Sujet Précédent Sujet Suivant

Besoin d'aide message "critical error"

Résolu/Fermé
azidil2008 Messages postés 60 Date d'inscription dimanche 27 juillet 2008 Statut Membre Dernière intervention 29 mars 2012 - 27 juil. 2008 à 17:34
 Utilisateur anonyme - 27 juil. 2008 à 21:30
Bonjour,
je crois que mon pc est infecté par un virus, le message "critical error" s'affiche à chaque fois que je parcours mon disque dur et même si j'annule le message il se connécte automatiquement à un site soit disant pour désinfecté mon PC .

alors j'ai lancé un analyse complète du disque dur avec mon antivirus AVG + AVAST mais sans succés

j'ai utilisé hijackthis et le fichier log est le suivant :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:35:14, on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zango\bin\10.3.70.0\OEAddOn.exe
C:\Program Files\Zango\bin\10.3.70.0\ZangoSA.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Zango\bin\10.3.70.0\Weather.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
D:\down\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.menara.ma/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.70.0\HostIE.dll
O2 - BHO: BHO5 - {9873E994-669E-4044-BA64-E5D9AD534A55} - C:\WINDOWS\system32\sofiebho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.70.0\HostIE.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [saap] c:\program files\emule lite\saap.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.70.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.70.0\ZangoSA.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.70.0\Weather.exe" -auto
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B534171-88EC-466E-864C-65FF1CA90CDF}: NameServer = 196.217.246.210 212.217.0.13
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

13 réponses

Réponse 1 / 13
Utilisateur anonyme
27 juil. 2008 à 17:38
Salut


Telecharge malwarebytes

-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log

0
Réponse 2 / 13
azidil2008 Messages postés 60 Date d'inscription dimanche 27 juillet 2008 Statut Membre Dernière intervention 29 mars 2012
27 juil. 2008 à 19:02
merci grâce à vous j'ai pu le désinfecté.
le rapport final est le suivant :

Malwarebytes' Anti-Malware 1.23
Version de la base de données: 998
Windows 5.1.2600 Service Pack 2

17:51:43 27/07/2008
mbam-log-7-27-2008 (17-51-43).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 74763
Temps écoulé: 48 minute(s), 50 second(s)

Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 130
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 19
Fichier(s) infecté(s): 44

Processus mémoire infecté(s):
C:\Program Files\Zango\bin\10.3.70.0\ZangoSA.exe (Adware.180Solutions) -> Unloaded process successfully.
C:\Program Files\Zango\bin\10.3.70.0\OEAddOn.exe (Adware.180Solutions) -> Unloaded process successfully.
C:\Program Files\Zango\bin\10.3.70.0\Weather.exe (Adware.180Solutions) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\sofiebho.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\Zango\bin\10.3.70.0\HostOE.dll (Adware.180Solutions) -> Delete on reboot.
c:\program files\Zango\bin\10.3.70.0\zangosahook.dll (Adware.180Solutions) -> Delete on reboot.
C:\Program Files\Zango\bin\10.3.70.0\WeSkin.dll (Adware.180Solutions) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\TypeLib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4937d5d1-2039-409a-bd83-fec9b39b2356} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9873e994-669e-4044-ba64-e5d9ad534a55} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9873e994-669e-4044-ba64-e5d9ad534a55} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0729f461-8054-47dc-8d39-a31b61cc0119} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{40ca90f3-4098-4877-ae87-23eb612b18c7} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4c3b62af-ca25-4fba-8405-32e44f83bb6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5a635a91-c303-45c9-8db9-f759d98a3b9d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7e335d04-2e6e-4d0e-a921-c3d9192e7121} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{99ccfb8c-6380-4a14-8fdd-ef3e7e95335d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b20d7add-989c-4bc0-a797-f6fe7998efd7} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bfc20a15-b0ac-44cc-a25a-a7039014ba9f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f019aec4-4c95-46de-a107-e302473e3b9a} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2d00aa2a-69ef-487a-8a40-b3e27f07c91e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{86c5840b-80c4-4c30-a655-37344a542009} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{a57470de-14c7-4fcd-9d4c-e5711f24f0ed} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2557dd3f-23a0-477c-bcd8-90fd0aecc4b8} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2893116c-a176-42b1-8794-da8c9fc45564} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{99fdca0c-7380-4e9c-8d99-5dc4750334ef} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b1d9f4b1-b9ff-463f-bf15-ab9cb26160f7} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{71f731b3-008b-4052-9ea4-4145acce40c3} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8292078f-f6e9-412b-8eb1-360c05c5ece5} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2447e305-5e90-42a8-bd1e-0bc333b807e1} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50d2fdcc-2707-49cb-8223-7fe0424909aa} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{878ce013-7ba9-4650-a78c-b2234c0c1648} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a5b6fa30-d317-41ca-9cb1-c898d3c7f34e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cc19a5f2-b4ad-41d5-a5c9-0680904c1483} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{148e1447-c728-48fd-beec-a7d06c5fff58} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ee46f55-1ce1-4db9-811a-68938ec7f3dd} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a87dfd99-cf81-4241-85ce-881e0026b686} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c96b9fae-a032-4100-bb47-32ef05e28be4} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{14113b47-d59c-4f0f-9d10-ff1730265584} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9c42a57-421c-4572-8b12-249c59183d1c} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{89085678-632d-4deb-bda0-cd912c63203e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30b15818-e110-4527-9c05-46ace5a3460d} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{618aad04-921f-44c2-be38-c0818af69861} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5d2ed96-62f9-4c2c-956d-e425b1f67337} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d3a412e8-1e4b-47d2-9b12-f88291f5afbb} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3788e535-897b-463d-b6d6-fee5b86ec144} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3788e535-897b-463d-b6d6-fee5b86ec144} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d3f940ea-4e87-423b-9091-934e1e4fceae} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d3f940ea-4e87-423b-9091-934e1e4fceae} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{03d7ff6e-9781-40b5-bb7f-94291a361604} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3ceb04ab-08af-45f4-81b4-70d13c1f7b85} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a7213d71-47e1-4832-92d7-d61dfe9f231f} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf82f350-e1c4-4916-ac12-ba73db60afb7} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c62a9e79-2b52-439b-af57-2e60bb06e86c} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{15fd8424-d12a-4c51-8c6c-d5d57b80f781} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{67b3becf-7b6f-42b2-99f0-f7656f89cffa} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{715ffd42-4e05-4eab-9513-c8daa5395ae2} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{759d6f7c-8d30-45b6-abea-fa51c190eed5} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9a4a64a4-a2fb-48fa-9bba-1ac50267695d} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{62906e60-bce2-4e1b-9ed0-8b9042ee15e4} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9bfa98d-9935-4ea4-a05a-72c7f0778f02} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{abec1835-3181-4abd-8dde-875aec4df6d2} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0af9a087-0cbf-46b2-9dc9-52d0d16b5ab6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{a56fe01c-77c4-4f5e-8198-e4b72207890a} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{af55160d-cde1-4a8b-8001-66da06bee740} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IEAntiVirus (Rogue.IEAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE AntiVirus (Rogue.IEAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\saap (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Zango (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\zango (Adware.180Solutions) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zangosa (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zangooe (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weatherdpa (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.70.0 (Adware.Zango) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Zango (Adware.180Solutions) -> Delete on reboot.
C:\Program Files\Zango\bin (Adware.180Solutions) -> Delete on reboot.
C:\Program Files\Zango\bin\10.3.70.0 (Adware.180Solutions) -> Delete on reboot.
C:\Program Files\Zango\bin\10.3.70.0\firefox (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.70.0\firefox\extensions (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.70.0\firefox\extensions\components (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.70.0\firefox\extensions\plugins (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\IEAntiVirus (Rogue.IEAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\saad\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\saad\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\saad\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\saad\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\saad\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\saad\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\sofiebho.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\Zango\bin\10.3.70.0\CoreSrv.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\domiebho.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\domie.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\saad\Local Settings\Temp\gvmebkzt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\down\backups\backup-20080727-153949-749.dll (Adware.Shopper) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.70.0\arrow.ico (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.70.0\copyright.txt (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.70.0\HostIE.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.70.0\HostOE.dll (Adware.180Solutions) -> Delete on reboot.
C:\Program Files\Zango\bin\10.3.70.0\HostOL.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.70.0\CntntCntr.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.70.0\ZangoSA.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.70.0\ZangoSAAX.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.70.0\ZangoSADF.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.70.0\ZangoSAHook.dll (Adware.180Solutions) -> Delete on reboot.
C:\Program Files\Zango\bin\10.3.70.0\ZangoUninstaller.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.70.0\link.ico (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.70.0\OEAddOn.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.70.0\Srv.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.70.0\Toolbar.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.70.0\Wallpaper.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.70.0\Weather.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.70.0\WeSkin.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.70.0\firefox\extensions\install.rdf (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.70.0\firefox\extensions\chrome.manifest (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.70.0\firefox\extensions\components\npclntax.xpt (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.70.0\firefox\extensions\plugins\npclntax_ZangoSA.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\IEAntiVirus\ieav.db2 (Rogue.IEAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\IEAntiVirus\ieav.db3 (Rogue.IEAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\IEAntiVirus\uninst.exe (Rogue.IEAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\saad\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\saad\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\saad\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\saad\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\saad\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\saad\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\saad\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> Quarantined and deleted successfully.
0
Réponse 3 / 13
Utilisateur anonyme
27 juil. 2008 à 19:05
réouvre malewarebyte
va sur quarantaine
supprime tout

