Se connecter / S'enregistrer
Votre question

infection ? (Résolu)

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Avril 2008 18:01:46

Bonjour.

J'ai depuis peu plein de soucis bizarres sur mon ordi... des pages qui s'ouvrent toutes seules, ma souris qui fait des bonds, des pages qui s'ouvrent à la place de celles que je demande, des logiciels qui ne se lancent plus... Mon antivirus (avast) me dit que non, tout va bien. Je vois bien, moi, que ça ne va plus du tout...
Alors comme je ne suis pas plus douée que ça, je poste ici le rapport Hijack, et si quelqu'un peut me donner un petit coup de main, j'en serais ravie !
Merci.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:06, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\OFFICE ONE6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\OFFICE ONE6.5\OFFICE One Notes\oonotesv65.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe
C:\Program Files\OFFICE ONE6.5\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoSTS08.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/...*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Assistant MySidesearch - {6156A32A-C512-4e23-AA9A-2315F4265681} - C:\WINDOWS\system32\myss_sb.dll
O2 - BHO: (no name) - {6E408059-6C37-4DED-B0BB-9CC4DF2C16C7} - C:\WINDOWS\system32\Audio3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: adzgalore - {994B5FB4-0103-44A6-B6B3-C73572B362BC} - C:\WINDOWS\system32\nsr2D.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: cpmsky browser optimizer - {bca87373-64c0-e92a-c657-13a2ad9079f8} - C:\WINDOWS\system32\{d4bc47bd-c791-d934-6a76-979393e6225b}.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ActivControl] C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{d4bc47bd-c791-d934-6a76-979393e6225b}.dll" DllInit
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OFFICE One 6.5.lnk = C:\Program Files\OFFICE ONE6.5\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE ONE6.5\OFFICE One Clock\ooneclockv65.exe
O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE ONE6.5\OFFICE One Notes\oonotesv65.exe
O4 - Global Startup: WiFi Station pour Livebox.lnk = C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://king.orange.fr/ctl/kingcomie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {7A96FF35-4937-11D1-8F2C-00609779BDA3} (ScolPlugin Class) - http://www.kyela.com/files/atlscol.dll
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://jeuxenligne.orange.fr/GameShell/online/fr/luxor/...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPl...
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - http://copainsdavant.linternaute.com/html_include_bibli...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.servicesalacarte.wanadoo.fr/activex...
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylom.servicesalacarte.wanadoo.fr/activex...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/Obe...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553545500} - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://wanadoofr.oberon-media.com/online2/diner_dash/Di...
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://jeuxenligne.orange.fr/GameShell/online/fr/chuzzl...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 13124 bytes

Autres pages sur : infection resolu

a b 8 Sécurité
22 Avril 2008 18:07:54

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    22 Avril 2008 18:41:51

    Merci... alors voilà voilà :

    ComboFix 08-04-20.5 - Utilisateur 2008-04-22 18:30:18.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.232 [GMT 2:00]
    Endroit: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\cup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\customer_cup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\heart.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\menu_down.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\menu_up.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\plates.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\ticket.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\tray.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\music\mainmenumusic.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_bring_check_1_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_diner.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_food_ready_1_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_gain_heart_1.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pencil_write_2.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_rollover_1.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_seat_people_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\choosedifficulty.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\credits.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\flo_lose.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\flo_win.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\help1.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\help2.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\highscores.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelintro.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelintro_mask.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelover.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelover_mask.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\mainmenu.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\popup.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\popup_mask.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upgradegrid.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upgradetitle.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upsell.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowleft_blue.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowleft_yellow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowright_blue.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowright_yellow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\back_blue.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\back_yellow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backchalk.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backchalkup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backtomenu_blue.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backtomenu_yellow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\cancel.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\cancelup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\career.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\career_over.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\close.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\closeup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\continue.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\continueover.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\credits_blue.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\credits_yellow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\download_blue.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\download_yellow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\easy.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\easy_over.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\endlessshift.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\endlessshift_over.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\hard.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\hard_over.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\help.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\help_over.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\highscores.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\highscores_over.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\instructions_blue.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\instructions_yellow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\letsplay.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\letsplayover.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\medium.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\medium_over.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\moreinfo.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\moreinfoup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\off.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\off_on.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\on.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\on_on.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\pause.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\pauseover.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quit.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitgame.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitgameover.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitover.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\resumegame.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\resumegameover.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\submit.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\submitup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\tryagain.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\tryagainover.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\upgrade_over.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\upgrade_up.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewglobal.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewglobalup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewhighscore.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewhighscoreon.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewlocal.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewlocalup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\comics\webcomic.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\career.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\customer.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\endless.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\global.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\powerups.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\cook.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\cook.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\stove.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\arrow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\click.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\click2.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\grab.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\open.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\sit_legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\sit_legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\sit_legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\sit_legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\sit_legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\sit_legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\sit_legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\sit_legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\sit_legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\sit_legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\idle.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\idle.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\lower.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\lower.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\upper.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\upper.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\fonts\arial.mvec
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\fonts\komikaaxis.mvec
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\chair.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\chair.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dirt2top.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dirt4top.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dishcart.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dishcart.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_off.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_on1.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_on2.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\ticketstation.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\ticketstation.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowdown.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowdownon.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowleft.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowlefton.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowright.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowrighton.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowupon.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\p1icon.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\textedit.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\title.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_a.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_b.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_c.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_a.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_b.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_c.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_d.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_a.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_b.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_c.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_d.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\fifth_level_diner.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\first_level_diner.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\fourth_level_diner.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\second_level_diner.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\playfirst_logo.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\background.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\frames\upgrade_0001.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\upgrades.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\tableshadow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\choosedifficulty.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\chooseplayer.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\chooserestaurant.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\credits.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\game.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\gothighscore.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\help.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\help2.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscore.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscoreinfo.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscoresubmit.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\levelintro.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\levelover.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\loading.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\mainloop.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\mainmenu.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\ok.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\pause.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\style.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\tutorialintro.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\upgrade.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\upsell.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\webcomic.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\yesno.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\splash\gamelabsplash.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\splash\playfirst_logo.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\strings.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\angersmoke.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\angersmoke.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\chairflags.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\chairflags.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\check.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\checkmark.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\clock.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\closed.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\closingtime.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\coinflip.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\coinflip.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\dollar.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\coffee.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\tables.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\wallpaper.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\expert.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\expertscore.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\foodpoof.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\foodpoof.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\fork_timer.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\goalcompleted.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\heartgrow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\heartgrow.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\jar.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\jar.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\level.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\level_career.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\score.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\sound.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\staroff.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\staron.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tablenumber.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tablenumberup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\traynumber.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorial_character.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorialarrow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorialbox.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgradeanim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgradeanim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\drinks.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\maitred.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\oven.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\select.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\shoes.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\stereo.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\table.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.58\dinerdash.exe
    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\system32\nsr2D.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))
    .

    2009-04-22 21:24 . 2009-04-22 21:24 140,488 --a------ C:\WINDOWS\system32\ComDlg32.ocx
    2009-04-22 21:24 . 2009-04-22 21:24 256 --a------ C:\WINDOWS\system32\imail40.rtl
    2008-04-18 11:53 . 2008-04-18 11:47 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-04-18 11:53 . 2008-04-18 11:53 2,549 --a------ C:\WINDOWS\unins000.dat
    2008-04-16 15:58 . 2008-04-16 15:58 63,892 --a------ C:\WINDOWS\system32\{d4bc47bd-c791-d934-6a76-979393e6225b}.dll-uninst.exe
    2008-04-11 17:46 . 2008-04-11 17:46 334,848 --a------ C:\WINDOWS\system32\myss_sb.dll
    2008-04-09 22:34 . 2008-04-14 20:27 89,070 --a------ C:\WINDOWS\system32\myss_sb_uninstall.exe
    2008-04-08 14:11 . 2008-04-08 14:11 328,192 --a------ C:\WINDOWS\system32\{d4bc47bd-c791-d934-6a76-979393e6225b}.dll
    2008-04-08 12:58 . 2008-04-08 12:58 <REP> d-------- C:\Program Files\SeisGram2K
    2008-03-23 19:55 . 2003-08-19 13:36 88,064 --a------ C:\WINDOWS\system32\Audio3.dll
    2008-03-23 19:55 . 2008-03-23 19:55 84,761 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
    2008-03-23 19:54 . 2008-03-23 19:54 <REP> d-------- C:\Program Files\Adzgalore Games Collection
    2008-03-23 19:54 . 2008-03-23 19:54 80,121 --a------ C:\WINDOWS\system32\adzgalore-remove.exe
    2008-03-23 19:54 . 2008-03-23 19:54 40,713 --a------ C:\WINDOWS\system32\cpmsky-uninst.exe
    2008-03-23 12:06 . 2008-03-30 15:02 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\LimeWire
    2008-03-23 12:05 . 2008-03-30 13:41 <REP> d-------- C:\Program Files\LimeWire

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-22 16:27 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-04-22 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-22 15:47 --------- d-----w C:\Program Files\Trend Micro
    2008-04-22 07:29 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\OpenOffice.org2
    2008-04-20 17:09 --------- d-----w C:\Program Files\eMule
    2008-04-17 14:34 --------- d-----w C:\Program Files\Mon_Dessin
    2008-04-08 10:43 --------- d-----w C:\Program Files\Java
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-16 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap
    2008-03-11 15:01 --------- d-----w C:\Program Files\Ethylotest
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2003-03-21 12:45 250,544 ----a-w C:\Program Files\Fichiers communs\keyhelp.ocx
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6156A32A-C512-4e23-AA9A-2315F4265681}]
    2008-04-11 17:46 334848 --a------ C:\WINDOWS\system32\myss_sb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E408059-6C37-4DED-B0BB-9CC4DF2C16C7}]
    2003-08-19 13:36 88064 --a------ C:\WINDOWS\system32\Audio3.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bca87373-64c0-e92a-c657-13a2ad9079f8}]
    2008-04-08 14:11 328192 --a------ C:\WINDOWS\system32\{d4bc47bd-c791-d934-6a76-979393e6225b}.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-16 19:29 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 12:42 4112384]
    "BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-09-15 04:49 40960]
    "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-29 00:49 180269]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-21 21:24 98304]
    "ActivControl"="C:\Program Files\Activ Software\Activdriver\ActivControl2.exe" [2007-09-21 09:26 999424]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    C:\Documents and Settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
    OFFICE One 6.5.lnk - C:\Program Files\OFFICE ONE6.5\program\quickstart.exe [2003-06-30 07:00:00 36864]
    OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
    hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18 147456]
    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58 28672]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    OFFICE One Clock v6.5.lnk - C:\Program Files\OFFICE ONE6.5\OFFICE One Clock\ooneclockv65.exe [2004-11-10 12:45:14 735232]
    OFFICE One Notes v6.5.lnk - C:\Program Files\OFFICE ONE6.5\OFFICE One Notes\oonotesv65.exe [2004-11-10 12:23:55 542208]
    WiFi Station pour Livebox.lnk - C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe [2006-08-15 15:18:03 694272]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.lameacm"= lameACM.acm
    "vidc.3iv2"= 3ivxVfWCodec.dll
    "VIDC.HFYU"= huffyuv.dll
    "VIDC.VP31"= vp31vfw.dll
    "msacm.ac3acm"= ac3acm.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
    backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
    C:\Program Files\Securitoo\Av_Fw\Common\FSM32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]
    C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
    C:\Program Files\Securitoo\Av_Fw\TNB\TNBUtil.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSASWREG]
    C:\Program Files\Securitoo\Av_Fw\Anti-Spyware\fsaswreg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    --a------ 2006-01-29 00:55 122368 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
    C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2004-07-15 12:42 81920 C:\WINDOWS\system32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2004-07-15 12:42 843776 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OoPDFSettingsv6.exe]
    --a------ 2003-07-03 14:19 433152 C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oouserv6.exe]
    --a------ 2003-06-30 07:00 256000 C:\Program Files\OFFICE ONE6.5\program\oouserv6.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2004-11-21 21:24 98304 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2004-01-08 20:54 65536 C:\WINDOWS\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2006-01-29 00:49 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
    --a------ 2004-05-13 10:28 24576 C:\PROGRA~1\Wanadoo\CnxMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
    --------- 2004-05-13 10:28 49152 C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    --------- 2004-05-13 10:28 24576 C:\PROGRA~1\Wanadoo\Watch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    C:\Program Files\Yahoo!\Messenger\ypager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Fswsclds"=2 (0x2)
    "BackWeb Client - 1044199"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\scol\\UsmWin.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
    "C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"=
    "C:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe"=
    "C:\\Program Files\\Photo Story 3 for Windows\\PhotoStory3.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R3 ActivHidSerMini;Promethean Serial Board Driver;C:\WINDOWS\system32\DRIVERS\activhidsermini.sys [2007-09-12 12:29]
    R3 prmvmouse;Promethean HID Mouse Service;C:\WINDOWS\system32\DRIVERS\activmouse.sys [2007-09-12 11:58]
    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
    R3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys [2004-09-15 04:49]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3820fc2b-b8ac-11dc-88f1-000fea14900d}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    *Newly Created Service* - CATCHME

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
    rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2005-02-13 08:48:02 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1100248165.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
    "2008-04-22 16:05:03 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-22 18:35:49
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 125

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-22 18:38:39
    ComboFix-quarantined-files.txt 2008-04-22 16:38:31

    Pre-Run: 30,116,397,056 octets libres
    Post-Run: 30,347,882,496 octets libres

    482 --- E O F --- 2008-04-11 22:13:43
    Contenus similaires
    a b 8 Sécurité
    22 Avril 2008 19:23:01

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    22 Avril 2008 21:22:24

    Pfiou, c'était long... alors voilà :


    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 670

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 129842
    Temps écoulé: 1 hour(s), 27 minute(s), 28 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 20
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 8

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3d87b50d-542a-45b6-96e9-f03cfaa8c962} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{3d87b50d-542a-45b6-96e9-f03cfaa8c962} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6156a32a-c512-4e23-aa9a-2315f4265681} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6156a32a-c512-4e23-aa9a-2315f4265681} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1601d447-7424-4866-8dcc-acf98a2a41e1} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{c3c0ec2c-2c1c-495c-9ad0-1f0ef833d7b5} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adzgalore (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchassistant (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\MySidesearch (Adware.BHO) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spa_start (Adware.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\myss_sb.dll (Adware.BHO) -> Quarantined and deleted successfully.
    C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8794F324-F26E-4D0C-9574-69A0F2A40F97}\RP925\A0164801.exe (Adware.BHO) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\adzgalore-remove.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cpmsky-uninst.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\myss_sb_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\{d4bc47bd-c791-d934-6a76-979393e6225b}.dll (Adware.Agent) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    22 Avril 2008 21:25:17

    Refais un scan Combofix :) 
    22 Avril 2008 21:38:54

    Et hop : :) 


    ComboFix 08-04-20.5 - Utilisateur 2008-04-22 21:29:45.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.208 [GMT 2:00]
    Endroit: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))
    .

    2009-04-22 21:24 . 2009-04-22 21:24 140,488 --a------ C:\WINDOWS\system32\ComDlg32.ocx
    2009-04-22 21:24 . 2009-04-22 21:24 256 --a------ C:\WINDOWS\system32\imail40.rtl
    2008-04-22 19:35 . 2008-04-22 19:35 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-22 19:35 . 2008-04-22 19:35 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Malwarebytes
    2008-04-22 19:35 . 2008-04-22 19:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-18 11:53 . 2008-04-18 11:47 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-04-18 11:53 . 2008-04-18 11:53 2,549 --a------ C:\WINDOWS\unins000.dat
    2008-04-16 15:58 . 2008-04-16 15:58 63,892 --a------ C:\WINDOWS\system32\{d4bc47bd-c791-d934-6a76-979393e6225b}.dll-uninst.exe
    2008-04-08 12:58 . 2008-04-08 12:58 <REP> d-------- C:\Program Files\SeisGram2K
    2008-03-23 19:55 . 2003-08-19 13:36 88,064 --a------ C:\WINDOWS\system32\Audio3.dll
    2008-03-23 19:54 . 2008-03-23 19:54 <REP> d-------- C:\Program Files\Adzgalore Games Collection
    2008-03-23 12:06 . 2008-03-30 15:02 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\LimeWire
    2008-03-23 12:05 . 2008-03-30 13:41 <REP> d-------- C:\Program Files\LimeWire

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-22 19:19 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\OpenOffice.org2
    2008-04-22 17:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-04-22 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-22 15:47 --------- d-----w C:\Program Files\Trend Micro
    2008-04-20 17:09 --------- d-----w C:\Program Files\eMule
    2008-04-17 14:34 --------- d-----w C:\Program Files\Mon_Dessin
    2008-04-08 10:43 --------- d-----w C:\Program Files\Java
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-16 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap
    2008-03-11 15:01 --------- d-----w C:\Program Files\Ethylotest
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2003-03-21 12:45 250,544 ----a-w C:\Program Files\Fichiers communs\keyhelp.ocx
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-22_18.38.12,03 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-22 07:26:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-22 19:18:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2397B000-22FC-495A-918F-34E62CEB58AF}]
    2003-08-19 13:36 88064 --a------ C:\WINDOWS\system32\Audio3.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E408059-6C37-4DED-B0BB-9CC4DF2C16C7}]
    2003-08-19 13:36 88064 --a------ C:\WINDOWS\system32\Audio3.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bca87373-64c0-e92a-c657-13a2ad9079f8}]
    C:\WINDOWS\system32\{d4bc47bd-c791-d934-6a76-979393e6225b}.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-16 19:29 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 12:42 4112384]
    "BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-09-15 04:49 40960]
    "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-29 00:49 180269]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-21 21:24 98304]
    "ActivControl"="C:\Program Files\Activ Software\Activdriver\ActivControl2.exe" [2007-09-21 09:26 999424]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    C:\Documents and Settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
    OFFICE One 6.5.lnk - C:\Program Files\OFFICE ONE6.5\program\quickstart.exe [2003-06-30 07:00:00 36864]
    OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
    hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18 147456]
    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58 28672]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    OFFICE One Clock v6.5.lnk - C:\Program Files\OFFICE ONE6.5\OFFICE One Clock\ooneclockv65.exe [2004-11-10 12:45:14 735232]
    OFFICE One Notes v6.5.lnk - C:\Program Files\OFFICE ONE6.5\OFFICE One Notes\oonotesv65.exe [2004-11-10 12:23:55 542208]
    WiFi Station pour Livebox.lnk - C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe [2006-08-15 15:18:03 694272]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.lameacm"= lameACM.acm
    "vidc.3iv2"= 3ivxVfWCodec.dll
    "VIDC.HFYU"= huffyuv.dll
    "VIDC.VP31"= vp31vfw.dll
    "msacm.ac3acm"= ac3acm.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
    backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
    C:\Program Files\Securitoo\Av_Fw\Common\FSM32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]
    C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
    C:\Program Files\Securitoo\Av_Fw\TNB\TNBUtil.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSASWREG]
    C:\Program Files\Securitoo\Av_Fw\Anti-Spyware\fsaswreg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    --a------ 2006-01-29 00:55 122368 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
    C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2004-07-15 12:42 81920 C:\WINDOWS\system32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2004-07-15 12:42 843776 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OoPDFSettingsv6.exe]
    --a------ 2003-07-03 14:19 433152 C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oouserv6.exe]
    --a------ 2003-06-30 07:00 256000 C:\Program Files\OFFICE ONE6.5\program\oouserv6.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2004-11-21 21:24 98304 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2004-01-08 20:54 65536 C:\WINDOWS\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2006-01-29 00:49 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
    --a------ 2004-05-13 10:28 24576 C:\PROGRA~1\Wanadoo\CnxMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
    --------- 2004-05-13 10:28 49152 C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    --------- 2004-05-13 10:28 24576 C:\PROGRA~1\Wanadoo\Watch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    C:\Program Files\Yahoo!\Messenger\ypager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Fswsclds"=2 (0x2)
    "BackWeb Client - 1044199"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\scol\\UsmWin.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
    "C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"=
    "C:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe"=
    "C:\\Program Files\\Photo Story 3 for Windows\\PhotoStory3.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R3 ActivHidSerMini;Promethean Serial Board Driver;C:\WINDOWS\system32\DRIVERS\activhidsermini.sys [2007-09-12 12:29]
    R3 prmvmouse;Promethean HID Mouse Service;C:\WINDOWS\system32\DRIVERS\activmouse.sys [2007-09-12 11:58]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
    R3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys [2004-09-15 04:49]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3820fc2b-b8ac-11dc-88f1-000fea14900d}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
    rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2005-02-13 08:48:02 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1100248165.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
    "2008-04-22 17:05:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-22 21:33:46
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 125

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> ?:\WINDOWS\system32\COMRes.dll
    -> ?:\WINDOWS\system32\COMRes.dll
    -> ?:\WINDOWS\system32\ATL.DLL
    .
    Temps d'accomplissement: 2008-04-22 21:37:02
    ComboFix-quarantined-files.txt 2008-04-22 19:36:40
    ComboFix2.txt 2008-04-22 16:38:39

    Pre-Run: 30,330,523,648 octets libres
    Post-Run: 30,344,544,256 octets libres

    194 --- E O F --- 2008-04-11 22:13:43
    a b 8 Sécurité
    22 Avril 2008 21:51:04

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\Audio3.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2397B000-22FC-495A-918F-34E62CEB58AF}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E408059-6C37-4DED-B0BB-9CC4DF2C16C7}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bca87373-64c0-e92a-c657-13a2ad9079f8}]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    22 Avril 2008 22:09:01

    Oh là, ça se corse, j'espère que je n'ai pas cafouillé...

    voilà le combofix :


    ComboFix 08-04-20.5 - Utilisateur 2008-04-22 21:58:10.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.178 [GMT 2:00]
    Endroit: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Utilisateur\Bureau\CFScript.txt..txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\Audio3.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\Audio3.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))
    .

    2009-04-22 21:24 . 2009-04-22 21:24 140,488 --a------ C:\WINDOWS\system32\ComDlg32.ocx
    2009-04-22 21:24 . 2009-04-22 21:24 256 --a------ C:\WINDOWS\system32\imail40.rtl
    2008-04-22 19:35 . 2008-04-22 19:35 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-22 19:35 . 2008-04-22 19:35 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Malwarebytes
    2008-04-22 19:35 . 2008-04-22 19:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-18 11:53 . 2008-04-18 11:47 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-04-18 11:53 . 2008-04-18 11:53 2,549 --a------ C:\WINDOWS\unins000.dat
    2008-04-16 15:58 . 2008-04-16 15:58 63,892 --a------ C:\WINDOWS\system32\{d4bc47bd-c791-d934-6a76-979393e6225b}.dll-uninst.exe
    2008-04-08 12:58 . 2008-04-08 12:58 <REP> d-------- C:\Program Files\SeisGram2K
    2008-03-23 19:54 . 2008-03-23 19:54 <REP> d-------- C:\Program Files\Adzgalore Games Collection
    2008-03-23 12:06 . 2008-03-30 15:02 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\LimeWire
    2008-03-23 12:05 . 2008-03-30 13:41 <REP> d-------- C:\Program Files\LimeWire

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-22 19:19 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\OpenOffice.org2
    2008-04-22 17:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-04-22 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-22 15:47 --------- d-----w C:\Program Files\Trend Micro
    2008-04-20 17:09 --------- d-----w C:\Program Files\eMule
    2008-04-17 14:34 --------- d-----w C:\Program Files\Mon_Dessin
    2008-04-08 10:43 --------- d-----w C:\Program Files\Java
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-16 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap
    2008-03-11 15:01 --------- d-----w C:\Program Files\Ethylotest
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2003-03-21 12:45 250,544 ----a-w C:\Program Files\Fichiers communs\keyhelp.ocx
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-22_18.38.12,03 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-22 07:26:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-22 19:18:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-16 19:29 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 12:42 4112384]
    "BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-09-15 04:49 40960]
    "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-29 00:49 180269]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-21 21:24 98304]
    "ActivControl"="C:\Program Files\Activ Software\Activdriver\ActivControl2.exe" [2007-09-21 09:26 999424]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    C:\Documents and Settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
    OFFICE One 6.5.lnk - C:\Program Files\OFFICE ONE6.5\program\quickstart.exe [2003-06-30 07:00:00 36864]
    OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
    hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18 147456]
    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58 28672]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    OFFICE One Clock v6.5.lnk - C:\Program Files\OFFICE ONE6.5\OFFICE One Clock\ooneclockv65.exe [2004-11-10 12:45:14 735232]
    OFFICE One Notes v6.5.lnk - C:\Program Files\OFFICE ONE6.5\OFFICE One Notes\oonotesv65.exe [2004-11-10 12:23:55 542208]
    WiFi Station pour Livebox.lnk - C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe [2006-08-15 15:18:03 694272]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.lameacm"= lameACM.acm
    "vidc.3iv2"= 3ivxVfWCodec.dll
    "VIDC.HFYU"= huffyuv.dll
    "VIDC.VP31"= vp31vfw.dll
    "msacm.ac3acm"= ac3acm.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
    backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
    C:\Program Files\Securitoo\Av_Fw\Common\FSM32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]
    C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
    C:\Program Files\Securitoo\Av_Fw\TNB\TNBUtil.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSASWREG]
    C:\Program Files\Securitoo\Av_Fw\Anti-Spyware\fsaswreg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    --a------ 2006-01-29 00:55 122368 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
    C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2004-07-15 12:42 81920 C:\WINDOWS\system32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2004-07-15 12:42 843776 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OoPDFSettingsv6.exe]
    --a------ 2003-07-03 14:19 433152 C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oouserv6.exe]
    --a------ 2003-06-30 07:00 256000 C:\Program Files\OFFICE ONE6.5\program\oouserv6.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2004-11-21 21:24 98304 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2004-01-08 20:54 65536 C:\WINDOWS\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2006-01-29 00:49 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
    --a------ 2004-05-13 10:28 24576 C:\PROGRA~1\Wanadoo\CnxMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
    --------- 2004-05-13 10:28 49152 C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    --------- 2004-05-13 10:28 24576 C:\PROGRA~1\Wanadoo\Watch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    C:\Program Files\Yahoo!\Messenger\ypager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Fswsclds"=2 (0x2)
    "BackWeb Client - 1044199"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\scol\\UsmWin.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
    "C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"=
    "C:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe"=
    "C:\\Program Files\\Photo Story 3 for Windows\\PhotoStory3.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R3 ActivHidSerMini;Promethean Serial Board Driver;C:\WINDOWS\system32\DRIVERS\activhidsermini.sys [2007-09-12 12:29]
    R3 prmvmouse;Promethean HID Mouse Service;C:\WINDOWS\system32\DRIVERS\activmouse.sys [2007-09-12 11:58]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
    R3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys [2004-09-15 04:49]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3820fc2b-b8ac-11dc-88f1-000fea14900d}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
    rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2005-02-13 08:48:02 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1100248165.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
    "2008-04-22 17:05:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-22 22:01:10
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-22 22:03:42
    ComboFix-quarantined-files.txt 2008-04-22 20:03:20
    ComboFix2.txt 2008-04-22 19:37:03
    ComboFix3.txt 2008-04-22 16:38:39

    Pre-Run: 30,319,431,680 octets libres
    Post-Run: 30,318,518,272 octets libres

    192 --- E O F --- 2008-04-11 22:13:43


    Et le Hijackthis :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:05:02, on 22/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\VM_STI.EXE
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\OFFICE ONE6.5\OFFICE One Clock\ooneclockv65.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\OFFICE ONE6.5\OFFICE One Notes\oonotesv65.exe
    C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe
    C:\Program Files\OFFICE ONE6.5\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoSTS08.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/...*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ActivControl] C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OFFICE One 6.5.lnk = C:\Program Files\OFFICE ONE6.5\program\quickstart.exe
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE ONE6.5\OFFICE One Clock\ooneclockv65.exe
    O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE ONE6.5\OFFICE One Notes\oonotesv65.exe
    O4 - Global Startup: WiFi Station pour Livebox.lnk = C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://king.orange.fr/ctl/kingcomie.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O16 - DPF: {7A96FF35-4937-11D1-8F2C-00609779BDA3} (ScolPlugin Class) - http://www.kyela.com/files/atlscol.dll
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://jeuxenligne.orange.fr/GameShell/online/fr/luxor/...
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPl...
    O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - http://copainsdavant.linternaute.com/html_include_bibli...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.servicesalacarte.wanadoo.fr/activex...
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylom.servicesalacarte.wanadoo.fr/activex...
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/Obe...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553545500} - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://wanadoofr.oberon-media.com/online2/diner_dash/Di...
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 11528 bytes


    24 Avril 2008 19:26:12

    Ah... ben oui, mais j'ai été assez nouille pour prendre la version payante d'avast... alors si c'est vraiment un mauvais antivirus, je veux bien le virer, mais comment dire... j'ai un peu les boules !
    Ca vaut le coup tant que ça ?

    Sinon, j'ai la possibilité d'accéder gratuitement à Kaspersky...

    Alors... Antvir quand même ?
    a b 8 Sécurité
    24 Avril 2008 21:06:31

    Si tu as la possibilité d'accéder à Kaspersky gratuitement, c'est une meilleure solution :) 
    25 Avril 2008 11:43:43

    Ainsi donc, j'ai viré Avast, qui me disait que tout allait bien (tss tss) et installé kapersky (bien merci du conseil), qui m'a dégotté :

    - 4 AdWares qu'il a supprimé
    - 2 Trojan, supprimé aussi, youpi !

    et puis il me dit ça :

    non trouvé : virus Heur.Invader (modification) Le fichier: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe//PE_Patch.UPX/327882R2FWJFW\catchme.cfexe

    C'est quoi, ça ?
    a b 8 Sécurité
    25 Avril 2008 11:49:10

    ComboFix, de par sa puissance, peut être considéré comme une infection.
    Mais ce n'est pas le cas ;) 
    25 Avril 2008 11:53:41

    Alors tout est bien qui finit bien ? C'est tout propre ?

    Merci, hein, merci merci... :love: 
    a b 8 Sécurité
    25 Avril 2008 12:05:55

    Reposte un dernier rapport Hijackthis :) 
    25 Avril 2008 12:10:37

    Voilà voilà... suspense insoutenable... verdict ?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:08:52, on 25/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\VM_STI.EXE
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\OFFICE ONE6.5\OFFICE One Clock\ooneclockv65.exe
    C:\Program Files\OFFICE ONE6.5\OFFICE One Notes\oonotesv65.exe
    C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\OFFICE ONE6.5\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoSTS08.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/...*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ActivControl] C:\Program Files\Activ Software\Activdriver\ActivControl2.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OFFICE One 6.5.lnk = C:\Program Files\OFFICE ONE6.5\program\quickstart.exe
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE ONE6.5\OFFICE One Clock\ooneclockv65.exe
    O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE ONE6.5\OFFICE One Notes\oonotesv65.exe
    O4 - Global Startup: WiFi Station pour Livebox.lnk = C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://king.orange.fr/ctl/kingcomie.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O16 - DPF: {7A96FF35-4937-11D1-8F2C-00609779BDA3} (ScolPlugin Class) - http://www.kyela.com/files/atlscol.dll
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://jeuxenligne.orange.fr/GameShell/online/fr/luxor/...
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPl...
    O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - http://copainsdavant.linternaute.com/html_include_bibli...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.servicesalacarte.wanadoo.fr/activex...
    O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylom.servicesalacarte.wanadoo.fr/activex...
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/Obe...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553545500} - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://wanadoofr.oberon-media.com/online2/diner_dash/Di...
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 11453 bytes
    a b 8 Sécurité
    25 Avril 2008 12:14:15

    Apparemment ok :) 
    25 Avril 2008 12:16:40

    Chouette !
    Et merci encore !
    a b 8 Sécurité
    25 Avril 2008 12:22:44

    Bon surf :) 

  • Télécharge ToolsCleaner sur ton Bureau.
  • Clique sur Recherche et laisse le scan se terminer.
  • Clique sur Suppression pour finaliser.
  • Clique sur Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

    Désactive puis réactive la restauration du système : Voir aide

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :


    25 Avril 2008 12:35:19

    Mince, il restait des cochonneries... c'est résolu quand même ?


    -->- Recherche:

    C:\Qoobox: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\Utilisateur\Bureau\HijackThis.lnk: trouvé !
    C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe: trouvé !
    C:\Documents and Settings\Utilisateur\Bureau\HJTInstall.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\Utilisateur\Bureau\HijackThis.lnk: supprimé !
    C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe: supprimé !
    C:\Documents and Settings\Utilisateur\Bureau\HJTInstall.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Qoobox: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !
    a b 8 Sécurité
    25 Avril 2008 12:37:01

    Où tu vois des cochonneries ?
    25 Avril 2008 12:43:22

    Ah... euh... ben nulle part, si tu le dis. :D 
    Alors c'est résolu.
    Alors un dernier merci, et chapeau pour l'aide efficace et rapide !
    a b 8 Sécurité
    25 Avril 2008 14:41:23

    De rien ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS