VIRUS

Question

Bonjour, j'ai mon pc qui rame a mort, plein de pub  et norton toute les 2 min qui m'allerte qu'un gros mechant virus vas cassé mon ordi ya quelqu'un qui pourrai m'aider ha oui petite precision qui a son apportance , je ni connais rien merci d'avance

jlpjlp · Answer

slt

mets un casque a ton ordi!

_________________




Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
Sauvegarde le sur ton bureau et pas ailleurs ! 

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic 

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider. 
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. 


___________________

colle un rapport hijackthis 
 

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo. 

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste 

Ensuite avec Explorer créer un dossier c:\hijackthis 
Décompresser Hijackthis dans ce dossier. 
C'est important pour les sauvegardes."

ted06 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:00:21, on 14/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\V0420Mon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32
otepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {603EC188-6309-4E25-97B2-4B4344B3081C} - C:\WINDOWS\system32\ddcYqpmj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {C3D84D90-7404-4AF3-BDB7-87E5DD711A4B} - C:\WINDOWS\system32	uvTjIxV.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVCOMS.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lylougaudrydore.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O20 - Winlogon Notify: rqRKDVPh - rqRKDVPh.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
O23 - Service: Service Norton Protection Center (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Management System (XSML) - Unknown owner - C:\WINDOWS\system32\sxml.exe (file missing)

ted06 · Answer

voila les deux rapport docteur , a toi de jouer

jlpjlp · Answer

analyce ces fichiers sur virus total et dis moi lesquels sont inféctés?  https://www.virustotal.com/gui/

C:\WINDOWS\system32\babevjiy.ini
C:\WINDOWS\system32\phlvnnqh.ini
C:\WINDOWS\system32\vbjxqxcg.ini

C:\WINDOWS\system32\yjixwbde.ini
 C:\WINDOWS\system32
usicckm.ini
C:\WINDOWS\system32rfopxpc.ini
 C:\WINDOWS\system32\kkxealul.ini

C:\WINDOWS\system32\wwbvrvfu.ini
C:\WINDOWS\system32\sngcsotk.ini

ted06 · Answer

desolé pour le temps mais c'etait long aucun fichier infecté  a  chaque fois il me dit Situation actuelle:  terminé  Résultat: 0/32 (0%)

jlpjlp · Answer

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked". 


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: (no name) - {603EC188-6309-4E25-97B2-4B4344B3081C} - C:\WINDOWS\system32\ddcYqpmj.dll (file missing)
O2 - BHO: (no name) - {C3D84D90-7404-4AF3-BDB7-87E5DD711A4B} - C:\WINDOWS\system32	uvTjIxV.dll (file missing)

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O20 - Winlogon Notify: rqRKDVPh - rqRKDVPh.dll (file missing)

_____________________


Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :




File::
C:\WINDOWS\system32\ddcYqpmj.dll
C:\WINDOWS\system32	uvTjIxV.dll 


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{603EC188-6309-4E25-97B2-4B4344B3081C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3D84D90-7404-4AF3-BDB7-87E5DD711A4B}]




Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt



_________________

encore des soucis???????,

ted06 · Answer

ComboFix 08-04-13.3 - sarah doré 2008-04-14 21:53:07.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.533 [GMT 2:00]
Endroit: C:\Documents and Settings\sarah doré\Bureau\KillBagle.exe
Command switches used :: C:\Documents and Settings\sarah dor‚\Bureau\CFscript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))))))))
.

2008-04-14 19:34 . 2008-04-14 19:34 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-14 19:34 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-14 19:34 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-14 19:34 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-14 19:29 . 2008-04-14 19:29 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-14 19:29 . 2008-04-14 19:31 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-14 16:03 . 2008-04-14 16:04 <REP> d-------- C:\Nouveau dossier
2008-04-14 15:59 . 2008-04-14 15:59 <REP> d-------- C:\Program Files\Trend Micro
2008-04-14 12:07 . 2004-08-05 14:00 452,037 -ra------ C:\txtsetup.sif
2008-04-14 12:07 . 2004-08-05 14:00 263,488 -ra------ C:\$LDR$
2008-04-13 21:58 . 2008-04-13 21:58 <REP> d--hs---- C:\Documents and Settings\NetworkService\Temporary Internet Files
2008-04-13 21:58 . 2008-04-13 21:58 <REP> d--hs---- C:\Documents and Settings\NetworkService\Historique
2008-04-12 20:03 . 2008-04-13 21:51 774 ---hs---- C:\WINDOWS\system32\babevjiy.ini
2008-04-11 20:05 . 2008-04-12 17:06 654 ---hs---- C:\WINDOWS\system32\phlvnnqh.ini
2008-04-10 20:11 . 2008-04-11 14:56 414 ---hs---- C:\WINDOWS\system32\vbjxqxcg.ini
2008-04-09 20:32 . 2008-04-09 20:32 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-09 20:27 . 2008-04-09 20:27 774 ---hs---- C:\WINDOWS\system32\yjixwbde.ini
2008-04-09 10:51 . 2008-04-09 19:51 714 ---hs---- C:\WINDOWS\system32\nusicckm.ini
2008-04-08 10:38 . 2008-04-09 10:48 594 ---hs---- C:\WINDOWS\system32\rrfopxpc.ini
2008-04-02 20:20 . 2008-04-02 20:21 1,290 ---hs---- C:\WINDOWS\system32\kkxealul.ini
2008-04-02 17:27 . 2008-04-08 15:39 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-02 17:27 . 2008-04-08 15:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-01 20:21 . 2008-04-02 20:18 1,230 ---hs---- C:\WINDOWS\system32\wwbvrvfu.ini
2008-04-01 20:15 . 2008-04-13 21:44 101,091 --a------ C:\WINDOWS\BM0d6d285b.xml
2008-03-31 20:17 . 2008-04-01 18:58 1,050 ---hs---- C:\WINDOWS\system32\sngcsotk.ini
2008-03-29 23:38 . 2008-04-02 22:41 0 --a------ C:\w7c7c3n5d8d1.exe
2008-03-22 19:29 . 2008-04-04 20:35 22 --a------ C:\WINDOWS\N039_jpg.zip

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 10:06 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-04 16:04 --------- d-----w C:\Program Files\Norton Internet Security
2008-04-02 20:41 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2008-04-02 20:41 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:28 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-14 18:33 --------- d-----w C:\Documents and Settings\sarah doré\Application Data\Creative
2008-02-14 18:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-02-14 18:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-14 18:22 --------- d-----w C:\Program Files\muvee Technologies
2008-02-14 18:22 --------- d-----w C:\Program Files\Fichiers communs\muvee Technologies
2008-02-14 18:18 --------- d-----w C:\Program Files\Creative
2008-02-14 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-02-14 18:11 --------- d-----w C:\Documents and Settings\sarah doré\Application Data\InstallShield
2008-02-14 18:10 --------- d-----w C:\Program Files\SightSpeed
2005-09-24 06:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-14_15.36.03.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
- 2008-04-14 13:32:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 17:39:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2004-08-12 02:49:10 192,512 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2006-11-03 07:58:34 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2004-08-12 02:49:20 8,704 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-11-03 07:56:54 7,680 ----a-w C:\WINDOWS\system32\asferror.dll
- 2004-08-12 02:49:08 483,328 ----a-w C:\WINDOWS\system32\Audiodev.dll
+ 2006-10-18 19:47:08 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll
- 2005-01-28 12:44:28 294,912 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-18 19:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2005-01-28 12:44:28 164,864 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-18 19:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
- 2005-01-28 12:44:28 294,912 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-18 19:47:10 542,720 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2005-01-28 12:44:28 164,864 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-18 19:47:10 229,376 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
- 2005-01-28 12:44:28 502,272 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-10-18 19:47:10 991,744 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
- 2005-01-28 12:44:28 6,656 ----a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-18 19:47:14 11,264 ----a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2005-01-28 12:44:28 96,768 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-18 18:03:58 100,864 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe
- 2005-01-28 12:44:28 142,336 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-18 19:47:16 179,712 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2005-01-28 12:44:28 25,088 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2006-10-18 19:47:16 27,136 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2005-01-28 12:44:28 173,568 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-18 19:47:16 175,616 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2005-01-28 12:44:28 364,784 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-10-18 19:47:16 414,208 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2005-01-28 12:44:28 315,904 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-18 19:47:16 321,536 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
- 2005-01-28 12:44:28 221,184 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2006-10-18 19:47:18 211,456 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2005-01-28 12:44:28 396,528 ----a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-10-18 19:47:18 757,248 ----a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2005-01-28 12:44:28 716,288 ----a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-10-18 19:47:18 1,117,696 ----a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2007-10-20 05:01:32 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2006-10-18 19:47:18 222,208 ----a-w C:\WINDOWS\system32\dllcache\WMASF.dll
- 2005-01-28 12:44:28 28,160 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-10-18 19:47:18 33,792 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2005-01-28 12:44:28 33,792 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-10-18 19:47:18 37,376 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2005-01-28 12:44:28 150,016 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll
+ 2006-10-18 19:47:20 157,184 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll
- 2005-01-28 12:44:28 1,027,072 ----a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-10-18 19:47:20 937,984 ----a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2007-04-30 06:20:24 5,537,792 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2006-10-18 19:47:20 10,834,432 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2005-01-28 12:44:28 774,904 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2005-01-28 12:44:28 1,119,744 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2005-01-28 12:44:28 413,944 ----a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2006-10-18 19:47:22 603,648 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
- 2005-01-28 12:44:28 940,544 ----a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
+ 2006-10-18 19:47:22 1,329,152 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
- 2006-12-07 05:29:34 2,374,472 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-18 19:47:22 2,450,944 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2005-01-28 12:44:28 895,736 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2005-01-28 12:44:28 1,003,008 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-18 19:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
- 2005-01-28 12:44:28 18,944 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-10-18 18:00:00 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-09-28 16:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-28 17:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2006-10-18 18:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe
- 2005-01-28 12:44:28 502,272 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-18 19:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
- 2005-01-28 12:44:28 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-18 19:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
- 2005-01-28 12:44:28 96,768 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-18 18:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-18 19:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 2006-10-18 19:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2004-08-05 21:00:00 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-18 19:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-18 19:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-05 21:00:00 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-18 19:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-18 19:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2004-08-05 21:00:00 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-18 19:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
+ 2006-10-02 13:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll
- 2005-01-28 12:44:28 142,336 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-18 19:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2005-01-28 12:44:28 25,088 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll
+ 2006-10-18 19:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2005-01-28 12:44:28 173,568 ----a-w C:\WINDOWS\system32\MsPMSP.dll
+ 2006-10-18 19:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2005-01-28 12:44:28 364,784 ----a-w C:\WINDOWS\system32\MSSCP.dll
+ 2006-10-18 19:47:16 414,208 ----a-w C:\WINDOWS\system32\msscp.dll
- 2005-01-28 12:44:28 315,904 ----a-w C:\WINDOWS\system32\MSWMDM.dll
+ 2006-10-18 19:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2006-10-18 19:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-18 19:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-10-18 19:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-18 19:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-18 19:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
- 2005-01-28 12:44:28 221,184 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-10-18 19:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
- 2007-03-06 01:34:33 15,072 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-09-25 15:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2006-09-06 16:43:30 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-25 15:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2005-01-28 12:44:28 47,104 ----a-w C:\WINDOWS\system32\uwdf.exe
+ 2006-10-18 19:58:00 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe
- 2005-01-28 12:44:28 15,872 ----a-w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-18 19:47:18 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll
- 2005-01-28 12:44:28 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2006-10-18 19:58:00 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
- 2005-01-28 12:44:28 396,528 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-18 19:47:18 757,248 ----a-w C:\WINDOWS\system32\wmadmod.dll
- 2005-01-28 12:44:28 716,288 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-18 19:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2007-10-20 05:01:32 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2006-10-18 19:47:18 222,208 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2005-01-28 12:44:28 28,160 ----a-w C:\WINDOWS\system32\WMDMLOG.dll
+ 2006-10-18 19:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2005-01-28 12:44:28 33,792 ----a-w C:\WINDOWS\system32\WMDMPS.dll
+ 2006-10-18 19:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
- 2005-01-28 12:44:28 335,872 ----a-w C:\WINDOWS\system32\WMDRMdev.dll
+ 2006-10-18 19:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll
- 2005-01-28 12:44:28 290,816 ----a-w C:\WINDOWS\system32\WMDRMNet.dll
+ 2006-10-18 19:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-10-18 19:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll
- 2004-08-12 02:49:20 226,304 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-11-03 07:58:42 272,384 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2005-01-28 12:44:28 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-18 19:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2005-01-28 12:44:28 1,027,072 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-18 19:47:20 937,984 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
- 2007-04-30 06:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2006-10-18 19:47:20 10,834,432 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-08-11 06:45:16 135,168 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-18 19:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-08-11 06:45:16 282,624 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-18 19:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-18 19:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
- 2004-08-11 06:45:14 1,589,760 ----a-w C:\WINDOWS\system32\wmpencen.dll
+ 2006-10-18 19:47:20 1,661,440 ----a-w C:\WINDOWS\system32\wmpencen.dll
- 2004-08-12 02:49:12 3,424,256 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-11-03 08:03:34 8,292,352 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-18 19:47:20 613,376 ------w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-18 19:47:20 130,048 ------w C:\WINDOWS\system32\wmpps.dll
- 2004-08-12 02:49:12 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-11-03 07:59:06 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2004-08-11 06:45:14 175,104 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
+ 2006-10-18 19:47:20 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
- 2005-01-28 12:44:28 774,904 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2005-01-28 12:44:28 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2005-01-28 12:44:28 413,944 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-18 19:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2005-01-28 12:44:28 940,544 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-18 19:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
- 2005-01-28 12:44:28 1,218,808 ----a-w C:\WINDOWS\system32\wmvadvd.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll
- 2005-01-28 12:44:28 1,512,448 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
- 2006-12-07 05:29:34 2,374,472 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-18 19:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-18 19:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2005-01-28 12:44:28 895,736 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2005-01-28 12:44:28 1,003,008 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-18 19:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-18 19:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-18 19:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-10-18 19:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-18 19:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
- 2005-01-28 12:44:28 38,912 ----a-w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-18 19:47:22 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll
- 2005-01-28 12:44:28 61,952 ----a-w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-18 19:47:22 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll
- 2005-01-28 12:44:28 114,176 ----a-w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-18 19:47:22 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll
- 2005-01-28 12:44:28 66,560 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-18 19:47:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-18 19:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-10-18 18:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-11-02 09:52:12 44,032 ------w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-18 19:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
- 2005-01-28 12:44:28 331,264 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-10-18 19:47:22 356,352 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-09-28 18:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-28 16:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-28 16:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-28 16:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-28 16:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 23:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-03 18:54 68856]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 15:01 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 18:49 454656]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-15 20:26 7561216]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-15 20:26 86016]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 13:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 07:46 761948]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 21:54 102400]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 13:08 52840]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 13:38 131072]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 08:03 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 09:52 643072]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 23:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-01-15 19:28 108160]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-09-17 19:38 20480]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04 497376]
"LVCOMS"="C:\WINDOWS\system32\LVCOMS.EXE" [ ]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
"V0420Mon.exe"="C:\WINDOWS\V0420Mon.exe" [2007-04-30 03:00 32768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 23:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 09:39:30 73728]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\XSML]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S2 XSML;Management System;C:\WINDOWS\system32\sxml.exe []
S3 V0420VID;Live! Cam Vista IM (VF0420);C:\WINDOWS\system32\DRIVERS\V0420Vid.sys [2007-05-31 03:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6ef4b17-2a15-11db-a71a-001302517492}]
\Shell\AutoRun\command - H:\setupSNK.exe

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-14 18:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-04-11 18:51:57 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - sarah doré.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 21:55:28
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???HV??????(?@???????@

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-14 21:56:07
ComboFix-quarantined-files.txt 2008-04-14 19:56:03
ComboFix2.txt 2008-04-14 13:44:26

Pre-Run: 57,632,305,152 octets libres
Post-Run: 57,620,201,472 octets libres
.
2008-04-09 18:34:49 --- E O F ---
sa deconne plus j'ai l'inpression que mon pc est tout neuf je te remercie beaucoup c'est impressionnant merci encore et longue vie a ce site et a vous qui nous aidez aussi efficassement et aussi rapidement a charge de revanche et encore youpiiiiii
merci teddy

VIRUS

7 réponses

Votre réponse

Discussions similaires

Newsletters