Aller au contenu

Alexandra m

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    15

  • Inscription

  • Dernière visite

Alexandra m's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Alexandra m
    Bonjour Je n'ai pas de réponse, peut-être n'avez-vous pas eu le temps de vous pencher sur mon rapport... En tout cas j'attends de vos nouvelles merci et bonnes vacances pour les concernés.
  2. Alexandra m
    Voici le rapport HijackThis Merci pour tout Bonne fin de journée. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:35:04, on 10/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\WINDOWS\Dit.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\pointsoft\lanceur.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Dassault Systemes\B14\intel_a\code\bin\CATSysDemon.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Documents and Settings\kiki\Bureau\OTMoveIt2.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll R3 - URLSearchHook: Online_TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: (no name) - {02715E47-5A8E-495B-8F63-0D30470B8E72} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Online_TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll O2 - BHO: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {7F3D6EA4-8986-4B15-83D1-275A70431008} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Online_TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [bDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [bPS Spyware Remover] C:\Program Files\BulletProofSoft.com\BPS Spyware Remover\SpyRem.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [gewphabr] c:\documents and settings\kiki\local settings\application data\gewphabr.exe gewphabr O4 - HKCU\..\Run: [bjdqwyf] c:\documents and settings\kiki\local settings\application data\bjdqwyf.exe bjdqwyf O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: DeliveryManager.lnk = ? O4 - Startup: Lanceur Pointsoft.lnk = C:\pointsoft\lanceur.exe O4 - Startup: Personal Player.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.msn.fr/ O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9E214F45-89C2-4DE3-94A9-530EB1D05F7E} - http://www.quest3d.com/Quest3D_WebInstall.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs-beta.jeu.orange.fr...ronGameHost.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B14\intel_a\code\bin\CATSysDemon.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 12517 bytes
  3. Alexandra m
    Bonjour Merdi de m'avoir répondu Voici le résultat: File/Folder c:\documents and settings\kiki\local settings\application data\gewphabr.exe not found. File/Folder c:\documents and settings\kiki\local settings\application data\bjdqwyf.exe not found. C:\Documents and Settings\All Users\Application Data\zqtshgti moved successfully. LoadLibrary failed for C:\WINDOWS\ogxtsepr.dll C:\WINDOWS\ogxtsepr.dll NOT unregistered. C:\WINDOWS\ogxtsepr.dll moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06102008_162939 Je poste le rapport Hijackthis tout de suite
  4. Alexandra m
    bonsoir Je n'ai pas eu de vos nouvelles mais, maintenant, j'envoie des liens à mes contacts msn sans être connecté et avec l'ordinateur éteint. Des personnes ont cliqué sur le lien et des centaines de fenêtres s'ouvrent sur leur ordinateur. Aidez moi... Merci d'avance
  5. Alexandra m
    Bonjour J'ai essayé de faire ce que vous m'avez dit, mais je n'ai pas eu de fenêtre bleu où il fallait choisir 1 ou 2. En fait, une fois que j'ai glissé le fichier CFScript.txt dans le logiciel combofix, un scan s'est tout de suite lancé (je pense que c'est le même que j'avais fait au départ, aves les 40 et quelques étapes), un rapport est tout de même sorti, donc je vous le met: ComboFix 08-05-15.3 - kiki 2008-05-19 19:29:07.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.533 [GMT 2:00] Endroit: C:\Documents and Settings\kiki\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\kiki\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\Documents and Settings\All Users\Application Data\zqtshgti c:\documents and settings\kiki\local settings\application data\bjdqwyf.exe" c:\documents and settings\kiki\local settings\application data\fwjoxso.exe c:\documents and settings\kiki\local settings\application data\gewphabr.exe c:\documents and settings\kiki\local settings\application data\ukngvgcqmp.exe C:\Documents and Settings\kiki\locals~1\applic~1\cahjvifej.dat C:\Documents and Settings\kiki\locals~1\applic~1\cahjvifej_nav.dat C:\Documents and Settings\kiki\locals~1\applic~1\cahjvifej_navps.dat C:\WINDOWS\mslagent\cahjvifej.exe C:\WINDOWS\mslagent\cahjvifej_nav.dat C:\WINDOWS\mslagent\cahjvifej_navps.dat C:\WINDOWS\system32\pmnlIXnL.dll C:\WINDOWS\system32\tmp.reg . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\tmp.reg . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))))))) . 2008-05-18 12:28 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-05-09 21:37 . 2008-05-19 18:12 <REP> d-------- C:\Program Files\Everest Poker 2008-05-08 15:51 . 2008-05-08 15:51 <REP> d-------- C:\Program Files\Trend Micro 2008-05-08 15:50 . 2008-05-08 21:10 <REP> d-------- C:\Program Files\Karcher 2008-05-08 13:28 . 2008-05-18 12:28 <REP> d-------- C:\Program Files\Navilog1 2008-05-08 12:42 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-08 12:42 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-08 12:42 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-08 12:42 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-08 12:42 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-08 12:42 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-08 12:42 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-08 00:17 . 2008-05-08 11:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-05-07 22:57 . 2008-05-07 23:54 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-05-03 11:27 . 2008-05-03 11:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SugarGames 2008-04-23 22:35 . 2008-05-10 11:43 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-23 22:35 . 2008-04-23 22:35 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-22 12:33 . 2008-04-22 12:34 <REP> d-------- C:\Program Files\Web Hottest Videos Personal Player 2008-04-22 12:33 . 2008-04-22 12:34 <REP> d-------- C:\Program Files\Online_TV . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-19 17:03 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS 2008-05-16 06:00 --------- d-----w C:\Documents and Settings\kiki\Application Data\AVG7 2008-05-14 13:12 --------- d-----w C:\Program Files\eMule 2008-05-08 13:11 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-08 07:09 --------- d-----w C:\Program Files\Wingen 2008-05-07 22:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\zqtshgti 2008-05-03 09:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-22 10:35 --------- d-----w C:\Program Files\BitTorrent Fastest Tool 2008-04-19 13:59 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media 2008-04-12 15:41 --------- d-----w C:\Documents and Settings\kiki\Application Data\PlayFirst 2008-04-12 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-04-12 10:04 188,416 ----a-w C:\WINDOWS\ogxtsepr.dll 2008-04-06 14:02 --------- d-----w C:\Documents and Settings\kiki\Application Data\Flood Light Games 2008-04-06 14:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games 2008-03-25 11:48 --------- d-----w C:\Documents and Settings\kiki\Application Data\Ahead 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2007-01-26 12:38 14 -c--a-w C:\Documents and Settings\kiki\getfile.dat 2006-05-01 18:19 4,379,100 ----a-w C:\Program Files\playboy7.5.322.exe 2006-04-29 14:12 5,083,783 ----a-w C:\Program Files\diablotinv2_7.5.322.exe 2005-12-27 20:20 6,799,360 ----a-w C:\Program Files\msnmsgr.exe 2005-12-27 20:20 1,703,936 ----a-w C:\Program Files\msgslang.dll 2005-12-17 17:04 1,464 -c--a-w C:\Program Files\diablotin skin.txt 2005-11-23 22:24 625,152 ----a-w C:\Program Files\msidcrl.dll 2005-08-29 15:00 56 -csh--r C:\WINDOWS\system32\A32AC634D4.sys 2004-08-05 12:00 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll 2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll 2005-08-29 15:00 5,018 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys 2004-08-05 12:00 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll 2004-08-05 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll 1995-09-20 15:16 35,088 --sha-w C:\WINDOWS\system32\msjint32.dll 1995-09-20 15:13 977,680 --sha-w C:\WINDOWS\system32\msjt3032.dll 1995-09-20 15:16 23,824 --sha-w C:\WINDOWS\system32\msjter32.dll 2004-08-05 12:00 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll 2004-08-05 12:00 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll 2004-08-05 12:00 253,952 -csha-w C:\WINDOWS\system32\msvcrt20.dll 2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll 2004-08-05 12:00 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll 2004-08-05 12:00 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll 1995-09-24 10:02 243,472 --sha-w C:\WINDOWS\system32\vbar2232.dll 1999-05-28 12:04 368,912 -csha-w C:\WINDOWS\system32\vbar332.dll 2006-12-19 18:42 69,920 -csha-w C:\WINDOWS\system32\drivers\fidbox.dat 2006-12-19 17:16 1,824 -csha-w C:\WINDOWS\system32\drivers\fidbox2.dat . ((((((((((((((((((((((((((((( snapshot@2008-05-18_16.48.42.03 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-18 14:41:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-19 17:32:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-05-18 10:35:23 88,494 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-05-19 17:08:02 88,842 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-05-18 10:35:23 107,798 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2008-05-19 17:08:02 108,242 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2008-05-18 10:35:23 461,644 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-05-19 17:08:02 462,568 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-05-18 10:35:23 538,098 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-05-19 17:08:02 539,232 ----a-w C:\WINDOWS\system32\perfh00C.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02715E47-5A8E-495B-8F63-0D30470B8E72}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F3D6EA4-8986-4B15-83D1-275A70431008}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824] "BPS Spyware Remover"="C:\Program Files\BulletProofSoft.com\BPS Spyware Remover\SpyRem.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 11:09 68856] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288] "gewphabr"="c:\documents and settings\kiki\local settings\application data\gewphabr.exe" [ ] "bjdqwyf"="c:\documents and settings\kiki\local settings\application data\bjdqwyf.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="cmicnfg.cpl" [] "AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-01-31 15:09 458752] "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-06-26 00:17 504080] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-07 21:05 344064] "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-06-07 15:48 127118] "Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 19:19 221184] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 19:51 217088] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-01 15:12 98304] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 19:57 458752] "BDMCon"="C:\Program Files\Softwin\BitDefender8\bdmcon.exe" [ ] "BDNewsAgent"="C:\Program Files\Softwin\BitDefender8\bdnagent.exe" [ ] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-11-28 21:51 107112] "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [ ] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112] "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 23:45 279912] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 18:37 219136] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\fxsclnt.exe"= "C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"= "C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"= "C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe"= "C:\\Program Files\\Dassault Systemes\\B14\\intel_a\\code\\bin\\orbixd.exe"= "C:\\Program Files\\Dassault Systemes\\B14\\intel_a\\code\\bin\\CNEXT.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\msnmsgr.exe"= "C:\\Program Files\\CA\\Etrust Antivirus\\Shellscn.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2003-07-11 14:22] R2 BBDemon;Backbone Service;C:\Program Files\Dassault Systemes\B14\intel_a\code\bin\CATSysDemon.exe [2004-05-08 09:56] R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 23:45] R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-06-08 03:35] R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 14:39] R3 PID_0920;Labtec WebCam(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2004-10-11 19:19] S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-01-15 19:47] S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-05-19 19:03] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [] S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 23:46] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-19 19:33:22 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... C:\Documents and Settings\kiki\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : [email protected] 1091 bytes hidden from API Scan termin‚ avec succŠs Les fichiers cach‚s: 1 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> ?:\WINDOWS\System32\CSCDLL.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\CCSVCHST.EXE C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\CA\Etrust Antivirus\InoRpc.exe C:\Program Files\CA\Etrust Antivirus\InoRT.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\X10\Common\X10NETS.EXE C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\pointsoft\lanceur.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-19 19:41:18 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-19 17:41:13 ComboFix2.txt 2008-05-19 17:12:14 ComboFix3.txt 2008-05-18 14:49:04 Pre-Run: 7,452,696,576 octets libres Post-Run: 7,447,904,256 octets libres 248 --- E O F --- 2008-05-17 08:49:41 j'espère ne pas avoir fait de bêtises, Merci pour tout, bonne journée.
  6. Alexandra m
    Pas de problème, merci beaucoup pour tout ce que vous avez déjà fait. Bonne soirée.
  7. Alexandra m
    Voila, j'ai installer la console de récupération sur le disque avec le CD d'installation. Vous demandiez de poster un rapport CF_RC.txt, j'ai rien vu de cela. Mais bon je ne pense pas que ça soit important. Merci pour tout, j'attends vos instructions. Alexandra
  8. Alexandra m
    Alors voici le rapport de combofix: (je vais le poster en deux fois): Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.380 [GMT 2:00] Endroit: C:\Documents and Settings\kiki\Bureau\ComboFix.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\kiki\Local Settings\Application Data\fwjoxso.dat C:\Documents and Settings\kiki\Local Settings\Application Data\fwjoxso.exe C:\Documents and Settings\kiki\Local Settings\Application Data\fwjoxso_nav.dat C:\Documents and Settings\kiki\Local Settings\Application Data\fwjoxso_navps.dat C:\Program Files\Inet Delivery C:\Program Files\Inet Delivery\inetdl.exe C:\Program Files\Inet Delivery\intdel.exe C:\WINDOWS\a.bat C:\WINDOWS\base64.tmp C:\WINDOWS\bdn.com C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80 C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\cup.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\customer_cup.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\heart.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_down.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_up.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\plates.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\ticket.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\tray.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\music\mainmenumusic.ogg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_check_1_snd.ogg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_food_1_snd.ogg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_order_1_snd.ogg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_ready_1_snd.ogg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_heart_1.ogg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drinks_1_snd.ogg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arrive_1_snd.ogg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_write_2.ogg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_food_1_snd.ogg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_rollover_1.ogg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_people_snd.ogg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\choosedifficulty.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\highscores.jpg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro.jpg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro_mask.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover.jpg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover_mask.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jpg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup_mask.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradetitle.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_yellow.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_blue.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_yellow.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_blue.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_yellow.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalk.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalkup.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_yellow.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancel.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancelup.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career_over.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\close.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\closeup.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continue.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continueover.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_blue.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_yellow.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_blue.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_yellow.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy_over.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift_over.