C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HPQ\shared\hpqwmi.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Florant\Bureau\RSIT.exe
    C:\Program Files\trend micro\Florant.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hec.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {4320d5f5-7cbf-40b0-a720-fec05d5eef37} - C:\WINDOWS\system32\wedoduje.dll (file missing)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
    O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe"
    O4 - HKLM\..\Run: [fahukeyumi] Rundll32.exe "C:\WINDOWS\system32\yadusura.dll",s
    O4 - HKLM\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp"
    O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
    O4 - HKLM\..\Run: [28295a77] rundll32.exe "C:\WINDOWS\system32\meyobuha.dll",b
    O4 - HKLM\..\Run: [CPM2b1a69eb] Rundll32.exe "c:\windows\system32\yiriyidi.dll",a
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.75.0\Weather.exe" -auto
    O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
    O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\wibijomi.dll C:\WINDOWS\system32\nanuyona.dll C:\WINDOWS\system32\miyokonu.dll c:\windows\system32\yiriyidi.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yiriyidi.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yiriyidi.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    0
  6. toto666 Messages postés 331 Statut Membre 14
     
    Ree,

    ton pc est bien infecté.

    I)Télécharger Toolbar S&D :

    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    1)Double clique sur l’icone ToolbarSD.exe, le menu s’ouvre tape « f » puis entrée.(un message d’avertissement arrivera clique sur ok)
    2)Choisit l’option 1 pour la recherche (tape 1)
    3)Laisse chercher le logiciel….
    4)A la fin de la recherche le bloc notes s’ouvrira, fait moi un copier-coller de ce rapport dans ta prochaine réponse.
    (note :le rapport se trouve dans C:\TB.txt)

    (Attention :Pour l’instant n’effectue pas l’option 2 avant que je te le dise)

    Puis,

    ▶ Télécharge et install UsbFix : http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
    • Double clic sur le raccourci UsbFix présent sur ton bureau .
    • Choisis l' option 1 ( Recherche )
    • Laisse travailler l'outil.
    • Ensuite post le rapport UsbFix.txt qui apparaitra.
    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
    • Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    0
    1. sylar73
       
      -----------\\ ToolBar S&D 1.2.8 XP/Vista

      Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
      X86-based PC ( Uniprocessor Free : AMD Turion(tm) 64 Mobile Technology ML-37 )
      BIOS : wPhoenix NoteBIOS 4.0 Release 6.1
      USER : Florant ( Administrator )
      BOOT : Normal boot
      Antivirus : AVG Anti-Virus Free 8.5 (Activated)
      C:\ (Local Disk) - NTFS - Total:111 Go (Free:88 Go)
      D:\ (CD or DVD)
      E:\ (CD or DVD)
      F:\ (CD or DVD)
      G:\ (CD or DVD)
      H:\ (CD or DVD) - CDFS - Total:1 Go (Free:0 Go)

      "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
      Option : [1] ( 2009-05-12|12:55 )

      -----------\\ Recherche de Fichiers / Dossiers ...

      C:\DOCUME~1\Florant\Cookies\florant@contentcatalog.hotbar[1].txt
      C:\DOCUME~1\Florant\Cookies\florant@hotbar[2].txt
      C:\WINDOWS\Prefetch\WAVVSNET.TMP-1F171260.pf
      C:\DOCUME~1\Florant\APPLIC~1\WeatherDPA
      C:\DOCUME~1\Florant\APPLIC~1\WeatherDPA\Weather
      C:\DOCUME~1\Florant\APPLIC~1\WeatherDPA\Weather\WeatherDPA
      C:\DOCUME~1\Florant\APPLIC~1\WeatherDPA\Weather\WeatherStartup.xml
      C:\DOCUME~1\Florant\APPLIC~1\WeatherDPA\Weather\WeatherDPA\Weather_XML
      C:\DOCUME~1\Florant\APPLIC~1\Zango
      C:\DOCUME~1\Florant\APPLIC~1\Zango\IESkins
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\HostOI
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\HostOL
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\HostOI\dynamic
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\HostOI\static
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\HostOL\dynamic
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\HostOL\static
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\1.sdf
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\1055978.sdf
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\1224397.sdf
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\1383704.sdf
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\1383771.sdf
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\1383918.sdf
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\1390909.sdf
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\2894097.sdf
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\3284506.sdf
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\3852296.sdf
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\3893447.sdf
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\601935.sdf
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\domains.txt
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\ustat
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000024131
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000032748
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000035683
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000090992
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000091139
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000091333
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000091383
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000091460
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000091752
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1000091803
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\11297
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\11891
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\12776
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\13608
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\1491
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\159294
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\166651
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\193409
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\249916
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\260609
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\26656
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\29115
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\29642
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\32290
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\324832
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\32541
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\33146
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\35006
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\35017
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\389687
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\39072
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\41333
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\455563
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\477253
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\477779
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\510935
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\53060
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\532492
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\53481
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\54473
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\547723
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\552212
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\56815
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\56829
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\57904
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\64646
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\65770
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\69156
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\69263
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\71531
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\72072
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\73282
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\737665
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\73861
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\745144
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\748176
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\751223
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\752698
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\753266
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\753469
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\753576
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\79819
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\82292
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\83216
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\83706
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\84369
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\90711
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\94844
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\TooltipXML\95825
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\ustat\3827.dat
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\dynamic\ustat\3828.dat
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\avatar.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\btntrans.idx
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\btntrans1.dat
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\buttondir.txt
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\components.cdf
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\cursors.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\default.cdf
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_categorize.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_comparison.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_favorites.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_Games.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_Hide.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_jemster.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_Mails.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_new.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_premium.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_reun.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_weather.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\d_icons_weather.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\editblbuttons.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\email-t1-bg.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\hotbar-premium-hotbar-premium.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\hotbar-premium.cdf
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\icons2.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\ie_games_icon.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\ie_video.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\keywords.idx
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\keywords1.dat
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\layout.cdf
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\linkpathlegal.txt
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\progress.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\sales_buttons.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\sdfmodifier.xml
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\s_icons_buttons.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\t2_bg.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\theweb.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\top7.cdf
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\tsd_bg.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\zango_btn.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\1\zango_ie_menu.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\avatar.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\btntrans.idx
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\btntrans1.dat
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\buttondir.txt
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\components.cdf
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\cursors.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\default.cdf
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_categorize.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_comparison.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_favorites.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_Games.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_Hide.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_hotbarcom.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_hsskin.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_jemster.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_jemsterie.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_jemsteruk.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_jobsearch.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_Mails.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_MobileSidewalk.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_new.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_premium.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_reun.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_ringtones.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_SearchBoxTrapper.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_searchfor.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_searchgo.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_weather.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Default_yellowpages.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_buttons_1000.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_buttons_2000.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_buttons_3000.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_buttons_bar.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_buttons_bbar1.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_buttons_logos.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_buttons_other.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\d_icons_weather.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\editblbuttons.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\email-def-511724-548964.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\email-def-511724-9595.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\email-t1-bg.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\hotbar-premium-hotbar-premium.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\hotbar-premium.cdf
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\icons2.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\ie_games_icon.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\ie_video.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\keywords.idx
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\keywords1.dat
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\layout.cdf
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\linkpathlegal.txt
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\progress.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\sales_buttons.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\sdfmodifier.xml
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\s_icons_buttons.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\t2_bg.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\theweb.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\top7.cdf
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\Top7_theweb.mnu
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\tsd_bg.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\zango_btn.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\2\zango_ie_menu.res
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\avatar.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\cursors.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\default.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\hotbar-premium.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\icons2.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\keywords.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\layout.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\progress.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\samplegroups2.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\top7.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
      C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
      C:\Program Files\Zango
      C:\Program Files\Zango\bin
      C:\Program Files\Zango\bin\10.3.75.0
      C:\Program Files\Zango\bin\10.3.75.0\arrow.ico
      C:\Program Files\Zango\bin\10.3.75.0\CntntCntr.dll
      C:\Program Files\Zango\bin\10.3.75.0\copyright.txt
      C:\Program Files\Zango\bin\10.3.75.0\CoreSrv.dll
      C:\Program Files\Zango\bin\10.3.75.0\firefox
      C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll
      C:\Program Files\Zango\bin\10.3.75.0\HostOE.dll
      C:\Program Files\Zango\bin\10.3.75.0\HostOL.dll
      C:\Program Files\Zango\bin\10.3.75.0\link.ico
      C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
      C:\Program Files\Zango\bin\10.3.75.0\Srv.exe
      C:\Program Files\Zango\bin\10.3.75.0\Toolbar.dll
      C:\Program Files\Zango\bin\10.3.75.0\Wallpaper.dll
      C:\Program Files\Zango\bin\10.3.75.0\Weather.exe
      C:\Program Files\Zango\bin\10.3.75.0\WeSkin.dll
      C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe
      C:\Program Files\Zango\bin\10.3.75.0\ZangoSAAX.dll
      C:\Program Files\Zango\bin\10.3.75.0\ZangoSADF.exe
      C:\Program Files\Zango\bin\10.3.75.0\ZangoSAHook.dll
      C:\Program Files\Zango\bin\10.3.75.0\ZangoUninstaller.exe
      C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions
      C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions\chrome.manifest
      C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions\components
      C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions\install.rdf
      C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions\plugins
      C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions\components\npclntax.xpt
      C:\Program Files\Zango\bin\10.3.75.0\firefox\extensions\plugins\npclntax_ZangoSA.dll
      C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Zango
      C:\DOCUME~1\Florant\Cookies\florant@hosted.zango[2].txt
      C:\DOCUME~1\Florant\Cookies\florant@www.zango[2].txt
      C:\DOCUME~1\ALLUSE~1\APPLIC~1\2ACA5CC3-0F83-453D-A079-1076FE1A8B65

      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
      "Start Page"="https://www.hec.ca/"
      "Search Page"="https://www.google.com/?gws_rd=ssl"
      "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
      "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"


      --------------------\\ Recherche d'autres infections


      Aucune autre infection trouvée !


      1 - "C:\ToolBar SD\TB_1.txt" - 2009-05-12|12:56 - Option : [1]

      -----------\\ Fin du rapport a 12:56:03,85
      0
    2. sylar73
       
      ############################## [ UsbFix V3.018 # Scan ]

      # User : Florant (Administrateurs) # FLORANT-D961033
      # Update on 11/05/09 by Chiquitine29, C_XX & Chimay8
      # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
      # Start at: 13:05:58 | 2009-05-12

      # AMD Turion(tm) 64 Mobile Technology ML-37
      # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
      # Internet Explorer 7.0.5730.13
      # Windows Firewall Status : Enabled
      # AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]

      # C:\ # Disque fixe local # 111,78 Go (88,6 Go free) # NTFS
      # D:\ # Disque CD-ROM
      # E:\ # Disque CD-ROM
      # F:\ # Disque CD-ROM
      # G:\ # Disque CD-ROM
      # H:\ # Disque CD-ROM # 1,21 Go (0 Mo free) [MS Office 2007] # CDFS

      ############################## [ Processus actifs ]

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\userinit.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
      C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
      C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
      C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
      C:\PROGRA~1\AVG\AVG8\avgtray.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
      C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
      C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
      C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
      C:\PROGRA~1\AVG\AVG8\avgemc.exe
      C:\PROGRA~1\AVG\AVG8\avgrsx.exe
      C:\PROGRA~1\AVG\AVG8\avgnsx.exe
      C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
      C:\Program Files\AVG\AVG8\avgcsrvx.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\HPQ\shared\hpqwmi.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Zango\bin\10.3.75.0\Srv.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\WINDOWS\system32\SearchProtocolHost.exe
      C:\WINDOWS\system32\SearchFilterHost.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      ################## [ Registre # Startup ]

      HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
      HKCU_Main: "Search Page"="https://www.google.com/?gws_rd=ssl"
      HKCU_Main: "Start Page"="https://www.hec.ca/"
      HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
      HKLM_logon: "DefaultUserName"="Florant"
      HKLM_logon: "AltDefaultUserName"="Florant"
      HKLM_logon: "LegalNoticeCaption"=""
      HKLM_logon: "LegalNoticeText"=""
      HKLM_Run: IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      HKLM_Run: PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      HKLM_Run: PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      HKLM_Run: Cpqset=C:\Program Files\HPQ\Default Settings\cpqset.exe
      HKLM_Run: HP Software Update=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      HKLM_Run: iTunesHelper=C:\Program Files\iTunes\iTunesHelper.exe
      HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
      HKLM_Run: SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      HKLM_Run: SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      HKLM_Run: eabconfg.cpl=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
      HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      HKLM_Run: hpWirelessAssistant=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
      HKLM_Run: ATIPTA="C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe"
      HKLM_Run: AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
      HKLM_Run: GrooveMonitor="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      HKLM_Run: LogitechCommunicationsManager="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
      HKLM_Run: LogitechQuickCamRibbon="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
      HKLM_Run: ZangoOE=C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
      HKLM_Run: ZangoSA="C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe"
      HKLM_Run: fahukeyumi=Rundll32.exe "C:\WINDOWS\system32\yadusura.dll",s
      HKLM_Run: prnet="C:\WINDOWS\system32\prnet.tmp"
      HKLM_Run: Framework Windows=frmwrk32.exe
      HKLM_Run: 28295a77=rundll32.exe "C:\WINDOWS\system32\meyobuha.dll",b
      HKLM_Run: CPM2b1a69eb=Rundll32.exe "c:\windows\system32\yiriyidi.dll",a
      HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
      HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
      HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      HKCU_Run: MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      HKCU_Run: WeatherDPA="C:\Program Files\Zango\bin\10.3.75.0\Weather.exe" -auto

      ################## [ Informations ]


      ################## [ Fichiers # Dossiers infectieux ]

      Found ! C:\WINDOWS\system32\ahtn.htm
      Found ! C:\WINDOWS\system32\win32hlp.cnf
      Found ! H:\autorun.inf

      ################## [ Registre # Clés Run infectieuses ]

      Found ! HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
      # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
      Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Framework Windows"

      ################## [ Registre # Mountpoints2 ]

      HKCU\Software\Microsoft\....\MountPoints2\{3bad0674-205c-11de-a630-0016412074a7}\Shell\AutoRun\command
      HKCU\Software\Microsoft\....\MountPoints2\{3bad0674-205c-11de-a630-0016412074a7}\Shell\install\Command
      HKCU\Software\Microsoft\....\MountPoints2\{5c9cd36e-c7af-11dd-9da4-0016412074a7}\Shell\AutoRun\command
      HKCU\Software\Microsoft\....\MountPoints2\{5c9cd36e-c7af-11dd-9da4-0016412074a7}\Shell\open\Command
      HKCU\Software\Microsoft\....\MountPoints2\{e0fbe5b0-9e93-11dd-9d48-0014a57aa623}\Shell\AutoRun\command
      HKCU\Software\Microsoft\....\MountPoints2\{e0fbe5b0-9e93-11dd-9d48-0014a57aa623}\Shell\open\Command
      HKCU\Software\Microsoft\....\MountPoints2\{fc65a7b4-d124-11dd-9dad-0016412074a7}\Shell\AutoRun\command

      ################## [ ! Fin du rapport # UsbFix V3.018 ! ]
      0
      1. toto666 Messages postés 331 Statut Membre 14 > sylar73
         
        Ree,

        On continu.suit bien la procédure dans l'ordre stp. :)

        Relance Toolbar.
        Cette fois choisit l’option2.
        Poste moi le rapport.

        puis,
        (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
        • Double clic sur le raccourci UsbFix présent sur ton bureau
        • choisis l' option 2 ( Suppression )
        • Ton bureau disparaitra et le pc redémarrera .
        • Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
        • Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

        • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
        ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


        I)Télécharger sur ton bureau Malwarebyte's Anti-Malware :

        telecharge malware's bytes a cette adresse:

        http://www.malwarebytes.org/mbam/program/mbam-setup.exe

        1)Double-clic « mbam-setup »,l'installation se lance (installer sans rien changer).
        2)Lance le programme,va dans l'onlet « mise à jour » puis clique « recherche de mise à jour ».
        3)Va dans l'onglet « recherche » puis cocher « Exécuter un exament complet » >>clique « rechercher » puis lancer l'examen.
        4)A la fin du scan ,si il y a des infections clique « afficher résultat ».
        5)fermer toutes les autres applications.
        6)Vérifier si tout est coché et clic « Supprimer la sélection ».

        7)Un rapport s'ouvre copier-coller dans ta prochaine réponse


        Puis poste moi un nouveau rapport RSIT stp.
        0
      2. sylar73 > toto666 Messages postés 331 Statut Membre
         
        usbfix ne c pas relancer au demarage est ce que je dois faire quelques choses de particuliers.....dis moi tout....et desole pour mon ignorance
        0
  7. sylar73
     
    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Turion(tm) 64 Mobile Technology ML-37 )
    BIOS : wPhoenix NoteBIOS 4.0 Release 6.1
    USER : Florant ( Administrator )
    BOOT : Normal boot
    Antivirus : AVG Anti-Virus Free 8.5 (Activated)
    C:\ (Local Disk) - NTFS - Total:111 Go (Free:88 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)
    F:\ (CD or DVD)
    G:\ (CD or DVD)
    H:\ (CD or DVD) - CDFS - Total:1 Go (Free:0 Go)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [2] ( 2009-05-12|13:36 )

    -----------\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\Florant\Cookies\florant@contentcatalog.hotbar[1].txt
    Supprime! - C:\DOCUME~1\Florant\Cookies\florant@hotbar[2].txt
    Supprime! - C:\WINDOWS\Prefetch\WAVVSNET.TMP-1F171260.pf
    Supprime! - C:\DOCUME~1\Florant\APPLIC~1\WeatherDPA\Weather
    Supprime! - C:\DOCUME~1\Florant\APPLIC~1\Zango\IESkins
    Supprime! - C:\DOCUME~1\Florant\APPLIC~1\Zango\v3.0
    Echec ! - C:\Program Files\Zango\bin
    Echec ! - C:\Program Files\Zango\bin\10.3.75.0
    Echec ! - C:\Program Files\Zango\bin\10.3.75.0\HostOE.dll
    Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Zango
    Supprime! - C:\DOCUME~1\Florant\Cookies\florant@hosted.zango[2].txt
    Supprime! - C:\DOCUME~1\Florant\Cookies\florant@www.zango[2].txt
    Supprime! - C:\DOCUME~1\Florant\APPLIC~1\WeatherDPA
    Supprime! - C:\DOCUME~1\Florant\APPLIC~1\Zango
    Echec ! - C:\Program Files\Zango
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\2ACA5CC3-0F83-453D-A079-1076FE1A8B65

    -----------\\ DEUXIEME PASSAGE

    Echec ! - C:\Program Files\Zango\bin
    Echec ! - C:\Program Files\Zango\bin\10.3.75.0
    Echec ! - C:\Program Files\Zango\bin\10.3.75.0\HostOE.dll
    Echec ! - C:\Program Files\Zango

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\Program Files\Zango
    C:\Program Files\Zango\bin
    C:\Program Files\Zango\bin\10.3.75.0
    C:\Program Files\Zango\bin\10.3.75.0\HostOE.dll

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="https://www.hec.ca/"
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Start Page"="https://www.msn.com/fr-fr/"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    1 - "C:\ToolBar SD\TB_1.txt" - 2009-05-12|12:56 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 2009-05-12|13:37 - Option : [2]

    -----------\\ Fin du rapport a 13:37:55,98
    0
  8. toto666 Messages postés 331 Statut Membre 14
     
    L'option 2 l'a tu validé?
    As tu suivi la procédure de l'option 2 de usbfix? as tu un rapport ??
    1) Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau.
    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    Double-clique sur OTMoveIt.exe pour le lancer.
    Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste Instructions for Items to be Moved.


