Se connecter / S'enregistrer
Votre question

Infecté par Win32:TratBHO [Trj] !!! [Résolu]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Avril 2008 22:08:25

Salut !
J'ai grand besoin de votre aide.
J'ai vu déjà plusieurs cas de virus similaires sur les forums mais apparement chaque cas est différent puisqu'il faut sortir des rapports avec ComboFix et autre.
Donc je voulais savoir quelle procédure suivre.
N'est-il pas possible sans avoir à tout copier/coller de directement m'attaquer au virus ?
J'utilise avast! ....
Merci 1000 fois de m'apporter votre aide je n'en peux plus
@

Autres pages sur : infecte win32 tratbho trj resolu

3 Avril 2008 22:32:59

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32:32, on 03/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PVSW\Bin\WGE_SRV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PVSW\BIN\W3dbsmgr.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\DOCUME~1\Richard\LOCALS~1\Temp\winlogan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Richard\Mes documents\Programmes\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.h...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\urqnljg.dll
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\Richard\LOCALS~1\Temp\winlogan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\Richard\LOCALS~1\Temp\winlogan.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1674182061-2924136104-2798263571-1007\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (User 'Marc')
O4 - HKUS\S-1-5-21-1674182061-2924136104-2798263571-1007\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'Marc')
O4 - HKUS\S-1-5-21-1674182061-2924136104-2798263571-1007\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Marc')
O4 - HKUS\S-1-5-21-1674182061-2924136104-2798263571-1007\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\Richard\LOCALS~1\Temp\winlogan.exe (User 'Marc')
O4 - HKUS\S-1-5-21-1674182061-2924136104-2798263571-1007\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Marc\LOCALS~1\Temp\csrssc.exe (User 'Marc')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1674182061-2924136104-2798263571-1007 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Marc')
O4 - S-1-5-21-1674182061-2924136104-2798263571-1007 User Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Marc')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLaunch...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: urqnljg - C:\WINDOWS\SYSTEM32\urqnljg.dll
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 13407 bytes



SVP aidez moi
4 Avril 2008 00:05:27

:hello: 

Tu es infecté(e) par "Vundo". Supprime tous les cracks de ton PC s'ils sont présents car sinon ils relanceront l'infection.

Télécharge Vundofix (par Atribune) sur ton Bureau.

  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

    Note:
    Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-dessus, à partir de "clique sur le bouton Scan for Vundo".

    N.B : Il se peut que vundofix ne détecte rien, dans ce cas-là pas de rapport nécessaire, dis-moi juste qu'il n'a rien trouvé.
    Contenus similaires
    4 Avril 2008 18:53:47

    Voici le rapport VundoFix :



    VundoFix V7.0.3

    Scan started at 18:31:17 04/04/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\urqnljg.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\urqnljg.dll
    C:\WINDOWS\system32\urqnljg.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\urqnljg.dll
    C:\WINDOWS\system32\urqnljg.dll Has been deleted!

    Performing Repairs to the registry.
    Done!


    Et voici le rapport HijackThis :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:52:41, on 04/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\PVSW\Bin\WGE_SRV.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\PVSW\BIN\W3dbsmgr.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    C:\DOCUME~1\Richard\LOCALS~1\Temp\winlogan.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Richard\Mes documents\Programmes\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.h...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\Richard\LOCALS~1\Temp\winlogan.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\Richard\LOCALS~1\Temp\winlogan.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
    O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLaunch...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

    --
    End of file - 12026 bytes


    Le fichier qui devait être supprimé par VundoFix ne semble pas l'avgoir été...
    Pour ce qui est des cracks, comment être sur de s'en être débarrassé? j'pense avoir fait ce qu'il fallait mais bon.
    En tout cas merci beaucoup, j'attends ta réponse.
    4 Avril 2008 19:22:11

    Re,

    Citation :
    N'est-il pas possible sans avoir à tout copier/coller de directement m'attaquer au virus ?


    Il est très facile de se faire infecter, très difficile de se faire désinfecter. Surtout que le trojan vundo est très coriace, mais on l'élimine facilement maintenant après quelques manip', car nous sommes rôdés ;) 
    Pour les cracks, si tu les as TOUS virés, c'est bon.

    1) Affiche les fichiers et dossiers cachés …
    Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
    Ensuite, clique sur > Outils > Options des dossiers ...
    clique sur l' onglet « Affichage » et ...
    coche ---> Afficher les fichiers et dossiers cachés
    décoche > Masquer les extensions des fichiers dont le type est connu
    décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
    « Appliquer » et « OK ».

    2) Désactive toute protection résidente ( antivirus…) !
    Déconnecte-toi d’internet, ferme tous les programmes en cours et laisse combofix travailler : ne fais donc pas autre chose en même temps !


    Télécharge Combofix de sUBs
    Sauvegarde le sur ton bureau et pas ailleurs !
    Redémarre en mode sans échecs : aide ici >>>
    http://forum.telecharger.01net.com/telecharger/virus_et...
    /!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt

    3) Copie/colle un nouveau rapport HiJackThis avec.

    ;) 
    5 Avril 2008 14:19:27

    ComboFix 08-04-04.1 - Richard 2008-04-05 13:49:22.1 - NTFSx86 MINIMAL
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1760 [GMT 2:00]
    Endroit: C:\Documents and Settings\Richard\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .
    TimedOut: progfile.dat

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Marc\Application Data\ShoppingReport
    C:\Documents and Settings\Marc\Application Data\ShoppingReport\cs\Config.xml
    C:\Documents and Settings\Marc\Application Data\ShoppingReport\cs\db\Aliases.dbs
    C:\Documents and Settings\Marc\Application Data\ShoppingReport\cs\db\Sites.dbs
    C:\Documents and Settings\Marc\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    C:\Documents and Settings\Marc\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    C:\Documents and Settings\Marc\Application Data\ShoppingReport\cs\report\send_storage.xml
    C:\Documents and Settings\Marc\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
    C:\Documents and Settings\Richard\Application Data\ShoppingReport
    C:\Documents and Settings\Richard\Application Data\ShoppingReport\cs\Config.xml
    C:\Documents and Settings\Richard\Application Data\ShoppingReport\cs\db\Aliases.dbs
    C:\Documents and Settings\Richard\Application Data\ShoppingReport\cs\db\Sites.dbs
    C:\Documents and Settings\Richard\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    C:\Documents and Settings\Richard\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    C:\Documents and Settings\Richard\Application Data\ShoppingReport\cs\report\send_storage.xml
    C:\Documents and Settings\Richard\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
    C:\Program Files\Helper
    C:\Program Files\Helper\1206748116.dll
    C:\Program Files\ShoppingReport
    C:\Program Files\ShoppingReport\Uninst.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_GRANDE48
    -------\Service_grande48


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-05 to 2008-04-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-04 18:57 . 2008-04-05 13:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-04 18:57 . 2008-04-04 18:57 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-04 18:31 . 2008-04-04 18:43 <REP> d-------- C:\VundoFix Backups
    2008-04-04 18:28 . 2008-04-04 18:52 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-03-29 01:48 . 2008-03-29 01:48 58,880 --a------ C:\axmfr.exe
    2008-03-29 01:48 . 2008-03-29 01:48 55,438 --a------ C:\WINDOWS\zdegpig.ini
    2008-03-29 01:48 . 2008-03-29 01:48 10,000 --a------ C:\WINDOWS\system32\jfiehayd.dll
    2008-03-29 01:48 . 2008-03-29 01:48 6,144 --a------ C:\fvsyct.exe
    2008-03-29 01:48 . 2008-03-29 01:48 6,144 --a------ C:\eqmycdql.exe
    2008-03-29 01:48 . 2008-03-21 18:13 33 --a------ C:\Documents and Settings\Richard\RUNME.bat
    2008-03-29 01:47 . 2008-03-21 07:00 34,304 --a------ C:\Documents and Settings\Richard\patch.exe
    2008-03-29 01:47 . 2008-03-16 16:49 7,168 --a------ C:\Documents and Settings\Richard\crack.exe
    2008-03-29 01:34 . 2008-04-04 18:25 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-03-13 15:52 . 2008-03-13 15:52 268 --ah----- C:\sqmdata01.sqm
    2008-03-13 15:52 . 2008-03-13 15:52 244 --ah----- C:\sqmnoopt01.sqm
    2008-03-09 12:51 . 2008-03-09 12:51 <REP> d-------- C:\Documents and Settings\Marc\Application Data\dvdcss

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-05 11:38 --------- d-----w C:\Documents and Settings\Richard\Application Data\SiteAdvisor
    2008-04-05 10:40 --------- d-----w C:\Documents and Settings\Marc\Application Data\VMNTOOLBAR
    2008-04-04 16:28 --------- d-----w C:\Program Files\Naruto - Just a good Series
    2008-04-04 16:28 --------- d-----w C:\Program Files\Motorola Phone Tools
    2008-04-04 16:28 --------- d-----w C:\Program Files\AdorageI-SAL
    2008-04-04 16:27 --------- d-----w C:\Program Files\Ahead
    2008-04-03 19:51 --------- d-----w C:\Documents and Settings\Richard\Application Data\vmntoolbar
    2008-03-28 23:32 --------- d-----w C:\Program Files\MSN Messenger
    2008-03-28 23:32 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-23 21:39 --------- d-----w C:\Program Files\eMule
    2008-03-23 14:29 --------- d-----w C:\Documents and Settings\Richard\Application Data\Azureus
    2008-03-22 10:38 --------- d-----w C:\Program Files\Azureus
    2008-03-21 01:01 --------- d-----w C:\Documents and Settings\Richard\Application Data\Ahead
    2008-03-12 21:47 --------- d-----w C:\Program Files\Java
    2008-03-12 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-03-05 05:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZangoSA
    2008-03-01 08:32 --------- d-----w C:\Program Files\iTunes
    2008-02-25 15:49 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-02-25 15:49 --------- d-----w C:\Program Files\Windows Live
    2008-02-25 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-22 07:36 --------- d-----w C:\Program Files\iPod
    2008-02-22 07:35 --------- d-----w C:\Program Files\QuickTime
    2008-02-15 22:23 --------- d-----w C:\Documents and Settings\Marc\Application Data\Zango
    2008-02-15 19:14 --------- d-----w C:\Program Files\DivX
    2008-02-15 17:37 --------- d-----w C:\Documents and Settings\Richard\Application Data\Zango
    2008-02-15 17:00 --------- d-----w C:\Documents and Settings\Richard\Application Data\WeatherDPA
    2008-02-15 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    2008-02-15 16:59 --------- d-----w C:\Program Files\Zango
    2008-02-14 10:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\EBP
    2008-02-14 10:28 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{B33CBE2B-A739-401D-A5E0-041195C4A17B}
    2008-02-14 10:28 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{89D4E875-7884-4CC8-8BC6-730A6032D8F1}
    2008-02-14 10:28 --------- d-----w C:\Documents and Settings\Marc\Application Data\EBP
    2008-02-14 10:27 --------- d-----w C:\Program Files\Fichiers communs\EBP
    2008-02-14 10:27 --------- d-----w C:\Program Files\EBP
    2008-02-11 21:55 --------- d-----w C:\Documents and Settings\Richard\Application Data\teamspeak2
    2007-06-03 10:08 92,064 ----a-w C:\Documents and Settings\Marc\mqdmmdm.sys
    2007-06-03 10:08 9,232 ----a-w C:\Documents and Settings\Marc\mqdmmdfl.sys
    2007-06-03 10:08 79,328 ----a-w C:\Documents and Settings\Marc\mqdmserd.sys
    2007-06-03 10:08 66,656 ----a-w C:\Documents and Settings\Marc\mqdmbus.sys
    2007-06-03 10:08 6,208 ----a-w C:\Documents and Settings\Marc\mqdmcmnt.sys
    2007-06-03 10:08 5,936 ----a-w C:\Documents and Settings\Marc\mqdmwhnt.sys
    2007-06-03 10:08 4,048 ----a-w C:\Documents and Settings\Marc\mqdmcr.sys
    2007-06-03 10:08 25,600 ----a-w C:\Documents and Settings\Marc\usbsermptxp.sys
    2007-06-03 10:08 22,768 ----a-w C:\Documents and Settings\Marc\usbsermpt.sys
    2004-08-09 21:30 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    2006-05-29 14:40 7,296,000 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5AF49A2-94F3-42BD-F434-2604812C897D}]
    2008-03-29 01:48 10000 --a------ C:\WINDOWS\system32\jfiehayd.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 14:11 3497984]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016]
    "nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37 217088]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47 458752]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 07:06 29696 C:\WINDOWS\KHALMNPR.Exe]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 09:50 139264]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
    "CTHelper"="CTHELPER.EXE" [2004-03-11 16:50 28672 C:\WINDOWS\system32\CTHELPER.EXE]
    "CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-08-18 08:05 180269]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016]
    "EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 16:57 102400]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{C5AF49A2-94F3-42BD-F434-2604812C897D}"= C:\WINDOWS\system32\jfiehayd.dll [2008-03-29 01:48 10000]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSVideo8"= VfWWDM32.dll
    "msacm.scg726"= scg726.acm
    "msacm.lhacm"= lhacm.acm
    "VIDC.MJPG"= Pvmjpg21.dll
    "VIDC.PIM1"= pclepim1.dll
    "VIDC.I420"= lvcodec2.dll
    "MSVideo"= vfwwdm32.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Image Transfer.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Image Transfer.lnk
    backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
    backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
    --a------ 2004-12-14 02:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    --a------ 2005-01-27 02:02 86016 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    --a------ 2007-03-22 19:51 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2007-12-24 23:28 1266936 C:\Program Files\Valve\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2005-08-18 08:05 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\bejito78370\\counter-strike source\\hl2.exe"=
    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
    "C:\\Program Files\\Xfire\\Xfire.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\bejito78370\\day of defeat source\\hl2.exe"=
    "C:\\Program Files\\HLSW\\hlsw.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\bejito78370\\half-life 2 deathmatch\\hl2.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Valve\\Steam\\Steam.exe"=
    "C:\\StubInstaller.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Documents and Settings\\Richard\\LBZ\\lbzwin\\Lbzwin.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\Shareaza\\Shareaza.exe"=
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
    "C:\\Documents and Settings\\Richard\\Mes documents\\My Games\\lbzwin.exe"=
    "C:\\PVSW\\Bin\\w3dbsmgr.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=

    R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 04:00]
    R2 EBP Pervasive.SQL;EBP Pervasive.SQL;C:\PVSW\Bin\WGE_SRV.exe [2006-12-07 17:08]
    S3 BulkUsb;Usbscan.Sys;C:\WINDOWS\system32\Drivers\usbscan.sys [2004-08-03 23:58]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-03-31 15:36:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2005-08-07 21:45:00 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:13, on 2008-04-05
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\PVSW\Bin\WGE_SRV.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PVSW\BIN\W3dbsmgr.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Richard\Mes documents\Programmes\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
    O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLaunch...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

    --
    End of file - 11592 bytes



    Depuis que j'ai fait ça, avast n'arrete pas de me dire qu'il y a trop de mails envoyés dans un faible intervalle et qu'il y a une possibilité d'infection...
    Voici exactement ce que c'est, il y en a tout le tps...


    Donc je suis pas sur d'avoir retiré TOUS les cracks (comment en être sur ?)
    J'ai toujours mon Trojan...
    Et comme si ça suffisait pas j'ai maintenant ces messages suspects sans arrêt, help please j'vais péter mon écran ^^
    5 Avril 2008 14:36:07

    Re,

    Je te réponds en fin d'aprem.

    T'inquiète pas normalement après la prochaine manip' ça ira mieux.

    ;) 
    5 Avril 2008 17:47:26

    Re,

    Désactive toute protection résidente ( antivirus…) !

    Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :

    Citation :
    File::
    C:\axmfr.exe
    C:\WINDOWS\zdegpig.ini
    C:\WINDOWS\system32\jfiehayd.dll
    C:\fvsyct.exe
    C:\eqmycdql.exe
    C:\Documents and Settings\Richard\patch.exe
    C:\Documents and Settings\Richard\crack.exe
    C:\Documents and Settings\All Users\Application Data\{B33CBE2B-A739-401D-A5E0-041195C4A17B}
    C:\Documents and Settings\All Users\Application Data\{89D4E875-7884-4CC8-8BC6-730A6032D8F1}

    Folder::
    C:\Documents and Settings\Marc\Application Data\Zango
    C:\Documents and Settings\Richard\Application Data\Zango
    C:\Documents and Settings\Marc\Application Data\Zango

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5AF49A2-94F3-42BD-F434-2604812C897D}]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{C5AF49A2-94F3-42BD-F434-2604812C897D}"=-



    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :



    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
    S'il n'y a pas de redémarrage, poste quand même les rapports.

    ;) 
    6 Avril 2008 16:55:35

    ComboFix 08-04-04.1 - Richard 2008-04-06 16:34:03.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1584 [GMT 2:00]
    Endroit: C:\Documents and Settings\Richard\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Richard\Mes documents\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\axmfr.exe
    C:\Documents and Settings\All Users\Application Data\{89D4E875-7884-4CC8-8BC6-730A6032D8F1}
    C:\Documents and Settings\All Users\Application Data\{B33CBE2B-A739-401D-A5E0-041195C4A17B}
    C:\Documents and Settings\Richard\crack.exe
    C:\Documents and Settings\Richard\patch.exe
    C:\eqmycdql.exe
    C:\fvsyct.exe
    C:\WINDOWS\system32\jfiehayd.dll
    C:\WINDOWS\zdegpig.ini
    .
    TimedOut: progfile.dat

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\axmfr.exe
    C:\Documents and Settings\Marc\Application Data\ShoppingReport
    C:\Documents and Settings\Marc\Application Data\ShoppingReport\cs\Config.xml
    C:\Documents and Settings\Marc\Application Data\ShoppingReport\cs\db\Aliases.dbs
    C:\Documents and Settings\Marc\Application Data\ShoppingReport\cs\db\Sites.dbs
    C:\Documents and Settings\Marc\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    C:\Documents and Settings\Marc\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    C:\Documents and Settings\Marc\Application Data\ShoppingReport\cs\report\send_storage.xml
    C:\Documents and Settings\Marc\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
    C:\Documents and Settings\Marc\Application Data\Zango
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\030104_emte10_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\030104_emte11_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\030104_emte12_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\030104_emte13_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\030104_emte14_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\030104_emte19_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\030104_emte20_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\030104_emte21_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\030104_emte9_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\030203lib_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\033102angel_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\033102bigluf_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\033102bigsmile_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\033102birthday_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\033102cheers_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\033102flo_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\033102good_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\033102jump_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\033102king_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\033102lough_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\033102luf_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\033102smile_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\033102smiled_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\033102sor_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\033102thanx_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\033102uhu_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\040103ahh_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\040103wow_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\040104_emi2_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\042102_1134_112_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\050103big_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\050103gig_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\050103hm_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\050103nomail_emoti_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\050103norm_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\060104_ema15_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\060104_ema16_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\060104_ema17_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\060104_ema18_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\060104_ema19_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\060104_ema20_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\060104_ema21_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\060104_ema24_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\060104_ema25_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\060104_ema26_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\060104_ema30_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\060104_ema33_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\060104_ema34_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\062802hippi_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\062802jumpie_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\080402argh_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\080402oops_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\080402ouch_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\082502no_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\082502yes_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\110103_boring1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\110103_confused_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\110103_crying_ugly_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\110103_fantastic_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\110103_feel_better_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\110103_gimme_break_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\110103_heehee_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\110103_hlopaet_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\110103_ign_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\110103_lol_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\110103_no_comment_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\110103_peace_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\110103_smashing_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\110103_talk2thehand_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\block_sm.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\block_sm2.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\block_smli.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\block_smli2.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\blocked.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\blocked2.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\btn_add-but.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\btn_back-but.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\btn_left_cut_enabled_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\btn_left_enabled_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\btn_left_pressed_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\btn_middle_enabled_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\btn_middle_pressed_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\btn_right_cut_enabled_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\btn_right_enabled_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\btn_right_pressed_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\business_promo.htm
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\buttondir.txt
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\components.cdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\css_cattree.css
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\css_flashpreview.css
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\css2_main.css
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\css2_pagingmodule.css
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\css2_topbuttons.css
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\cursors.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\delete.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\edit_clear_sound.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\edit_fs.htm
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\edit_select.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-543450.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-548964.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-589306.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-591943.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-592579.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-598579.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-603763.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-9595.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-9696.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-511745-514279.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-backgrounds.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-bcards.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-ecards.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-emoticons.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-estationery.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-funny.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-help.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-images.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-info.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-more.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-my.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-new.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-new2.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-options.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-people.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-photo.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-tell.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-temp.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-text.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-voice.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-def.cdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-premium-email-premium.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-t1-bg.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\email-temp-bg.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\estatationery.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\flashpatch.js
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\flashpreview.htm
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\fs3.htm
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\hotbar_promo.htm
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\icon_checked_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\icon_close_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\icon_close_pressed_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\icon_edit_preview.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\icon_edit_send.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\icon_flash_preview.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\icon_recently_used.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\icon_remove_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\icon_remove_pressed_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\icon_sand-clock2.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\icon_tell_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\icon_tell_pressed_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\icon_tree_null.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\icon_unchecked_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\icon_unchecked_pressed_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\img_barlayout.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\img_barlayout2.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\img_barlayout4.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\img_corner_left.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\img_local_logo.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\js2_basetemplate.js
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\js2_hbgroups.js
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\js2_hbobject3.js
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\js2_hbobjectset3.js
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\js2_hotbarwrapper.js
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\js2_iteratorsandreaders3nf.js
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\js2_pagingmoduleobj3.js
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\js2_texts3.js
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\js2_xmltree3nf.js
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\layout.cdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\linkpathlegal.txt
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\n.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\nav_b_2.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\nav_bb_2.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\nav_f_2.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\nav_ff_2.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\pro_hb_fo_word.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\progress.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\sales_buttons.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\searchbtn.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\submit.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\tab_bg.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\tab_bga.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\tab_bgia.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\tab_l.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\tab_la.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\tab_lia.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\tab_r.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\tab_ra.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\tab_ria.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\tree_dots.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\tree_minus.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\tree_plus.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\treedata_animations.xml
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\treedata_backgrounds.xml
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\treedata_ecards.xml
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\treedata_emoticons.xml
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\treedata_notifiers.xml
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\treedata_text.xml
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\1\zango_btn.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\030104_emte10_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\030104_emte11_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\030104_emte12_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\030104_emte13_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\030104_emte14_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\030104_emte19_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\030104_emte20_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\030104_emte21_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\030104_emte9_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\030203lib_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\033102angel_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\033102bigluf_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\033102bigsmile_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\033102birthday_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\033102cheers_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\033102flo_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\033102good_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\033102jump_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\033102king_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\033102lough_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\033102luf_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\033102smile_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\033102smiled_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\033102sor_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\033102thanx_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\033102uhu_1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\040103ahh_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\040103wow_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\040104_emi2_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\042102_1134_112_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\050103big_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\050103gig_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\050103hm_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\050103nomail_emoti_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\050103norm_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\060104_ema15_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\060104_ema16_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\060104_ema17_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\060104_ema18_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\060104_ema19_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\060104_ema20_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\060104_ema21_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\060104_ema24_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\060104_ema25_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\060104_ema26_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\060104_ema30_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\060104_ema33_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\060104_ema34_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\062802hippi_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\062802jumpie_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\080402argh_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\080402oops_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\080402ouch_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\082502no_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\082502yes_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\110103_boring1_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\110103_confused_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\110103_crying_ugly_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\110103_fantastic_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\110103_feel_better_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\110103_gimme_break_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\110103_heehee_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\110103_hlopaet_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\110103_ign_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\110103_lol_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\110103_no_comment_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\110103_peace_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\110103_smashing_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\110103_talk2thehand_prv.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\block_sm.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\block_sm2.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\block_smli.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\block_smli2.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\blocked.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\blocked2.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\btn_add-but.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\btn_back-but.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\btn_left_cut_enabled_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\btn_left_enabled_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\btn_left_pressed_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\btn_middle_enabled_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\btn_middle_pressed_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\btn_right_cut_enabled_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\btn_right_enabled_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\btn_right_pressed_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\business_promo.htm
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\buttondir.txt
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\components.cdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\css_cattree.css
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\css_flashpreview.css
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\css2_main.css
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\css2_pagingmodule.css
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\css2_topbuttons.css
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\cursors.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\delete.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\edit_clear_sound.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\edit_fs.htm
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\edit_select.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-543450.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-548964.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-589306.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-591943.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-592579.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-598579.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-603763.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-9595.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-511724-9696.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-511745-514279.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-backgrounds.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-bcards.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-ecards.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-emoticons.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-estationery.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-funny.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-help.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-images.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-info.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-more.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-my.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-new.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-new2.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-options.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-people.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-photo.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-tell.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-temp.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-text.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def-email-voice.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-def.cdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-premium-email-premium.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-t1-bg.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\email-temp-bg.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\estatationery.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\flashpatch.js
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\flashpreview.htm
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\fs3.htm
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\hotbar_promo.htm
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\icon_checked_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\icon_close_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\icon_close_pressed_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\icon_edit_preview.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\icon_edit_send.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\icon_flash_preview.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\icon_recently_used.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\icon_remove_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\icon_remove_pressed_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\icon_sand-clock2.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\icon_tell_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\icon_tell_pressed_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\icon_tree_null.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\icon_unchecked_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\icon_unchecked_pressed_1.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\img_barlayout.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\img_barlayout2.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\img_barlayout4.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\img_corner_left.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\img_local_logo.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\js2_basetemplate.js
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\js2_hbgroups.js
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\js2_hbobject3.js
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\js2_hbobjectset3.js
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\js2_hotbarwrapper.js
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\js2_iteratorsandreaders3nf.js
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\js2_pagingmoduleobj3.js
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\js2_texts3.js
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\js2_xmltree3nf.js
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\layout.cdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\linkpathlegal.txt
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\n.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\nav_b_2.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\nav_bb_2.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\nav_f_2.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\nav_ff_2.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\pro_hb_fo_word.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\progress.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\sales_buttons.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\searchbtn.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\submit.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\tab_bg.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\tab_bga.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\tab_bgia.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\tab_l.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\tab_la.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\tab_lia.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\tab_r.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\tab_ra.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\tab_ria.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\tree_dots.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\tree_minus.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\tree_plus.gif
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\treedata_animations.xml
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\treedata_backgrounds.xml
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\treedata_ecards.xml
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\treedata_emoticons.xml
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\treedata_notifiers.xml
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\treedata_text.xml
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\2\zango_btn.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\DownLoad\business_promo.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\DownLoad\buttondir.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\DownLoad\code.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\DownLoad\cursors.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\DownLoad\email-def.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\DownLoad\email-t1-bg.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\DownLoad\email-temp-bg.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\DownLoad\hotbar_promo.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\DownLoad\images.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\DownLoad\layout.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\DownLoad\linkpathlegal.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\DownLoad\localcontent.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\DownLoad\pro_hb_fo_word.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\DownLoad\progress.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\DownLoad\sales_buttons.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\DownLoad\treexml.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\HostOL\static\DownLoad\zango_btn.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\1.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\1054344.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\1383771.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\1384925.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\1386779.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\1390732.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\1391129.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\1393134.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\1394983.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\1402657.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\1484571.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\1718868.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\2463033.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\2615240.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\2884418.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\2894097.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\2899670.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\3248874.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\3251993.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\3746930.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\3781168.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\3781250.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\3781275.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\3852962.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\3893094.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\3893245.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\3893885.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\439041.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\48657.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\511973.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\588199.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\658260.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\731481.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\886918.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\935346.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\947708.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\991767.sdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000023840
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000023894
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000024388
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000024478
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000024736
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000024821
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000025073
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000026073
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000026100
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000026149
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000026719
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000027270
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000027621
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000027975
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000028063
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000029224
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000029227
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000032977
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000033079
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000033806
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000044868
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000051643
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052034
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052118
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052121
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052140
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052218
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052228
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052451
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052481
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052645
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052678
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052751
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000052845
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000057548
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000058574
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000063198
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000063923
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000064073
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000074507
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000079514
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000079884
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000081733
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000081928
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000082240
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\10110
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1085
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\116977
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\12233
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\12457
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\133685
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\13546
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15649
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16204
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16214
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17025
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17040
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17656
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18391
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\19052
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20517
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20570
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\212398
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\220086
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\22913
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\247895
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25063
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25502
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25803
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26030
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26077
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26664
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26939
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\278243
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\286256
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\28812
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29115
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\30455
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\31595
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32242
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32887
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\3338
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33695
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33912
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34123
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34140
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34911
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35000
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\352526
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35503
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\36039
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\36079
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\361427
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\374830
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\37602
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\389560
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39232
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39897
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4120
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41999
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\427075
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\42861
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43118
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\437306
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4391
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44100
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44320
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44878
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\450191
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\451453
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4546
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\459338
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\475788
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\479957
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\481176
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4899
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\49587
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\49609
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\49957
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51495
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52335
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\526389
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52699
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52968
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52974
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52977
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\531510
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\533670
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\536950
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\537061
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\54473
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\5535
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\55907
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\570211
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\578150
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\583749
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\600613
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\605882
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\60686
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6292
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64429
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64446
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64484
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64495
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64737
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\652325
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6558
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\658110
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\66345
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\667582
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67226
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67469
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67567
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68055
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\68142
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\685568
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\688162
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\696893
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\697059
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\703600
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\704965
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705045
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705063
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705078
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705150
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705187
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705194
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705197
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705206
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705211
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705240
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705243
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705248
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705252
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705265
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705290
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\705516
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\708497
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\709451
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\72252
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\73387
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\737840
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\737874
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\738022
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\73861
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\743331
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744260
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744716
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744920
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745444
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753017
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753299
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753300
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753311
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753317
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753331
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753335
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\7583
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\78788
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79972
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\80670
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\81566
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\81571
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\81785
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82011
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82120
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\8443
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85878
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\86379
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\86452
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\89865
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\89885
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\90300
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93125
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\9313
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93921
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95645
    6 Avril 2008 17:02:03

    Suite :

    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\9801
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\99739
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\998
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\dynamic\ustat\3677.dat
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\btntrans.idx
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\btntrans1.dat
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\buttondir.txt
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\components.cdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\cursors.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\d_icons_weather.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\default.cdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_categorize.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_comparison.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_favorites.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_Games.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_Hide.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_jemster.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_Mails.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_new.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_premium.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_reun.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_weather.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\editblbuttons.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\email-t1-bg.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\icons2.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\ie_games_icon.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\ie_video.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\keywords.idx
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\keywords1.dat
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\layout.cdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\linkpathlegal.txt
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\progress.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\s_icons_buttons.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\sales_buttons.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\sdfmodifier.xml
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\t2_bg.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\theweb.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\top7.cdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\tsd_bg.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\zango_btn.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\1\zango_ie_menu.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\btntrans.idx
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\btntrans1.dat
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\buttondir.txt
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\components.cdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\cursors.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_1000.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_2000.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_3000.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bar.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bbar1.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_logos.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_other.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\d_icons_weather.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\default.cdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_categorize.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_comparison.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_favorites.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_Games.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_Hide.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_hotbarcom.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_hsskin.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_jemster.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_jemsterie.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_jemsteruk.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_jobsearch.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_Mails.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_MobileSidewalk.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_new.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_premium.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_reun.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_ringtones.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_SearchBoxTrapper.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_searchfor.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_searchgo.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_weather.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Default_yellowpages.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\editblbuttons.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-548964.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-9595.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\email-t1-bg.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\icons2.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\ie_games_icon.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\ie_video.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\keywords.idx
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\keywords1.dat
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\layout.cdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\linkpathlegal.txt
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\progress.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\s_icons_buttons.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\sales_buttons.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\sdfmodifier.xml
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\t2_bg.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\theweb.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\top7.cdf
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\Top7_theweb.mnu
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\tsd_bg.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\zango_btn.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\2\zango_ie_menu.res
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
    C:\Documents and Settings\Marc\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
    C:\Documents and Settings\Richard\Application Data\ShoppingReport
    C:\Documents and Settings\Richard\Application Data\ShoppingReport\cs\Config.xml
    C:\Documents and Settings\Richard\Application Data\ShoppingReport\cs\db\Aliases.dbs
    C:\Documents and Settings\Richard\Application Data\ShoppingReport\cs\db\Sites.dbs
    C:\Documents and Settings\Richard\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    C:\Documents and Settings\Richard\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    C:\Documents and Settings\Richard\Application Data\ShoppingReport\cs\report\send_storage.xml
    C:\Documents and Settings\Richard\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
    C:\Documents and Settings\Richard\Application Data\Zango
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\1.sdf
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\1390732.sdf
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\2883915.sdf
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\3251993.sdf
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\3737427.sdf
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\3893245.sdf
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000025284
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000032977
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000033079
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000041119
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000044868
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000079884
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\12457
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17025
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17040
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17656
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20570
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\22459
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\247895
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25469
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25803
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27503
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29115
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32242
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33695
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\33912
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34123
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\36039
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\374830
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\378128
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\427075
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44320
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44878
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\481176
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51495
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\5204
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52335
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64446
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\650283
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\658110
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67469
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\697059
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\738022
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\73804
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744260
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745356
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753017
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753300
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753335
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\99739
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\ustat\366a.dat
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\dynamic\ustat\3670.dat
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\btntrans.idx
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\btntrans1.dat
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\buttondir.txt
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\components.cdf
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\cursors.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\d_icons_weather.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\default.cdf
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_categorize.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_comparison.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_favorites.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_Games.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_Hide.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_jemster.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_Mails.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_new.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_premium.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_reun.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_weather.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\editblbuttons.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\email-t1-bg.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\icons2.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\ie_games_icon.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\ie_video.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\keywords.idx
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\keywords1.dat
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\layout.cdf
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\linkpathlegal.txt
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\progress.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\s_icons_buttons.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\sales_buttons.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\sdfmodifier.xml
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\t2_bg.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\theweb.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\top7.cdf
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\tsd_bg.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\zango_btn.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\1\zango_ie_menu.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\btntrans.idx
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\btntrans1.dat
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\buttondir.txt
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\components.cdf
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\cursors.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_1000.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_2000.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_3000.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bar.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bbar1.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_logos.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_other.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\d_icons_weather.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\default.cdf
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_categorize.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_comparison.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_favorites.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_Games.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_Hide.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_hotbarcom.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_hsskin.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_jemster.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_jemsterie.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_jemsteruk.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_jobsearch.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_Mails.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_MobileSidewalk.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_new.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_premium.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_reun.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_ringtones.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_SearchBoxTrapper.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_searchfor.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_searchgo.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_weather.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Default_yellowpages.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\editblbuttons.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-548964.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-9595.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\email-t1-bg.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\icons2.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\ie_games_icon.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\ie_video.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\keywords.idx
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\keywords1.dat
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\layout.cdf
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\linkpathlegal.txt
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\progress.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\s_icons_buttons.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\sales_buttons.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\sdfmodifier.xml
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\t2_bg.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\theweb.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\top7.cdf
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\Top7_theweb.mnu
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\tsd_bg.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\zango_btn.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\2\zango_ie_menu.res
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
    C:\Documents and Settings\Richard\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
    C:\Documents and Settings\Richard\crack.exe
    C:\Documents and Settings\Richard\patch.exe
    C:\eqmycdql.exe
    C:\fvsyct.exe
    C:\Program Files\Helper
    C:\Program Files\Helper\1206748116.dll
    C:\Program Files\ShoppingReport
    C:\Program Files\ShoppingReport\Uninst.exe
    C:\WINDOWS\system32\jfiehayd.dll
    C:\WINDOWS\zdegpig.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_GRANDE48
    -------\Service_grande48
    -------\zdegpig


    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-06 to 2008-04-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-06 15:40 . 2008-04-06 15:40 <REP> d-------- C:\Program Files\Safari
    2008-04-05 14:21 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
    2008-04-05 14:21 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2008-04-04 18:57 . 2008-04-06 16:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-04 18:57 . 2008-04-04 18:57 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-04 18:31 . 2008-04-04 18:43 <REP> d-------- C:\VundoFix Backups
    2008-04-04 18:28 . 2008-04-05 14:15 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-03-31 00:03 . 2008-03-31 00:03 <REP> d-------- C:\Documents and Settings\Françoise\Application Data\DivX
    2008-03-29 01:48 . 2008-03-21 18:13 33 --a------ C:\Documents and Settings\Richard\RUNME.bat
    2008-03-29 01:34 . 2008-04-04 18:25 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
    2008-03-13 15:52 . 2008-03-13 15:52 268 --ah----- C:\sqmdata01.sqm
    2008-03-13 15:52 . 2008-03-13 15:52 244 --ah----- C:\sqmnoopt01.sqm
    2008-03-09 12:51 . 2008-03-09 12:51 <REP> d-------- C:\Documents and Settings\Marc\Application Data\dvdcss

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-06 13:51 --------- d-----w C:\Documents and Settings\Richard\Application Data\SiteAdvisor
    2008-04-06 13:46 --------- d-----w C:\Documents and Settings\Richard\Application Data\vmntoolbar
    2008-04-06 13:38 --------- d-----w C:\Program Files\iTunes
    2008-04-06 13:38 --------- d-----w C:\Program Files\iPod
    2008-04-06 13:36 --------- d-----w C:\Program Files\QuickTime
    2008-04-05 20:38 --------- d-----w C:\Documents and Settings\Marc\Application Data\VMNTOOLBAR
    2008-04-04 16:28 --------- d-----w C:\Program Files\Naruto - Just a good Series
    2008-04-04 16:28 --------- d-----w C:\Program Files\Motorola Phone Tools
    2008-04-04 16:28 --------- d-----w C:\Program Files\AdorageI-SAL
    2008-04-04 16:27 --------- d-----w C:\Program Files\Ahead
    2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
    2008-03-28 23:32 --------- d-----w C:\Program Files\MSN Messenger
    2008-03-28 23:32 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-23 21:39 --------- d-----w C:\Program Files\eMule
    2008-03-23 14:29 --------- d-----w C:\Documents and Settings\Richard\Application Data\Azureus
    2008-03-22 10:38 --------- d-----w C:\Program Files\Azureus
    2008-03-21 01:01 --------- d-----w C:\Documents and Settings\Richard\Application Data\Ahead
    2008-03-12 21:47 --------- d-----w C:\Program Files\Java
    2008-03-12 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-03-05 05:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZangoSA
    2008-02-25 15:49 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-02-25 15:49 --------- d-----w C:\Program Files\Windows Live
    2008-02-25 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-15 19:14 --------- d-----w C:\Program Files\DivX
    2008-02-15 17:00 --------- d-----w C:\Documents and Settings\Richard\Application Data\WeatherDPA
    2008-02-15 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    2008-02-15 16:59 --------- d-----w C:\Program Files\Zango
    2008-02-14 10:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\EBP
    2008-02-14 10:28 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{B33CBE2B-A739-401D-A5E0-041195C4A17B}
    2008-02-14 10:28 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{89D4E875-7884-4CC8-8BC6-730A6032D8F1}
    2008-02-14 10:28 --------- d-----w C:\Documents and Settings\Marc\Application Data\EBP
    2008-02-14 10:27 --------- d-----w C:\Program Files\Fichiers communs\EBP
    2008-02-14 10:27 --------- d-----w C:\Program Files\EBP
    2008-02-11 21:55 --------- d-----w C:\Documents and Settings\Richard\Application Data\teamspeak2
    2008-02-07 22:24 --------- d-----w C:\Documents and Settings\Invité\Application Data\VMNTOOLBAR
    2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
    2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2008-01-09 11:18 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-01-09 11:18 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-01-09 11:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-01-09 11:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-01-09 11:16 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-01-09 11:16 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-01-09 11:16 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-01-09 11:16 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-06-03 10:08 92,064 ----a-w C:\Documents and Settings\Marc\mqdmmdm.sys
    2007-06-03 10:08 9,232 ----a-w C:\Documents and Settings\Marc\mqdmmdfl.sys
    2007-06-03 10:08 79,328 ----a-w C:\Documents and Settings\Marc\mqdmserd.sys
    2007-06-03 10:08 66,656 ----a-w C:\Documents and Settings\Marc\mqdmbus.sys
    2007-06-03 10:08 6,208 ----a-w C:\Documents and Settings\Marc\mqdmcmnt.sys
    2007-06-03 10:08 5,936 ----a-w C:\Documents and Settings\Marc\mqdmwhnt.sys
    2007-06-03 10:08 4,048 ----a-w C:\Documents and Settings\Marc\mqdmcr.sys
    2007-06-03 10:08 25,600 ----a-w C:\Documents and Settings\Marc\usbsermptxp.sys
    2007-06-03 10:08 22,768 ----a-w C:\Documents and Settings\Marc\usbsermpt.sys
    2004-08-09 21:30 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    2006-05-29 14:40 7,296,000 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-05_14.10.14.15 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-04-06 13:38:46 102,400 ----a-r C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
    + 2008-04-06 13:40:19 307,200 ----a-r C:\WINDOWS\Installer\{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}\SafariIco.exe
    - 2007-12-04 14:56:02 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    + 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    - 2006-09-19 14:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
    + 2008-01-29 10:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
    + 2008-04-06 14:24:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_514.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 14:11 3497984]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016]
    "nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37 217088]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47 458752]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 07:06 29696 C:\WINDOWS\KHALMNPR.Exe]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 09:50 139264]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
    "CTHelper"="CTHELPER.EXE" [2004-03-11 16:50 28672 C:\WINDOWS\system32\CTHELPER.EXE]
    "CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-08-18 08:05 180269]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016]
    "EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 16:57 102400]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2006-04-11 16:44:07 573440]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSVideo8"= VfWWDM32.dll
    "msacm.scg726"= scg726.acm
    "msacm.lhacm"= lhacm.acm
    "VIDC.MJPG"= Pvmjpg21.dll
    "VIDC.PIM1"= pclepim1.dll
    "VIDC.I420"= lvcodec2.dll
    "MSVideo"= vfwwdm32.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Image Transfer.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Image Transfer.lnk
    backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
    backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
    --a------ 2004-12-14 02:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    --a------ 2005-06-23 20:33 57344 C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    --a------ 2005-01-27 02:02 86016 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    --a------ 2007-03-22 19:51 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2007-12-24 23:28 1266936 C:\Program Files\Valve\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2005-08-18 08:05 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\bejito78370\\counter-strike source\\hl2.exe"=
    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
    "C:\\Program Files\\Xfire\\Xfire.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\bejito78370\\day of defeat source\\hl2.exe"=
    "C:\\Program Files\\HLSW\\hlsw.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\bejito78370\\half-life 2 deathmatch\\hl2.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Valve\\Steam\\Steam.exe"=
    "C:\\StubInstaller.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Documents and Settings\\Richard\\LBZ\\lbzwin\\Lbzwin.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\Shareaza\\Shareaza.exe"=
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
    "C:\\Documents and Settings\\Richard\\Mes documents\\My Games\\lbzwin.exe"=
    "C:\\PVSW\\Bin\\w3dbsmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 04:00]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R2 EBP Pervasive.SQL;EBP Pervasive.SQL;C:\PVSW\Bin\WGE_SRV.exe [2006-12-07 17:08]
    S3 BulkUsb;Usbscan.Sys;C:\WINDOWS\system32\Drivers\usbscan.sys [2004-08-03 23:58]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-31 15:36:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2005-08-07 21:45:00 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-06 16:39:16
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-06 16:42:19
    ComboFix-quarantined-files.txt 2008-04-06 14:42:17
    Pre-Run: 68,072,345,600 octets libres
    Post-Run: 68,053,086,208 octets libres
    .
    2008-03-12 19:44:45 --- E O F ---




    HiJackThis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:57:06, on 06/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\PVSW\Bin\WGE_SRV.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PVSW\BIN\W3dbsmgr.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Richard\Mes documents\Programmes\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
    O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLaunch...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    6 Avril 2008 17:04:27

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

    --
    End of file - 11234 bytes



    En fait j'ai lancé 2 fois combofix car j'avais déjà lancé le programme en oubliant de retirer les protec résidentes dc je l'ai refait comme tu m'a dit après les avoir désactivées.
    Alors tu pense que je suis sur le bon chemin ?
    Merci encore ! ;) 
    6 Avril 2008 20:57:39

    Re,

    Yep on a bien avancé ;)  Une petite question cependant : Zango ça te dit quelque chose ?

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    ;) 
    7 Avril 2008 18:22:04

    Zango ne me disait rien mais après recherche j'ai trouvé que c'était un genre de logiciel espion merdique qui m'installait de strucs pr la météo et compagnie, bref une saloperie.


    Voici le rapport :

    Malwarebytes' Anti-Malware 1.10
    Version de la base de données: 597

    Type de recherche: Examen complet (A:\|C:\|)
    Eléments examinés: 233056
    Temps écoulé: 1 hour(s), 47 minute(s), 20 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 56
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 8
    Fichier(s) infecté(s): 36

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{34e29700-0d13-46aa-b9a5-ace68e21a091} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3661af2d-c27b-499c-9bcf-66c8502a3806} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{99123ac9-7dda-4c82-b252-44c2804bf392} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{08755390-f46d-4d09-968c-3430166b3189} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3f0915b8-b238-4c2d-ad1e-60db1e14d27a} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{ea58c2ea-be26-49dd-9b9a-c8e4e5ca7791} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{fca28ac5-c1e1-4d67-a5ae-c44d6c374d9f} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{0923208c-e259-4ed5-a778-cb607da350ad} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1230cf51-6bc4-4a23-b3f1-c7cf0afed619} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{4e8b851b-05b0-4baf-b24d-d0dfe88dded3} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{50c3e2b3-4fd7-4cb9-91f9-641a6e6b3689} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{62b0b239-f9ac-4a5b-bfae-62c7a23f7627} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{726f0ab9-b842-4ae4-90c7-230e233e6a99} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{99ccfb8c-6380-4a14-8fdd-ef3e7e95335d} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b9cc2b92-5611-453f-8381-8b6f72d9c0b8} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c4543e64-1498-410d-8e72-4744eea99ab9} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{229d2451-a617-4b30-b5e8-8138694240cb} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{49155dae-c471-40fa-98ee-b2b3cad115ce} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{4d783385-0dda-4188-a529-c97dc3d67cbd} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6e10479b-31e8-4a3b-81b1-ddaf39097f19} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e420a65f-9984-4b8c-9fa9-1ed69d3b0a13} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{9720de03-5820-4059-b4a4-639d5e52bd09} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{c23fa5a4-1fea-419f-8b14-f7465df062bc} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{ccc6e232-aa4c-4813-a019-9c14b27776b6} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b6f229d5-d789-4f31-9cb1-2c17aeeeccbb} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{83d1ddf4-e2fc-4dcb-9090-910b46efb706} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{83d1ddf4-e2fc-4dcb-9090-910b46efb706} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a8354bbc-7c87-454e-a653-5f6ff45e51f1} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a8354bbc-7c87-454e-a653-5f6ff45e51f1} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f8698018-cc4e-42f2-9cf2-4e28d45643bf} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f8698018-cc4e-42f2-9cf2-4e28d45643bf} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\zangosa (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Zango (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\Software\zango (Adware.180Solutions) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Zango 10.1.181.0 (Adware.Zango) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.1.181.0 (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.1.181.0\firefox (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.1.181.0\firefox\extensions (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.1.181.0\firefox\extensions\components (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.1.181.0\firefox\extensions\plugins (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\axmfr.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\eqmycdql.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\fvsyct.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Documents and Settings\Richard\crack.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Documents and Settings\Richard\patch.exe.vir (Dialer) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Program Files\Helper\1206748116.dll.vir (Adware.E404) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\jfiehayd.dll.vir (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1226\A0223159.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1226\A0223230.dll (Adware.E404) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1228\A0223806.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1228\A0223807.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1228\A0223808.exe (Dialer) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1228\A0223809.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1228\A0223810.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1228\A0223811.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\VundoFix Backups\urqnljg.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.1.181.0\arrow.ico (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.1.181.0\copyright.txt (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.1.181.0\InstIE.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.1.181.0\link.ico (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.1.181.0\Srv.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.1.181.0\Wallpaper.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.1.181.0\Weather.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.1.181.0\WeSkin.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.1.181.0\ZangoSAAX.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.1.181.0\ZangoSADF.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.1.181.0\ZangoUninstaller.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.1.181.0\firefox\extensions\chrome.manifest (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.1.181.0\firefox\extensions\install.rdf (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.1.181.0\firefox\extensions\components\npclntax.xpt (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.1.181.0\firefox\extensions\plugins\npclntax_ZangoSA.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat (Adware.Zango) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht (Adware.Zango) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> Quarantined and deleted successfully.


    Je pense qu'il m'a tout viré, ça marche impecc et plus aucun signe d'infection...
    Alors it's over ?
    7 Avril 2008 20:47:19

    Re,

    Oui on a bien avancé :) 

    Poste un rapport hijackthis pour qu'on puisse faire les finissions.

    ;) 
    7 Avril 2008 21:34:19

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:34:13, on 07/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\PVSW\Bin\WGE_SRV.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PVSW\BIN\W3dbsmgr.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Richard\Mes documents\Programmes\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-1674182061-2924136104-2798263571-1007\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (User 'Marc')
    O4 - HKUS\S-1-5-21-1674182061-2924136104-2798263571-1007\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'Marc')
    O4 - HKUS\S-1-5-21-1674182061-2924136104-2798263571-1007\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Marc')
    O4 - HKUS\S-1-5-21-1674182061-2924136104-2798263571-1007\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\Richard\LOCALS~1\Temp\winlogan.exe (User 'Marc')
    O4 - HKUS\S-1-5-21-1674182061-2924136104-2798263571-1007\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Marc\LOCALS~1\Temp\csrssc.exe (User 'Marc')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-21-1674182061-2924136104-2798263571-1007 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Marc')
    O4 - S-1-5-21-1674182061-2924136104-2798263571-1007 User Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Marc')
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
    O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLaunch...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

    --
    End of file - 12441 bytes
    7 Avril 2008 23:40:09

    Un p'tit UP pour remettre mon messager en 1ère page ^^
    8 Avril 2008 16:13:56

    Re,

    Pas besoin de uper pour remettre en première page, tu upes si pas de réponse après 24h environ :) 

    Hum... il semblerait qu'il y ait une nouvelle infection, du moins tu es toujours infécté(e). Fais attention à ce que tu fais sur le net ; je t'invite à cliquer sur le lien dans ma signature :) 

    /!\ Si tu as Spybot désactive le tea-timer le à chaque manip' que je vais te faire faire /!\

    Télécharge MsnFix (de !aur3n7) sur ton Bureau. (>>Tuto<<)
    Dézippe-le sur ton bureau.

    Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat. (L’extension bat peut ne pas apparaître)
    - Exécute l'option R.
    - Si l'infection est détectée, presse une touche pour lancer le nettoyage. (N)

    Si tu dois redémarrer l’ordinateur fais le manuellement.

    Poste le rapport situé dans le dossier MSNFix.
    Le nom du rapport correspond au moment de sa création : date_heure.log

    Note : Si tu obtiens un fichier zip d’upload sur ton bureau, fais ceci

    ;) 
    8 Avril 2008 20:41:49

    MSNFix 1.701

    C:\Documents and Settings\Richard\Bureau\MSNFix
    Fix exécuté le 08/04/2008 - 20:39:19,35 By Richard
    mode normal

    ************************ Recherche les fichiers présents

    Aucun Fichier trouvé

    ************************ Recherche les dossiers présents

    Aucun dossier trouvé


    ************************ Fichiers suspects

    Aucun Fichier trouvé


    ************************ HKLM\...\Winlogon\Userinit

    Userinit = C:\WINDOWS\system32\userinit.exe,


    ------------------------------------------------------------------------
    Auteur : !aur3n7 Contact: http://changelog.fr
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------






    Bizarre, il semblerait qu'il n'y ait rien...
    Que faire, es-tu sur qu'il y a encore une infection parce que moi je n'ai plus aucun message d'alerte et tout semble fonctionner ;) 
    8 Avril 2008 22:24:46

    Re,

    Hum... reposte un hijackthis pour voir, je vais te montrer ce qui me gêne ;) 

    J'attends un nouveau rapport hijackthis afin de faire le point.

    Mais de toutes manières on a bientôt fini.

    ;) 
    8 Avril 2008 22:28:18

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:28:15, on 08/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\PVSW\Bin\WGE_SRV.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PVSW\BIN\W3dbsmgr.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Richard\Mes documents\Programmes\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-1674182061-2924136104-2798263571-1007\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (User 'Marc')
    O4 - HKUS\S-1-5-21-1674182061-2924136104-2798263571-1007\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'Marc')
    O4 - HKUS\S-1-5-21-1674182061-2924136104-2798263571-1007\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Marc')
    O4 - HKUS\S-1-5-21-1674182061-2924136104-2798263571-1007\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\Richard\LOCALS~1\Temp\winlogan.exe (User 'Marc')
    O4 - HKUS\S-1-5-21-1674182061-2924136104-2798263571-1007\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Marc\LOCALS~1\Temp\csrssc.exe (User 'Marc')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-21-1674182061-2924136104-2798263571-1007 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Marc')
    O4 - S-1-5-21-1674182061-2924136104-2798263571-1007 User Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Marc')
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
    O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLaunch...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

    --
    End of file - 12441 bytes
    8 Avril 2008 22:46:37

    .
    8 Avril 2008 22:48:04

    Re,

    Citation :
    O4 - HKUS\S-1-5-21-1674182061-2924136104-2798263571-1007\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\Richard\LOCALS~1\Temp\winlogan.exe (User 'Marc')
    O4 - HKUS\S-1-5-21-1674182061-2924136104-2798263571-1007\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Marc\LOCALS~1\Temp\csrssc.exe (User 'Marc')


    Ca c'est mauvais :) 

    Télécharger OTMoveIt2 par OldTimer.

  • Enregistrer ce fichier sur le Bureau.
  • Faire un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  • Copier les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    C:\DOCUME~1\Richard\LOCALS~1\Temp\*.* /s
    C:\DOCUME~1\Marc\LOCALS~1\Temp\*.* /s

  • Retourne dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Custom List Of Files/Patterns To Move" (sous la barre jaune) puis choisis Coller.
  • Cliquer sur le bouton rouge Moveit!.
  • Copier tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
  • Fermer OTMoveIt2

    Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.

    Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.

    ;) 
    9 Avril 2008 00:02:52

    < C:\DOCUME~1\Richard\LOCALS~1\Temp\*.* /s >
    C:\DOCUME~1\Richard\LOCALS~1\Temp\a4ba_appcompat.txt moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\Adobelm_Cleanup.0001 moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\BsSndRpt.ini moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\bugsplat.log moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\jusched.log moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\LVCOMSX.LOG moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\VeohTV662H3CN3.dmp moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\VeohTV7T3D0KD7.dmp moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\VeohTVDSNH1871.dmp moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\VeohTVF6J12RK3.dmp moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\VeohTVIBJT3SA5.dmp moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\VeohTVK45D56S3.dmp moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\VeohTVS4IP3NU1.dmp moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\wmplog00.sqm moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\~DF3E05.tmp moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\~DF5D82.tmp moved successfully.
    File move failed. C:\DOCUME~1\Richard\LOCALS~1\Temp\~DF6202.tmp scheduled to be moved on reboot.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\~DF752A.tmp moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\~DF7B4A.tmp moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\~DF97E3.tmp moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\~DFE1EE.tmp moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\{6739F89E-B146-4CCA-A914-CB88CC3BB11E}\ISSetup.dll unregistered successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\{6739F89E-B146-4CCA-A914-CB88CC3BB11E}\ISSetup.dll moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\{6739F89E-B146-4CCA-A914-CB88CC3BB11E}\setup.exe moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\{6739F89E-B146-4CCA-A914-CB88CC3BB11E}\Setup.INI moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\{6739F89E-B146-4CCA-A914-CB88CC3BB11E}\setup.isn moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\{6739F89E-B146-4CCA-A914-CB88CC3BB11E}\_ISMSIDEL.INI moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\Adobelm_Cleanup.0001.dir.0001\~efe2.tmp moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\MessengerCache\4pfpna1HfX7Abe4At1HevRKUps4= moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\MessengerCache\b8w6RzfaejFj2Fwwon20MMWcNuS4= moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\MessengerCache\Hkk9lKxSqW5bITDsRQlUj1Pye1E= moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\MessengerCache\iYx45mr7tmy2eyX2FeY3PUDPUzuo= moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\MessengerCache\QwMUXQeFTbyA3F24d24EBjJl8WY= moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\MessengerCache\tSo2Oph+0f9XbkDk9HwZedbRYAk= moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\MessengerCache\VwwIqUWigcrB4BfnZ+72nL6l4NU= moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\MessengerCache\YWTA2FHxoVSNYQ1SsykQB4PZ0kvU= moved successfully.
    C:\DOCUME~1\Richard\LOCALS~1\Temp\MessengerCache\Yyr9k9X7ll6IuYKCCFxL9pzVEIM= moved successfully.
    < C:\DOCUME~1\Marc\LOCALS~1\Temp\*.* /s >
    C:\DOCUME~1\Marc\LOCALS~1\Temp\Adobelm_Cleanup.0001 moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\jusched.log moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\LVCOMSX.LOG moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\slu65.tmp moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\slu66.tmp moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\slu67.tmp moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\TWAIN.LOG moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\Twain001.Mtx moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\Twunk001.MTX moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\Twunk002.MTX moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\Adobelm_Cleanup.0001.dir.0000\~efe2.tmp moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\Adobelm_Cleanup.0001.dir.0001\~efe2.tmp moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\MessengerCache\9vjCmyivfwaB8yR02tpJf5KrsJ0= moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\MessengerCache\b6Ynmzyj83zpKaVldgY9SEAbzAI= moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\MessengerCache\IKQU2FjthBut9Z3cCg4FOVgIToZY= moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\MessengerCache\JRm1weEO9k5A4yRVP8Dlp0GFzAA= moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\MessengerCache\kSQpvsYEWaLZpVHT+7gWTxOIRiw= moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\MessengerCache\l5V+HdlRBv7zW9dj2vB4JAKcms0= moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\MessengerCache\lIz6pOKfiO2tKfdhP8IlipvCvlo= moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\MessengerCache\mh0qYCjvHlM5IGf44qi8GfFU1xg= moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\MessengerCache\tH2F+aVXOHTICqYb6Enh2FYd2HHEs= moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\MessengerCache\U0F33ze2Fkh0QB4deuEzMCFKRIQ= moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\MessengerCache\vf+YLZ6ngv11OBJn+WSJgd+Y76U= moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\MessengerCache\w2FmfzZTp6TPPxQ6V4lnAzuGNhII= moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\MessengerCache\wEsPga6bJVE5FAYw0UcLoLjCpHY= moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\MessengerCache\Ws3vO6ykBPqrZn9rHzoSX82FDWGc= moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\MessengerCache\wX+Se6sYUBDqG42FHcYpVOFJWaA4= moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\MessengerCache\xZ9sO+kEsEC2FlgUbNnFEArUvSLI= moved successfully.
    C:\DOCUME~1\Marc\LOCALS~1\Temp\VBE\MSForms.exd moved successfully.

    OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04082008_230425

    Files moved on Reboot...
    C:\DOCUME~1\Richard\LOCALS~1\Temp\~DF6202.tmp moved successfully.
    9 Avril 2008 18:06:19

    :hello: 

    Relance HijackThis, clique sur "do a system scan only", coche ces lignes ( si présentes ) puis clique sur "Fix Checked" et referme HijackThis :

    O4 - HKUS\S-1-5-21-1674182061-2924136104-2798263571-1007\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\Richard\LOCALS~1\Temp\winlogan.exe (User 'Marc')
    O4 - HKUS\S-1-5-21-1674182061-2924136104-2798263571-1007\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Marc\LOCALS~1\Temp\csrssc.exe (User 'Marc')


    Redémarre le PC et poste un nouveau rapport hijackthis.

    ;) 
    9 Avril 2008 19:35:50

    Aucune de ces lignes n'est présente, je fais quoi ?
    10 Avril 2008 18:46:46

    Re,

    Tu postes un nouveau rapport hijackhtis, et tu me dis tu estimes ton problème résolu ;à
    10 Avril 2008 19:26:12

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:24:53, on 10/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\PVSW\Bin\WGE_SRV.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PVSW\BIN\W3dbsmgr.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Richard\Mes documents\Programmes\HiJackThis.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-1674182061-2924136104-2798263571-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Françoise')
    O4 - HKUS\S-1-5-21-1674182061-2924136104-2798263571-1006\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\Richard\LOCALS~1\Temp\winlogan.exe (User 'Françoise')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
    O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLaunch...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

    --
    End of file - 11744 bytes



    Est-ce que mon PC est clean, ça je n'en sais rien.
    Par contre je n'ai plus les alertes de trojan que j'avais lorsque j'ai demandé ton aide donc de ce pt de vue là je suis satisfait et je te remercie 10 000 fois =)
    10 Avril 2008 19:31:33

    :hello: 

    Oki, bonne nouvelle :super: On va maintenant finaliser la désinfection.

    Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

    Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
    Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

    Télécharge et installe Antivir. (tuto)
    Pourquoi changer ? Avast vs Antivir
    Vérifie qu’il soit bien à jour ! Fais une analyse complète en mode sans échec, sauvegarde le rapport et poste le moi.

    ;) 
    10 Avril 2008 21:02:57

    Alors pour CCleaner ça fait déjà un moment que je l'utilise donc il est à jour et j'vais le lancer ;) 
    Par contre concernant l'Antivirus, à part toi, tout le monde me conseille avast! que je connais bien de plus alors je suis embeté...
    Tu me confirme qu'AntiVir est bien mieux ? Il a l'air plus performant en antivirus pur mais ne s'occupe pas de mails
    Sinon j'ai mon firewall windows activé mais me conseille tu d'en télécharger un comme Zone Alarm ?
    10 Avril 2008 21:36:56

    Bon en fait après recherche je pense mettre AntiVir donc j'attends une ultime confirmation d'ta part et ta réponse pour un autre pare-feu. ;) 

    Ça n'a ptet rien à voir mais dans le dossier ma Musique, les noms de mes dossiers n'apparaissent pas en dessous alors que c'est le cas partout même dans les sous-dossiers de ma Musique. Je ne vois pas à quoi cela est du ?
    10 Avril 2008 23:42:28

    Re,

    Pour antivir, comme tu l'as constaté par toi-même, il est très bien, plus performant qu'avast!.