refais un scan hijackthis et post le rapport stp
0
Réponse 4 / 13
azidil2008 Messages postés 60 Date d'inscription dimanche 27 juillet 2008 Statut Membre Dernière intervention 29 mars 2012
27 juil. 2008 à 19:30
c'est fait.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:21, on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Explorer.EXE
D:\down\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.menara.ma/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [saap] c:\program files\emule lite\saap.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B534171-88EC-466E-864C-65FF1CA90CDF}: NameServer = 196.217.246.210 212.217.0.13
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 13
Utilisateur anonyme
27 juil. 2008 à 19:37
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe




-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

0
Réponse 6 / 13
azidil2008 Messages postés 60 Date d'inscription dimanche 27 juillet 2008 Statut Membre Dernière intervention 29 mars 2012
27 juil. 2008 à 20:17
ComboFix 08-07-26.1 - saad 2008-07-27 19:01:49.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.171 [GMT 2:00]
Endroit: D:\down\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Reset Cursor.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Weather.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Customer Support Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Games!.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Library.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Screensavers!.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Uninstall Instructions.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\Zango Videos!.lnk
C:\Documents and Settings\saad\Application Data\WeatherDPA
C:\Documents and Settings\saad\Application Data\WeatherDPA\Weather\WeatherStartup.xml
C:\Documents and Settings\saad\Application Data\Zango
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]30104_emte10_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]30104_emte11_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]30104_emte12_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]30104_emte13_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]30104_emte14_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]30104_emte19_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]30104_emte20_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]30104_emte21_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]30104_emte9_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]30203lib_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]33102angel_1_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]33102bigluf_1_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]33102bigsmile_1_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]33102birthday_1_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]33102cheers_1_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]33102flo_1_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]33102good_1_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]33102jump_1_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]33102king_1_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]33102lough_1_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]33102luf_1_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]33102smile_1_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]33102smiled_1_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]33102sor_1_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]33102thanx_1_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]33102uhu_1_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]40103ahh_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]40103wow_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]40104_emi2_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]42102_1134_112_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]50103big_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]50103gig_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]50103hm_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]50103nomail_emoti_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]50103norm_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]60104_ema15_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]60104_ema16_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]60104_ema17_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]60104_ema18_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]60104_ema19_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]60104_ema20_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]60104_ema21_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]60104_ema24_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]60104_ema25_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]60104_ema26_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]60104_ema30_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]60104_ema33_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]60104_ema34_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]62802hippi_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]62802jumpie_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]80402argh_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]80402oops_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]80402ouch_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]82502no_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\[u]0[/u]82502yes_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\110103_boring1_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\110103_confused_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\110103_crying_ugly_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\110103_fantastic_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\110103_feel_better_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\110103_gimme_break_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\110103_heehee_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\110103_hlopaet_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\110103_ign_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\110103_lol_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\110103_no_comment_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\110103_peace_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\110103_smashing_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\110103_talk2thehand_prv.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\avatar.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\block_sm.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\block_sm2.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\block_smli.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\block_smli2.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\blocked.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\blocked2.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\btn_add-but.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\btn_back-but.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\btn_left_cut_enabled_1.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\btn_left_enabled_1.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\btn_left_pressed_1.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\btn_middle_enabled_1.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\btn_middle_pressed_1.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\btn_right_cut_enabled_1.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\btn_right_enabled_1.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\btn_right_pressed_1.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\business_promo.htm
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\buttondir.txt
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\components.cdf
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\css_cattree.css
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\css_flashpreview.css
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\css2_main.css
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\css2_pagingmodule.css
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\css2_topbuttons.css
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\cursors.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\delete.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\edit_clear_sound.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\edit_fs.htm
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\edit_select.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-511724-543450.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-511724-589306.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-511724-591943.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-511724-592579.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-511724-598579.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-511724-603763.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-511724-9696.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-511745-514279.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-backgrounds.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-bcards.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-ecards.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-emoticons.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-estationery.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-funny.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-help.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-images.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-info.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-more.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-my.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-new.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-new2.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-options.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-people.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-photo.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-tell.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-temp.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-text.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def-email-voice.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-def.cdf
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-premium-email-premium.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-t1-bg.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\email-temp-bg.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\estatationery.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\flashpatch.js
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\flashpreview.htm
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\fs3.htm
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\hotbar_promo.htm
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\icon_checked_1.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\icon_close_1.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\icon_close_pressed_1.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\icon_edit_preview.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\icon_edit_send.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\icon_flash_preview.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\icon_recently_used.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\icon_remove_1.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\icon_remove_pressed_1.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\icon_sand-clock2.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\icon_tell_1.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\icon_tell_pressed_1.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\icon_tree_null.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\icon_unchecked_1.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\icon_unchecked_pressed_1.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\img_barlayout.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\img_barlayout2.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\img_barlayout4.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\img_corner_left.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\img_local_logo.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\js2_basetemplate.js
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\js2_hbgroups.js
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\js2_hbobject3.js
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\js2_hbobjectset3.js
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\js2_hotbarwrapper.js
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\js2_iteratorsandreaders3nf.js
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\js2_pagingmoduleobj3.js
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\js2_texts3.js
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\js2_xmltree3nf.js
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\layout.cdf
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\linkpathlegal.txt
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\n.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\nav_b_2.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\nav_bb_2.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\nav_f_2.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\nav_ff_2.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\progress.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\sales_buttons.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\searchbtn.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\submit.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\tab_bg.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\tab_bga.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\tab_bgia.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\tab_l.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\tab_la.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\tab_lia.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\tab_r.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\tab_ra.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\tab_ria.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\tree_dots.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\tree_minus.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\tree_plus.gif
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\treedata_animations.xml
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\treedata_backgrounds.xml
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\treedata_ecards.xml
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\treedata_emoticons.xml
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\treedata_notifiers.xml
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\treedata_text.xml
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\1\zango_btn.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\DownLoad\avatar.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\DownLoad\business_promo.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\DownLoad\buttondir.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\DownLoad\code.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\DownLoad\cursors.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\DownLoad\email-def.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\DownLoad\email-temp-bg.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\DownLoad\images.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\DownLoad\layout.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\DownLoad\localcontent.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\DownLoad\progress.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\DownLoad\treexml.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\HostWD\static\DownLoad\zango_btn.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\dynamic\1383356.sdf
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\dynamic\2884334.sdf
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\dynamic\3340762.sdf
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\dynamic\3786291.sdf
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\dynamic\877979.sdf
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\141199
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27503
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34123
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\427075
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52335
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\63492
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\65770
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\738022
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753300
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753309
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753363
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82292
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93899
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\dynamic\ustat\3705.dat
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\avatar.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\btntrans.idx
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\btntrans1.dat
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\buttondir.txt
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\components.cdf
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\cursors.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_other.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\d_icons_weather.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\default.cdf
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_categorize.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_comparison.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_favorites.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_Games.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_Hide.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_hsskin.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_jemster.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_jemsterie.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_jobsearch.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_Mails.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_MobileSidewalk.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_new.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_premium.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_reun.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_ringtones.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_searchfor.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_searchgo.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_weather.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Default_yellowpages.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\editblbuttons.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\email-t1-bg.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\icons2.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\ie_games_icon.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\ie_video.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\keywords.idx
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\keywords1.dat
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\layout.cdf
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\linkpathlegal.txt
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\progress.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\s_icons_buttons.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\sales_buttons.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\sdfmodifier.xml
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\t2_bg.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\theweb.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\top7.cdf
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\Top7_theweb.mnu
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\tsd_bg.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\zango_btn.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\2\zango_ie_menu.res
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
C:\Documents and Settings\saad\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
C:\Program Files\newdotnet
C:\Program Files\newdotnet\readme.html
C:\Program Files\newdotnet\uninstall.exe
C:\Program Files\zango

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NNSERV
-------\Service_NNServ


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-27 to 2008-07-27 ))))))))))))))))))))))))))))))))))))
.

2008-07-27 16:57 . 2008-07-27 16:57 <REP> d-------- C:\Documents and Settings\saad\Application Data\Malwarebytes
2008-07-27 16:56 . 2008-07-27 16:56 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 16:56 . 2008-07-27 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-27 16:56 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-27 16:56 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-27 13:18 . 2008-07-27 13:18 <REP> d-------- C:\Program Files\Alwil Software
2008-07-27 00:45 . 2008-07-27 00:45 <REP> d-------- C:\Documents and Settings\saad\Application Data\Grisoft
2008-07-27 00:45 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-07-27 00:34 . 2008-07-27 00:34 <REP> dr-h----- C:\$VAULT$.AVG
2008-07-26 03:22 . 2008-07-26 03:22 <REP> d-------- C:\Program Files\Zealot Software
2008-07-26 03:22 . 2003-05-22 13:27 620,094 --a------ C:\WINDOWS\system32\divx.dll
2008-07-26 03:22 . 2001-08-18 20:00 262,144 --a------ C:\WINDOWS\system32\mpg4ds32.axu
2008-07-26 03:22 . 2004-02-26 02:08 236,544 --a------ C:\WINDOWS\system32\divxdec.ax
2008-07-26 03:22 . 2004-04-05 13:36 217,088 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-07-26 03:22 . 2003-08-19 15:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-07-26 03:22 . 2000-06-30 17:40 139,264 --a------ C:\WINDOWS\system32\Mpeg2Decoder.ax
2008-07-26 03:22 . 2004-02-10 19:15 128,512 --a------ C:\WINDOWS\system32\xvid.dll
2008-07-26 03:22 . 2000-06-26 13:13 94,208 --a------ C:\WINDOWS\system32\Mpeg2Parser.ax
2008-07-26 03:22 . 2004-04-05 13:46 61,440 --a------ C:\WINDOWS\system32\xvid.ax
2008-07-26 02:37 . 2008-07-26 02:38 <REP> d-------- C:\Program Files\MKVTOAVI
2008-07-24 09:49 . 2008-07-24 09:49 <REP> d--hs---- C:\FOUND.020
2008-07-24 00:31 . 2008-07-24 00:31 <REP> d--hs---- C:\FOUND.019
2008-07-23 11:46 . 2008-07-23 11:46 <REP> d-------- C:\Program Files\Matroska Pack
2008-07-23 03:56 . 2008-07-23 03:57 <REP> d-------- C:\Program Files\Haali
2008-07-20 15:52 . 2008-07-20 15:52 <REP> d--hs---- C:\FOUND.018
2008-07-20 01:21 . 2008-07-20 01:21 <REP> d-------- C:\WINDOWS\Sun
2008-07-19 21:48 . 2008-07-19 21:48 <REP> d--hs---- C:\FOUND.017
2008-07-19 15:01 . 2008-07-19 15:01 <REP> d-------- C:\Program Files\uTorrent
2008-07-19 15:01 . 2008-07-19 15:01 <REP> d-------- C:\Documents and Settings\saad\Application Data\uTorrent
2008-07-18 13:02 . 2008-07-18 13:03 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-07-17 20:48 . 2008-07-17 20:48 <REP> d--hs---- C:\FOUND.016
2008-07-17 20:46 . 2008-07-17 20:46 268 --ah----- C:\sqmdata18.sqm
2008-07-17 20:46 . 2008-07-17 20:46 244 --ah----- C:\sqmnoopt18.sqm
2008-07-17 20:09 . 2008-07-17 20:09 <REP> d--hs---- C:\FOUND.015
2008-07-17 12:51 . 2008-07-17 12:51 <REP> d--hs---- C:\FOUND.013
2008-07-17 12:46 . 2008-07-17 12:46 <REP> d--hs---- C:\FOUND.012
2008-07-17 12:00 . 2008-07-17 12:00 <REP> d--hs---- C:\Documents and Settings\LocalService
2008-07-17 11:59 . 2008-07-17 11:59 <REP> d--hs---- C:\FOUND.011
2008-07-17 09:37 . 2008-07-17 09:37 <REP> d--hs---- C:\FOUND.010
2008-07-14 13:53 . 2008-07-14 13:53 <REP> d--hs---- C:\FOUND.009
2008-07-13 15:22 . 2008-07-13 15:22 <REP> d--hs---- C:\FOUND.008
2008-07-11 17:30 . 2008-07-11 17:30 <REP> d-------- C:\Documents and Settings\saad\Application Data\dvdcss
2008-07-10 21:46 . 2008-07-10 21:46 <REP> d--hs---- C:\FOUND.007
2008-07-10 13:21 . 2008-07-10 13:21 <REP> d-------- C:\Documents and Settings\saad\Application Data\Nokia Multimedia Player
2008-07-10 00:17 . 2008-07-10 00:17 <REP> d--hs---- C:\FOUND.006
2008-07-09 19:04 . 2008-07-09 19:04 <REP> d--hs---- C:\FOUND.005
2008-07-08 19:21 . 2008-07-08 19:21 <REP> d--hs---- C:\FOUND.004
2008-07-06 19:12 . 2008-07-06 19:12 <REP> d-------- C:\Program Files\RelevantKnowledge
2008-07-06 19:11 . 2008-07-06 19:11 <REP> d-------- C:\temp\rk
2008-07-06 19:11 . 2008-07-06 19:11 <REP> d-------- C:\temp
2008-07-05 20:00 . 2008-07-05 20:00 <REP> d--hs---- C:\FOUND.003
2008-07-03 20:34 . 2008-07-03 20:34 268 --ah----- C:\sqmdata15.sqm
2008-07-03 20:34 . 2008-07-03 20:34 244 --ah----- C:\sqmnoopt15.sqm
2008-07-02 03:02 . 2008-07-02 03:02 268 --ah----- C:\sqmdata14.sqm
2008-07-02 03:02 . 2008-07-02 03:02 244 --ah----- C:\sqmnoopt14.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 19:51 --------- d-----w C:\Program Files\iTunes
2008-06-25 19:51 --------- d-----w C:\Program Files\iPod
2008-06-25 19:46 --------- d-----w C:\Program Files\Apple Software Update
2008-06-25 19:45 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-06-25 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-17 15:44 --------- d-----w C:\Program Files\Real
2008-06-17 15:44 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-01 07:29 --------- d-----w C:\Program Files\Sun
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-05 03:26 8,464 ----a-w C:\WINDOWS\system32\sporder.dll
2008-04-30 18:00 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2008-04-30 17:51 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-30 17:51 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
.

------- Sigcheck -------

2006-03-09 08:25 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-21 22:57 171448]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-07-19 15:01 219952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-05-01 14:40 579584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-18 13:01 185896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-30 20:20 219136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Emule Lite\\Emule.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\DAP\\DAP.EXE"=

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 19:20]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 19:55]
S3 USBSER34;USBSER34;C:\WINDOWS\system32\Drivers\USBSER34.SYS [2005-12-27 18:00]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-07-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - s!N:C:\Program Files\Apple Software Update\SoftwareUpdate.exe-taskSYSTEM0 []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-saap - c:\program files\emule lite\saap.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.menara.ma/
O8 -: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 -: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 -: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O18 -: Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll
O18 -: Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 19:13:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGUPSVC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-27 19:18:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-27 17:17:54

Pre-Run: 1,013,923,840 octets libres
Post-Run: 1,195,638,784 octets libres

562 --- E O F --- 2008-07-27 13:47:06
0
Réponse 7 / 13
Utilisateur anonyme
27 juil. 2008 à 20:22
refais un scan hijackthis et post le rapport stp
0
Réponse 8 / 13
azidil2008 Messages postés 60 Date d'inscription dimanche 27 juillet 2008 Statut Membre Dernière intervention 29 mars 2012
27 juil. 2008 à 20:31
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:10, on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
D:\down\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.menara.ma/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B534171-88EC-466E-864C-65FF1CA90CDF}: NameServer = 196.217.246.210 212.217.0.13
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
0
Réponse 9 / 13
Utilisateur anonyme
27 juil. 2008 à 20:41
réouvre hijackthis
fais scan only
coches ces lignes :

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)


tu les coches et tu clic sur fix checked

ensuite :

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

-> L´installer.

-> Une fois installé et lancé :

Dans la colonne de gauche, click sur :

->"registre" :

Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.

ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.

->"nettoyeur"

quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.

-> Tutoriel en image :

https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

-> Pour ceux qui voudraient aller plus loin en compagnie de jesses (fonctions avancés) :

http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm



ensuite :


* pour supprimer les outils/fix utilisés :

Télécharge ToolsCleaner sur ton bureau.
-->
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


0
Réponse 10 / 13
azidil2008
27 juil. 2008 à 21:05
-->- Recherche:

C:\Qoobox: trouvé !

---------------------------------
-->- Suppression:

C:\Qoobox: supprimé !
0
Réponse 11 / 13
Utilisateur anonyme
27 juil. 2008 à 21:07
ok

plus de soucis ??
0
Réponse 12 / 13
azidil2008 Messages postés 60 Date d'inscription dimanche 27 juillet 2008 Statut Membre Dernière intervention 29 mars 2012
27 juil. 2008 à 21:29
merci infiniment de votre aide
0
Réponse 13 / 13
Utilisateur anonyme
27 juil. 2008 à 21:30
de rien pas de soucis

bonnes vacances

@+++
0

Discussions similaires

qu'est-ce que diff message ?
zebulonmarie -
mumu -

18 réponses
Que veut dire le signe "^^" dans les SMS ou sur MSN ?
takataka26 -
Sarah -

12 réponses
Critical low batterie
annemarie -
bazfile -

1 réponse
mail forwardé, c'est quoi
kiki -
0beron -

9 réponses
Ordi lenovo fan error
citadin6 -
citadin6 -

4 réponses