Sujet Précédent Sujet Suivant

Au secours : Trojan.agent et worm.autorun

bebedragon -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Depuis 2 jours je me bats avec mon pc. Il a commencé par m'ouvrir des fenêtres internet alors que je faisais du traitement de texte. cela m'était déjà arrivé il y a longtemps et malwarebytes anti-malware m'avait permis de régler le problème. aujourd'hui, après plusieurs tentatives, je n'arrive pas à supprimer Trojan.Agent et worm.autorun. En faisant une analyse avec bitdefender professional 9, d'autres problèmes apparaissent : Generic.dld.AKI.BD229751 qui ne peut être supprimé.
Je fonctionne avec XP, c'est un pc de travail. J'ai constamment des alertes de sécurité Windows (mon pare feu et mon anti-virus sont pourtant activé)
Merci de m'aider sinon je passe mon pc par la fenêtre.

67 réponses

Précédent
Réponse 21 / 67
bebedragon
 
je prends quand même le temps de poster le rapport toolbar-S&D

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Default System BIOS
USER : poste2 ( Administrator )
BOOT : Normal boot
Antivirus : BitDefender 9 Professional Plus 7.2 (Activated)
Firewall : BitDefender 9 Professional Plus 7.2 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:61 Go)
D:\ (CD or DVD)
F:\ (Network Disk) - NTFS - Total:74 Go (Free:54 Go)
G:\ (Network Disk) - NTFS - Total:74 Go (Free:54 Go)
Z:\ (Network Disk) - NTFS - Total:74 Go (Free:54 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 28/04/2009|12:18 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\Hbtools
C:\Program Files\Hbtools\Bin
C:\Program Files\Hbtools\Bin\4.6.4.0
C:\DOCUME~1\poste2\APPLIC~1\Search Settings
C:\DOCUME~1\poste2\APPLIC~1\Search Settings\kb126
C:\DOCUME~1\poste2\APPLIC~1\Search Settings\kb126\res
C:\DOCUME~1\poste2\APPLIC~1\Search Settings\kb126\temp
C:\DOCUME~1\poste2\APPLIC~1\Search Settings\kb126\temp\ws-14359.log
C:\DOCUME~1\poste2\APPLIC~1\Search Settings\kb126\temp\ws-14361.log
C:\DOCUME~1\poste2\APPLIC~1\Search Settings\kb126\temp\ws-14362.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb126
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb126\res
C:\Program Files\Search Settings\kb126\SearchSettings.dll
C:\Program Files\Search Settings\kb126\temp
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\cs
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122560891.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122622954.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122624264.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122626420.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122627473.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122631950.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122635319.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122641738.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122644550.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122647943.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122709334.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122714293.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122718406.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122721072.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122881580.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122886749.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122898405.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122902855.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122905255.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122911785.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122974359.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122978623.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122986112.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122987365.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122988263.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122992918.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123054310.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123055479.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123057194.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123062061.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123065441.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123141063.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123141511.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123151744.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123152725.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123165006.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123165921.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123167287.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123227317.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123229826.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123244852.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123253898.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124183331.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124190056.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124194932.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124202066.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124264560.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124265662.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124266900.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124271943.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124276451.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124351524.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124361353.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124374217.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124379987.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124437178.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124446029.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124450923.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124455115.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124457724.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124460165.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124462052.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124464115.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124522994.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124530412.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124531594.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124532711.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124535102.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124536603.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124696656.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124701096.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124706009.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124709696.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124716025.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124718603.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124722650.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124724323.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124725209.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124728102.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124784650.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124786634.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124788269.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124789149.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124790019.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124790889.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124791757.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124792620.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124793491.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124794284.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124798450.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124804659.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124809250.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124814114.log
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\cs\Config.xml
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\cs\db
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\cs\dwld
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\cs\persist.dbs
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\cs\report
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\cs\res2
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\cs\db\Aliases.dbs
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\cs\db\Sites.dbs
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\cs\dwld\WhiteList.xip
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\cs\report\ag.xml
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\cs\report\ag.xml.db
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\cs\report\send.xml
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\cs\report\send.xml.db
C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\cs\res2\WhiteList.dbs
C:\Program Files\ShopperReports
C:\Program Files\ShopperReports\Bin
C:\Program Files\ShopperReports\cs
C:\Program Files\ShopperReports\uninst.exe
C:\Program Files\ShopperReports\Bin\1.0.5.0
C:\Program Files\ShopperReports\cs\persist.dbs

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr"
"Search Bar"="http://go.compaq.com/1Q00CDT/040C/bl8.asp"

--------------------\\ Recherche d'autres infections

C:\WINDOWS\Pack.epk
[b]==> EGDACCESS <==/b

1 - "C:\ToolBar SD\TB_1.txt" - 28/04/2009|12:19 - Option : [1]

-----------\\ Fin du rapport a 12:19:31.79
0
Réponse 22 / 67
bebedragon
 
Me revoilà !
J'ai donc remis à jour malwarebytes antimalware et j'ai relancé un examen complet :

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2053
Windows 5.1.2600 Service Pack 3

28/04/2009 13:31:07
mbam-log-2009-04-28 (13-30-59).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 155348
Temps écoulé: 18 minute(s), 19 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\Temp\msb.dll (Worm.Autorun) -> No action taken.

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> No action taken.
C:\WINDOWS\system32\loader266.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\protect.dll (Worm.Autorun) -> No action taken.
C:\WINDOWS\Temp\msb.dll (Worm.Autorun) -> No action taken.
C:\Documents and Settings\poste2\protect.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LocalService\protect.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\win32hlp.cnf (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winglsetup.exe (Trojan.Downloader) -> No action taken.
0
Réponse 23 / 67
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
No action taken. !!!! vire tout et mets le rapport
puis fais la suite toolbar sd
0
Réponse 24 / 67
bebedragon
 
je relance tout de suite toolbar S&D avec le choix 2
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 67
bebedragon
 
Désolée Jlpjlp, je ne comprends pas ce que je dois faire (oui, je sais, je comprends vite mais il faut m'expliquer longtemps!)
0
Réponse 26 / 67
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
il faut que tu vire les infections trouvées par malwarebyte! tu les laisses a chaque fois!

manuel

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0
Réponse 27 / 67
bebedragon
 
Bah non, à chaque fois je fais supprimer tout. Il me dis que pour finir de tout enlever il doit eteindre mon poste alors je dis oui.
Mais à chaque fois, j'ai l'impression que cela ne fais rien
0
Réponse 28 / 67
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
relance tout de suite toolbar S&D avec le choix 2
je laisse ensuite la main
0
Réponse 29 / 67
bebedragon
 
Ok, je fais ça, merci pour tout
0
Réponse 30 / 67
bebedragon
 
Voici le rapport de Toolbar Choix 2

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Default System BIOS
USER : poste2 ( Administrator )
BOOT : Normal boot
Antivirus : BitDefender 9 Professional Plus 7.2 (Activated)
Firewall : BitDefender 9 Professional Plus 7.2 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:61 Go)
D:\ (CD or DVD)
F:\ (Network Disk) - NTFS - Total:74 Go (Free:54 Go)
G:\ (Network Disk) - NTFS - Total:74 Go (Free:54 Go)
Z:\ (Network Disk) - NTFS - Total:74 Go (Free:54 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 28/04/2009|13:45 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\Hbtools\Bin
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\Search Settings\kb126
Supprime! - C:\Program Files\Search Settings\kb126
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\cs
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122560891.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122622954.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122624264.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122626420.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122627473.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122631950.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122635319.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122641738.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122644550.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122647943.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122709334.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122714293.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122718406.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122721072.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122881580.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122886749.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122898405.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122902855.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122905255.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122911785.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122974359.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122978623.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122986112.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122987365.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122988263.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1122992918.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123054310.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123055479.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123057194.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123062061.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123065441.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123141063.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123141511.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123151744.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123152725.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123165006.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123165921.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123167287.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123227317.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123229826.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123244852.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1123253898.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124183331.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124190056.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124194932.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124202066.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124264560.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124265662.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124266900.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124271943.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124276451.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124351524.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124361353.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124374217.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124379987.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124437178.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124446029.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124450923.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124455115.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124457724.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124460165.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124462052.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124464115.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124522994.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124530412.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124531594.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124532711.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124535102.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124536603.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124696656.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124701096.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124706009.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124709696.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124716025.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124718603.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124722650.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124724323.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124725209.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124728102.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124784650.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124786634.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124788269.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124789149.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124790019.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124790889.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124791757.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124792620.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124793491.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124794284.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124798450.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124804659.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124809250.log
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports\shprrprt_1124814114.log
Supprime! - C:\Program Files\ShopperReports\Bin
Supprime! - C:\Program Files\ShopperReports\cs
Supprime! - C:\Program Files\ShopperReports\uninst.exe
Supprime! - C:\Program Files\Hbtools
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings
Supprime! - C:\DOCUME~1\poste2\APPLIC~1\ShopperReports
Supprime! - C:\Program Files\ShopperReports

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="http://go.compaq.com/1Q00CDT/040C/bl8.asp"

--------------------\\ Recherche d'autres infections

C:\WINDOWS\Pack.epk
[b]==> EGDACCESS <==/b

1 - "C:\ToolBar SD\TB_1.txt" - 28/04/2009|12:19 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 28/04/2009|13:46 - Option : [2]

-----------\\ Fin du rapport a 13:46:23.35
0
Réponse 31 / 67
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
je suis le seul dispo :)

Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
0
Réponse 32 / 67
bebedragon
 
Désolée de t'embetter, mais je n'y connait tellement rien.

Donc voici la réponse

Search Navipromo version 3.7.6 commencé le 28/04/2009 à 14:08:25.50

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Default System BIOS
USER : poste2 ( Administrator )
BOOT : Normal boot

Antivirus : BitDefender 9 Professional Plus 7.2 (Activated)
Firewall : BitDefender 9 Professional Plus 7.2 (Not Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:61 Go)
D:\ (CD or DVD)
F:\ (Network Disk) - NTFS - Total:74 Go (Free:54 Go)
G:\ (Network Disk) - NTFS - Total:74 Go (Free:54 Go)
Z:\ (Network Disk) - NTFS - Total:74 Go (Free:54 Go)

Recherche executé en mode normal

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\poste2\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\poste2\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\poste2\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Scan Catchme non réalisé.
Droits limités sur la session actuelle.

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\poste2\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

*** Recherche fichiers ***

C:\WINDOWS\pack.epk trouvé !

*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\poste2\locals~1\applic~1" :

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :

*** Analyse terminée le 28/04/2009 à 14:08:55.15 ***
0
Réponse 33 / 67
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
lance navilog choisi l'option 2 et mets le rapport rsit neuf ensuite
0
Réponse 34 / 67
bebedragon
 
Navilog option 2, compris je fais ça tout de suite
0
Réponse 35 / 67
bebedragon
 
petit problème, cela ne fonctionne pas; voici le message qui apparait

"nettoyage au redemarrage du PC non possible. Nettoyage en mode sans echec impératif a effectuer dans le même session ou l'infection a été trouvée. Transmettre cette info au helper qui vous a pris en charge et suivez ses nouvelles instructions.
L'outil va être interrompu. terminer le programme (O/N)"
0
Réponse 36 / 67
bebedragon
 
Que dois-je faire?
0
Réponse 37 / 67
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 38 / 67
bebedragon
 
Voilà, c'est fait :

ComboFix 09-04-27.04 - poste2 28/04/2009 16:02.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2039.1598 [GMT 2:00]
Lancé depuis: c:\documents and settings\poste2\Bureau\ComboFix.exe
AV: BitDefender 9 Professional Plus *On-access scanning disabled* (Updated)
FW: BitDefender 9 Professional Plus *disabled*
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\protect.dll
c:\documents and settings\poste2\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\poste2\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\poste2\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\poste2\Menu Démarrer\Programmes\Démarrage\ChkDisk.lnk
c:\documents and settings\poste2\protect.dll
c:\program files\INSTALL.LOG
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\customer_cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\heart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\plates.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\tray.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_diner.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_rollover_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\choosedifficulty.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\credits.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\help1.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\help2.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\highscores.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelintro_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelover.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelover_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\popup_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upgradegrid.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upgradetitle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upsell.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowleft_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowleft_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowright_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowright_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\back_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\back_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backchalk.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backchalkup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backtomenu_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backtomenu_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\cancel.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\cancelup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\career_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\close.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\closeup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\continue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\continueover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\credits_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\credits_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\download_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\download_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\easy.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\easy_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\endlessshift.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\endlessshift_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\hard.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\hard_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\help.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\help_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\highscores.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\highscores_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\instructions_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\instructions_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\letsplay.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\letsplayover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\medium.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\medium_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\moreinfo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\moreinfoup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\off_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\on_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\pause.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\pauseover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitgame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitgameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\resumegame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\resumegameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\submit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\submitup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\tryagain.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\tryagainover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewglobal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewglobalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewhighscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewhighscoreon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewlocal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewlocalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\comics\webcomic.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\career.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\customer.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\endless.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\global.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\powerups.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\cook.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\cook.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\idle.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\lower.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\upper.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\fonts\arial.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\fonts\komikaaxis.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\chair.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dishcart.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_on1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_on2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\ticketstation.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowdown.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowdownon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowleft.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowlefton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowright.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowrighton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowupon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\textedit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\title.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\fifth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\first_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\fourth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\second_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\playfirst_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\background.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\frames\upgrade_0001.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\chooseplayer.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\chooserestaurant.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\credits.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\gothighscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\help.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\tutorialintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\webcomic.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\splash\gamelabsplash.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\angersmoke.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\chairflags.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\clock.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\closingtime.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\coinflip.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\coffee.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\tables.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\wallpaper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\expertscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\foodpoof.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\fork_timer.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\goalcompleted.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\heartgrow.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\jar.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\level.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\level_career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\score.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\sound.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\staroff.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\staron.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tablenumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tablenumberup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorial_character.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgradeanim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\drinks.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\maitred.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\oven.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\select.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\shoes.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\stereo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\table.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\dinerdash.exe
c:\windows\IE4 Error Log.txt
c:\windows\pack.epk
c:\windows\system32\autochk.dll
c:\windows\system32\comrepl.exe
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\ovfsthdkfkodfwfbnrdlyfvitlweexufjxolep.sys
c:\windows\system32\ehadipiw.ini
c:\windows\system32\mmwinfsc.ini
c:\windows\system32\ovfsthbupqetirntipswoewcnpfeyxiktjmefj.dat
c:\windows\system32\ovfsthlocnhjqlholkhjjiqoqlpnrqcniageee.dll
c:\windows\system32\ovfsthsqswximdwbwkumitmxvedwyrmjjxbdrg.dll
c:\windows\system32\ovfsthtiknknqvmqwucfrkqjxlkcbulkspkeua.dll
c:\windows\system32\ovfsthxcdjomshrmksgtpldporndvojmwuewhu.dat
c:\windows\system32\uniq.tll
c:\windows\system32\uwojimop.ini
c:\windows\system32\win32hlp.cnf

[color=blue]Une copie infectée de c:\windows\system32\userinit.exe a été trouvée et désinfectée
opie restaurée à partir de - c:\qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir/COLOR

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthxnsvxowpiewiphgmppasftqwrrwbltax

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-28 au 2009-4-28 ))))))))))))))))))))))))))))))))))))
.

2009-04-28 12:07 . 2009-04-28 12:38 -------- d-----w c:\program files\Navilog1
2009-04-28 10:17 . 2009-04-28 11:46 -------- dc----w C:\ToolBar SD
2009-04-28 09:37 . 2009-04-28 09:55 -------- dc----w C:\UsbFix
2009-04-28 09:31 . 2009-04-28 11:52 27648 ----a-w c:\windows\system32\lmppcsetup.exe
2009-04-28 09:25 . 2009-04-28 09:25 -------- dc----w C:\rsit
2009-04-28 07:31 . 2009-04-28 07:31 29696 ----a-w c:\windows\system32\loader49.exe
2009-04-28 07:01 . 2009-04-28 07:01 29696 ----a-w c:\windows\system32\loader100.exe
2009-04-27 10:28 . 2009-04-27 10:28 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-04-27 10:15 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-27 10:15 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 10:15 . 2009-04-27 10:15 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-27 09:20 . 2009-04-27 09:20 -------- d-----w c:\program files\Trend Micro
2009-04-27 06:38 . 2009-04-27 11:28 -------- d-----w c:\documents and settings\poste2\Application Data\Twain
2009-04-16 09:36 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 09:36 . 2009-03-06 14:20 286720 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-16 09:36 . 2009-02-09 11:23 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-16 09:36 . 2009-02-09 10:53 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 09:36 . 2009-02-09 10:53 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 09:36 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-16 09:36 . 2009-02-09 10:53 685568 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 09:36 . 2009-02-09 10:53 735744 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 09:36 . 2009-02-09 10:53 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 09:36 . 2009-02-09 10:53 739840 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 09:34 . 2008-12-16 12:31 354304 ------w c:\windows\system32\dllcache\winhttp.dll
2009-04-16 09:32 . 2008-04-21 21:15 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 09:42 . 2009-04-14 09:42 -------- d-----w c:\documents and settings\All Users\eMagnusEdu

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 14:05 . 2008-03-13 10:24 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-28 11:41 . 2003-05-20 03:09 75412 ----a-w c:\windows\system32\perfc00C.dat
2009-04-28 11:41 . 2003-05-20 03:09 469492 ----a-w c:\windows\system32\perfh00C.dat
2009-04-25 06:48 . 2009-01-25 06:48 50688 --sha-w c:\windows\system32\sapawoma.exe
2009-03-18 10:54 . 2004-10-08 19:08 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-06 14:20 . 2003-04-24 02:00 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2005-02-18 16:36 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:10 . 2004-08-19 23:09 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 14:05 . 2003-04-24 02:00 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2003-04-24 02:00 2025984 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:23 . 2003-04-24 02:00 2147328 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:23 . 2003-04-24 02:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:53 . 2003-04-24 02:00 735744 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:53 . 2005-01-14 05:34 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:53 . 2003-04-24 02:00 739840 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:53 . 2003-04-24 02:00 685568 ----a-w c:\windows\system32\advapi32.dll
2009-02-06 10:39 . 2003-04-24 02:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2003-04-24 02:00 56832 ----a-w c:\windows\system32\secur32.dll
2007-05-14 11:53 . 2007-05-14 11:53 1887232 ----a-w c:\program files\FLV PlayerRCSetup.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDSwitchAgent"="c:\progra~1\Softwin\BITDEF~1\bdswitch.exe" [2005-04-06 33280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-24 155648]
"PSBO Clean"="c:\program files\KONICA MINOLTA\PageScope Box Operator\PSBO.exe" [2006-06-12 851968]
"BDMCon"="c:\progra~1\Softwin\BITDEF~1\bdmcon.exe" [2008-03-13 372736]
"BDOESRV"="c:\program files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 90112]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\poste2\Menu D‚marrer\Programmes\D‚marrage\
PageScope Box Operator.lnk - c:\program files\KONICA MINOLTA\PageScope Box Operator\PSBO.exe [2006-6-12 851968]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-9 113664]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0/u]
Source= c:\documents and settings\poste2\Mes documents\Mes images\DIVERS\soirée\wbupfront2.jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= c:\documents and settings\poste2\Mes documents\Mes images\DIVERS\Divers\[u]0/u69858e6.jpg
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= c:\documents and settings\poste2\Mes documents\Mes images\DIVERS\soirée\podwellbdparty_hq01.jpg
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"MIDI1"= SYNCOR11.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"Avg7UpdSvc"=3 (0x3)
"Avg7Alrt"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\KONICA MINOLTA\\PageScope Box Operator\\PSBO.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Magnus\\e.magnus\\bin\\e.magnus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Magnus\\e.magnus\\jre\\1.06.07.01\\bin\\java.exe"=
"c:\\Program Files\\Magnus\\e.magnus\\jre\\1.06.07.01\\bin\\javaw.exe"=
"c:\\Program Files\\magnus\\e.magnus\\bin\\emagnus-SvcMan.exe"=
"\\\\STATION1\\MagnusInstallateurComposants\\jre\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1530:TCP"= 1530:TCP:jvs

R3 OracleOraHome817Agent;OracleOraHome817Agent; [x]
R3 OracleOraHome817ClientCache;OracleOraHome817ClientCache; [x]
R3 OracleOraHome817CMAdmin;OracleOraHome817CMAdmin; [x]
R3 OracleOraHome817CMan;OracleOraHome817CMan; [x]
R3 OracleOraHome817DataGatherer;OracleOraHome817DataGatherer; [x]
R3 OracleOraHome817TNSListener;OracleOraHome817TNSListener; [x]
S2 e.magnus AGENT;e.magnus AGENT;c:\program files\Magnus\e.magnus\bin\emagnus-SvcMan.exe [2008-10-29 204800]
S2 NwSapAgent;Agent SAP;c:\windows\System32\svchost.exe [2008-04-14 14336]

.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file)
HKCU-Run-Sticker - c:\program files\MoRUN.net\NotesPlusPlus\notespp.exe
HKLM-Run-autochk - c:\windows\system32\autochk.dll
HKU-Default-Run-Windows Resurections - c:\windows\TEMP\izc9aol73.exe
HKU-Default-Run-Diagnostic Manager - c:\windows\TEMP\3560356582.exe
HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll
Notify-xxywTkhi - xxywTkhi.dll

.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/040C/bl8.asp
mWindow Title =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\[u]0/u2.05.0000.1105\fr-fr\msntb.dll/search.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{E77EDA01-3C56-4a96-8D08-02B42891C169} - {580a1f3f-89b4-433b-bbdb-b97aeb13f3fc} -
TCP: {6B380586-8C2B-47D0-902A-93B2DC55ADFC} = 80.10.246.2,80.10.246.129
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://wanadoofr.oberon-media.com/online2/diner_dash/DinerDash.1.0.0.58.cab
DPF: {E1342154-4889-42B5-BEF6-19237577048F} - hxxp://jeuxentelechargement.orange.fr/online2/insaniquarium/Oberongamesloader.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 16:06
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-139707843-3353543166-3928250186-1011\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-139707843-3353543166-3928250186-1011\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-139707843-3353543166-3928250186-1011\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-139707843-3353543166-3928250186-1011\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-139707843-3353543166-3928250186-1011\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(2348)
c:\program files\Softwin\BitDefender9\bdoe.dll
c:\windows\system32\XCOMM.dll
c:\progra~1\FICHIE~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Fichiers communs\Microsoft Shared\Web Components\11\1036\OWCI11.DLL
c:\windows\System32\Audiodev.dll
c:\windows\System32\WMVCore.DLL
c:\windows\System32\WMASF.DLL
c:\windows\System32\MSCTF.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Magnus\e.magnus\jre\1.06.07.01\bin\java.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
c:\program files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
c:\program files\Softwin\BitDefender9\vsserv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-04-28 16:09 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-04-28 14:09

Avant-CF: 66 094 878 720 octets libres
Après-CF: 66 218 991 616 octets libres

553 --- E O F --- 2009-04-16 14:05
0
Réponse 39 / 67
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok

remets un rapport malwarebyte

puis rsit
0
Réponse 40 / 67
kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   147
 
Hey,me revoilà

O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF

ça sent AD remover ça ;)
0