    Moi je teste ZoneAlarme depuis peu et pour le moment j'en suis satisfait.

    J'attends donc le rapport du scan avec antivir pour passer à la suite.

    Bonne nuit, à demain :hello: 
    12 Avril 2008 02:04:44

    Bon, j'ai bien viré avast et installé AntiVir ainsi que ZoneAlarm.
    J'ai fait 2 scans complets en fait mais aucun en mode sans échec j'avais complètement oublié :S
    Je te poste donc les deux rapports et si ça ne va pas je relancerai un scan.
    AntiVir est une version d'évaluation que je vais devoir retélécharger tous les mois ? Et pour ZoneAlarm j'ai laissé comme tel et je n'ai rien paramétré, me conseille tu qq modifs?

    1er scan :



    AntiVir PersonalEdition Classic
    Report file date: vendredi 11 avril 2008 01:02

    Scanning for 1193728 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: Richard
    Computer name: PC

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 23:01:21
    ANTIVIR2.VDF : 7.0.3.127 649216 Bytes 07/04/2008 23:01:21
    ANTIVIR3.VDF : 7.0.3.150 135168 Bytes 10/04/2008 23:01:21
    AVEWIN32.DLL : 7.6.0.84 3461632 Bytes 10/04/2008 23:01:21
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 10/04/2008 23:01:22
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

    Configuration settings for the scan:
    Jobname..........................: Local Drives
    Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: E:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: vendredi 11 avril 2008 01:02

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'searchfilterhost.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'searchprotocolhost.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
    Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
    Scan process 'KEM.exe' - '1' Module(s) have been scanned
    Scan process 'VeohClient.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'EEventManager.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'CTDVDDET.exe' - '1' Module(s) have been scanned
    Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned
    Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
    Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
    Scan process 'issch.exe' - '1' Module(s) have been scanned
    Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
    Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
    Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'w3dbsmgr.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'MDM.EXE' - '1' Module(s) have been scanned
    Scan process 'IAANTMon.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'WGE_SRV.exe' - '1' Module(s) have been scanned
    Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
    Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    55 processes with 55 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'H:\'
    [NOTE] No virus was found!
    Boot sector 'A:\'
    [NOTE] In the drive 'A:\' no data medium is inserted!

    Starting to scan the registry.
    The registry was scanned ( '45' files ).


    Starting the file scan:

    Begin scan in 'C:\' <Disque dur PC>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Marc\Mes documents\Programmes\Nero\Nero_Burning_ROM_Ultra_Edition_v6.6.0.1.zip
    [0] Archive type: ZIP
    --> cr-n6601.exe
    [DETECTION] Contains detection pattern of a probably damaged sample CC/00233
    [INFO] The file was deleted!
    C:\Documents and Settings\Richard\Mes documents\Ma musique\Albums à trier\Ice Cube 1991 - Death Certificate.rar
    [0] Archive type: ACE
    --> ICE CUBE - DEATH CERTIFICATE - 192kbps[Brckenesel]\death20.mp3
    [WARNING] Error creating the file
    --> ICE CUBE - DEATH CERTIFICATE - 192kbps[Brckenesel]\death17.mp3
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    C:\Documents and Settings\Richard\Mes documents\Ma musique\Albums à trier\Outkast.-.Atliens.-.1996.-MP3.Full.Album-.Blacksounds.De.Tf.-192kbps.ace
    [0] Archive type: ACE
    --> ATliens - Outkast\09 - Outkast - Wailinï.mp3
    [WARNING] Error creating the file
    --> ATliens - Outkast\10 - Outkast - Mainstream.mp3
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    C:\Program Files\Visicom Media\GifMovieGear 4\vmntoolbar\vmntoolbarsetup1.7_en.exe
    [DETECTION] Contains detection pattern of the dropper DR/MegaSearch.N.25
    [INFO] The file was moved to '486cc2be.qua'!
    C:\QooBox\Quarantine\catchme2008-04-06_160928.89.zip
    [0] Archive type: ZIP
    --> Documents and Settings/Richard/Bureau/catchme.zip
    [1] Archive type: ZIP
    --> zdegpig.ini
    [DETECTION] Is the Trojan horse TR/Rootkit.Gen
    [INFO] The file was moved to '4872c2ec.qua'!
    C:\QooBox\Quarantine\C\Program Files\ShoppingReport\Uninst.exe.vir
    [DETECTION] Contains detection pattern of the dropper DR/MartShop.2
    [INFO] The file was moved to '4867c32f.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\zdegpig.ini.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was deleted!
    Begin scan in 'H:\'
    Search path H:\ could not be opened!
    Le chemin d'accès spécifié est introuvable.

    Begin scan in 'A:\'
    Search path A:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'D:\'
    Search path D:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'E:\'
    Search path E:\ could not be opened!
    Le périphérique n'est pas prêt.



    End of the scan: vendredi 11 avril 2008 04:01
    Used time: 2:59:22 min

    The scan has been done completely.

    18392 Scanning directories
    635325 Files were scanned
    5 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    2 files were deleted
    0 files were repaired
    3 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    635320 Files not concerned
    11523 Archives were scanned
    8 Warnings
    3 Notes


    2ème scan :

    Il est bien trop long et n'est pas supporté par la page internet (j'avais demandé un rapport complet mais c'est bien trop gros...)


    J'attends donc de voir si cela te covient sinon je relance une analyse en mode sans échec et avec un rapport standard
    12 Avril 2008 11:36:50

    Re,

    Poste-moi plutôt un nouveau rapport hijackthis et dis-moi comment va le PC ;) 

    Sinon Antivir est gratuit pendant 8 bons mois il me semble et après la licence expire, donc tu le supprime et retélécharge, ou tu achètes la version payante ( 20$ ).

    Pour zone alarme tu trouveras des aides sur le net grâce à une recherche sur google.

    ;) 
    12 Avril 2008 12:36:46

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:35:23, on 12/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\PVSW\Bin\WGE_SRV.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PVSW\BIN\W3dbsmgr.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Richard\Mes documents\Programmes\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
    O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLaunch...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 11526 bytes



    Le PC se porte plutôt bien, aucun problème rencontré sauf que j'ai perdu les légendes des dossiers dans Ma Musique xD
    Pas d'utilité spéciale à acheter la version payante? Sinon autant investir dans Kapersky ^^
    Merci pour tout ;) 
    12 Avril 2008 14:58:06

    Re,

    Et bien la version payant est plus complète, et elle coûte moins chère que Kaspersky il me semble, mais après c'est à toi de voir :super:

    C’est OK, tu n’es plus infecté(e) :p 

    1) Télécharge ToolsCleaner sur ton bureau.
    http://www.commentcamarche.net/telecharger/toolscleaner...

    Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.

  • Clique sur Recherche et laisse le scan agir ...
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    2) Télécharge et installe Ccleaner :
    http://www.01net.com/telecharger/windows/Utilitaire/net...
  • Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Clique sur l'onglet "Nettoyeur" puis sur "Lancer le Nettoyage".
  • Ensuite clique sur l'onglet Registre, clique sur "Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées". Il est inutile de faire des sauvegardes des clés. Répète l'opération autant de fois qu'il le faut jusqu'à qu'il ne trouve plus d'erreurs.
  • Tutorial ici : http://www.infos-du-net.com/forum/272336-7-ccleaner-und...
    3)
  • Désactive ta restauration systeme

  • Réactive ta restauration systeme

  • Tutorial ici : http://www.infos-du-net.com/forum/272480-11-desactiver-...
    ********************************************************************************

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Ce serait sympa de rapporter ton infection sur > Malware-Complaints < pour faire condamner ses auteurs

    - Règles du forum <- ici
    - Poster un message <- ici ( par Malekal )

    Pour t'enregistrer clique sur le bouton register ( en haut )
    Si tu as plus de 13 ans choisis " I Agree to these terms and am over or exactly 13 years of age "
    Si tu as moins de 13 ans choisis " I Agree to these terms and am under 13 years of age "

    Tu auras une liste par type d'infection
    Si ton infection n'est pas dans la liste crée un message dans Autres infections

    a+ et bon surf :hello: 


    Quelques liens intéressants :

    http://mickael.barroux.free.fr/securite/
    http://www.malekal.com/
    http://www.infos-du-net.com/forum/275481-11-dossier-pre...
    12 Avril 2008 17:58:16

    Je me suis servi de ToolsCleaner pour les options facultatives ms le programme plante dès que je lance la recherche. Mais j'avais enlevé manuellement tous les programmes que tu m'avait fait installé donc c'est peut-être lié.
    Sinon j'ai fait tout ce que tu m'as dit !
    Merci vraiment ça m'a bien aidé j'aurai jamais fait ça tout seul !
    @ bientôt peut-être =)
    12 Avril 2008 20:04:47

    Re,

    De rien ce fut un plaisir !

    Rapporte ton infection sur malware complain si ce n'est pas fait, c'est important ;) 

    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Bonne continuation :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS