Trojan !

^^ bon tu es dans une mauvaise position, si tu as utilisé des cheats pour wow, tu as surement foutu une merde dans ton dossier wow.
Ou bien tu fais vraiment pas attention à t'a protection anti-virus, pacque si c'est des chevaux de trois, tu vas avoir beaucoup de mal à ton sortir.

Donc je te conseille, si t'a utilisé des cheats (bizzard), supprime le dossier wow et formate à 100% ton DD, sinon récupère ton dossier wow et formate aussi.

 

PS : je voudrais savoir quel est ton anti-virus et si il est mis à jour.

Je n'utilise aucun sheat pour wow ! ( sa exisite ? je connais pour CS mais pour wow oO )

Ensuite j'ai avira anti-vir , qui n'est pas a jours vue que a chaque fois que je lance la mise-à-jour elle plante . Aussi j'ai Online Armor .

Voila merci d'avance .

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

  Bon, Avira AntiVir est pas terrible (en + si tu me dit qu'il est pas à jour). Tu vas récupérer tous tes fichiers personnel (images, musiques, wow, etc) sur un DD externe ou bien tu graves sur des DVD, après tu formate ton ordinateur, après une installation réussie, tu dois installer comme antivirus "Avast" !

Lien : http://files.avast.com/iavs4pro/setupfre.exe

(Tu t'enregistre sur le site pour obtenir la clé d'activation qui est gratuite)

 

AVAST! EST PLUS MAUVAIS QU'ANTIVIR !

Voila le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:17, on 23/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Pc jeu chichoune\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {46D7049A-9DB9-4AEC-82B1-F101B9367CB1} - C:\WINDOWS\system32\wvUKbcyW.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdxsm.exe] C:\WINDOWS\system32\kdxsm.exe
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pc jeu chichoune\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8E47437-B3D5-4DB4-B744-9C96B28658B4}: NameServer = 85.255.112.115;85.255.112.186
O20 - Winlogon Notify: winuns32 - C:\WINDOWS\SYSTEM32\winuns32.dll
O20 - Winlogon Notify: wvUKbcyW - C:\WINDOWS\SYSTEM32\wvUKbcyW.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 8379 bytes

Re,

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

Impossible de le telecharger :s

Enfin votre lien est mort quoi :s si vous en avez un autre je suis preneur .

Combofix est de nouveau en ligne  

Toujours pas :s enfin je n'y arrive pas , et aussi d'après avira mon infection est :TR/Crypt.FKM.Gen - Trojan

Edit : je viens de lire sur internet que combifix semble out , et qu'il ne faut plus l'utiliser :s

Nan, ton lien doit dater d'un bon bout de temps.

Télécharge Catchme ([#ff0000]Gmer[/#f]) sur ton Bureau.

Double clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.

Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse.

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

detected NTDLL code modification:
ZwQueryDirectoryFile

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

On va faire autrement.

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

AIDE : Tuto en images sur MBAM

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1310
Windows 5.1.2600 Service Pack 2

24/10/2008 19:34:55
mbam-log-2008-10-24 (19-34-55).txt

Type de recherche: Examen rapide
Eléments examinés: 45297
Temps écoulé: 7 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 11

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\winuns32.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\wvUKbcyW.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46d7049a-9db9-4aec-82b1-f101b9367cb1} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvukbcyw (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{46d7049a-9db9-4aec-82b1-f101b9367cb1} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winuns32 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46d7049a-9db9-4aec-82b1-f101b9367cb1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Pornovid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{46d7049a-9db9-4aec-82b1-f101b9367cb1} (Trojan.Vundo) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdxsm.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e8e47437-b3d5-4db4-b744-9c96b28658b4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.115;85.255.112.186 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e8e47437-b3d5-4db4-b744-9c96b28658b4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.115;85.255.112.186 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{e8e47437-b3d5-4db4-b744-9c96b28658b4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.115;85.255.112.186 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\wvUKbcyW.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kdxsm.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
C:\WINDOWS\system32\winuns32.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\yayvSMGv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\win5C.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pc jeu chichoune\Local Settings\temp\smchk.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pc jeu chichoune\Local Settings\temp\windfr.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-3DD.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-6E1.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pc jeu chichoune\Local Settings\temp\pwrmgr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Tu peux télécharger Combofix là ?

Oui je viens de le telecharger

Oui je viens de le telecharger

Lance-le  

ComboFix 08-10-23.01 - Pc jeu chichoune 2008-10-24 21:31:26.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1554 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Pc jeu chichoune\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-24 au 2008-10-24 ))))))))))))))))))))))))))))))))))))
.

2008-10-24 20:50 . 2008-10-24 20:51 <REP> d-------- C:\Program Files\MessengerDiscovery
2008-10-24 20:50 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\richtx32.OCX
2008-10-24 19:08 . 2008-10-24 19:08 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-24 19:08 . 2008-10-24 19:08 <REP> d-------- C:\Documents and Settings\Pc jeu chichoune\Application Data\Malwarebytes
2008-10-24 19:08 . 2008-10-24 19:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-24 19:08 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-24 19:08 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 19:05 . 2008-10-22 19:05 27,904 --a------ C:\WINDOWS\system32\drivers\ndisprot.sys
2008-10-22 18:58 . 2008-10-22 18:58 <REP> d-------- C:\Program Files\Ableton
2008-10-22 18:58 . 2008-10-22 19:00 <REP> d-------- C:\Documents and Settings\Pc jeu chichoune\Application Data\Ableton
2008-10-22 18:57 . 2003-06-20 12:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-10-22 15:26 . 2008-10-24 19:38 <REP> d-------- C:\Program Files\DNA
2008-10-22 15:26 . 2008-10-22 15:26 <REP> d-------- C:\Program Files\BitTorrent
2008-10-22 15:26 . 2008-10-24 21:28 <REP> d-------- C:\Documents and Settings\Pc jeu chichoune\Application Data\DNA
2008-10-22 15:26 . 2008-10-22 21:03 <REP> d-------- C:\Documents and Settings\Pc jeu chichoune\Application Data\BitTorrent
2008-10-22 14:32 . 2008-10-22 15:32 <REP> d-------- C:\GuruData
2008-10-21 14:48 . 2008-10-21 14:48 <REP> d-------- C:\Program Files\ASIO4ALL v2
2008-10-21 14:39 . 2008-10-21 14:39 <REP> d-------- C:\Program Files\FXpansion
2008-10-20 15:45 . 2008-10-20 15:45 <REP> d-------- C:\Program Files\CDex_150
2008-10-18 23:56 . 2008-10-22 13:27 <REP> d-------- C:\Program Files\REAPER
2008-10-18 23:56 . 2008-10-22 13:27 <REP> d-------- C:\Documents and Settings\Pc jeu chichoune\Application Data\REAPER
2008-10-17 22:24 . 2008-10-17 22:24 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2008-10-17 22:24 . 2008-10-17 22:24 <REP> d-------- C:\Documents and Settings\Pc jeu chichoune\Application Data\AVS4YOU
2008-10-17 22:24 . 2008-10-17 22:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-10-17 22:24 . 2006-03-03 10:02 658,432 --a------ C:\WINDOWS\system32\cc3270mt.dll
2008-10-17 22:23 . 2008-10-17 22:24 <REP> d-------- C:\Program Files\AVS4YOU
2008-10-17 22:23 . 2002-01-05 15:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-10-17 22:23 . 2003-05-21 13:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-10-17 17:05 . 2008-10-17 17:05 <REP> d-------- C:\Program Files\Fichiers communs\PACE Anti-Piracy
2008-10-17 17:05 . 2008-10-17 17:05 <REP> d-------- C:\Documents and Settings\Pc jeu chichoune\Application Data\PACE Anti-Piracy
2008-10-17 17:05 . 2008-10-17 17:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-10-17 17:03 . 2008-10-17 17:03 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-10-17 17:02 . 2008-10-21 14:39 <REP> d-------- C:\Program Files\Vstplugins
2008-10-17 17:02 . 2008-10-17 17:02 <REP> d-------- C:\Program Files\UVISoundBanks
2008-10-17 17:02 . 2008-10-17 17:02 <REP> d-------- C:\Program Files\UVI Workstation
2008-10-17 17:02 . 2008-10-17 17:02 <REP> d-------- C:\Program Files\Propellerhead
2008-10-17 17:02 . 2008-10-17 17:02 <REP> d-------- C:\Program Files\Fichiers communs\UVI
2008-10-17 17:02 . 2008-10-17 17:02 <REP> d-------- C:\Program Files\Fichiers communs\Digidesign
2008-10-17 17:02 . 2008-06-01 17:55 1,719,296 --a------ C:\WINDOWS\system32\libsndfile-1.dll
2008-10-16 19:21 . 2008-10-16 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-10-15 21:40 . 2008-10-15 21:40 <REP> d-------- C:\Program Files\Audacity
2008-10-15 21:40 . 2008-10-15 21:40 <REP> d-------- C:\Documents and Settings\Pc jeu chichoune\Application Data\Sony
2008-10-15 21:40 . 2008-10-15 22:18 <REP> d-------- C:\Documents and Settings\Pc jeu chichoune\Application Data\Publish Providers
2008-10-15 21:40 . 2008-10-15 21:40 <REP> d-------- C:\Documents and Settings\Pc jeu chichoune\Application Data\NetMedia Providers
2008-10-15 21:37 . 2008-10-15 21:37 <REP> d-------- C:\Program Files\Sony Setup
2008-10-15 21:37 . 2008-10-15 21:37 <REP> d-------- C:\Program Files\Sony
2008-10-12 19:22 . 2008-10-21 20:53 <REP> d-------- C:\Program Files\Pvm
2008-10-11 14:03 . 2008-10-11 14:04 <REP> d-------- C:\Program Files\VirtualDJ
2008-10-11 14:00 . 2008-10-11 14:00 <REP> d-------- C:\Downloads
2008-10-11 14:00 . 2008-10-11 14:01 <REP> d-------- C:\Documents and Settings\Pc jeu chichoune\Application Data\GetRightToGo

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 19:26 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3
2008-10-24 19:08 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-10-24 19:08 --------- d-----w C:\Documents and Settings\Pc jeu chichoune\Application Data\OpenOffice.org2
2008-10-24 18:50 --------- d-----w C:\Program Files\MSN Messenger
2008-10-24 17:38 --------- d-----w C:\Documents and Settings\Pc jeu chichoune\Application Data\OnlineArmor
2008-10-23 12:51 --------- d-----w C:\Program Files\World of Warcraft
2008-10-21 14:33 --------- d-----w C:\Documents and Settings\Pc jeu chichoune\Application Data\LimeWire
2008-10-21 05:28 --------- d-----w C:\Program Files\Steam
2008-10-15 15:30 --------- d-----w C:\Program Files\WowCartographe
2008-09-27 16:35 --------- d-----w C:\Program Files\LimeWire
2008-09-16 17:09 --------- d-----w C:\Documents and Settings\Pc jeu chichoune\Application Data\Canneverbe_Limited
2008-09-16 17:08 --------- d-----w C:\Program Files\CDBurnerXP
2008-09-16 16:27 --------- d-----w C:\Program Files\CursorXP
2008-09-16 16:16 --------- d-----w C:\Program Files\Apple Software Update
2008-09-16 16:09 --------- d-----w C:\Program Files\iTunes
2008-09-16 16:09 --------- d-----w C:\Program Files\iPod
2008-09-16 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-16 16:08 --------- d-----w C:\Program Files\QuickTime
2008-09-16 16:08 --------- d-----w C:\Program Files\Bonjour
2008-09-16 16:07 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-09-15 10:55 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-14 11:39 --------- d-----w C:\Program Files\DicoRime
2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-24 11:04 7,915 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-08-24 11:04 151,995 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-08-24 10:56 --------- d-----w C:\Program Files\RK Launcher
2008-05-08 02:18 2,334,720 ----a-w C:\Documents and Settings\Pc jeu chichoune\metin2.bin
2007-02-08 07:18 35,328 ----a-w C:\Documents and Settings\Pc jeu chichoune\dsetup.dll
2007-02-08 07:18 202,240 ----a-w C:\Documents and Settings\Pc jeu chichoune\patchw32.dll
.
C:\WINDOWS\system32\user32.dll ... est infecté !!
579,072 2007-03-08 15:50:30 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
578,048 2006-03-09 08:25:17 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
578,560 2007-03-08 15:37:50 C:\WINDOWS\system32\user32.dll
578,560 2007-03-08 15:37:50 C:\WINDOWS\system32\dllcache\user32.dll


------- Sigcheck -------

2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2006-03-09 10:25 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
md5deep: C:\WINDOWS\system32\user32.dll: Permission denied
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\dllcache\user32.dll

2007-02-28 09:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2006-05-09 10:11 2017280 50b3a210b6fa8d3089a36a32e7d8b21f C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
md5deep: C:\WINDOWS\system32\ntkrnlpa.exe: Permission denied
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2006-03-09 10:25 2137600 e75f7aa5a33479f29c636fd0890f5762 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
md5deep: C:\WINDOWS\system32\ntoskrnl.exe: Permission denied
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2006-03-09 10:25 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((( snapshot@2008-08-25_19.54.51.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-06-13 13:22:28 3,192,832 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 13:22:28 1,037,312 ----a-w C:\WINDOWS\explorer.exe
- 2006-03-09 08:24:49 92,672 ----a-w C:\WINDOWS\Hh.exe
+ 2006-03-09 08:24:49 10,752 ----a-w C:\WINDOWS\Hh.exe
+ 2008-09-16 16:10:28 102,400 ----a-r C:\WINDOWS\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe
+ 2008-09-16 16:11:02 27,136 ----a-r C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2008-09-16 16:08:46 86,016 ----a-r C:\WINDOWS\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe
- 2004-08-19 15:09:56 824,832 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
+ 2004-08-19 15:09:56 768,512 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
- 2006-04-12 18:04:38 333,312 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
+ 2006-04-12 18:04:38 172,544 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
- 2001-08-24 12:00:00 178,176 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\notiflag.exe
+ 2001-08-24 12:00:00 35,328 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\notiflag.exe
- 2004-08-19 15:10:04 798,720 ----a-w C:\WINDOWS\regedit.exe
+ 2004-08-19 15:10:04 153,088 ----a-w C:\WINDOWS\regedit.exe
- 2004-08-19 15:09:46 3,273,278 ----a-w C:\WINDOWS\srchasst\srchui.dll
+ 2004-08-19 15:09:46 726,590 ----a-w C:\WINDOWS\srchasst\srchui.dll
- 2001-08-24 12:00:00 394,752 ----a-w C:\WINDOWS\system32\Acctres.dll
+ 2001-08-24 12:00:00 72,192 ----a-w C:\WINDOWS\system32\Acctres.dll
- 2004-08-19 15:09:52 590,336 ----a-w C:\WINDOWS\system32\accwiz.exe
+ 2004-08-19 15:09:52 189,952 ----a-w C:\WINDOWS\system32\accwiz.exe
- 2004-08-19 15:09:52 236,544 ----a-w C:\WINDOWS\system32\ahui.exe
+ 2004-08-19 15:09:52 98,304 ----a-w C:\WINDOWS\system32\ahui.exe
- 2004-08-19 15:09:20 620,032 ----a-w C:\WINDOWS\system32\Appmgr.dll
+ 2004-08-19 15:09:20 302,592 ----a-w C:\WINDOWS\system32\Appmgr.dll
- 2006-10-18 19:47:08 575,488 ----a-w C:\WINDOWS\system32\audiodev.dll
+ 2006-10-18 19:47:08 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll
- 2004-08-19 15:09:22 61,440 ----a-w C:\WINDOWS\system32\batmeter.dll
+ 2004-08-19 15:09:22 28,672 ----a-w C:\WINDOWS\system32\batmeter.dll
- 2004-08-19 15:09:22 167,424 ----a-w C:\WINDOWS\system32\batt.dll
+ 2004-08-19 15:09:22 8,704 ----a-w C:\WINDOWS\system32\batt.dll
- 2008-02-16 09:02:34 1,473,024 ----a-w C:\WINDOWS\system32\Browseui.dll
+ 2008-02-16 09:02:34 1,024,000 ----a-w C:\WINDOWS\system32\Browseui.dll
- 2004-08-19 12:09:22 25,088 ----a-w C:\WINDOWS\system32\bthci.dll
+ 2004-08-19 12:09:22 20,992 ----a-w C:\WINDOWS\system32\bthci.dll
- 2004-08-19 15:09:22 363,008 ----a-w C:\WINDOWS\system32\cabview.dll
+ 2004-08-19 15:09:22 85,504 ----a-w C:\WINDOWS\system32\cabview.dll
- 2001-08-24 12:00:00 253,440 ----a-w C:\WINDOWS\system32\calc.exe
+ 2001-08-24 12:00:00 115,200 ----a-w C:\WINDOWS\system32\calc.exe
- 2008-02-16 09:02:34 1,145,856 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-02-16 09:02:34 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2001-08-24 12:00:00 219,136 ----a-w C:\WINDOWS\system32\charmap.exe
+ 2001-08-24 12:00:00 80,896 ----a-w C:\WINDOWS\system32\charmap.exe
- 2004-08-19 15:09:52 520,704 ----a-w C:\WINDOWS\system32\cleanmgr.exe
+ 2004-08-19 15:09:52 65,536 ----a-w C:\WINDOWS\system32\cleanmgr.exe
- 2004-08-19 15:09:52 539,136 ----a-w C:\WINDOWS\system32\cmd.exe
+ 2004-08-19 15:09:52 400,896 ----a-w C:\WINDOWS\system32\cmd.exe
- 2004-08-19 15:09:22 669,696 ----a-w C:\WINDOWS\system32\cmdial32.dll
+ 2004-08-19 15:09:22 352,256 ----a-w C:\WINDOWS\system32\cmdial32.dll
+ 1998-07-12 22:00:00 32,768 ----a-w C:\WINDOWS\system32\CMDLGFR.DLL
- 2004-08-19 15:09:22 859,648 ----a-w C:\WINDOWS\system32\cmprops.dll
+ 2004-08-19 15:09:22 191,488 ----a-w C:\WINDOWS\system32\cmprops.dll
- 2004-08-19 15:09:22 421,888 ----a-w C:\WINDOWS\system32\Comdlg32.dll
+ 2004-08-19 15:09:22 281,088 ----a-w C:\WINDOWS\system32\Comdlg32.dll
- 2004-08-19 15:09:22 411,648 ----a-w C:\WINDOWS\system32\compatui.dll
+ 2004-08-19 15:09:22 253,440 ----a-w C:\WINDOWS\system32\compatui.dll
- 2001-08-24 12:00:00 205,312 ----a-w C:\WINDOWS\system32\console.dll
+ 2001-08-24 12:00:00 67,072 ----a-w C:\WINDOWS\system32\console.dll
- 2004-08-19 15:09:22 365,056 ----a-w C:\WINDOWS\system32\credui.dll
+ 2004-08-19 15:09:22 165,888 ----a-w C:\WINDOWS\system32\credui.dll
- 2004-08-19 15:09:22 1,968,640 ----a-w C:\WINDOWS\system32\cscui.dll
+ 2004-08-19 15:09:22 337,920 ----a-w C:\WINDOWS\system32\cscui.dll
- 2001-08-24 12:00:00 102,912 ----a-w C:\WINDOWS\system32\Deskadp.dll
+ 2001-08-24 12:00:00 16,896 ----a-w C:\WINDOWS\system32\Deskadp.dll
- 2001-08-24 12:00:00 178,176 ----a-w C:\WINDOWS\system32\Deskmon.dll
+ 2001-08-24 12:00:00 16,896 ----a-w C:\WINDOWS\system32\Deskmon.dll
- 2001-08-24 12:00:00 180,224 ----a-w C:\WINDOWS\system32\Deskperf.dll
+ 2001-08-24 12:00:00 18,944 ----a-w C:\WINDOWS\system32\Deskperf.dll
- 2004-08-19 15:09:24 1,044,480 ----a-w C:\WINDOWS\system32\devmgr.dll
+ 2004-08-19 15:09:24 290,816 ----a-w C:\WINDOWS\system32\devmgr.dll
- 2001-08-24 12:00:00 355,328 ----a-w C:\WINDOWS\system32\dfrgres.dll
+ 2001-08-24 12:00:00 55,808 ----a-w C:\WINDOWS\system32\dfrgres.dll
- 2008-01-29 10:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-04-17 11:12:54 15,464 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-03-11 12:42:44 54,256 ----a-w C:\WINDOWS\system32\drivers\iLokDrvr.sys
+ 2008-03-11 12:42:14 93,232 ----a-w C:\WINDOWS\system32\drivers\TPkd.sys
+ 2008-04-17 11:12:54 107,368 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 11:12:54 15,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
+ 2008-10-17 15:03:29 54,256 -c--a-w C:\WINDOWS\system32\DRVSTORE\iLokDrvr_B7C0C16E4CC7A803BD5DBA0083BE928D2979F8BB\iLokDrvr.sys
- 2001-08-24 12:00:00 367,104 ----a-w C:\WINDOWS\system32\Drwtsn32.exe
+ 2001-08-24 12:00:00 47,104 ----a-w C:\WINDOWS\system32\Drwtsn32.exe
- 2004-08-19 15:09:26 346,112 ----a-w C:\WINDOWS\system32\els.dll
+ 2004-08-19 15:09:26 187,392 ----a-w C:\WINDOWS\system32\els.dll
- 2008-02-16 09:02:35 292,352 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-02-16 09:02:35 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2004-08-19 15:09:26 819,200 ----a-w C:\WINDOWS\system32\filemgmt.dll
+ 2004-08-19 15:09:26 348,160 ----a-w C:\WINDOWS\system32\filemgmt.dll
- 2004-08-19 15:09:26 284,672 ----a-w C:\WINDOWS\system32\Fldrclnr.dll
+ 2004-08-19 15:09:26 88,064 ----a-w C:\WINDOWS\system32\Fldrclnr.dll
- 2008-08-14 11:24:01 1,444,152 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-12 19:50:34 1,435,320 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2004-08-19 15:09:26 1,350,144 ----a-w C:\WINDOWS\system32\fontext.dll
+ 2004-08-19 15:09:26 386,560 ----a-w C:\WINDOWS\system32\fontext.dll
- 2008-01-29 10:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2008-04-17 11:12:54 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
- 2004-08-19 15:09:56 356,864 ----a-w C:\WINDOWS\system32\Grpconv.exe
+ 2004-08-19 15:09:56 39,424 ----a-w C:\WINDOWS\system32\Grpconv.exe
- 2004-08-19 15:09:28 1,415,680 ----a-w C:\WINDOWS\system32\hnetwiz.dll
+ 2004-08-19 15:09:28 336,384 ----a-w C:\WINDOWS\system32\hnetwiz.dll
- 2004-08-19 15:09:28 433,664 ----a-w C:\WINDOWS\system32\hotplug.dll
+ 2004-08-19 15:09:28 146,944 ----a-w C:\WINDOWS\system32\hotplug.dll
- 2004-08-19 15:09:28 393,216 ----a-w C:\WINDOWS\system32\Icwdial.dll
+ 2004-08-19 15:09:28 73,728 ----a-w C:\WINDOWS\system32\Icwdial.dll
- 2004-08-19 15:09:28 1,809,408 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2004-08-19 15:09:28 221,696 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-16 09:02:35 408,064 ----a-w C:\WINDOWS\system32\Iepeers.dll
+ 2008-02-16 09:02:35 251,392 ----a-w C:\WINDOWS\system32\Iepeers.dll
- 2004-08-19 15:09:28 210,432 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2004-08-19 15:09:28 49,152 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2004-08-19 15:09:28 215,552 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2004-08-19 15:09:28 63,488 ----a-w C:\WINDOWS\system32\iesetup.dll
- 2004-08-19 15:09:30 606,208 ----a-w C:\WINDOWS\system32\inetcfg.dll
+ 2004-08-19 15:09:30 282,624 ----a-w C:\WINDOWS\system32\inetcfg.dll
- 2001-08-24 12:00:00 1,900,544 ----a-w C:\WINDOWS\system32\inetcplc.dll
+ 2001-08-24 12:00:00 121,856 ----a-w C:\WINDOWS\system32\inetcplc.dll
- 2004-08-19 15:09:32 717,312 ----a-w C:\WINDOWS\system32\keymgr.dll
+ 2004-08-19 15:09:32 157,184 ----a-w C:\WINDOWS\system32\keymgr.dll
- 2004-08-19 15:10:08 585,216 ----a-w C:\WINDOWS\system32\logon.scr
+ 2004-08-19 15:10:08 221,696 ----a-w C:\WINDOWS\system32\logon.scr
- 2004-08-19 15:09:56 6,141,440 ----a-w C:\WINDOWS\system32\logonui.exe
+ 2004-08-19 15:09:56 515,584 ----a-w C:\WINDOWS\system32\logonui.exe
- 2004-08-19 15:09:56 211,968 ----a-w C:\WINDOWS\system32\magnify.exe
+ 2004-08-19 15:09:56 73,216 ----a-w C:\WINDOWS\system32\magnify.exe
+ 1998-07-12 22:00:00 32,768 ----a-w C:\WINDOWS\system32\MCIFR.DLL
- 2004-08-19 15:09:32 502,272 ----a-w C:\WINDOWS\system32\mdminst.dll
+ 2004-08-19 15:09:32 120,320 ----a-w C:\WINDOWS\system32\mdminst.dll
- 2004-08-19 15:09:32 989,184 ----a-w C:\WINDOWS\system32\mobsync.dll
+ 2004-08-19 15:09:32 210,432 ----a-w C:\WINDOWS\system32\mobsync.dll
- 2004-08-19 15:09:58 483,328 ----a-w C:\WINDOWS\system32\mobsync.exe
+ 2004-08-19 15:09:58 144,384 ----a-w C:\WINDOWS\system32\mobsync.exe
- 2004-08-19 15:09:32 455,168 ----a-w C:\WINDOWS\system32\Modemui.dll
+ 2004-08-19 15:09:32 156,160 ----a-w C:\WINDOWS\system32\Modemui.dll
- 2004-08-19 15:08:24 347,648 ----a-w C:\WINDOWS\system32\moricons.dll
+ 2004-08-19 15:08:24 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
+ 1998-07-12 22:00:00 141,312 ----a-w C:\WINDOWS\system32\MSCMCFR.DLL
- 2004-08-19 15:09:34 2,648,064 ----a-w C:\WINDOWS\system32\msgina.dll
+ 2004-08-19 15:09:34 1,004,032 ----a-w C:\WINDOWS\system32\msgina.dll
- 2008-02-17 02:02:38 6,453,760 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-02-17 02:02:38 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-04-18 16:14:18 3,314,688 ----a-w C:\WINDOWS\system32\msi.dll
+ 2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-19 15:09:34 212,992 ----a-w C:\WINDOWS\system32\msident.dll
+ 2004-08-19 15:09:34 51,712 ----a-w C:\WINDOWS\system32\msident.dll
- 2004-08-19 15:09:34 1,351,168 ----a-w C:\WINDOWS\system32\msieftp.dll
+ 2004-08-19 15:09:34 252,416 ----a-w C:\WINDOWS\system32\msieftp.dll
- 2004-08-19 15:10:00 633,856 ----a-w C:\WINDOWS\system32\mspaint.exe
+ 2004-08-19 15:10:00 347,648 ----a-w C:\WINDOWS\system32\mspaint.exe
- 2004-08-19 15:09:36 923,648 ----a-w C:\WINDOWS\system32\mstask.dll
+ 2004-08-19 15:09:36 281,600 ----a-w C:\WINDOWS\system32\mstask.dll
- 2004-08-19 14:52:00 1,673,216 ----a-w C:\WINDOWS\system32\mstsc.exe
+ 2004-08-19 14:52:00 411,648 ----a-w C:\WINDOWS\system32\mstsc.exe
+ 2004-02-05 13:51:38 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
- 2001-08-24 12:00:00 734,720 ----a-w C:\WINDOWS\system32\mycomput.dll
+ 2001-08-24 12:00:00 90,624 ----a-w C:\WINDOWS\system32\mycomput.dll
- 2004-08-19 15:09:36 354,816 ----a-w C:\WINDOWS\system32\mydocs.dll
+ 2004-08-19 15:09:36 91,648 ----a-w C:\WINDOWS\system32\mydocs.dll
- 2004-08-19 15:10:00 194,048 ----a-w C:\WINDOWS\system32\narrator.exe
+ 2004-08-19 15:10:00 55,296 ----a-w C:\WINDOWS\system32\narrator.exe
- 2004-08-19 15:09:36 435,712 ----a-w C:\WINDOWS\system32\netid.dll
+ 2004-08-19 15:09:36 144,896 ----a-w C:\WINDOWS\system32\netid.dll
- 2004-08-19 15:09:38 3,377,664 ----a-w C:\WINDOWS\system32\netplwiz.dll
+ 2004-08-19 15:09:38 885,248 ----a-w C:\WINDOWS\system32\netplwiz.dll
- 2006-03-09 08:25:01 7,062,016 ----a-w C:\WINDOWS\system32\netshell.dll
+ 2006-03-09 08:25:01 1,721,344 ----a-w C:\WINDOWS\system32\netshell.dll
- 2004-08-19 15:09:38 1,452,544 ----a-w C:\WINDOWS\system32\newdev.dll
+ 2004-08-19 15:09:38 251,392 ----a-w C:\WINDOWS\system32\newdev.dll
- 2004-08-19 15:10:00 206,848 ----a-w C:\WINDOWS\system32\notepad.exe
+ 2004-08-19 15:10:00 70,656 ----a-w C:\WINDOWS\system32\notepad.exe
- 2004-08-19 15:10:00 1,537,024 ----a-w C:\WINDOWS\system32\ntbackup.exe
+ 2004-08-19 15:10:00 1,230,848 ----a-w C:\WINDOWS\system32\ntbackup.exe
- 2004-08-19 15:09:38 716,800 ----a-w C:\WINDOWS\system32\ntshrui.dll
+ 2004-08-19 15:09:38 145,920 ----a-w C:\WINDOWS\system32\ntshrui.dll
- 2007-12-05 00:41:00 77,824 ----a-w C:\WINDOWS\system32\nvmctray.dll
+ 2007-12-05 00:41:00 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
- 2004-08-19 15:09:38 312,320 ----a-w C:\WINDOWS\system32\occache.dll
+ 2004-08-19 15:09:38 97,280 ----a-w C:\WINDOWS\system32\occache.dll
- 2004-08-19 15:10:00 180,224 ----a-w C:\WINDOWS\system32\odbcad32.exe
+ 2004-08-19 15:10:00 32,768 ----a-w C:\WINDOWS\system32\odbcad32.exe
- 2001-08-24 12:00:00 166,912 ----a-w C:\WINDOWS\system32\oobe\msoobe.exe
+ 2001-08-24 12:00:00 28,160 ----a-w C:\WINDOWS\system32\oobe\msoobe.exe
- 2004-08-19 15:10:00 189,440 ----a-w C:\WINDOWS\system32\oobe\oobebaln.exe
+ 2004-08-19 15:10:00 51,712 ----a-w C:\WINDOWS\system32\oobe\oobebaln.exe
- 2004-08-19 15:10:02 354,816 ----a-w C:\WINDOWS\system32\osk.exe
+ 2004-08-19 15:10:02 216,576 ----a-w C:\WINDOWS\system32\osk.exe
- 2004-08-19 15:09:38 673,792 ----a-w C:\WINDOWS\system32\photowiz.dll
+ 2004-08-19 15:09:38 172,032 ----a-w C:\WINDOWS\system32\photowiz.dll
- 2004-08-19 15:09:40 1,480,192 ----a-w C:\WINDOWS\system32\printui.dll
+ 2004-08-19 15:09:40 578,560 ----a-w C:\WINDOWS\system32\printui.dll
- 2004-08-19 15:09:40 2,369,536 ----a-w C:\WINDOWS\system32\rasdlg.dll
+ 2004-08-19 15:09:40 685,056 ----a-w C:\WINDOWS\system32\rasdlg.dll
- 2004-08-19 15:10:04 197,120 ----a-w C:\WINDOWS\system32\rasphone.exe
+ 2004-08-19 15:10:04 57,344 ----a-w C:\WINDOWS\system32\rasphone.exe
- 2004-08-19 15:10:04 180,224 ----a-w C:\WINDOWS\system32\rcimlby.exe
+ 2004-08-19 15:10:04 35,840 ----a-w C:\WINDOWS\system32\rcimlby.exe
- 2004-08-19 15:09:40 198,144 ----a-w C:\WINDOWS\system32\remotepg.dll
+ 2004-08-19 15:09:40 61,952 ----a-w C:\WINDOWS\system32\remotepg.dll
- 2004-08-19 15:10:04 531,968 ----a-w C:\WINDOWS\system32\Restore\rstrui.exe
+ 2004-08-19 15:10:04 384,512 ----a-w C:\WINDOWS\system32\Restore\rstrui.exe
+ 2008-06-29 22:42:52 368,640 ----a-w C:\WINDOWS\system32\ReWire.dll
+ 2004-02-27 12:08:31 233,472 --s-a-w C:\WINDOWS\system32\REX Shared Library.dll
- 2004-08-19 15:09:40 195,072 ----a-w C:\WINDOWS\system32\sendmail.dll
+ 2004-08-19 15:09:40 55,296 ----a-w C:\WINDOWS\system32\sendmail.dll
- 2004-08-19 15:09:42 2,376,192 ----a-w C:\WINDOWS\system32\setupapi.dll
+ 2004-08-19 15:09:42 1,003,520 ----a-w C:\WINDOWS\system32\setupapi.dll
- 2004-08-19 15:09:42 445,952 ----a-w C:\WINDOWS\system32\sfc_os.dll
+ 2004-08-19 15:09:42 142,336 ----a-w C:\WINDOWS\system32\sfc_os.dll
- 2004-08-19 15:08:52 1,464,832 ----a-w C:\WINDOWS\system32\shdoclc.dll
+ 2004-08-19 15:08:52 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
- 2008-02-16 09:02:38 5,072,896 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-02-16 09:02:38 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-10-25 16:56:24 20,465,152 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-25 16:56:24 8,510,976 ----a-w C:\WINDOWS\system32\shell32.dll
- 2004-08-19 15:09:42 1,440,256 ----a-w C:\WINDOWS\system32\shimgvw.dll
+ 2004-08-19 15:09:42 440,320 ----a-w C:\WINDOWS\system32\shimgvw.dll
- 2008-02-16 09:02:38 635,904 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-02-16 09:02:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2004-08-19 15:10:04 113,152 ----a-w C:\WINDOWS\system32\sndrec32.exe
+ 2004-08-19 15:10:04 133,120 ----a-w C:\WINDOWS\system32\sndrec32.exe
- 2001-08-24 12:00:00 392,192 ----a-w C:\WINDOWS\system32\sndvol32.exe
+ 2001-08-24 12:00:00 139,264 ----a-w C:\WINDOWS\system32\sndvol32.exe
- 2004-08-19 15:09:46 540,672 ----a-w C:\WINDOWS\system32\srrstr.dll
+ 2004-08-19 15:09:46 241,664 ----a-w C:\WINDOWS\system32\srrstr.dll
- 2004-08-19 15:09:46 678,912 ----a-w C:\WINDOWS\system32\sti_ci.dll
+ 2004-08-19 15:09:46 138,240 ----a-w C:\WINDOWS\system32\sti_ci.dll
- 2004-08-19 15:09:46 375,808 ----a-w C:\WINDOWS\system32\stobject.dll
+ 2004-08-19 15:09:46 122,368 ----a-w C:\WINDOWS\system32\stobject.dll
- 2001-08-24 12:00:00 187,392 ----a-w C:\WINDOWS\system32\syncapp.exe
+ 2001-08-24 12:00:00 51,200 ----a-w C:\WINDOWS\system32\syncapp.exe
- 2004-08-19 15:09:46 333,824 ----a-w C:\WINDOWS\system32\syncui.dll
+ 2004-08-19 15:09:46 197,120 ----a-w C:\WINDOWS\system32\syncui.dll
- 2004-08-19 15:10:04 434,688 ----a-w C:\WINDOWS\system32\sysocmgr.exe
+ 2004-08-19 15:10:04 107,520 ----a-w C:\WINDOWS\system32\sysocmgr.exe
- 2006-03-09 09:19:44 3,499,008 ----a-w C:\WINDOWS\system32\syssetup.dll
+ 2006-03-09 09:19:44 1,005,056 ----a-w C:\WINDOWS\system32\syssetup.dll
- 2001-08-24 12:00:00 320,512 ----a-w C:\WINDOWS\system32\tapiui.dll
+ 2001-08-24 12:00:00 87,040 ----a-w C:\WINDOWS\system32\tapiui.dll
- 2004-08-19 15:10:04 788,992 ----a-w C:\WINDOWS\system32\taskmgr.exe
+ 2004-08-19 15:10:04 143,360 ----a-w C:\WINDOWS\system32\taskmgr.exe
- 2004-08-19 15:09:48 589,312 ----a-w C:\WINDOWS\system32\themeui.dll
+ 2004-08-19 15:09:48 391,168 ----a-w C:\WINDOWS\system32\themeui.dll
- 2004-08-19 15:09:48 1,388,544 ----a-w C:\WINDOWS\system32\upnpui.dll
+ 2004-08-19 15:09:48 240,128 ----a-w C:\WINDOWS\system32\upnpui.dll
- 2004-08-19 15:09:48 497,664 ----a-w C:\WINDOWS\system32\url.dll
+ 2004-08-19 15:09:48 37,888 ----a-w C:\WINDOWS\system32\url.dll
- 2004-08-19 15:09:56 292,864 ----a-w C:\WINDOWS\system32\usmt\migload.exe
+ 2004-08-19 15:09:56 103,936 ----a-w C:\WINDOWS\system32\usmt\migload.exe
- 2004-08-19 15:09:56 695,296 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
+ 2004-08-19 15:09:56 246,784 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
- 2004-08-19 15:10:04 188,416 ----a-w C:\WINDOWS\system32\utilman.exe
+ 2004-08-19 15:10:04 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
+ 2000-10-01 22:00:00 119,568 ----a-w C:\WINDOWS\system32\VB6FR.DLL
+ 2000-07-14 22:00:00 101,888 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL
- 2004-08-19 15:09:48 1,381,888 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2004-08-19 15:09:48 281,600 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2004-08-19 15:10:06 2,052,096 ----a-w C:\WINDOWS\system32\wiaacmgr.exe
+ 2004-08-19 15:10:06 438,784 ----a-w C:\WINDOWS\system32\wiaacmgr.exe
- 2004-08-19 15:09:48 1,953,792 ----a-w C:\WINDOWS\system32\wiashext.dll
+ 2004-08-19 15:09:48 594,432 ----a-w C:\WINDOWS\system32\wiashext.dll
- 2008-02-16 09:02:39 2,397,184 ----a-w C:\WINDOWS\system32\Wininet.dll
+ 2008-02-16 09:02:39 663,552 ----a-w C:\WINDOWS\system32\Wininet.dll
+ 1998-07-12 22:00:00 15,872 ----a-w C:\WINDOWS\system32\WINSKFR.DLL
- 2007-03-17 13:44:47 431,616 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2006-03-09 11:49:29 6,402,048 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-03-09 11:49:29 3,424,256 ----a-w C:\WINDOWS\system32\wmploc.dll
- 2004-08-19 15:10:06 171,008 ----a-w C:\WINDOWS\system32\wpabaln.exe
+ 2004-08-19 15:10:06 32,256 ----a-w C:\WINDOWS\system32\wpabaln.exe
- 2001-08-24 12:00:00 166,400 ----a-w C:\WINDOWS\system32\Write.exe
+ 2001-08-24 12:00:00 5,632 ----a-w C:\WINDOWS\system32\Write.exe
- 2004-08-19 15:09:50 933,888 ----a-w C:\WINDOWS\system32\wsecedit.dll
+ 2004-08-19 15:09:50 614,400 ----a-w C:\WINDOWS\system32\wsecedit.dll
- 2007-07-30 18:19:16 703,832 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-30 18:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2005-11-11 11:47:50 332,056 ----a-w C:\WINDOWS\system32\wuaueng1.dll
+ 2005-11-11 11:47:50 195,352 ----a-w C:\WINDOWS\system32\wuaueng1.dll
- 2005-11-11 11:47:54 168,960 ----a-w C:\WINDOWS\system32\wupdmgr.exe
+ 2005-11-11 11:47:54 32,256 ----a-w C:\WINDOWS\system32\wupdmgr.exe
- 2004-08-19 15:08:58 10,627,584 ----a-w C:\WINDOWS\system32\xpsp2res.dll
+ 2004-08-19 15:08:58 2,986,496 ----a-w C:\WINDOWS\system32\xpsp2res.dll
- 2004-08-19 15:09:50 1,799,168 ----a-w C:\WINDOWS\system32\zipfldr.dll
+ 2004-08-19 15:09:50 340,480 ----a-w C:\WINDOWS\system32\zipfldr.dll
- 2004-08-19 15:10:06 449,536 ----a-w C:\WINDOWS\Winhlp32.exe
+ 2004-08-19 15:10:06 288,256 ----a-w C:\WINDOWS\Winhlp32.exe
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"Google Update"="C:\Documents and Settings\Pc jeu chichoune\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-15 133104]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-22 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
"LifeCam"="c:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [BU]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-09-13 380928]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2007-11-16 5029952]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 C:\WINDOWS\RTHDCPL.exe]
"P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\system32\P17.DLL]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="C:\WINDOWS\system32\run.cmd" [2006-02-14 248]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 44544]

C:\Documents and Settings\Pc jeu chichoune\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 28672]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll" [2007-11-16 633344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-08-06 13:08 266497 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-09 12:53 1410296 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a------ 2007-04-10 15:46 709992 C:\WINDOWS\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\World of Warcraft\\Launcher.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\WINDOWS\\Installer\\{F70315E0-D82D-4D09-9EE0-28BB6EAC76FE}\\_ED4FBBAB943A41746D9702.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Steam\\steamapps\\icionestalamas\\condition zero\\hl.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\ASUS\\GamerOSD\\SBS.exe"=
"C:\\Documents and Settings\\Pc jeu chichoune\\metin2.bin"=
"C:\\Program Files\\Steam\\steamapps\\icionestalamas\\counter-strike\\hl.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Steam\\steamapps\\warrior38450\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=

R1 NDISRD;NDISRD;C:\WINDOWS\system32\drivers\NDISRD.sys [2007-09-29 18944]
R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2007-11-08 68608]
R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2007-09-29 25600]
R2 MSCamSvc;MSCamSvc;c:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R2 SvcOnlineArmor;Online Armor;C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2007-11-16 4625984]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-09-13 12416]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-09-13 10752]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
S3 Ndisprot;ArcNet NDIS Protocol Driver;C:\WINDOWS\system32\drivers\Ndisprot.sys [2008-10-22 27904]
.
Contenu du dossier 'Tâches planifiées'

2008-09-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-07-22 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1208520219.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56]

2008-10-24 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\Pc jeu chichoune\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-15 15:12]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-C:\WINDOWS\system32\kdxsm.exe - C:\WINDOWS\system32\kdxsm.exe
ShellExecuteHooks-{2753B591-D1EC-4A00-93E4-CEC5247EB60C} - (no file)
ShellExecuteHooks-{46D7049A-9DB9-4AEC-82B1-F101B9367CB1} - (no file)


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Pc jeu chichoune\Application Data\Mozilla\Firefox\Profiles\1yxn7feo.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.fr
FF -: plugin - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - C:\Documents and Settings\Pc jeu chichoune\Local Settings\Application Data\Google\Update\1.2.131.25\npGoogleOneClick6.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\np32dsw.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npdivx32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npDivxPlayerPlugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npnul32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin3.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin4.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin5.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin6.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin7.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 21:37:24
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
Heure de fin: 2008-10-24 21:40:35
ComboFix-quarantined-files.txt 2008-10-24 19:40:29
ComboFix2.txt 2008-08-25 20:14:40
ComboFix3.txt 2008-08-25 17:57:23

Avant-CF: 52,766,748,672 octets libres
Après-CF: 52,832,522,240 octets libres

556 --- E O F --- 2008-04-10 10:59:26

Reposte un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:09:35, on 25/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Pc jeu chichoune\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pc jeu chichoune\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 8475 bytes

Tu as encore des problèmes ?

Pour l'instant sa a l'air d'aller . J'atten encore un peut avant de clore le sujet . Aussi vous avez quoi comme logiciels gratuit a me proposer pour la protection de mon pc ? (Je vous demande sur mon post pour une étude cas par cas )

Re , alors j'ai un gros soucis ! le son de toutes mes chansons sont déformer sa passe comme en avancé ! Ou alors un sont tous zarb :s

Quel est ton player ?
Ce n'est pas une infection ça.

Plus de soucis depuis se matin ... zarb ... ( pour info j'utilise Itune )

Aussi pour la question de la sécurité je vous l'ai poser parsqu'un amis avec qui je viens de m'engueuler s'amuse a faire des virus amateur , mais bon il arrive quand même a faire chier des gens qu'il appâte sur des chat etc... Donc j'aurais voulu être"blindé" pour réduire les risque au maximum voir au néant !

Edit : je viens de me rendre compte que sa dépend des musique que j'écoute ! la j'en ai passer trois , deux avec un son blizzard

http://www.infos-du-net.com/forum/275481-11-dossier-pre...
 

J'ai tous lu mais j'avoue que je ne suis pas rassurer pour au temp !
même si je vais faire attention , il trouvera bien le moyen de me faire vivre un enfer !
Aussi pour la question du son de certaines chanson , que puis-je faire ?

Merci d'avance cordialement Wirgless .

Tu peux regarder dans la section Hardware. Porblème de driver peut être.

Donc je repose ma question sur le son dans la section Hardware ?

Ouaip.

Donc je repose ma question sur le son dans la section Hardware ?

Donc je repose ma question sur le son dans la section Hardware ?

Bah oui, c'est ce que j'ai dit.