    :processes
    explorer.exe

    :Files
    C:\Program Files\Zango
    C:\Program Files\Zango\bin
    C:\Program Files\Zango\bin\10.3.75.0
    C:\Program Files\Zango\bin\10.3.75.0\HostOE.dll

    :commands
    [emptytemp]
    [start explorer]
    [reboot]


    clique sur MoveIt! pour lancer la suppression.
    Le résultat apparaitra dans le cadre "Results".
    Clique sur Exit pour fermer.

    Poste le rapport ( fichier .log ) situé dans C:\_OTMoveIt\MovedFiles.

    Passe ensuite a malwarebyte's stp.
    0
    1. sylar73
       
      oui je te ai envoye plus tot je suis ac malwarebytes en ce moment je voulais juste te dire qu il ne c t pas relancer apres le redemarrage c tout je vouias savoir si c etais vraiment important.......je t envoie le rapport de malwarbyte une fois terminer plus celui de rsit
      0
      1. toto666 Messages postés 331 Statut Membre 14 > sylar73
         
        oK pas de problème :)
        0
      2. sylar73 > toto666 Messages postés 331 Statut Membre
         
        j ai fait malwarebyte en premier sans faire oldtimer voici le rapport.....je t envoie le rpport rsit puis je v reprendre dans l ordre que tu ma marquer oldtimer et son rapport puis malware.....desole j avais du mal lire et ou comprendre




        Malwarebytes' Anti-Malware 1.36
        Version de la base de données: 2117
        Windows 5.1.2600 Service Pack 3

        2009-05-12 14:21:12
        mbam-log-2009-05-12 (14-21-12).txt

        Type de recherche: Examen complet (C:\|)
        Eléments examinés: 124443
        Temps écoulé: 27 minute(s), 54 second(s)

        Processus mémoire infecté(s): 0
        Module(s) mémoire infecté(s): 4
        Clé(s) du Registre infectée(s): 14
        Valeur(s) du Registre infectée(s): 9
        Elément(s) de données du Registre infecté(s): 6
        Dossier(s) infecté(s): 5
        Fichier(s) infecté(s): 20

        Processus mémoire infecté(s):
        (Aucun élément nuisible détecté)

        Module(s) mémoire infecté(s):
        C:\WINDOWS\system32\meyobuha.dll (Trojan.Vundo.H) -> Delete on reboot.
        c:\WINDOWS\system32\yiriyidi.dll (Trojan.Vundo.H) -> Delete on reboot.
        C:\Documents and Settings\Florant\Local Settings\Temp\mousehook.dll (Trojan.Tibs) -> Delete on reboot.
        C:\WINDOWS\Temp\ntdll64.dll (Trojan.Tibs) -> Delete on reboot.

        Clé(s) du Registre infectée(s):
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4320d5f5-7cbf-40b0-a720-fec05d5eef37} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{4320d5f5-7cbf-40b0-a720-fec05d5eef37} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
        HKEY_CLASSES_ROOT\setup.player (Spyware.MarketScore) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Zango (Adware.Zango) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
        KHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.

        Valeur(s) du Registre infectée(s):
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\28295a77 (Trojan.Vundo.H) -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fahukeyumi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm2b1a69eb (Trojan.Vundo.H) -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.75.0 (Adware.Zango) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.

        Elément(s) de données du Registre infecté(s):
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\yiriyidi.dll -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

        Dossier(s) infecté(s):
        C:\Documents and Settings\Florant\Application Data\ptidle (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\Program Files\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.
        C:\Program Files\Zango\bin (Adware.180Solutions) -> Quarantined and deleted successfully.
        C:\Program Files\Zango\bin\10.3.75.0 (Adware.180Solutions) -> Quarantined and deleted successfully.
        C:\Documents and Settings\All Users\Application Data\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.

        Fichier(s) infecté(s):
        C:\WINDOWS\system32\meyobuha.dll (Trojan.Vundo.H) -> Delete on reboot.
        C:\WINDOWS\system32\ahuboyem.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        c:\WINDOWS\system32\yiriyidi.dll (Trojan.Vundo.H) -> Delete on reboot.
        C:\Documents and Settings\Florant\Local Settings\Temp\mousehook.dll (Trojan.Tibs) -> Delete on reboot.
        C:\WINDOWS\Temp\ntdll64.dll (Trojan.Tibs) -> Delete on reboot.
        C:\Documents and Settings\Florant\Local Settings\Temp\erwmnxcoas.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Florant\Local Settings\Temp\ntdll64.dll (Trojan.Tibs) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Florant\Local Settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Florant\Local Settings\Temp\rasesnet.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Florant\Local Settings\Temp\samrxowenc.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
        C:\System Volume Information\_restore{AD60D253-EE35-4D23-8233-D6242CE1E8D7}\RP187\A0041263.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
        C:\WINDOWS\Temp\mousehook.dll (Trojan.Tibs) -> Quarantined and deleted successfully.
        C:\Program Files\Zango\bin\10.3.75.0\HostOE.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
        C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
        C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully.
        C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat (Adware.Zango) -> Quarantined and deleted successfully.
        C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht (Adware.Zango) -> Quarantined and deleted successfully.
        C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully.
        0
  9. sylar73
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Florant at 2009-05-12 14:32:08
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 91 GB (79%) free of 114 GB
    Total RAM: 1918 MB (71% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:32:12, on 2009-05-12
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\HPQ\shared\hpqwmi.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Florant\Bureau\RSIT.exe
    C:\Program Files\trend micro\Florant.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hec.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
    O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.75.0\Weather.exe" -auto
    O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\wibijomi.dll C:\WINDOWS\system32\nanuyona.dll C:\WINDOWS\system32\miyokonu.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    0
  10. toto666 Messages postés 331 Statut Membre 14
     
    ree,

    Fait juste otmoveit3 puis ensuite RSIT stp.
    Tu n'a pas trouvé le rapport usbfix ici ?? C:\UsbFix.txt

    Si non refait l'option 2 avant le RSIT stp.

    a++
    0
    1. sylar73
       
      voivi le rapport OTM je fais rsit tou de suite
      ========== PROCESSES ==========
      Process explorer.exe killed successfully.
      ========== FILES ==========
      File/Folder C:\Program Files\Zango not found.
      File/Folder C:\Program Files\Zango\bin not found.
      File/Folder C:\Program Files\Zango\bin\10.3.75.0 not found.
      File/Folder C:\Program Files\Zango\bin\10.3.75.0\HostOE.dll not found.
      ========== COMMANDS ==========
      File delete failed. C:\DOCUME~1\Florant\LOCALS~1\Temp\etilqs_hSltaHiL3s663an93LtM scheduled to be deleted on reboot.
      User's Temp folder emptied.
      User's Internet Explorer cache folder emptied.
      File delete failed. C:\Documents and Settings\Florant\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      User's Temporary Internet Files folder emptied.
      Local Service Temp folder emptied.
      File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      Local Service Temporary Internet Files folder emptied.
      Network Service Temp folder emptied.
      Network Service Temporary Internet Files folder emptied.
      File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
      Windows Temp folder emptied.
      Java cache emptied.
      File delete failed. C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\XUL.mfl scheduled to be deleted on reboot.
      FireFox cache emptied.
      Temp folders emptied.
      Explorer started successfully

      OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05122009_143502

      Files moved on Reboot...
      File C:\DOCUME~1\Florant\LOCALS~1\Temp\etilqs_hSltaHiL3s663an93LtM not found!
      DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
      C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.
      File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
      C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_001_ moved successfully.
      C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_002_ moved successfully.
      C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_003_ moved successfully.
      C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\Cache\_CACHE_MAP_ moved successfully.
      C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\urlclassifier3.sqlite moved successfully.
      C:\Documents and Settings\Florant\Local Settings\Application Data\Mozilla\Firefox\Profiles\805jvx9o.default\XUL.mfl moved successfully.
      0
    2. sylar73
       
      je refais donc l option 2 puis le rsit........
      0
    3. sylar73
       
      ############################## [ UsbFix V3.018 # Cleaning ]

      # User : Florant (Administrateurs) # FLORANT-D961033
      # Update on 11/05/09 by Chiquitine29, C_XX & Chimay8
      # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
      # Start at: 14:49:51 | 2009-05-12

      # AMD Turion(tm) 64 Mobile Technology ML-37
      # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
      # Internet Explorer 7.0.5730.13
      # Windows Firewall Status : Enabled
      # AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]

      # C:\ # Disque fixe local # 111,78 Go (90,86 Go free) # NTFS
      # D:\ # Disque CD-ROM
      # E:\ # Disque CD-ROM
      # F:\ # Disque CD-ROM
      # G:\ # Disque CD-ROM
      # H:\ # Disque CD-ROM # 1,21 Go (0 Mo free) [MS Office 2007] # CDFS

      ############################## [ Processus actifs ]

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\logonui.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
      C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
      C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      C:\PROGRA~1\AVG\AVG8\avgemc.exe
      C:\PROGRA~1\AVG\AVG8\avgrsx.exe
      C:\PROGRA~1\AVG\AVG8\avgnsx.exe
      C:\Program Files\AVG\AVG8\avgcsrvx.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\init32.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      ################## [ Fichiers # Dossiers infectieux ]

      Deleted ! C:\WINDOWS\system32\win32hlp.cnf
      (!) Not Deleted ! H:\autorun.inf

      ################## [ Registre # Clés Run infectieuses ]


      ################## [ Registre # Mountpoints2 ]

      Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{3bad0674-205c-11de-a630-0016412074a7}\Shell\AutoRun\command
      Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{5c9cd36e-c7af-11dd-9da4-0016412074a7}\Shell\AutoRun\command
      Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{e0fbe5b0-9e93-11dd-9d48-0014a57aa623}\Shell\AutoRun\command
      Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{fc65a7b4-d124-11dd-9dad-0016412074a7}\Shell\AutoRun\command

      ################## [ Listing des fichiers présent ]

      [2008-10-08 12:39|--a------|50] - C:\AUTOEXEC.BAT
      [2008-10-08 05:49|---hs----|216] - C:\boot.ini
      [2004-08-05 07:00|-rahs----|4952] - C:\Bootfont.bin
      [2008-10-08 05:55|--a------|0] - C:\CONFIG.SYS
      [2008-10-08 06:14|--a------|3227460] - C:\DNSP1.LOG
      [?|?|?] - C:\hiberfil.sys
      [2008-10-08 06:17|--a------|171] - C:\HSC.log
      [2008-10-08 05:55|-rahs----|0] - C:\IO.SYS
      [2008-10-08 12:38|--a------|161] - C:\mscuxp.log
      [2008-10-08 05:55|-rahs----|0] - C:\MSDOS.SYS
      [2008-10-08 12:54|--a------|192] - C:\muvee.log
      [2004-08-05 07:00|-rahs----|47564] - C:\NTDETECT.COM
      [2008-10-09 06:13|-rahs----|252240] - C:\ntldr
      [?|?|?] - C:\pagefile.sys
      [2008-10-08 12:41|--a------|200] - C:\sedinst2.log
      [2008-10-08 12:45|--a------|171] - C:\setup.log
      [2009-04-18 11:27|--ah-----|268] - C:\sqmdata00.sqm
      [2009-04-20 09:30|--ah-----|268] - C:\sqmdata01.sqm
      [2009-04-20 17:29|--ah-----|268] - C:\sqmdata02.sqm
      [2009-04-20 22:48|--ah-----|268] - C:\sqmdata03.sqm
      [2009-04-23 23:19|--ah-----|268] - C:\sqmdata04.sqm
      [2009-04-24 14:09|--ah-----|268] - C:\sqmdata05.sqm
      [2009-04-26 18:50|--ah-----|268] - C:\sqmdata06.sqm
      [2009-04-26 22:17|--ah-----|268] - C:\sqmdata07.sqm
      [2009-04-29 11:20|--ah-----|268] - C:\sqmdata08.sqm
      [2009-04-03 09:05|--ah-----|268] - C:\sqmdata09.sqm
      [2009-04-04 12:44|--ah-----|268] - C:\sqmdata10.sqm
      [2009-04-06 17:54|--ah-----|268] - C:\sqmdata11.sqm
      [2009-04-09 17:35|--ah-----|268] - C:\sqmdata12.sqm
      [2009-04-09 19:38|--ah-----|268] - C:\sqmdata13.sqm
      [2009-04-11 11:07|--ah-----|268] - C:\sqmdata14.sqm
      [2009-04-14 17:53|--ah-----|268] - C:\sqmdata15.sqm
      [2009-04-14 23:05|--ah-----|268] - C:\sqmdata16.sqm
      [2009-04-15 20:36|--ah-----|268] - C:\sqmdata17.sqm
      [2009-04-17 17:32|--ah-----|268] - C:\sqmdata18.sqm
      [2009-04-17 20:03|--ah-----|268] - C:\sqmdata19.sqm
      [2009-04-18 11:27|--ah-----|244] - C:\sqmnoopt00.sqm
      [2009-04-20 09:30|--ah-----|244] - C:\sqmnoopt01.sqm
      [2009-04-20 17:29|--ah-----|244] - C:\sqmnoopt02.sqm
      [2009-04-20 22:48|--ah-----|244] - C:\sqmnoopt03.sqm
      [2009-04-23 23:19|--ah-----|244] - C:\sqmnoopt04.sqm
      [2009-04-24 14:09|--ah-----|244] - C:\sqmnoopt05.sqm
      [2009-04-26 18:50|--ah-----|244] - C:\sqmnoopt06.sqm
      [2009-04-26 22:17|--ah-----|244] - C:\sqmnoopt07.sqm
      [2009-04-29 11:20|--ah-----|244] - C:\sqmnoopt08.sqm
      [2009-04-03 09:05|--ah-----|244] - C:\sqmnoopt09.sqm
      [2009-04-04 12:44|--ah-----|244] - C:\sqmnoopt10.sqm
      [2009-04-06 17:54|--ah-----|244] - C:\sqmnoopt11.sqm
      [2009-04-09 17:35|--ah-----|244] - C:\sqmnoopt12.sqm
      [2009-04-09 19:38|--ah-----|244] - C:\sqmnoopt13.sqm
      [2009-04-11 11:07|--ah-----|244] - C:\sqmnoopt14.sqm
      [2009-04-14 17:53|--ah-----|244] - C:\sqmnoopt15.sqm
      [2009-04-14 23:05|--ah-----|244] - C:\sqmnoopt16.sqm
      [2009-04-15 20:36|--ah-----|244] - C:\sqmnoopt17.sqm
      [2009-04-17 17:32|--ah-----|244] - C:\sqmnoopt18.sqm
      [2009-04-17 20:03|--ah-----|244] - C:\sqmnoopt19.sqm
      [2008-10-08 12:45|--a------|24082] - C:\sunjava.log
      [2008-10-08 12:36|--a------|190] - C:\syntp.log
      [2009-05-12 13:37|--a------|3008] - C:\TB.txt
      [2008-10-08 06:04|--a------|32] - C:\ticrdbus.log
      [2009-05-12 14:50|--a------|5821] - C:\UsbFix.txt
      [2009-01-07 20:17|--a------|27] - C:\wizard.txt
      [2007-04-10 19:10|-r-------|80] - H:\autorun.inf
      [2007-04-20 05:34|-r-------|243834] - H:\Launcher.exe
      [2007-04-20 05:34|-r-------|6979] - H:\Launcher.txt
      [2006-06-30 16:14|-r-------|26694] - H:\Office.ico
      [2007-04-10 20:29|-r-------|1082] - H:\Readme.txt

      ################## [ Vaccination ]

      # C:\autorun.inf -> Folder created by UsbFix.

      ################## [ Cracks / Keygens / Serials ]

      # -> Nothing found !

      ################## [ ! Fin du rapport # UsbFix V3.018 ! ]
      0
    4. sylar73
       
      et voila le rsit
      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Florant at 2009-05-12 14:52:19
      Microsoft Windows XP Édition familiale Service Pack 3
      System drive C: has 93 GB (81%) free of 114 GB
      Total RAM: 1918 MB (73% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:52:23, on 2009-05-12
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16827)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
      C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
      C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      C:\PROGRA~1\AVG\AVG8\avgemc.exe
      C:\PROGRA~1\AVG\AVG8\avgrsx.exe
      C:\PROGRA~1\AVG\AVG8\avgnsx.exe
      C:\Program Files\AVG\AVG8\avgcsrvx.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\Florant\Bureau\RSIT.exe
      C:\Program Files\trend micro\Florant.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
      O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
      O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe"
      O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
      O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
      O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.75.0\Weather.exe" -auto
      O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
      O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
      O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
      O4 - Global Startup: BTTray.lnk = ?
      O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
      O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
      O20 - AppInit_DLLs: C:\WINDOWS\system32\wibijomi.dll C:\WINDOWS\system32\nanuyona.dll C:\WINDOWS\system32\miyokonu.dll
      O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
      O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
      O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
      O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
      0
  11. toto666 Messages postés 331 Statut Membre 14
     
    salut,
    On a bien avancer.

    I)Telecharge et enregistre sur ton bureau Hijackthis :

    http://www.trendsecure.com/portal/fr/_download/HiJackThis.exe

    Lance le logiciel hijackthis.
    Au menu, « clique sur do a system scan only ».
    Coche moi ces lignes en gras :

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
    O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe
    O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe"
    O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.75.0\Weather.exe" -auto
    O20 - AppInit_DLLs: C:\WINDOWS\system32\wibijomi.dll C:\WINDOWS\system32\nanuyona.dll C:\WINDOWS\system32\miyokonu.dll


    Clique sur « fix checked ».

    Puis refait moi un nouveau rapport RSIT stp.
    0
    1. sylar73
       
      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Florant at 2009-05-13 18:30:40
      Microsoft Windows XP Édition familiale Service Pack 3
      System drive C: has 93 GB (81%) free of 114 GB
      Total RAM: 1918 MB (71% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:30:43, on 2009-05-13
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16827)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
      C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
      C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      C:\PROGRA~1\AVG\AVG8\avgemc.exe
      C:\PROGRA~1\AVG\AVG8\avgrsx.exe
      C:\PROGRA~1\AVG\AVG8\avgnsx.exe
      C:\Program Files\AVG\AVG8\avgcsrvx.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\SearchProtocolHost.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\Florant\Bureau\RSIT.exe
      C:\Documents and Settings\Florant\Bureau\Florant.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
      O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe"
      O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
      O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
      O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
      O4 - Global Startup: BTTray.lnk = ?
      O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
      O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
      O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
      O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
      O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
      O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
      0
  12. toto666 Messages postés 331 Statut Membre 14
     
    salut,

    Je veut vérifier un fichier. :)

    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\ahuboyem.tmp

    Clique sur envoyer le fichier.

    Un rapport va s'élaborer ligne à ligne.
    Si le rapport ne s’affiche pas, clique sur afficher le dernier rapport.
    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.

    Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant.
    0