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard_over.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help_over.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores_over.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_blue.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_yellow.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplay.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplayover.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium_over.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfo.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off_on.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on_on.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pause.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pauseover.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quit.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgame.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgameover.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitover.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegame.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegameover.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submit.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submitup.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagain.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagainover.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_over.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_up.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobal.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobalup.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscore.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocal.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocalup.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\comics\webcomic.jpg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\career.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\customer.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\endless.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\global.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\powerups.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\stove.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\arrow.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click2.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\grab.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\open.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\anim.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\sit_legs.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\sit_legs.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\sit_legs.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\sit_legs.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\sit_legs.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\anim.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\sit_legs.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\sit_legs.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\sit_legs.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\sit_legs.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\sit_legs.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\arial.mvec C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt2top.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt4top.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_off.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on1.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on2.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdownon.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowright.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowup.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\p1icon.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\textedit.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\title.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.txt C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.txt C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.txt C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.txt C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.txt C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.txt C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.txt C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.txt C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.txt C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.txt C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.txt C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fifth_level_diner.txt C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\first_level_diner.txt C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fourth_level_diner.txt C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\second_level_diner.txt C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\playfirst_logo.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\background.jpg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\frames\upgrade_0001.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\upgrades.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\tableshadow.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\choosedifficulty.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooserestaurant.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\credits.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\game.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\gothighscore.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help2.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscore.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelintro.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelover.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\loading.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainloop.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\ok.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\pause.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\style.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\tutorialintro.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upgrade.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upsell.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\webcomic.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\yesno.lua C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\aol_logo.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jpg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\playfirst_logo.jpg C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\strings.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\check.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\checkmark.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\clock.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closed.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closingtime.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\dollar.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\tables.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expert.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expertscore.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\fork_timer.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\goalcompleted.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level_career.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\score.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\sound.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staroff.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staron.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumber.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumberup.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\traynumber.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorial_character.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialbox.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\select.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\table.png C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\dinerdash.exe C:\WINDOWS\FVProtect.exe C:\WINDOWS\iTunesMusic.exe C:\WINDOWS\mslagent C:\WINDOWS\mslagent\2_mslagent.dll C:\WINDOWS\mslagent\mslagent.exe C:\WINDOWS\mslagent\uninstall.exe C:\WINDOWS\mssecu.exe C:\WINDOWS\pack.epk C:\WINDOWS\system32\akttzn.exe C:\WINDOWS\system32\anticipator.dll C:\WINDOWS\system32\awtoolb.dll C:\WINDOWS\system32\bdn.com C:\WINDOWS\system32\bsva-egihsg52.exe C:\WINDOWS\system32\dpcproxy.exe C:\WINDOWS\system32\emesx.dll C:\WINDOWS\system32\h@tkeysh@@k.dll C:\WINDOWS\system32\hoproxy.dll C:\WINDOWS\system32\hxiwlgpm.dat C:\WINDOWS\system32\hxiwlgpm.exe C:\WINDOWS\system32\LnXIlnmp.ini C:\WINDOWS\system32\LnXIlnmp.ini2 C:\WINDOWS\system32\medup012.dll C:\WINDOWS\system32\medup020.dll C:\WINDOWS\system32\msgp.exe C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\msnbho.dll C:\WINDOWS\system32\mssecu.exe C:\WINDOWS\system32\msvchost.exe C:\WINDOWS\system32\mtr2.exe C:\WINDOWS\system32\mwin32.exe C:\WINDOWS\system32\netode.exe C:\WINDOWS\system32\newsd32.exe C:\WINDOWS\system32\nvs2.inf C:\WINDOWS\system32\ps1.exe C:\WINDOWS\system32\psof1.exe C:\WINDOWS\system32\psoft1.exe C:\WINDOWS\system32\regc64.dll C:\WINDOWS\system32\regm64.dll C:\WINDOWS\system32\Rundl1.exe C:\WINDOWS\system32\smp C:\WINDOWS\system32\smp\msrc.exe C:\WINDOWS\system32\sncntr.exe C:\WINDOWS\system32\ssurf022.dll C:\WINDOWS\system32\ssvchost.com C:\WINDOWS\system32\ssvchost.exe C:\WINDOWS\system32\sysreq.exe C:\WINDOWS\system32\taack.dat C:\WINDOWS\system32\taack.exe C:\WINDOWS\system32\temp#01.exe C:\WINDOWS\system32\thun.dll C:\WINDOWS\system32\thun32.dll C:\WINDOWS\system32\VBIEWER.OCX C:\WINDOWS\system32\vbsys2.dll C:\WINDOWS\system32\vcatchpi.dll C:\WINDOWS\system32\winlogonpc.exe C:\WINDOWS\system32\winsystem.exe C:\WINDOWS\system32\WINWGPX.EXE C:\WINDOWS\userconfig9x.dll C:\WINDOWS\Web\def.htm C:\WINDOWS\winsystem.exe C:\WINDOWS\zip1.tmp C:\WINDOWS\zip2.tmp C:\WINDOWS\zip3.tmp C:\WINDOWS\zipped.tmp . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))))))) . 2008-05-18 12:28 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-05-09 21:37 . 2008-05-16 22:38 <REP> d-------- C:\Program Files\Everest Poker 2008-05-08 15:51 . 2008-05-08 15:51 <REP> d-------- C:\Program Files\Trend Micro 2008-05-08 15:50 . 2008-05-08 21:10 <REP> d-------- C:\Program Files\Karcher 2008-05-08 13:28 . 2008-05-18 12:28 <REP> d-------- C:\Program Files\Navilog1 2008-05-08 12:42 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-08 12:42 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-08 12:42 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-08 12:42 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-08 12:42 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-08 12:42 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-08 12:42 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-08 12:42 . 2008-05-08 13:12 3,352 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-08 00:17 . 2008-05-08 11:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-05-07 22:57 . 2008-05-07 23:54 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-05-03 11:27 . 2008-05-03 11:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SugarGames 2008-04-23 22:35 . 2008-05-10 11:43 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-23 22:35 . 2008-04-23 22:35 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-22 12:33 . 2008-04-22 12:34 <REP> d-------- C:\Program Files\Web Hottest Videos Personal Player 2008-04-22 12:33 . 2008-04-22 12:34 <REP> d-------- C:\Program Files\Online_TV . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-18 10:31 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS 2008-05-16 06:00 --------- d-----w C:\Documents and Settings\kiki\Application Data\AVG7 2008-05-14 13:12 --------- d-----w C:\Program Files\eMule 2008-05-08 13:11 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-08 07:09 --------- d-----w C:\Program Files\Wingen 2008-05-07 22:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\zqtshgti 2008-05-03 09:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-22 10:35 --------- d-----w C:\Program Files\BitTorrent Fastest Tool 2008-04-19 13:59 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media 2008-04-12 15:41 --------- d-----w C:\Documents and Settings\kiki\Application Data\PlayFirst 2008-04-12 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-04-12 10:04 188,416 ----a-w C:\WINDOWS\ogxtsepr.dll 2008-04-06 14:02 --------- d-----w C:\Documents and Settings\kiki\Application Data\Flood Light Games 2008-04-06 14:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games 2008-03-25 11:48 --------- d-----w C:\Documents and Settings\kiki\Application Data\Ahead 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2007-01-26 12:38 14 -c--a-w C:\Documents and Settings\kiki\getfile.dat 2006-05-01 18:19 4,379,100 ----a-w C:\Program Files\playboy7.5.322.exe 2006-04-29 14:12 5,083,783 ----a-w C:\Program Files\diablotinv2_7.5.322.exe 2005-12-27 20:20 6,799,360 ----a-w C:\Program Files\msnmsgr.exe 2005-12-27 20:20 1,703,936 ----a-w C:\Program Files\msgslang.dll 2005-12-17 17:04 1,464 -c--a-w C:\Program Files\diablotin skin.txt 2005-11-23 22:24 625,152 ----a-w C:\Program Files\msidcrl.dll 2005-08-29 15:00 56 -csh--r C:\WINDOWS\system32\A32AC634D4.sys 2004-08-05 12:00 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll 2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll 2005-08-29 15:00 5,018 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys 2004-08-05 12:00 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll 2004-08-05 12:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll 1995-09-20 15:16 35,088 --sha-w C:\WINDOWS\system32\msjint32.dll 1995-09-20 15:13 977,680 --sha-w C:\WINDOWS\system32\msjt3032.dll 1995-09-20 15:16 23,824 --sha-w C:\WINDOWS\system32\msjter32.dll 2004-08-05 12:00 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll 2004-08-05 12:00 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll 2004-08-05 12:00 253,952 -csha-w C:\WINDOWS\system32\msvcrt20.dll 2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll 2004-08-05 12:00 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll 2004-08-05 12:00 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll 1995-09-24 10:02 243,472 --sha-w C:\WINDOWS\system32\vbar2232.dll 1999-05-28 12:04 368,912 -csha-w C:\WINDOWS\system32\vbar332.dll 2006-12-19 18:42 69,920 -csha-w C:\WINDOWS\system32\drivers\fidbox.dat 2006-12-19 17:16 1,824 -csha-w C:\WINDOWS\system32\drivers\fidbox2.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02715E47-5A8E-495B-8F63-0D30470B8E72}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F3D6EA4-8986-4B15-83D1-275A70431008}] C:\WINDOWS\system32\pmnlIXnL.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824] "BPS Spyware Remover"="C:\Program Files\BulletProofSoft.com\BPS Spyware Remover\SpyRem.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 11:09 68856] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288] "gewphabr"="c:\documents and settings\kiki\local settings\application data\gewphabr.exe" [ ] "bjdqwyf"="c:\documents and settings\kiki\local settings\application data\bjdqwyf.exe" [ ] "ukngvgcqmp"="c:\documents and settings\kiki\local settings\application data\ukngvgcqmp.exe" [ ] "fwjoxso"="c:\documents and settings\kiki\local settings\application data\fwjoxso.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="cmicnfg.cpl" [] "AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-01-31 15:09 458752] "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-06-26 00:17 504080] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-07 21:05 344064] "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-06-07 15:48 127118] "Dit"="Dit.exe" [2004-07-20 18:18 90112 C:\WINDOWS\Dit.exe] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 19:19 221184] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 19:51 217088] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-01 15:12 98304] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 19:57 458752] "BDMCon"="C:\Program Files\Softwin\BitDefender8\bdmcon.exe" [ ] "BDNewsAgent"="C:\Program Files\Softwin\BitDefender8\bdnagent.exe" [ ] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-11-28 21:51 107112] "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [ ] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112] "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 23:45 279912] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 18:37 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayaBSiF] yayaBSiF.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\fxsclnt.exe"= "C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"= "C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"= "C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe"= "C:\\Program Files\\Dassault Systemes\\B14\\intel_a\\code\\bin\\orbixd.exe"= "C:\\Program Files\\Dassault Systemes\\B14\\intel_a\\code\\bin\\CNEXT.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\msnmsgr.exe"= "C:\\Program Files\\CA\\Etrust Antivirus\\Shellscn.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2003-07-11 14:22] R2 BBDemon;Backbone Service;C:\Program Files\Dassault Systemes\B14\intel_a\code\bin\CATSysDemon.exe [2004-05-08 09:56] R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 23:45] R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-06-08 03:35] R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 14:39] R3 PID_0920;Labtec WebCam(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2004-10-11 19:19] S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-01-15 19:47] S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-05-18 12:31] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [] S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 23:46] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-18 16:42:03 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... C:\Documents and Settings\kiki\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : [email protected] 1091 bytes hidden from API Scan termin‚ avec succŠs Les fichiers cach‚s: 1 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\CCSVCHST.EXE C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\CA\Etrust Antivirus\InoRpc.exe C:\Program Files\CA\Etrust Antivirus\InoRT.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\X10\Common\X10NETS.EXE C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\pointsoft\lanceur.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-18 16:49:02 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-18 14:48:58 Pre-Run: 7,400,767,488 octets libres Post-Run: 7,454,593,024 octets libres 581 --- E O F --- 2008-05-17 08:49:41
  9. Alexandra m
    J'ai tout refait comme vous m'avez dit, plusieurs fois même, mais dans propriétés de navilog1, je n'ai pas paramêtres avancés mais propriétés avancées, une fois dans ce menu, je vois bien l'option qu'il faut sélectionner mais elle est grisée (je sais pas comment on dit, c'est à dire qu'il m'est impossible de cliquer dessus) L'option sélectionnée est "exécuter dans des zones mémoires différentes", je ne peux pas la déselectionner... Ca m'ennuit d'être bloquée la dessus et de vous faire perdre votre temps, mais je ne vois pas comment faire. Je suis sous XP familial. j'ai essayé de vous envoyer ce que je vois à l'écran mais je n'y arrive pas, donc j'espère que mes explications sont claires... Encore merci pour vos réponses... et encore désolée.
  10. Alexandra m
    Bonjour, Merci de m'avoir répondu, je n'ai pas pu venir avant... Je suis désolée, mais je n'arrive absolument pas à activer la commande "Executer en tant qu'administrateur", j'ai quand même essayer de lancer le programme navilog1 sans passer par cette étape, mais mon ordinateur s'éteint puis se rallume, mais il ne se passe rien, donc je comprends bien que sans passer par "exécuter en tant..." je suis bloquée. Voila ce qui se passe: dans ma liste quand je fais clic droit, je n'ai pas exécuter en tant que... Donc j'ai fais propriétés, puis j'ai cliquer sur avancés dans l'onglet raccourci Une page s'est ouverte, avec la case dont vous parlez (cette action peut vous autoriser à exécuter ce raccourci en tant...), sauf que je n'arrive pas à l'atteindre (elle est en claire), J'ai essayé en appuyant sur la touche majuscule et en faisant clic droit, il ne se passe rien (il y a juste écrit qu'est-ce que c'est?). Est ce que je me trompe de touche ou est-ce que je ne fais pas ça au bon endroit? (j'ai aussi essayé avec démarrer-- exécuter...) Excusez moi mais là je crois que j'ai besoin d'aide... Merci d'avance et bonne journée
  11. Alexandra m
    il n'y a aucun soucis, je patiente, je crois aussi que mon ordinateur est toujours infecté, même si il y a des améliorations notament au niveau de l'écran de bureau, mais je trouve qu'il rame beaucoup, pourtant, j'ai fait le ménage dans mon ordi (le lecteur C était presque plein...), mais bon dîtes moi s'il est encore infecté parce que mis à part le fait qu'il rame, je ne vois plus de truc anormal!! Je ne suis pas la personne qui a écrit sous le pseudo invité, je ne me serais pas permise de vous interpeller de la sorte. Ce n'est pas parce que j'écris beaucoup et pose beaucoup de questions que je suis impatiente, d'ailleurs j'aurais jamais cru qu'on me réponde aussi vite, rien que pour ça je vous remercie. Merci pour tout, j'attends de vos nouvelles... Bonne soirée
  12. Alexandra m
    voila le nouveau rapport Hijackthis je sais pas si il fallait en refaire un!! Pourquoi personne ne me repond et ne me guide? Merci d'avance Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:51:59, on 08/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\WINDOWS\Dit.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\documents and settings\kiki\local settings\application data\cahjvifej.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\pointsoft\lanceur.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Dassault Systemes\B14\intel_a\code\bin\CATSysDemon.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll R3 - URLSearchHook: Online_TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: (no name) - {02715E47-5A8E-495B-8F63-0D30470B8E72} - C:\WINDOWS\system32\yayaBSiF.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Online_TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll O2 - BHO: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {7F3D6EA4-8986-4B15-83D1-275A70431008} - C:\WINDOWS\system32\pmnlIXnL.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Online_TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe" O4 - HKLM\..\Run: [bDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [bPS Spyware Remover] C:\Program Files\BulletProofSoft.com\BPS Spyware Remover\SpyRem.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [gewphabr] c:\documents and settings\kiki\local settings\application data\gewphabr.exe gewphabr O4 - HKCU\..\Run: [bjdqwyf] c:\documents and settings\kiki\local settings\application data\bjdqwyf.exe bjdqwyf O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [cahjvifej] c:\documents and settings\kiki\local settings\application data\cahjvifej.exe cahjvifej O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: DeliveryManager.lnk = ? O4 - Startup: Lanceur Pointsoft.lnk = C:\pointsoft\lanceur.exe O4 - Startup: Personal Player.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.msn.fr/ O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9E214F45-89C2-4DE3-94A9-530EB1D05F7E} - http://www.quest3d.com/Quest3D_WebInstall.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs-beta.jeu.orange.fr...ronGameHost.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O20 - Winlogon Notify: yayaBSiF - yayaBSiF.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B14\intel_a\code\bin\CATSysDemon.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 12737 bytes
  13. Alexandra m
    Voici le rapport de navilog Voila, j'attends les prochaines instructions! Merci pour tout. Search Navipromo version 3.5.6 commencé le 08/05/2008 à 13:32:58,21 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "kiki" Mise à jour le 02.05.2008 à 22h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 6.0.2900.2180 Système de fichiers : NTFS Executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** C:\WINDOWS\mslagent trouvé ! *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\kiki\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.NOM\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.000\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.001\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\PROPRI~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\kiki\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.NOM\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.000\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.001\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\kiki\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\kiki\locals~1\applic~1" * Fichiers trouvés : cahjvifej.exe trouvé ! cahjvifej.dat trouvé ! cahjvifej_nav.dat trouvé ! cahjvifej_navps.dat trouvé ! * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\ADMINI~1.NOM\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\ADMINI~1.000\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\ADMINI~1.001\locals~1\applic~1" * *** Recherche fichiers *** C:\WINDOWS\pack.epk trouvé ! C:\WINDOWS\system32\nvs2.inf trouvé ! *** Recherche clés spécifiques dans le Registre *** HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\kiki\locals~1\applic~1" : cahjvifej.dat trouvé ! cahjvifej_nav.dat trouvé ! cahjvifej_navps.dat trouvé ! * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : * Dans "C:\DOCUME~1\ADMINI~1.NOM\locals~1\applic~1" : * Dans "C:\DOCUME~1\ADMINI~1.000\locals~1\applic~1" : * Dans "C:\DOCUME~1\ADMINI~1.001\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : C:\WINDOWS\system32\LnXIlnmp.ini2 trouvé ! infection Vundo possible non traitée par cet outil ! *** Analyse terminée le 08/05/2008 à 13:54:00,03 ***
  14. Alexandra m
    Voici le rapport après nettoyage avec smitfraufix, ça ne m'a pas demandé je voulais corriger le fichier infecté. Bonne nouvelle les icones ne sont plus entourés de rose et le message d'infection a disparu, merci! SmitFraudFix v2.320 Rapport fait à 13:11:42,43, 08/05/2008 Executé à partir de C:\Documents and Settings\kiki\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "coursings"="{f8d02387-789a-4c0f-a1d8-8a93f33ee4df}" »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost 127.0.0.1 bin.errorprotector.com ## added by CiD 127.0.0.1 br.errorsafe.com ## added by CiD 127.0.0.1 br.winantivirus.com ## added by CiD 127.0.0.1 br.winfixer.com ## added by CiD 127.0.0.1 cdn.drivecleaner.com ## added by CiD 127.0.0.1 cdn.errorsafe.com ## added by CiD 127.0.0.1 cdn.winsoftware.com ## added by CiD 127.0.0.1 de.errorsafe.com ## added by CiD 127.0.0.1 de.winantivirus.com ## added by CiD 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD 127.0.0.1 download.cdn.errorsafe.com ## added by CiD 127.0.0.1 download.cdn.winsoftware.com ## added by CiD 127.0.0.1 download.errorsafe.com ## added by CiD 127.0.0.1 download.systemdoctor.com ## added by CiD 127.0.0.1 download.winantispyware.com ## added by CiD 127.0.0.1 download.windrivecleaner.com ## added by CiD 127.0.0.1 download.winfixer.com ## added by CiD 127.0.0.1 drivecleaner.com ## added by CiD 127.0.0.1 dynamique.drivecleaner.com ## added by CiD 127.0.0.1 errorprotector.com ## added by CiD 127.0.0.1 errorsafe.com ## added by CiD 127.0.0.1 es.winantivirus.com ## added by CiD 127.0.0.1 fr.winantivirus.com ## added by CiD 127.0.0.1 fr.winfixer.com ## added by CiD 127.0.0.1 go.drivecleaner.com ## added by CiD 127.0.0.1 go.errorsafe.com ## added by CiD 127.0.0.1 go.winantispyware.com ## added by CiD 127.0.0.1 go.winantivirus.com ## added by CiD 127.0.0.1 hk.winantivirus.com ## added by CiD 127.0.0.1 instlog.errorsafe.com ## added by CiD 127.0.0.1 instlog.winantivirus.com ## added by CiD 127.0.0.1 instlog.winfixer.com ## added by CiD 127.0.0.1 jsp.drivecleaner.com ## added by CiD 127.0.0.1 kb.errorsafe.com ## added by CiD 127.0.0.1 kb.winantivirus.com ## added by CiD 127.0.0.1 nl.errorsafe.com ## added by CiD 127.0.0.1 se.errorsafe.com ## added by CiD 127.0.0.1 secure.drivecleaner.com ## added by CiD 127.0.0.1 secure.errorsafe.com ## added by CiD 127.0.0.1 secure.winantispam.com ## added by CiD 127.0.0.1 secure.winantispy.com ## added by CiD 127.0.0.1 secure.winantivirus.com ## added by CiD 127.0.0.1 support.winantivirus.com ## added by CiD 127.0.0.1 trial.updates.winsoftware.com ## added by CiD 127.0.0.1 ulog.winantivirus.com ## added by CiD 127.0.0.1 utils.errorsafe.com ## added by CiD 127.0.0.1 utils.winantivirus.com ## added by CiD 127.0.0.1 utils.winfixer.com ## added by CiD 127.0.0.1 winantispyware.com ## added by CiD 127.0.0.1 winantivirus.com ## added by CiD 127.0.0.1 winfixer.com ## added by CiD 127.0.0.1 winfixer2006.com ## added by CiD 127.0.0.1 winsoftware.com ## added by CiD 127.0.0.1 www.drivecleaner.com ## added by CiD 127.0.0.1 www.errorprotector.com ## added by CiD 127.0.0.1 www.errorsafe.com ## added by CiD 127.0.0.1 www.systemdoctor.com ## added by CiD 127.0.0.1 www.utils.winfixer.com ## added by CiD 127.0.0.1 www.win-anti-virus-pro.com ## added by CiD 127.0.0.1 www.win-virus-pro.com ## added by CiD 127.0.0.1 www.winantispam.com ## added by CiD 127.0.0.1 www.winantispy.com ## added by CiD 127.0.0.1 www.winantispyware.com ## added by CiD 127.0.0.1 www.winantivirus.com ## added by CiD 127.0.0.1 www.winantiviruspro.com ## added by CiD 127.0.0.1 www.windrivecleaner.com ## added by CiD 127.0.0.1 www.windrivesafe.com ## added by CiD 127.0.0.1 www.winfixer.com ## added by CiD 127.0.0.1 www.winfixer2006.com ## added by CiD 127.0.0.1 www.winsoftware.com ## added by CiD »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url supprimé C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url supprimé C:\DOCUME~1\kiki\Favoris\Online Security Test.url supprimé C:\Program Files\akl\ supprimé C:\Program Files\SpyHeal\ supprimé »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{9E3638EB-5844-42A1-ADF4-AF5F3C4DBF6A}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{9E3638EB-5844-42A1-ADF4-AF5F3C4DBF6A}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{9E3638EB-5844-42A1-ADF4-AF5F3C4DBF6A}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
  15. Alexandra m
    peut on me dire ce que je dois maintenant faire? merci d'avance, parce que je n'ai pas compris comment nettoyer
×
×
  • Créer...