Aide pour supprimer winantivirus trojan !

rajah31 -  
 rajah31 -
Bonjour a vous tous!
voila j'ai un problèmme sur mon portable!j'ai sans arrèt des fenètres qui s'ouvre avec win antivirus pro!après quelque lectures sur de nombreux forum j'ai vu que c'étati une saleté dur a enlever!j'ai avast comme antivirus!effectivement avast trouve tout les jours 2 win 32 et un adware!je clique sur supprimer mais rien a faire!
je ne suis pas trés doué je ne sais pas quoi faire!j'ai besoin d'aide quelqu'un pourrait m'aider!
merci bc d'avance! :)
Configuration: Windows XP
Internet Explorer 7.0

31 réponses

  • 1
  • 2
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt pour le virer essaye:

    rogue remover

    pour info :
    http://www.libellules.ch/dotclear/index.php?2006/11/29/1518-rogue-remover

    pour telecharger :
    https://www.01net.com/telecharger/

    puis

    smit fraud fix (colle le rapport)

    1/ telecharger :
    http://telechargement.zebulon.fr/smitfraudfix.html

    2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général)

    3/ puis refaire comme en 2/ mais sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée

    a plus
    0
  2. rajah31
     
    merci pour ta reponse!
    tout d'abord rogue remover ne trouve rien!dsl j'arrive pas a copier le rapport!
    puis j'ai lancé smithfraudfix voici le rapport!

    SmitFraudFix v2.195

    Rapport fait à 13:14:40,23, 25/09/2007
    Executé à partir de C:\Documents and Settings\mumu\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\WINDOWS\system32\ZoomingHook.exe
    C:\WINDOWS\system32\TCtrlIOHook.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\SPYWAREfighter\spftray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\SPYWAREfighter\spfprc.exe
    C:\Program Files\SuperCopier\SuperCopier.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\RogueRemover FREE\RogueRemover.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\mumu

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\mumu\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\mumu\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: RCA USB Cable Modem - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 82.216.111.125
    DNS Server Search Order: 82.216.111.124
    DNS Server Search Order: 82.216.111.125
    DNS Server Search Order: 82.216.111.123

    Description: RCA USB Cable Modem - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 82.216.111.123
    DNS Server Search Order: 82.216.111.122
    DNS Server Search Order: 82.216.111.124
    DNS Server Search Order: 82.216.111.125

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{95DE59A7-4DA1-44CB-8CBC-E55196F5DCF8}: DhcpNameServer=82.216.111.123 82.216.111.122 82.216.111.124 82.216.111.125
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{EE0B1CD6-FC38-4562-820B-9B81E795D79E}: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{95DE59A7-4DA1-44CB-8CBC-E55196F5DCF8}: DhcpNameServer=82.216.111.123 82.216.111.122 82.216.111.124 82.216.111.125
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{EE0B1CD6-FC38-4562-820B-9B81E795D79E}: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{95DE59A7-4DA1-44CB-8CBC-E55196F5DCF8}: DhcpNameServer=82.216.111.123 82.216.111.122 82.216.111.124 82.216.111.125
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{EE0B1CD6-FC38-4562-820B-9B81E795D79E}: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    fais bien toute la procedure smitfraud fix

    --------------

    télécharger sur le bureau
    Navilog.zip
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    = Double-Clic navilog1.zip
    = Extraire tout sur le bureau
    = Double-Clic navilog1 qui est sur le bureau
    = Appuyer sur une touche jusqu' arriver aux options
    = Choisir option 1

    un rapport : fixnavi.txt dans C : va se creer
    le copier/coller dans ton prochain message.
    0
  4. rajah31
     
    dsl pour ma lenteur mais j'ai eu un peu de mal en mode sans echec!
    j'ai bien suivit la procédure se smithfraudfix!
    voici le rapport en mode sans echec :
    SmitFraudFix v2.195

    Rapport fait à 14:22:46,84, 25/09/2007
    Executé à partir de C:\Documents and Settings\mumu\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{95DE59A7-4DA1-44CB-8CBC-E55196F5DCF8}: DhcpNameServer=82.216.111.123 82.216.111.122 82.216.111.124 82.216.111.125
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{EE0B1CD6-FC38-4562-820B-9B81E795D79E}: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{95DE59A7-4DA1-44CB-8CBC-E55196F5DCF8}: DhcpNameServer=82.216.111.123 82.216.111.122 82.216.111.124 82.216.111.125
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{EE0B1CD6-FC38-4562-820B-9B81E795D79E}: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{95DE59A7-4DA1-44CB-8CBC-E55196F5DCF8}: DhcpNameServer=82.216.111.123 82.216.111.122 82.216.111.124 82.216.111.125
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{EE0B1CD6-FC38-4562-820B-9B81E795D79E}: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    maintenant je vais suivre la seconde procédure et je tenvoie lerapport!
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok
    0
  7. rajah31
     
    Search Navipromo version 3.1.1 commencé le 25/09/2007 à 14:43:37,81

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Poster ce rapport sur le forum pour le faire analyser !!!
    !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

    Fix lancé depuis C:\Program Files\navilog1
    Mise a jour le 21.09.2007 a 18h00 by IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.11

    *** Recherche Programmes installes ***

    *** Recherche dossiers dans C:\WINDOWS ***

    *** Recherche dossiers dans C:\Program Files ***

    *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

    *** Recherche dossiers dans C:\Documents and Settings\mumu\Application Data ***

    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

    *** Recherche avec BlackLight Engine/F-secure ***
    BlackLight Engine est un produit de F-secure, pour + d'infos :
    https://www.f-secure.com/en

    F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
    ======================================

    Copyright 2005-2006 F-Secure Corporation. All rights reserved.
    This is a beta version. It will expire on 1st of October, 2007.
    Version information: 2.2.1064.

    [+] Started on 09/25/07 at 14:43:45.
    [+] Initializing ...
    [+] Starting scan, press Ctrl-C to abort.
    [+] Scanning for hidden items ..................................................................................................................................................
    [+] Scan complete.
    [+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
    [+] Exited on 09/25/07 at 15:01:51 (return code = 0).

    *** Recherche avec GenericNaviSearch ***
    !!! Tous Ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A verifier impérativement avant toute suppression manuelle !!!

    * Scan C:\WINDOWS\system32 *

    * Scan C:\Documents and Settings\mumu\local settings\application data *

    *** Recherche fichiers ***

    voici le rapport que tu m'as demandé:

    *** Recherche cles registre ***

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:
    C:\WINDOWS\system32\xybeg.bak1 trouvé ! infection Vundo possible non traité par cet outil !
    C:\WINDOWS\system32\xybeg.bak2 trouvé ! infection Vundo possible non traité par cet outil !

    2)Recherche Heuristique :

    3)Recherche Certificats :

    Certificat Egroup absent !

    *** Analyse Terminé le 25/09/2007 à 15:02:48,93 ***
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    colle un rapport hijackthis
    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

    manuel :

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."

    ___________

    ensuite

    scan avec vundo (colle le rapport)

    Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

    Double cliquez VundoFix.exe pour l'exécuter.
    Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
    Une fois le scan fini, cliquez sur le bouton Remove Vundo.
    Vous recevrez un avertissement vous demandant si vous voulez effacer ces
    fichiers répondez en cliquant sur YES
    Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
    enlève Vundo.

    Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
    OK.

    puis :

    virtumondebegone (colle le rapport)

    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    _____________

    = Lance navilog1
    = Cette fois-ci choisi l'option 2
    = Navilog va faire le nettoyage.. patient jusqu'à ce qui soit marqué *** Nettoyage Termine le ..... ***
    = Un rapport va être génrer sur ton C:\ qui sera en option 2
    Note: le bureau disparaît

    = colle le contenu du rapport de navilog (qui est en option2)

    PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
    Tape explorer et valide. Celà te fera apparaitre ton bureau.

    ____________

    recolle un rapport hijackthis
    0
  9. rajah31
     
    dsl je bossais!
    mon ordi tjr infecté!
    voici le rapport hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 13:55:15, on 26/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\WINDOWS\system32\ZoomingHook.exe
    C:\WINDOWS\system32\TCtrlIOHook.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\SPYWAREfighter\spftray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\SPYWAREfighter\spfprc.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\SuperCopier\SuperCopier.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = NUMERICABLE
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - C:\WINDOWS\system32\byxyvvu.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {EA9E8172-409E-471E-953D-3D2936C4F7FE} - C:\WINDOWS\system32\gebyx.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
    O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
    O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\biwbcsdu.dll",sitypnow
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://84.96.27.199/activex/AxisCamControl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenextfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: byxyvvu - C:\WINDOWS\SYSTEM32\byxyvvu.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - C:\WINDOWS\system32\byxyvvu.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O20 - Winlogon Notify: byxyvvu - C:\WINDOWS\SYSTEM32\byxyvvu.dll

    ____

    les rapport vundofix?

    ____

    combofix( colle le rapport)

    http://mickael.barroux.free.fr/securite/combofix.php

    ________
    recolle ensuite hijackthis
    0
  11. rajah31
     
    rapport vbg :

    [09/26/2007, 14:21:35] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\mumu\Local Settings\Temporary Internet Files\Content.IE5\YWBXJP6J\VirtumundoBeGone[1].exe" )
    [09/26/2007, 14:21:47] - Detected System Information:
    [09/26/2007, 14:21:47] - Windows Version: 5.1.2600, Service Pack 2
    [09/26/2007, 14:21:47] - Current Username: mumu (Admin)
    [09/26/2007, 14:21:47] - Windows is in NORMAL mode.
    [09/26/2007, 14:21:47] - Searching for Browser Helper Objects:
    [09/26/2007, 14:21:47] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [09/26/2007, 14:21:47] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
    [09/26/2007, 14:21:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [09/26/2007, 14:21:47] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [09/26/2007, 14:21:47] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [09/26/2007, 14:21:47] - BHO 3: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
    [09/26/2007, 14:21:47] - BHO 4: {733E9132-53CA-4C97-9AC9-145C4502FA20} ()
    [09/26/2007, 14:21:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [09/26/2007, 14:21:47] - Checking for HKLM\...\Winlogon\Notify\byxyvvu
    [09/26/2007, 14:21:47] - Found: HKLM\...\Winlogon\Notify\byxyvvu - This is probably Virtumundo.
    [09/26/2007, 14:21:47] - Assigning {733E9132-53CA-4C97-9AC9-145C4502FA20} MSEvents Object
    [09/26/2007, 14:21:47] - BHO list has been changed! Starting over...
    [09/26/2007, 14:21:47] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [09/26/2007, 14:21:47] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
    [09/26/2007, 14:21:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [09/26/2007, 14:21:47] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [09/26/2007, 14:21:47] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [09/26/2007, 14:21:48] - BHO 3: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
    [09/26/2007, 14:21:48] - BHO 4: {733E9132-53CA-4C97-9AC9-145C4502FA20} (MSEvents Object)
    [09/26/2007, 14:21:48] - ALERT: Found MSEvents Object!
    [09/26/2007, 14:21:48] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [09/26/2007, 14:21:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [09/26/2007, 14:21:48] - No filename found. Continuing.
    [09/26/2007, 14:21:48] - BHO 6: {8DEA9E6E-E9C1-4938-BBD1-256A45EAFAAA} ()
    [09/26/2007, 14:21:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [09/26/2007, 14:21:48] - Checking for HKLM\...\Winlogon\Notify\gebyx
    [09/26/2007, 14:21:48] - Key not found: HKLM\...\Winlogon\Notify\gebyx, continuing.
    [09/26/2007, 14:21:48] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [09/26/2007, 14:21:48] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [09/26/2007, 14:21:48] - Finished Searching Browser Helper Objects
    [09/26/2007, 14:21:48] - *** Detected MSEvents Object
    [09/26/2007, 14:21:48] - Trying to remove MSEvents Object...
    [09/26/2007, 14:21:49] - Terminating Process: IEXPLORE.EXE
    [09/26/2007, 14:21:49] - Terminating Process: RUNDLL32.EXE
    [09/26/2007, 14:21:49] - Disabling Automatic Shell Restart
    [09/26/2007, 14:21:50] - Terminating Process: EXPLORER.EXE
    [09/26/2007, 14:21:50] - Suspending the NT Session Manager System Service
    [09/26/2007, 14:21:51] - Terminating Windows NT Logon/Logoff Manager
    [09/26/2007, 14:21:52] - Re-enabling Automatic Shell Restart
    [09/26/2007, 14:21:52] - File to disable: C:\WINDOWS\system32\byxyvvu.dll
    [09/26/2007, 14:21:52] - Renaming C:\WINDOWS\system32\byxyvvu.dll -> C:\WINDOWS\system32\byxyvvu.dll.vir
    [09/26/2007, 14:21:52] - File successfully renamed!
    [09/26/2007, 14:21:52] - Removing HKLM\...\Browser Helper Objects\{733E9132-53CA-4C97-9AC9-145C4502FA20}
    [09/26/2007, 14:21:52] - Removing HKCR\CLSID\{733E9132-53CA-4C97-9AC9-145C4502FA20}
    [09/26/2007, 14:21:52] - Adding Kill Bit for ActiveX for GUID: {733E9132-53CA-4C97-9AC9-145C4502FA20}
    [09/26/2007, 14:21:53] - Deleting ATLEvents/MSEvents Registry entries
    [09/26/2007, 14:21:53] - Removing HKLM\...\Winlogon\Notify\byxyvvu
    [09/26/2007, 14:21:53] - Searching for Browser Helper Objects:
    [09/26/2007, 14:21:53] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [09/26/2007, 14:21:53] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
    [09/26/2007, 14:21:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [09/26/2007, 14:21:53] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [09/26/2007, 14:21:53] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [09/26/2007, 14:21:53] - BHO 3: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
    [09/26/2007, 14:21:53] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [09/26/2007, 14:21:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [09/26/2007, 14:21:53] - No filename found. Continuing.
    [09/26/2007, 14:21:53] - BHO 5: {8DEA9E6E-E9C1-4938-BBD1-256A45EAFAAA} ()
    [09/26/2007, 14:21:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [09/26/2007, 14:21:53] - Checking for HKLM\...\Winlogon\Notify\gebyx
    [09/26/2007, 14:21:53] - Key not found: HKLM\...\Winlogon\Notify\gebyx, continuing.
    [09/26/2007, 14:21:53] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [09/26/2007, 14:21:53] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [09/26/2007, 14:21:54] - Finished Searching Browser Helper Objects
    [09/26/2007, 14:21:54] - Finishing up...
    [09/26/2007, 14:21:54] - A restart is needed.
    [09/26/2007, 14:22:04] - Attempting to Restart via STOP error (Blue Screen!)
    0
  12. rajah31
     
    voici le rapport navilog :

    Clean Navipromo version 3.1.1 commencé le 26/09/2007 à 14:52:26,92

    Fix lancé depuis C:\Program Files\navilog1
    Mise a jour le 21.09.2007 a 18h00 by IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.11

    Mode suppression automatique

    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)

    *** Suppression avec Backups résultats GenericNaviSearch ***

    * Scan C:\WINDOWS\system32 *

    * Scan C:\Documents and Settings\mumu\local settings\application data *

    *** Suppression dossiers dans C:\WINDOWS ***

    *** Suppression dossiers dans C:\Program Files ***

    *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***

    *** Suppression dossiers dans C:\Documents and Settings\mumu\Application Data ***

    *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

    *** Suppression fichiers ***

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\mumu\Local Settings\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:

    2)Recherche et Suppression Heuristique :

    *** Sauvegarde du registre vers dossier Backupnavi ***

    sauvegarde du registre réalise avec succes !

    *** Nettoyage registre ***

    Nettoyage registre Ok

    *** Certificats ***

    Certificat Egroup absent !

    *** Nettoyage termine le 26/09/2007 à 15:00:06,28 ***

    je poste le hijackthis après
    0
  13. rajah31
     
    voici le hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 15:24:59, on 26/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\WINDOWS\system32\ZoomingHook.exe
    C:\WINDOWS\system32\TCtrlIOHook.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\SPYWAREfighter\spftray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\SuperCopier\SuperCopier.exe
    C:\Program Files\SPYWAREfighter\spfprc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = NUMERICABLE
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4BF87F75-640D-4BA3-8037-C04DBDAC8148} - C:\WINDOWS\system32\gebyx.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
    O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://84.96.27.199/activex/AxisCamControl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenextfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    0
  14. rajah31
     
    je poste après celui bofix je dois aller travailler!
    merci encore!
    je suis pas rapide mais l'ordi est trop lent!
    0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    oui post combofix

    et recolle hijackthis
    ______________
    puis fais

    utilise aussi pour supprimer tes traces

    CCLEANER: (lance un nettoyage et répare erreurs) sans la barre yahoo

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    _____________

    AVG antispyxare

    https://www.01net.com/telecharger/

    Tuto :
    http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    ->Relance AVG AS -> "Analyse" ->"Paramètres"

    Sous la question "Comment réagir ?" :

    -> clique sur "Actions recommandées" et choisis "Quarantaines"
    -> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    Si un fichier est infecté en fin d'analyse

    ->Clique sur "Appliquer toutes les actions "

    ->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

    ->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

    ___________________

    Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

    · Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
    · Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
    · Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.

    http://kerio.probb.fr/tuto-Clean-h37.html

    ___________________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    scan en ligne firefox

    https://www.trendmicro.com/fr_fr/business.html

    norton en ligne
    http://security.symantec.com/default.asp?productid=symhome&langid=fr&venid=sym

    _____________

    recolle hjijackthis et dis tes pbs
    0
  16. rajah31
     
    merci!
    voici le rapport combofix :

    ComboFix 07-09-26 - mumu 2007-09-26 15:30:48.1 - NTFSx86
    Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.583 [GMT 2:00]
    Running from: C:\Documents and Settings\mumu\Local Settings\Temporary Internet Files\Content.IE5\AAE8BZS6\ComboFix[1].exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\cup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\customer_cup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\heart.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_down.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_up.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\plates.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\ticket.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\tray.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\music\mainmenumusic.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_check_1_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_ready_1_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_heart_1.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_write_2.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_rollover_1.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_people_snd.ogg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\choosedifficulty.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\highscores.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro_mask.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover_mask.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup_mask.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradetitle.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_yellow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_blue.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_yellow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_blue.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_yellow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalk.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalkup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_yellow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancel.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancelup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career_over.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\close.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\closeup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continue.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continueover.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_blue.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_yellow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_blue.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_yellow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy_over.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift_over.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard_over.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help_over.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores_over.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_blue.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_yellow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplay.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplayover.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium_over.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfo.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off_on.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on_on.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pause.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pauseover.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quit.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgame.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgameover.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitover.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegame.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegameover.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submit.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submitup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagain.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagainover.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_over.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_up.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobal.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobalup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscore.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocal.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocalup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\comics\webcomic.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\career.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\customer.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\endless.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\global.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\powerups.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\stove.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\arrow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click2.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\grab.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\open.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\sit_legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\sit_legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\sit_legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\sit_legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\sit_legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\sit_legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\sit_legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\sit_legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\sit_legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\sit_legs.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\arial.mvec
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt2top.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt4top.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_off.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on1.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on2.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdownon.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowright.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\p1icon.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\textedit.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\title.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fifth_level_diner.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\first_level_diner.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fourth_level_diner.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\second_level_diner.txt
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\playfirst_logo.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\background.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\frames\upgrade_0001.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\upgrades.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\tableshadow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\choosedifficulty.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooserestaurant.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\credits.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\game.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\gothighscore.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help2.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscore.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelintro.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelover.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\loading.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainloop.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\ok.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\pause.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\style.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\tutorialintro.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upgrade.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upsell.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\webcomic.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\yesno.lua
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\aol_logo.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\playfirst_logo.jpg
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\strings.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\check.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\checkmark.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\clock.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closed.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closingtime.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\dollar.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\tables.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expert.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expertscore.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\fork_timer.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\goalcompleted.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level_career.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\score.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\sound.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staroff.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staron.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumber.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumberup.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\traynumber.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorial_character.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\select.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\table.png
    C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\dinerdash.exe
    C:\WINDOWS\system32\gebyx.dll
    C:\WINDOWS\system32\tqxtwjxx.ini
    C:\WINDOWS\system32\xxjwtxqt.dll
    C:\WINDOWS\system32\xybeg.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    -------\LEGACY_DOMAINSERVICE

    ((((((((((((((((((((((((((((( Fichiers créés 2007-08-26 to 2007-09-26 ))))))))))))))))))))))))))))))))))))
    .

    2007-09-26 15:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-09-26 13:58 <REP> d-------- C:\VundoFix Backups
    2007-09-26 13:47 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
    2007-09-25 14:40 <REP> d-------- C:\Program Files\Navilog1
    2007-09-25 13:25 <REP> d-------- C:\Documents and Settings\Administrateur.MURIEL\Phone Browser
    2007-09-25 13:23 <REP> dr------- C:\Documents and Settings\Administrateur.MURIEL\Mes documents
    2007-09-25 13:23 <REP> dr------- C:\Documents and Settings\Administrateur.MURIEL\Menu D‚marrer
    2007-09-25 13:23 <REP> dr------- C:\Documents and Settings\Administrateur.MURIEL\Favoris
    2007-09-25 13:23 <REP> d--h----- C:\Documents and Settings\Administrateur.MURIEL\Voisinage d'impression
    2007-09-25 13:23 <REP> d--h----- C:\Documents and Settings\Administrateur.MURIEL\ModŠles
    2007-09-25 13:23 <REP> d-------- C:\Documents and Settings\Administrateur.MURIEL\WINDOWS
    2007-09-25 13:23 <REP> d-------- C:\Documents and Settings\Administrateur.MURIEL\Voisinage r‚seau
    2007-09-25 13:23 <REP> d-------- C:\Documents and Settings\Administrateur.MURIEL\Bureau
    2007-09-25 13:14 4,398 --a------ C:\WINDOWS\system32\tmp.reg
    2007-09-25 13:12 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-09-25 13:12 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-09-25 13:09 <REP> d-------- C:\Program Files\RogueRemover FREE
    2007-09-15 09:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-09-11 14:38 <REP> d-------- C:\Program Files\Fichiers communs\Application
    2007-09-11 14:37 <REP> d-------- C:\Program Files\SPYWAREfighter
    2007-09-09 20:48 44,054 --a------ C:\WINDOWS\system32\byxyvvu.dll.vir
    2007-09-09 15:45 516,173 --a------ C:\WINDOWS\system32\MSVCP60D.DLL
    2007-09-09 15:45 385,100 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
    2007-09-09 15:45 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
    2007-09-09 15:45 <REP> d-------- C:\Program Files\Free Audio Pack
    2007-09-09 15:33 <REP> d-------- C:\Program Files\Easy Audio Cutter
    2007-09-09 15:18 <REP> d-------- C:\Program Files\Audacity
    2007-09-09 13:53 62,464 --a------ C:\WINDOWS\system32\bszip.dll
    2007-09-09 13:53 0 ---hs---- C:\WINDOWS\system32\tracert.com
    2007-09-09 13:53 0 ---hs---- C:\WINDOWS\system32\tasklist.com
    2007-09-09 13:53 0 ---hs---- C:\WINDOWS\system32\taskkill.com
    2007-09-09 13:53 0 ---hs---- C:\WINDOWS\system32\ping.com
    2007-09-09 13:53 0 ---hs---- C:\WINDOWS\system32\netstat.com
    2007-09-09 13:53 0 ---hs---- C:\WINDOWS\system32\cmd.com
    2007-09-09 13:53 <REP> d--hs---- C:\Program Files\outlook
    2007-09-07 22:18 <REP> d-------- C:\Program Files\Ubisoft
    2007-09-07 21:03 <REP> d-------- C:\Documents and Settings\mumu\.mp3splt-gtk
    2007-08-29 15:35 <REP> d-------- C:\Program Files\Fichiers communs\Skype

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-25 13:13 --------- d-------- C:\Documents and Settings\mumu\Application Data\Skype
    2007-09-12 13:10 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-09-11 11:34 --------- d-------- C:\Documents and Settings\All Users\Application Data\WinZip
    2007-09-09 22:45 --------- d-------- C:\Program Files\Shareaza
    2007-09-09 22:45 --------- d-------- C:\Documents and Settings\mumu\Application Data\Shareaza
    2007-09-07 22:46 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
    2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-08-18 22:48 --------- d-------- C:\Program Files\MSXML 4.0
    2007-08-10 14:43 --------- d-------- C:\Program Files\SpeedFan
    --------- C:\Program Files\Hijackthis Version Française
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-06 19:16]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 10:10 C:\WINDOWS\agrsmmsg.exe]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 07:40]
    "CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-09-06 14:04]
    "HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 13:45]
    "SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 13:45]
    "Zooming"="ZoomingHook.exe" [2005-06-06 09:58 C:\WINDOWS\system32\ZoomingHook.exe]
    "TCtryIOHook"="TCtrlIOHook.exe" [2005-08-22 16:49 C:\WINDOWS\system32\TCtrlIOHook.exe]
    "TPSMain"="TPSMain.exe" [2005-08-12 11:14 C:\WINDOWS\system32\TPSMain.exe]
    "SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24]
    "TFncKy"="TFncKy.exe" []
    "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 12:31]
    "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 16:25]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 09:39]
    "DataLayer"="C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 09:30]
    "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2003-10-13 04:04]
    "MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" []
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 16:08]
    "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 09:57]
    "SuperCopier.exe"="C:\Program Files\SuperCopier\SuperCopier.exe" [2003-04-25 00:03]
    "ares"="C:\Program Files\Ares\Ares.exe" []
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-12 00:52]

    R1 SrvcSSIOMngr;SrvcSSIOMngr;C:\WINDOWS\system32\Drivers\SSIoMngr.sys
    R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys
    R3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\netrcacm.sys
    S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
    S3 P1171VID;Creative WebCam Notebook #2;C:\WINDOWS\system32\DRIVERS\P1171Vid.sys
    S3 SpyFighter;SpyFighter Guard Device;\??\C:\Program Files\SPYWAREfighter\spyfighter.sys
    S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys
    Start Pending3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74f11663-0e12-11db-880c-00166f7f973c}]
    AutoRun\command- setupSNK.exe

    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-26 15:46:34
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-09-26 15:49:56 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-09-26 15:49
    .
    --- E O F ---
    0
  17. rajah31
     
    voila hijackthis :
    Logfile of HijackThis v1.99.1
    Scan saved at 21:44:09, on 26/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\WINDOWS\system32\ZoomingHook.exe
    C:\WINDOWS\system32\TCtrlIOHook.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\SPYWAREfighter\spftray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\SuperCopier\SuperCopier.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SPYWAREfighter\spfprc.exe
    C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
    O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://84.96.27.199/activex/AxisCamControl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenextfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    je continue ta procédure
    0
  18. rajah31
     
    voivi le rapport avg :

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 00:08:33 27/09/2007

    + Résultat de l'analyse:

    C:\Documents and Settings\mumu\Cookies\mumu@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\mumu\Cookies\mumu@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
    C:\Documents and Settings\mumu\Cookies\mumu@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.

    Fin du rapport
    0
  19. rajah31
     
    clean effectué;

    j'ai effectué un scan en ligne avec bit defender, voici le rapport :

    BitDefender Online Scanner

    Rapport d'analyse généré à: Thu, Sep 27, 2007 - 02:52:15

    Voie d'analyse: C:\;D:\;

    Statistiques

    Temps
    01:24:45

    Fichiers
    169380

    Directoires
    5228

    Secteurs de boot
    3

    Archives
    7401

    Paquets programmes
    10668

    Résultats

    Virus identifiés
    2

    Fichiers infectés
    5

    Fichiers suspects
    0

    Avertissements
    0

    Désinfectés
    0

    Fichiers effacés
    5

    Info sur les moteurs

    Définition virus
    823969

    Version des moteurs
    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Analyse des plugins
    14

    Archive des plugins
    38

    Unpack des plugins
    7

    E-mail plugins
    6

    Système plugins
    1

    Paramètres d'analyse

    Première action
    Désinfecté

    Seconde Action
    Supprimé

    Heuristique
    Oui

    Acceptez les avertissements
    Oui

    Extensions analysées
    *;

    Excludez les extensions

    Analyse d'emails
    Oui

    Analyse des Archives
    Oui

    Analyser paquets programmes
    Oui

    Analyse des fichiers
    Oui

    Analyse de boot
    Oui

    Fichier analysé
    Statut

    C:\qoobox\Quarantine\catchme2007-09-26_154625.89.zip=>gebyx.dll
    Infecté par: DeepScan:Generic.Virtumonde.1.2337D4C1

    C:\qoobox\Quarantine\catchme2007-09-26_154625.89.zip=>gebyx.dll
    Echec de la désinfection

    C:\qoobox\Quarantine\catchme2007-09-26_154625.89.zip=>gebyx.dll
    Supprimé

    C:\qoobox\Quarantine\catchme2007-09-26_154625.89.zip
    Mis à jour

    C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP2\A0000012.dll
    Infecté par: DeepScan:Generic.Virtumonde.1.2337D4C1

    C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP2\A0000012.dll
    Echec de la désinfection

    C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP2\A0000012.dll
    Supprimé

    C:\VundoFix Backups\byxyvvu.dll.bad
    Infecté par: Trojan.Vundo.DNC

    C:\VundoFix Backups\byxyvvu.dll.bad
    Supprimé

    C:\VundoFix Backups\gebyx.dll.bad
    Infecté par: DeepScan:Generic.Virtumonde.1.2337D4C1

    C:\VundoFix Backups\gebyx.dll.bad
    Echec de la désinfection

    C:\VundoFix Backups\gebyx.dll.bad
    Supprimé

    C:\WINDOWS\system32\byxyvvu.dll.vir
    Infecté par: Trojan.Vundo.DNC

    C:\WINDOWS\system32\byxyvvu.dll.vir
    Supprimé
    0
  20. rajah31
     
    voici hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 02:58:56, on 27/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\WINDOWS\system32\ZoomingHook.exe
    C:\WINDOWS\system32\TCtrlIOHook.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\SPYWAREfighter\spftray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\SuperCopier\SuperCopier.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\SPYWAREfighter\spfprc.exe
    C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
    O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://84.96.27.199/activex/AxisCamControl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenextfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    0
  21. rajah31
     
    voila!encore merci pour ton aide!
    j'attend la suite des procédures!
    bonne journée :)
    0
  • 1
  • 2