Se connecter / S'enregistrer
Votre question

Spyware Warning Scurity Report

Tags :
  • Spyware
  • Sécurité
Dernière réponse : dans Sécurité et virus
29 Novembre 2008 18:25:24

Bonjour,

J'ai attrapé ce matin à 11H54 un spyware Warning Sécurity Report.
J'ai essayé de le nettoyer avec Malwarebytes, Adawe et Spybot mais rien n'y fait.
J'ai ça en fond d'écran et un warning dans la barre en permanence. De plus ça ralentit nettement internet.
En plus je ne peux plus ouvrir le gestionnaire des taches

Merci de votre aide, j'y ai passé l'après midi pour rien.

Nono-deux.

Voici mon log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:23, on 29/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nono et Caty\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Popup Eclair Bypass - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Popup Eclair\addbypass.exe (file missing)
O9 - Extra 'Tools' menuitem: Popup Eclair Bypass - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Popup Eclair\addbypass.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\Messager.exe" (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\Messager.exe" (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.miniclip.com
O15 - Trusted Zone: http://www.prizee.com
O15 - Trusted Zone: http://www.zebest-3000.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1....
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp05.photoprintit.de/microsite/3462/defaults/ac...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 9710 bytes

Autres pages sur : spyware warning scurity report

29 Novembre 2008 18:30:50

Bonsoir,

Télécharge SDFix (d’Andy Manchesta)

  • Enregistre le sur ton le bureau.
  • Lance le.
  • Fais install afin qu’il puisse s’extraire.
    Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
  • Double clique sur RunThis.bat (L’extension bat peut ne pas apparaître)
  • Appuie sur Y pour le lancer.
  • Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
  • Il est probable que le redémarrage soit un peu plus long que d’habitude.
  • Une fois l’apparition de ton Bureau, il affichera Finished
  • Appuie sur une touche.
  • Un rapport est généré , poste le dans ta réponse.

    Il se trouve également. dans le dossier SDFix >Report.txt<

    Note : Si SDFix ne se lance pas (ça arrive!)

    * Démarrer->Exécuter
    * Copie/colle ceci:
    %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

    * Clique sur ok, et valide.
    * Redémarre et essaye de nouveau de lancer SDFix.

    Aide : Comment faire démarrer son ordinateur en mode sans échec.
    29 Novembre 2008 19:28:16

    Merci pour ta réponse rapide FanDANGELDARK. J'ai fait le necessaire. Voila le rapport.

    SDFix: Version 1.240
    Run by Nono et Caty on 29/11/2008 at 19:19

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    No Trojan Files Found






    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-29 19:25:24
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    PowerBar = ?????Bltx?lt????6?itlO?w??????????????@???@?<??? ~?w?????????????~?w??@???@????????????????? 9?w???w?????~?w?~?wp????????~?w???????? ????????????]?wp???0?????????????it=O?w?????????????????? ?????[?????????@???@??????C?w????$?@???????@???@???@????s???????????

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\ScanSoft\\OmniPageSE\\EregFre\\NAVBrowser.exe"="C:\\Program Files\\ScanSoft\\OmniPageSE\\EregFre\\NAVBrowser.exe:*:D isabled:NAVBrowser"
    "C:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"="C:\\Program Files\\ASUS\\AsusUpdate\\Update.exe:*:Enabled:ASUS Update"
    "C:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe"="C:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe:*:D isabled:Livecom Player"
    "C:\\PROGRA~1\\LIVECOM\\APPLIC~1\\EXE\\LIVECOM.EXE"="C:\\PROGRA~1\\LIVECOM\\APPLIC~1\\EXE\\LIVECOM.EXE:*:Enabled:Livecom"
    "C:\\PROGRA~1\\LIVECOM\\APPLIC~1\\EXE\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\LIVECOM\\APPLIC~1\\EXE\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
    "C:\\Program Files\\Valusoft\\Midnight Outlaw Illegal Street Drag - Nitro Edition\\OutlawNE.exe"="C:\\Program Files\\Valusoft\\Midnight Outlaw Illegal Street Drag - Nitro Edition\\OutlawNE.exe:*:Enabled:o utlawNE"
    "C:\\Program Files\\Valusoft\\Navy Seals - Sea Air Land\\LITHTECH.EXE"="C:\\Program Files\\Valusoft\\Navy Seals - Sea Air Land\\LITHTECH.EXE:*:Enabled:Client"
    "C:\\Program Files\\Codemasters\\1NSANE\\Game.exe"="C:\\Program Files\\Codemasters\\1NSANE\\Game.exe:*:D isabled:INSANE"
    "C:\\Program Files\\Third Wave Games\\War World - Tactical Combat DEMO 1.09\\War World.exe"="C:\\Program Files\\Third Wave Games\\War World - Tactical Combat DEMO 1.09\\War World.exe:*:Enabled:War World"
    "C:\\Program Files\\Midway Home Entertainment\\Rise and Fall Demo\\Bin\\RiseAndFallDemo.exe"="C:\\Program Files\\Midway Home Entertainment\\Rise and Fall Demo\\Bin\\RiseAndFallDemo.exe:*:Enabled:Application"
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
    "C:\\My Games\\Demolition Derby and Figure 8 Race\\ddfr.exe"="C:\\My Games\\Demolition Derby and Figure 8 Race\\ddfr.exe:*:D isabled:D emolition Derby & Figure 8 Race Application"
    "C:\\Program Files\\Cyanide\\Pro Cycling Manager - Saison 2006 - Demo\\pcm.exe"="C:\\Program Files\\Cyanide\\Pro Cycling Manager - Saison 2006 - Demo\\pcm.exe:*:D isabled:p cm"
    "C:\\Program Files\\Cyanide\\Winter Challenge\\WinterApp.exe"="C:\\Program Files\\Cyanide\\Winter Challenge\\WinterApp.exe:*:Enabled:WinterChallenge"
    "C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"="C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe:*:Enabled:GameCenter"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\\Program Files\\Cyanide\\Horse Racing Manager\\GameHR.exe"="C:\\Program Files\\Cyanide\\Horse Racing Manager\\GameHR.exe:*:Enabled:GameHR"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Orange Link\\Application\\Exe\\Orange Link.exe"="C:\\Program Files\\Orange Link\\Application\\Exe\\Orange Link.exe:*:Enabled:o range Link"
    "C:\\Program Files\\Orange Link\\Application\\eConfv4\\olinkp.exe"="C:\\Program Files\\Orange Link\\Application\\eConfv4\\olinkp.exe:*:Enabled:o range Link Player"
    "C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"="C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster"
    "C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
    "C:\\My Games\\SmallBall Football\\jre\\bin\\javaw.exe"="C:\\My Games\\SmallBall Football\\jre\\bin\\javaw.exe:*:Enabled:javaw"
    "C:\\WINDOWS\\System32\\dpvsetup.exe"="C:\\WINDOWS\\System32\\dpvsetup.exe:*:D isabled:Microsoft DirectPlay Voice Test"
    "C:\\WINDOWS\\System32\\RUNDLL32.EXE"="C:\\WINDOWS\\System32\\RUNDLL32.EXE:*:D isabled:Ex‚cuter une DLL en tant qu'application"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
    "C:\\Program Files\\Ankama Games\\Dofus\\Dofus.exe"="C:\\Program Files\\Ankama Games\\Dofus\\Dofus.exe:*:D isabled:D ofus Client"
    "C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\PROGRA~1\\LIVECOM\\APPLIC~1\\EXE\\LIVECOM.EXE"="C:\\PROGRA~1\\LIVECOM\\APPLIC~1\\EXE\\LIVECOM.EXE:*:Enabled:Livecom"
    "C:\\PROGRA~1\\LIVECOM\\APPLIC~1\\EXE\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\LIVECOM\\APPLIC~1\\EXE\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files :



    Files with Hidden Attributes :

    Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Thu 31 Jan 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sun 25 Jun 2006 444 ...HR --- "C:\Documents and Settings\Nono et Caty\Application Data\SecuROM\UserData\securom_v7_01.bak"
    Tue 8 Jul 2008 20 A..H. --- "C:\Documents and Settings\Alex\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
    Thu 31 Jan 2008 4,348 ...H. --- "C:\Documents and Settings\Alex\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
    Thu 31 Jan 2008 9,656 A.SH. --- "C:\Documents and Settings\Alex\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
    Wed 13 Oct 2004 10,198 A..H. --- "C:\Documents and Settings\Nono et Caty\Application Data\Microsoft\Office\Shortcut Bar\Pro3.tmp"

    Finished!

    Contenus similaires
    30 Novembre 2008 10:11:51

    Re,

    Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    1 Décembre 2008 13:24:05

    Bonjour DANGELDARK. J'ai charger puis utiliser ComboFix. C'est génial, il a tout nettoyé en un temps record. J'ai récupéré mon gestionnaire des taches, mon fond d'écran, je n'ai plus le message Warning et Internet fontionne super bien. Merci beaucoup.

    Pour info je te joins le log de COmbo.
    ComboFix 08-11-30.01 - Nono et Caty 2008-12-01 13:17:26.1 - FAT32x86
    Lancé depuis: c:\documents and settings\Nono et Caty\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Nono et Caty\err.log
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\cup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\customer_cup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\heart.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_down.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_up.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\plates.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\ticket.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\tray.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\music\mainmenumusic.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_check_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_ready_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_heart_1.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_write_2.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_rollover_1.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_people_snd.ogg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\choosedifficulty.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\highscores.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro_mask.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover_mask.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup_mask.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradetitle.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalk.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalkup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancel.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancelup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\close.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\closeup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continueover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_blue.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_yellow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplay.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplayover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfo.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off_on.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on_on.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pause.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pauseover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quit.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgame.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgameover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegame.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegameover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submit.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submitup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagain.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagainover.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_over.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_up.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobal.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobalup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscore.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocal.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocalup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\comics\webcomic.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\career.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\customer.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\endless.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\global.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\powerups.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\stove.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\arrow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click2.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\grab.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\open.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\sit_legs.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\arial.mvec
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt2top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt4top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_off.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on1.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on2.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdownon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowright.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\p1icon.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\textedit.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\title.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fifth_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\first_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fourth_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\second_level_diner.txt
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\playfirst_logo.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\background.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\frames\upgrade_0001.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\upgrades.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\tableshadow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\choosedifficulty.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooserestaurant.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\credits.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\game.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\gothighscore.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help2.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscore.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelintro.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelover.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\loading.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainloop.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\ok.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\pause.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\style.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\tutorialintro.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upgrade.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upsell.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\webcomic.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\yesno.lua
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\aol_logo.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\playfirst_logo.jpg
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\strings.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\check.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\checkmark.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\clock.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closed.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closingtime.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\dollar.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\tables.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expert.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expertscore.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\fork_timer.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\goalcompleted.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level_career.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\score.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\sound.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staroff.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staron.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumber.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumberup.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\traynumber.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorial_character.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\select.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\table.png
    c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\dinerdash.exe
    c:\windows\system\oeminfo.ini
    c:\windows\system32\urlmsnlink.dat
    c:\windows\system32\wvUKdeFW.dll
    c:\windows\Tasks\xscoqsoz.job

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-01 au 2008-12-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-29 17:48 . 2008-11-29 17:48 <REP> d-------- C:\Lop SD
    2008-11-29 17:19 . 2008-11-29 17:19 <REP> d-------- c:\windows\ERUNT
    2008-11-29 17:19 . 2001-08-18 12:00 1,688 --a------ c:\windows\system32\AUTOEXEC.NT
    2008-11-29 17:17 . 2008-11-06 02:03 <REP> d-------- C:\SDFix
    2008-11-29 17:07 . 2008-12-01 12:49 1,349 --a------ c:\windows\system32\ahtn.htm
    2008-11-29 16:58 . 2008-11-29 16:58 <REP> d-------- c:\program files\Navilog1
    2008-11-29 11:54 . 2008-11-27 13:19 32,256 --a------ c:\windows\system32\frmwrk32.exe
    2008-11-29 11:54 . 2008-12-01 12:49 4,785 --a------ c:\windows\system32\warning.gif
    2008-11-29 11:54 . 2008-12-01 12:49 3,104 --a------ c:\windows\system32\ntdll64.exe
    2008-11-29 11:54 . 2008-11-29 11:54 1 --a------ c:\windows\system32\uniq.tll
    2008-11-29 11:54 . 2008-11-29 11:54 1 --a------ c:\windows\system32\test.ttt
    2008-11-16 18:54 . 2008-11-16 18:54 <REP> d-------- c:\documents and settings\Nono et Caty\Application Data\temp
    2008-11-05 16:58 . 2008-11-05 16:58 <REP> d-------- c:\program files\Wakfu

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2060-08-18 17:40 909,824 ----a-w c:\windows\system32\cp3245mt.dll
    2008-10-27 16:07 51,352 ----a-w c:\documents and settings\Nono et Caty\Application Data\GDIPFONTCACHEV1.DAT
    2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
    2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-15 17:59 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
    2008-10-03 18:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-09-15 16:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
    2008-09-15 16:39 1,846,144 ------w c:\windows\system32\dllcache\win32k.sys
    2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll
    2008-09-04 16:45 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
    2008-06-15 14:49 51,352 ----a-w c:\documents and settings\Estelle\Application Data\GDIPFONTCACHEV1.DAT
    2008-06-14 19:06 51,352 ----a-w c:\documents and settings\Alex\Application Data\GDIPFONTCACHEV1.DAT
    2006-11-20 17:43 1 ----a-w c:\documents and settings\Nono et Caty\SI.bin
    2006-03-06 17:15 774,144 ----a-w c:\program files\RngInterstitial.dll
    2006-02-07 19:25 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
    2005-04-14 19:09 560 ----a-w c:\documents and settings\Nono et Caty\Application Data\ViewerApp.dat
    2001-03-28 11:02 122,880 ----a-w c:\windows\inf\AGFA\Message.exe
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
    "ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2005-11-21 548864]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-19 50176]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
    "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2003-12-31 77824]
    "nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 c:\windows\system32\bthprops.cpl]
    "Framework Windows"="frmwrk32.exe" [2008-11-27 c:\windows\system32\frmwrk32.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
    "NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2006-10-22 86016]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm
    "VIDC.MJPG"= Pvmjpg21.dll
    "VIDC.PIM1"= pclepim1.dll
    "VIDC.CJPG"= ctwbjpg.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    --a------ 2004-12-14 18:57 458752 c:\program files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    --a------ 2004-12-14 18:51 217088 c:\program files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
    --a------ 2002-06-03 11:38 49152 c:\program files\ScanSoft\OmniPageSE\opware32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
    --a------ 2007-12-12 09:50 107248 c:\program files\OrangeHSS\SessionManager\SessionManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
    --a------ 2003-08-22 11:28 32768 c:\progra~1\Pinnacle\PPE\PPE.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2003-12-31 04:44 77824 c:\program files\QuickTime\qttask.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\ScanSoft\\OmniPageSE\\EregFre\\NAVBrowser.exe"=
    "c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "c:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
    "c:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
    "c:\\WINDOWS\\System32\\dpvsetup.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
    "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "60012:TCP"= 60012:TCP:BitCOmet60012
    "60012:UDP"= 60012:UDP:BitComet UDP

    R0 61883flt;NVIDIA 1394/61883 Filter;c:\windows\system32\DRIVERS\61883flt.sys [2005-04-18 5504]
    R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
    R0 VOBID;VOBID;c:\windows\system32\DRIVERS\vobid.sys [2003-08-01 29239]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-06 78416]
    R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.sys [2001-10-04 9728]
    R1 vobiw;vobiw;c:\windows\system32\drivers\vobiw.sys [2003-08-29 187392]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-06 20560]
    R2 athsgt;athsgt;c:\windows\system32\DRIVERS\athsgt.sys [2006-06-21 164992]
    R2 limsgt;limsgt;c:\windows\system32\DRIVERS\limsgt.sys [2006-06-21 12544]
    R3 cdrdrv;Cdrdrv;c:\windows\system32\Drivers\Cdrdrv.sys [2002-12-13 64000]
    R3 pctvvbi;PCTVVBI;c:\windows\system32\DRIVERS\pctvvbi.sys [2004-09-23 6400]
    S3 ADM8511;Convertisseur USB vers Fast Ethernet ADMtek ADM8511/AN986;c:\windows\system32\DRIVERS\ADM8511.SYS [2003-12-31 20160]
    S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\ASUSHWIO.sys []
    S3 hcwPVRP2;Hauppauge WinTV-PVR PCI II (Encoder-16);c:\windows\system32\DRIVERS\hcwPVRP2.sys [2003-09-19 793280]
    S4 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2004-07-17 8768]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a912ac5-f1fb-11dc-82b8-000c6ebab5d6}]
    \Shell\Auto\command - cmd /C launch.bat
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

    *Newly Created Service* - PROCEXP90
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-PowerBar - (no file)
    HKCU-RunOnce-Shockwave Updater - c:\windows\system32\ADOBE\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; sv1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 2.8; .NET CLR 2.0.50727; Creative ZENcast v1.02.12)


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.orange.fr
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mWindow Title =
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Popup Eclair\addbypass.exe
    IE: {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Popup Eclair\addbypass.exe -

    O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://www.touslesdrivers.com/fichiers/hardwaredetection/hardw...
    c:\windows\Downloaded Program Files\hardwaredetection.inf

    c:\windows\Downloaded Program Files\OberonGameHost.dll - O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
    hxxp://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    c:\windows\Downloaded Program Files\OberonGameHost_dbg.inf

    c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\IPSUploader.ocx
    O16 -: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8}
    hxxp://asp05.photoprintit.de/microsite/3462/defaults/activex/IPSUploader.cab
    c:\windows\Downloaded Program Files\IPSUploader.inf
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-01 13:18:52
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    PowerBar = ?????Bltx?lt????6?itlO?w??????????????@???@?<??? ~?w?????????????~?w??@???@????????????????? 9?w???w?????~?w?~?wp????????~?w???????? ????????????]?wp???0?????????????it=O?w?????????????????? ?????[?????????@???@??????C?w????$?@???????@???@???@????s???????????

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-12-01 13:19:23
    ComboFix-quarantined-files.txt 2008-12-01 12:19:22

    Avant-CF: 66 291 826 688 octets libres
    Après-CF: 66,600,992,768 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn

    483 --- E O F --- 2008-11-12 18:57:34

    Merci encore
    1 Décembre 2008 13:53:29

    En fait j'ai réagi un peu vite. Quand j'ai voulu me connecter sur la session d'un autre utilisateur de mon PC, j'ai malheureusement retrouvé les mêmes pb que sur ma session. J'ai remarqué que le fichier c:\windows\system32\frmwrk32.exe crée le 29/11 à 11h54, jour et heure de mon infection était encore là. Faut-il que je recommence l'opération, et que je supprime ce fichier ? Merci de ta réponse.
    1 Décembre 2008 18:07:38

    Re,

    1) Sélectionne l'intégralité du cadre ci-dessous :

    Collect::
    c:\windows\system32\frmwrk32.exe
    c:\windows\system32\ahtn.htm
    c:\windows\system32\warning.gif
    c:\windows\system32\ntdll64.exe
    c:\windows\system32\uniq.tll
    c:\windows\system32\test.ttt

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"=-
    "QuickTime Task"=-
    "Framework Windows"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a912ac5-f1fb-11dc-82b8-000c6ebab5d6}]


  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix.
  • ComboFix créera ces fichiers sur ton Bureau :
    - Un fichier zippé nommé Submit [Date Time].zip
    - Un second fichier nommé - CF-Submit.htm
  • ComboFix peut exiger un redémarrage pour compléter son travail. Accepte.
  • Lorsque l'outil aura terminé, un rapport ComboFix.log apparaîtra à l'écran.
  • Une nouvelle fenêtre avec invite "Submit Files for further analysis" s'ouvrira. Clique "OK"
  • Ton navigateur se lancera automatiquement avec le fichier CF-Submit.htm et une fenêtre s'ouvrira :
    - Clique sur le bouton "Browse"("Parcourir") et navigue vers le fichier
    Submit [Date Time].zip qui est sur ton Bureau.
    - Clique sur le fichier afin de le sélectionner.
  • Soumets le fichier en cliquant "OK"
  • Lorsque cette opération sera complétée, tu peux supprimer ces deux fichiers qui se trouvent sur ton Bureau.
    Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

    2) Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
    - Coche Afficher les fichiers et dossiers cachés
    - Décoche Masquer les extensions des fichiers dont le type est connu
    - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
    clique sur Appliquer, puis OK.

    N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

    Fais analyser le(s) fichier(s) suivants sur Virustotal

  • Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : c:\windows\system32\DRIVERS\61883flt.sys
  • Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    1 Décembre 2008 19:39:05

    J'ai un gros souci, je n'arrive plus à ouvrir aucune session d'utilisateur. Dès que je choisis un utilsateur, même en mode sans echec, j'ai une déconnexion automatique et je me retrouve sur la fenêtre de choix des utilisateurs. Je ne peux rien faire. Peux tu m'aider ? Merci.
    2 Décembre 2008 19:02:36

    Re,

    Bizarre, ce n'est pas le fruit de nos manipulations.
    As-tu la console de Récupération installée sur l'ordinateur ? (proposée avec ComboFix)

    As-tu le CD de Windows ?
    20 Décembre 2008 15:04:51

    J'ai trouvé, il y avait un fichier HS pour la connexion des utilisateurs. J'ai nettoyé et c'est OK. Merci.
    21 Décembre 2008 15:11:05

    Re,

    Peux-tu préciser ce que tu as fait ? ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS