Se connecter / S'enregistrer
Votre question

Infection du système : A l'aide !! :( [Résolu]

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Juin 2008 14:46:08

Salut,

Mon pc s'est infecté par un virus (je sais pas comment), et voilà pourquoi : chaque fois que j'entre dans Program Files et que j'ouvre un dossier (n'importe lequel), il y'a un message qui s'affiche :

Citation :
Attention, "Mon Nom-Prénom", Some dangerous Trojan Horses detected in your system. Microsoft files corrupted.

This may lead to the destruction of important files in C:\WINDOWS. Download protection software now !
Click OK to download the antispyware. (Recommended)

Oui Non


Voilà un rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:37, on 2008-06-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\svdhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SurfControl\CyberPatrol\cpserver.exe
C:\Program Files\SurfControl\CyberPatrol\cphq.exe
C:\Program Files\SurfControl\CyberPatrol\cpACtrl.exe
C:\Program Files\SurfControl\CyberPatrol\cpCCtrl.exe
C:\Program Files\SurfControl\CyberPatrol\cpkbinst.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Alpaslan\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BHO - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\sigma64.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Sound] svdhost.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [CyberPatrolNew] "C:\Program Files\SurfControl\CyberPatrol\cphq.exe" /m
O4 - HKLM\..\RunServices: [Windows Sound] svdhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{172D326C-B492-4A98-ACF6-74E7A719A9E2}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD57A173-C25B-4483-B5F3-9EE779A63B5C}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{172D326C-B492-4A98-ACF6-74E7A719A9E2}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{172D326C-B492-4A98-ACF6-74E7A719A9E2}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{172D326C-B492-4A98-ACF6-74E7A719A9E2}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS4\Services\Tcpip\..\{172D326C-B492-4A98-ACF6-74E7A719A9E2}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS5\Services\Tcpip\..\{172D326C-B492-4A98-ACF6-74E7A719A9E2}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS6\Services\Tcpip\..\{172D326C-B492-4A98-ACF6-74E7A719A9E2}: NameServer = 212.27.54.252,212.27.53.252
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8801 bytes

Autres pages sur : infection systeme aide resolu

a b 8 Sécurité
23 Juin 2008 14:52:22

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    25 Juin 2008 13:01:18

    Salut Angledark,

    Voici le rapport que tu m'as demandé:

    Malwarebytes' Anti-Malware 1.18
    Version de la base de données: 889

    13:00:33 2008-06-25
    mbam-log-6-25-2008 (13-00-33).txt

    Type de recherche: Examen rapide
    Eléments examinés: 38354
    Temps écoulé: 16 minute(s), 24 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 7
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 3

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\bhonew.bhoapp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2ff811e6-8925-4084-a649-c159955e67e8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ff811e6-8925-4084-a649-c159955e67e8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bhonew.bhoapp.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{4937d5d1-2039-409a-bd83-fec9b39b2356} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Sound (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Windows Sound (Backdoor.Bot) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\sigma64.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nada16.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\svdhost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

    Ca a marché, je n'ai plus ce message d'erreur quand j'entre dans Program files !
    Contenus similaires
    a b 8 Sécurité
    25 Juin 2008 13:11:31

    Reposte un rapport Hijackthis.
    25 Juin 2008 13:20:26

    Salut,

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:22, on 2008-06-25
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\SurfControl\CyberPatrol\cphq.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\SurfControl\CyberPatrol\cpserver.exe
    C:\Program Files\SurfControl\CyberPatrol\cpACtrl.exe
    C:\Program Files\SurfControl\CyberPatrol\cpCCtrl.exe
    C:\Program Files\SurfControl\CyberPatrol\cpkbinst.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Documents and Settings\Alpaslan\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [CyberPatrolNew] "C:\Program Files\SurfControl\CyberPatrol\cphq.exe" /m
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{172D326C-B492-4A98-ACF6-74E7A719A9E2}: NameServer = 212.27.54.252,212.27.53.252
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CD57A173-C25B-4483-B5F3-9EE779A63B5C}: NameServer = 212.27.54.252,212.27.53.252
    O17 - HKLM\System\CS1\Services\Tcpip\..\{172D326C-B492-4A98-ACF6-74E7A719A9E2}: NameServer = 212.27.54.252,212.27.53.252
    O17 - HKLM\System\CS2\Services\Tcpip\..\{172D326C-B492-4A98-ACF6-74E7A719A9E2}: NameServer = 212.27.54.252,212.27.53.252
    O17 - HKLM\System\CS3\Services\Tcpip\..\{172D326C-B492-4A98-ACF6-74E7A719A9E2}: NameServer = 212.27.54.252,212.27.53.252
    O17 - HKLM\System\CS4\Services\Tcpip\..\{172D326C-B492-4A98-ACF6-74E7A719A9E2}: NameServer = 212.27.54.252,212.27.53.252
    O17 - HKLM\System\CS5\Services\Tcpip\..\{172D326C-B492-4A98-ACF6-74E7A719A9E2}: NameServer = 212.27.54.252,212.27.53.252
    O17 - HKLM\System\CS6\Services\Tcpip\..\{172D326C-B492-4A98-ACF6-74E7A719A9E2}: NameServer = 212.27.54.252,212.27.53.252
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: License Management Service ESD - element5 - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 8472 bytes
    a b 8 Sécurité
    25 Juin 2008 13:29:50

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    27 Juin 2008 00:43:05

    Salut,

    ComboFix 08-06-20.4 - Alpaslan 2008-06-27 0:36:08.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.380 [GMT 2:00]
    Endroit: C:\Documents and Settings\Alpaslan\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\wpcap.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_NPF


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-26 to 2008-06-26 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-25 12:30 . 2008-06-25 12:30 <REP> dr-h----- C:\MSOCache
    2008-06-25 12:25 . 2008-06-25 12:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-25 12:25 . 2008-06-19 17:55 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-25 12:25 . 2008-06-19 17:55 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-25 11:26 . 2008-06-25 11:26 <REP> d-------- C:\Program Files\KONAMI
    2008-06-25 11:19 . 2008-06-25 11:19 <REP> d-------- C:\Documents and Settings\Alpaslan\Application Data\GlarySoft
    2008-06-24 02:13 . 2008-06-24 02:14 <REP> d-------- C:\BMW M3 Challenge
    2008-06-24 02:10 . 2008-06-24 02:10 <REP> d-------- C:\Program Files\Glary Utilities
    2008-06-23 12:29 . 2008-06-23 12:29 <REP> d-------- C:\Documents and Settings\Alpaslan\Application Data\CyberPatrol Client
    2008-06-23 12:28 . 2008-06-23 12:28 <REP> d-------- C:\Program Files\SurfControl
    2008-06-23 12:28 . 2007-01-25 10:36 226,832 --a------ C:\WINDOWS\system32\cplsp.dll
    2008-06-22 18:08 . 2008-06-22 18:08 0 -ra------ C:\logwmemory.bin
    2008-06-22 18:06 . 2008-06-22 18:20 <REP> d-------- C:\Soldat
    2008-06-22 15:50 . 2008-06-22 15:50 268 --ah----- C:\sqmdata06.sqm
    2008-06-22 15:50 . 2008-06-22 15:50 244 --ah----- C:\sqmnoopt06.sqm
    2008-06-22 11:21 . 2008-06-22 11:21 268 --ah----- C:\sqmdata05.sqm
    2008-06-22 11:21 . 2008-06-22 11:21 244 --ah----- C:\sqmnoopt05.sqm
    2008-06-21 10:50 . 2008-06-21 10:50 <REP> d-------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-06-21 10:50 . 2008-06-21 10:50 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-06-21 10:50 . 2008-06-21 10:50 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-06-21 10:49 . 2008-06-21 10:51 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-06-19 19:00 . 2008-06-19 19:00 268 --ah----- C:\sqmdata04.sqm
    2008-06-19 19:00 . 2008-06-19 19:00 244 --ah----- C:\sqmnoopt04.sqm
    2008-06-19 11:06 . 2008-06-19 11:06 <REP> d-------- C:\Program Files\Aspyr
    2008-06-18 19:19 . 2008-06-18 19:19 268 --ah----- C:\sqmdata03.sqm
    2008-06-18 19:19 . 2008-06-18 19:19 244 --ah----- C:\sqmnoopt03.sqm
    2008-06-18 00:22 . 2008-06-23 20:09 <REP> d-------- C:\Program Files\Azureus
    2008-06-17 20:37 . 2008-06-17 20:37 268 --ah----- C:\sqmdata02.sqm
    2008-06-17 20:37 . 2008-06-17 20:37 244 --ah----- C:\sqmnoopt02.sqm
    2008-06-17 14:33 . 2008-06-17 14:34 <REP> d-------- C:\Program Files\Frets on Fire
    2008-06-17 13:54 . 2008-06-17 13:54 <REP> d--h----- C:\BJPrinter
    2008-06-17 08:27 . 2008-06-17 08:27 268 --ah----- C:\sqmdata01.sqm
    2008-06-17 08:27 . 2008-06-17 08:27 244 --ah----- C:\sqmnoopt01.sqm
    2008-06-16 13:47 . 2008-06-16 13:48 <REP> d-------- C:\Documents and Settings\Alpaslan\Application Data\fretsonfire
    2008-06-15 11:53 . 2008-06-15 11:53 268 --ah----- C:\sqmdata00.sqm
    2008-06-15 11:53 . 2008-06-15 11:53 244 --ah----- C:\sqmnoopt00.sqm
    2008-06-12 20:32 . 2008-06-12 20:32 <REP> d-------- C:\DVDVideoSoft
    2008-06-11 14:41 . 2007-05-26 12:34 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
    2008-06-11 11:35 . 2008-06-11 11:35 <REP> d-------- C:\Documents and Settings\Alpaslan\Application Data\DonationCoder
    2008-06-11 11:35 . 2008-06-11 11:35 58 --a------ C:\WINDOWS\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
    2008-06-10 20:19 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-10 20:19 . 2008-04-14 17:52 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-10 20:19 . 2008-05-08 14:28 202,752 --a--c--- C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-06-10 19:38 . 2008-06-23 21:38 <REP> d-------- C:\Documents and Settings\Alpaslan\Application Data\Azureus
    2008-06-10 19:38 . 2008-06-10 19:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-06-08 22:53 . 2003-03-13 12:51 51,200 --a------ C:\WINDOWS\system32\camcodec.dll
    2008-06-08 22:53 . 2003-03-13 12:51 1,461 --a------ C:\WINDOWS\system32\drivers\camcodec.inf
    2008-06-08 20:12 . 2008-06-08 20:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-06-08 20:12 . 2008-06-08 20:12 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-06-08 09:49 . 2008-06-08 10:43 <REP> d-------- C:\Program Files\Audacity
    2008-06-04 15:47 . 2008-06-04 15:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
    2008-06-04 12:10 . 2008-06-04 12:10 <REP> d-------- C:\Documents and Settings\Alpaslan\Application Data\fltk.org
    2008-06-03 20:13 . 2008-06-04 21:02 28 --a------ C:\WINDOWS\ODBC.INI
    2008-05-31 14:40 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmpA.tmp
    2008-05-31 14:38 . 2008-05-31 14:38 <REP> d-------- C:\Documents and Settings\Alpaslan\Application Data\InstallShield
    2008-05-26 16:34 . 2008-05-26 16:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
    2008-05-26 15:36 . 2008-05-26 15:36 <REP> d-------- C:\Program Files\Lavalys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-26 22:41 42,522,656 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-06-26 22:38 502,448 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-06-26 18:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-06-25 09:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-21 10:00 --------- d-----w C:\Program Files\Everstrike Software
    2008-06-21 09:58 --------- d-----w C:\Program Files\Fichiers communs\DVDVideoSoft
    2008-06-21 09:58 --------- d-----w C:\Program Files\DVDVideoSoft
    2008-06-20 17:31 3,153,408 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
    2008-06-20 15:29 33,280 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
    2008-06-20 15:29 3,153,408 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
    2008-06-20 15:26 41,984 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
    2008-06-20 10:03 3,150,336 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
    2008-06-20 10:03 3,033,088 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
    2008-06-20 05:20 3,149,824 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
    2008-06-19 12:11 5,321,194 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
    2008-06-17 11:05 --------- d-----w C:\Program Files\Rockstar Games
    2008-06-14 14:09 --------- d-----w C:\Program Files\Motorola Phone Tools
    2008-06-14 14:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
    2008-06-14 13:57 --------- d-----w C:\Program Files\Project64 1.6
    2008-06-11 11:07 3,030,528 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
    2008-06-11 11:07 2,963,968 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
    2008-06-08 16:50 3,203,072 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
    2008-06-08 16:50 2,969,088 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
    2008-06-07 09:39 --------- d-----w C:\Program Files\Ripp-it_AM
    2008-06-04 13:45 --------- d-----w C:\Program Files\ATI Technologies
    2008-06-04 13:32 --------- d-----w C:\Program Files\ma-config.com
    2008-06-04 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
    2008-06-01 14:05 2,931,712 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
    2008-06-01 14:05 2,841,088 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
    2008-05-31 10:49 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-05-29 16:57 2,950,656 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
    2008-05-29 16:57 2,785,792 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
    2008-05-29 07:24 2,782,720 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
    2008-05-28 10:59 2,777,600 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
    2008-05-24 14:20 --------- d-----w C:\Program Files\OpenAL
    2008-05-24 13:26 2,711,552 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
    2008-05-23 11:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-05-22 17:28 3,483,136 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
    2008-05-22 17:28 2,688,000 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
    2008-05-21 20:08 --------- d-----w C:\Program Files\Google
    2008-05-21 16:23 2,658,816 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
    2008-05-21 10:41 2,631,168 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
    2008-05-18 15:08 --------- d-----w C:\Documents and Settings\Alpaslan\Application Data\Talkback
    2008-05-18 09:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-05-18 09:01 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-05-18 08:47 --------- d-----w C:\Program Files\PowerISO
    2008-05-16 07:47 --------- d-----w C:\Documents and Settings\Alpaslan\Application Data\AdobeUM
    2008-05-16 06:48 --------- d-----w C:\Documents and Settings\Alpaslan\Application Data\Nero
    2008-05-16 06:47 --------- d-----w C:\Program Files\Fichiers communs\Nero
    2008-05-16 06:45 --------- d-----w C:\Program Files\Nero
    2008-05-16 06:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2008-05-14 15:46 --------- d--h--r C:\Documents and Settings\Alpaslan\Application Data\SecuROM
    2008-05-14 05:35 --------- d-----w C:\Program Files\MSBuild
    2008-05-14 05:35 --------- d-----w C:\Program Files\Microsoft Works
    2008-05-14 05:33 --------- d-----w C:\Program Files\Microsoft.NET
    2008-05-14 05:31 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
    2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
    2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
    2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
    2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
    2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
    2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
    2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
    2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
    2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
    2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
    2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
    2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
    2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
    2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
    2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
    2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
    2008-05-12 15:03 19,968 ----a-w C:\WINDOWS\system32\atiadlxx.dll
    2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
    2008-05-12 15:02 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
    2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
    2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
    2008-05-12 08:49 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
    2008-05-09 18:26 --------- d-----w C:\Program Files\Fichiers communs\Everstrike Software
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-04 19:41 --------- d-----w C:\Documents and Settings\Alpaslan\Application Data\Media Player Classic
    2008-04-30 19:30 3,191,296 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
    2008-04-30 19:30 2,211,328 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
    2008-04-28 10:29 805,400 ----a-r C:\WINDOWS\system32\tmp6F.tmp
    2008-04-28 10:29 805,400 ----a-r C:\WINDOWS\system32\tmp6E.tmp
    2008-04-27 13:43 --------- d-----w C:\Documents and Settings\Alpaslan\Application Data\SecondLife
    2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-04-13 17:34 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe
    2008-03-28 22:19 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
    2008-03-26 07:50 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 20:27 919016]
    "RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16:47 16859648 C:\WINDOWS\RTHDCPL.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
    "CyberPatrolNew"="C:\Program Files\SurfControl\CyberPatrol\cphq.exe" [2007-01-31 16:32 1451536]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll
    "VIDC.CSCD"= camcodec.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "SerialNumber"="A109A-K13-3ZXD-BAP5-TE"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\system32\\dpnsvr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=

    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 17:11]
    R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
    R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 11:26]
    S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-30 16:49]
    S3 SIWIO;SIW low-level I/O driver;C:\WINDOWS\TEMP\SiwIo.sys []

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-06-26 22:39:41 C:\WINDOWS\Tasks\GlaryInitialize.job"
    - C:\Program Files\Glary Utilities\initialize.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-27 00:39:53
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\SurfControl\CyberPatrol\cpserver.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\verclsid.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-27 0:43:36 - machine was rebooted [Alpaslan]
    ComboFix-quarantined-files.txt 2008-06-26 22:43:31

    Pre-Run: 68,580,880,384 octets libres
    Post-Run: 68,571,566,080 octets libres

    255 --- E O F --- 2008-06-11 13:35:31
    a b 8 Sécurité
    27 Juin 2008 13:20:33

    Reposte un rapport Hijackthis.
    27 Juin 2008 16:13:07

    Salut,

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:11:57, on 27/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\SurfControl\CyberPatrol\cphq.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\SurfControl\CyberPatrol\cpserver.exe
    C:\Program Files\SurfControl\CyberPatrol\cpACtrl.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\SurfControl\CyberPatrol\cpCCtrl.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\SurfControl\CyberPatrol\cpkbinst.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Documents and Settings\Alpaslan\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [CyberPatrolNew] "C:\Program Files\SurfControl\CyberPatrol\cphq.exe" /m
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{172D326C-B492-4A98-ACF6-74E7A719A9E2}: NameServer = 212.27.54.252,212.27.53.252
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CD57A173-C25B-4483-B5F3-9EE779A63B5C}: NameServer = 212.27.54.252,212.27.53.252
    O17 - HKLM\System\CS1\Services\Tcpip\..\{172D326C-B492-4A98-ACF6-74E7A719A9E2}: NameServer = 212.27.54.252,212.27.53.252
    O17 - HKLM\System\CS2\Services\Tcpip\..\{172D326C-B492-4A98-ACF6-74E7A719A9E2}: NameServer = 212.27.54.252,212.27.53.252
    O17 - HKLM\System\CS3\Services\Tcpip\..\{172D326C-B492-4A98-ACF6-74E7A719A9E2}: NameServer = 212.27.54.252,212.27.53.252
    O17 - HKLM\System\CS4\Services\Tcpip\..\{172D326C-B492-4A98-ACF6-74E7A719A9E2}: NameServer = 212.27.54.252,212.27.53.252
    O17 - HKLM\System\CS5\Services\Tcpip\..\{172D326C-B492-4A98-ACF6-74E7A719A9E2}: NameServer = 212.27.54.252,212.27.53.252
    O17 - HKLM\System\CS6\Services\Tcpip\..\{172D326C-B492-4A98-ACF6-74E7A719A9E2}: NameServer = 212.27.54.252,212.27.53.252
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: License Management Service ESD - element5 - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 8938 bytes
    a b 8 Sécurité
    27 Juin 2008 18:42:56

    Supprime tous les fichiers du type :
    C:\WINDOWS\Internet Logs\xDB14.tmp
    28 Juin 2008 20:54:02

    Je n'ai pas compris... Comment je fais pour supprimer ces fichiers ?
    a b 8 Sécurité
    28 Juin 2008 21:41:56

    Bah clic droit / supprimer :/ 
    28 Juin 2008 22:21:03

    Ca y'est c'est fait...
    a b 8 Sécurité
    29 Juin 2008 15:01:56

    Refais un scan Combofix.
    29 Juin 2008 17:09:33

    Salut,

    vb & vcccccccccccccccccccccccccccccccccccccccccccccfvcccComboFix 08-06-20.4 - Alpaslan 2008-06-29 16:46:29.3 - NTFSx86
    Endroit: C:\Documents and Settings\Alpaslan\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-29 12:25 . 2008-06-29 12:25 268 --ah----- C:\sqmdata09.sqm
    2008-06-29 12:25 . 2008-06-29 12:25 244 --ah----- C:\sqmnoopt09.sqm
    2008-06-27 18:53 . 2008-06-27 18:53 268 --ah----- C:\sqmdata08.sqm
    2008-06-27 18:53 . 2008-06-27 18:53 244 --ah----- C:\sqmnoopt08.sqm
    2008-06-27 17:51 . 2008-06-27 17:51 244 --ah----- C:\sqmnoopt07.sqm
    2008-06-27 17:51 . 2008-06-27 17:51 232 --ah----- C:\sqmdata07.sqm
    2008-06-27 00:43 . 2008-06-27 00:43 <REP> d-------- C:\Documents and Settings\InvitÚ
    2008-06-25 12:30 . 2008-06-25 12:30 <REP> dr-h----- C:\MSOCache
    2008-06-25 12:25 . 2008-06-25 12:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-25 12:25 . 2008-06-19 17:55 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-25 12:25 . 2008-06-19 17:55 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-25 11:26 . 2008-06-25 11:26 <REP> d-------- C:\Program Files\KONAMI
    2008-06-25 11:19 . 2008-06-25 11:19 <REP> d-------- C:\Documents and Settings\Alpaslan\Application Data\GlarySoft
    2008-06-24 02:13 . 2008-06-24 02:14 <REP> d-------- C:\BMW M3 Challenge
    2008-06-24 02:10 . 2008-06-24 02:10 <REP> d-------- C:\Program Files\Glary Utilities
    2008-06-23 12:29 . 2008-06-23 12:29 <REP> d-------- C:\Documents and Settings\Alpaslan\Application Data\CyberPatrol Client
    2008-06-23 12:28 . 2008-06-23 12:28 <REP> d-------- C:\Program Files\SurfControl
    2008-06-22 18:08 . 2008-06-22 18:08 0 -ra------ C:\logwmemory.bin
    2008-06-22 18:06 . 2008-06-22 18:20 <REP> d-------- C:\Soldat
    2008-06-22 15:50 . 2008-06-22 15:50 268 --ah----- C:\sqmdata06.sqm
    2008-06-22 15:50 . 2008-06-22 15:50 244 --ah----- C:\sqmnoopt06.sqm
    2008-06-22 11:21 . 2008-06-22 11:21 268 --ah----- C:\sqmdata05.sqm
    2008-06-22 11:21 . 2008-06-22 11:21 244 --ah----- C:\sqmnoopt05.sqm
    2008-06-21 10:50 . 2008-06-21 10:50 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-06-21 10:50 . 2008-06-21 10:50 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-06-21 10:50 . 2008-06-21 10:50 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-06-21 10:49 . 2008-06-21 10:51 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-06-19 19:00 . 2008-06-19 19:00 268 --ah----- C:\sqmdata04.sqm
    2008-06-19 19:00 . 2008-06-19 19:00 244 --ah----- C:\sqmnoopt04.sqm
    2008-06-19 11:06 . 2008-06-19 11:06 <REP> d-------- C:\Program Files\Aspyr
    2008-06-18 19:19 . 2008-06-18 19:19 268 --ah----- C:\sqmdata03.sqm
    2008-06-18 19:19 . 2008-06-18 19:19 244 --ah----- C:\sqmnoopt03.sqm
    2008-06-18 00:22 . 2008-06-23 20:09 <REP> d-------- C:\Program Files\Azureus
    2008-06-17 20:37 . 2008-06-17 20:37 268 --ah----- C:\sqmdata02.sqm
    2008-06-17 20:37 . 2008-06-17 20:37 244 --ah----- C:\sqmnoopt02.sqm
    2008-06-17 14:33 . 2008-06-17 14:34 <REP> d-------- C:\Program Files\Frets on Fire
    2008-06-17 13:54 . 2008-06-17 13:54 <REP> d--h----- C:\BJPrinter
    2008-06-17 08:27 . 2008-06-17 08:27 268 --ah----- C:\sqmdata01.sqm
    2008-06-17 08:27 . 2008-06-17 08:27 244 --ah----- C:\sqmnoopt01.sqm
    2008-06-16 13:47 . 2008-06-16 13:48 <REP> d-------- C:\Documents and Settings\Alpaslan\Application Data\fretsonfire
    2008-06-15 11:53 . 2008-06-15 11:53 268 --ah----- C:\sqmdata00.sqm
    2008-06-15 11:53 . 2008-06-15 11:53 244 --ah----- C:\sqmnoopt00.sqm
    2008-06-12 20:32 . 2008-06-12 20:32 <REP> d-------- C:\DVDVideoSoft
    2008-06-11 14:41 . 2007-05-26 12:34 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
    2008-06-11 11:35 . 2008-06-11 11:35 <REP> d-------- C:\Documents and Settings\Alpaslan\Application Data\DonationCoder
    2008-06-11 11:35 . 2008-06-11 11:35 58 --a------ C:\WINDOWS\system32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
    2008-06-10 20:19 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-10 20:19 . 2008-04-14 17:52 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-10 20:19 . 2008-05-08 14:28 202,752 --a--c--- C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-06-10 19:38 . 2008-06-23 21:38 <REP> d-------- C:\Documents and Settings\Alpaslan\Application Data\Azureus
    2008-06-10 19:38 . 2008-06-10 19:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-06-08 22:53 . 2003-03-13 12:51 51,200 --a------ C:\WINDOWS\system32\camcodec.dll
    2008-06-08 22:53 . 2003-03-13 12:51 1,461 --a------ C:\WINDOWS\system32\drivers\camcodec.inf
    2008-06-08 20:12 . 2008-06-08 20:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-06-08 20:12 . 2008-06-08 20:12 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-06-08 09:49 . 2008-06-08 10:43 <REP> d-------- C:\Program Files\Audacity
    2008-06-04 15:47 . 2008-06-04 15:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
    2008-06-04 12:10 . 2008-06-04 12:10 <REP> d-------- C:\Documents and Settings\Alpaslan\Application Data\fltk.org
    2008-06-03 20:13 . 2008-06-04 21:02 28 --a------ C:\WINDOWS\ODBC.INI
    2008-05-31 14:40 . 2008-04-28 12:29 805,400 -ra------ C:\WINDOWS\system32\tmpA.tmp
    2008-05-31 14:38 . 2008-05-31 14:38 <REP> d-------- C:\Documents and Settings\Alpaslan\Application Data\InstallShield

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-29 14:49 43,198,496 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-06-29 12:37 509,480 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-06-27 14:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-06-25 09:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-21 10:00 --------- d-----w C:\Program Files\Everstrike Software
    2008-06-21 09:58 --------- d-----w C:\Program Files\Fichiers communs\DVDVideoSoft
    2008-06-21 09:58 --------- d-----w C:\Program Files\DVDVideoSoft
    2008-06-19 12:11 5,321,194 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
    2008-06-17 11:05 --------- d-----w C:\Program Files\Rockstar Games
    2008-06-14 14:09 --------- d-----w C:\Program Files\Motorola Phone Tools
    2008-06-14 14:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
    2008-06-14 13:57 --------- d-----w C:\Program Files\Project64 1.6
    2008-06-07 09:39 --------- d-----w C:\Program Files\Ripp-it_AM
    2008-06-04 13:45 --------- d-----w C:\Program Files\ATI Technologies
    2008-06-04 13:32 --------- d-----w C:\Program Files\ma-config.com
    2008-06-04 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
    2008-05-31 10:49 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-05-26 14:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Codemasters
    2008-05-26 13:36 --------- d-----w C:\Program Files\Lavalys
    2008-05-24 14:20 --------- d-----w C:\Program Files\OpenAL
    2008-05-23 11:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-05-21 20:08 --------- d-----w C:\Program Files\Google
    2008-05-18 15:08 --------- d-----w C:\Documents and Settings\Alpaslan\Application Data\Talkback
    2008-05-18 09:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-05-18 09:01 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-05-18 08:47 --------- d-----w C:\Program Files\PowerISO
    2008-05-16 07:47 --------- d-----w C:\Documents and Settings\Alpaslan\Application Data\AdobeUM
    2008-05-16 06:48 --------- d-----w C:\Documents and Settings\Alpaslan\Application Data\Nero
    2008-05-16 06:47 --------- d-----w C:\Program Files\Fichiers communs\Nero
    2008-05-16 06:45 --------- d-----w C:\Program Files\Nero
    2008-05-16 06:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2008-05-14 15:46 --------- d--h--r C:\Documents and Settings\Alpaslan\Application Data\SecuROM
    2008-05-14 05:35 --------- d-----w C:\Program Files\MSBuild
    2008-05-14 05:35 --------- d-----w C:\Program Files\Microsoft Works
    2008-05-14 05:33 --------- d-----w C:\Program Files\Microsoft.NET
    2008-05-14 05:31 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
    2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
    2008-05-12 15:56 397,312 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
    2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
    2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
    2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
    2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
    2008-05-12 15:45 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
    2008-05-12 15:45 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
    2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
    2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
    2008-05-12 15:43 10,153,984 ----a-w C:\WINDOWS\system32\atioglx2.dll
    2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
    2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
    2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
    2008-05-12 15:09 47,104 ----a-w C:\WINDOWS\system32\amdpcom32.dll
    2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
    2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
    2008-05-12 15:03 19,968 ----a-w C:\WINDOWS\system32\atiadlxx.dll
    2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
    2008-05-12 15:02 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
    2008-05-12 15:02 241,664 ----a-w C:\WINDOWS\system32\atiok3x2.dll
    2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
    2008-05-12 08:49 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
    2008-05-09 18:26 --------- d-----w C:\Program Files\Fichiers communs\Everstrike Software
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-04 19:41 --------- d-----w C:\Documents and Settings\Alpaslan\Application Data\Media Player Classic
    2008-04-28 10:29 805,400 ----a-r C:\WINDOWS\system32\tmp6F.tmp
    2008-04-28 10:29 805,400 ----a-r C:\WINDOWS\system32\tmp6E.tmp
    2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-04-13 17:34 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-06-27_ 0.43.12.98 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-26 22:39:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-29 12:54:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    - 2008-06-14 18:18:50 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
    + 2008-06-27 14:20:36 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
    - 2008-06-14 18:18:51 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
    + 2008-06-27 14:20:38 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
    - 2008-06-14 18:18:51 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
    + 2008-06-27 14:20:37 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
    - 2008-06-14 18:18:51 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
    + 2008-06-27 14:20:37 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
    - 2008-06-14 18:18:51 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
    + 2008-06-27 14:20:37 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
    - 2008-06-14 18:18:51 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
    + 2008-06-27 14:20:38 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
    - 2008-06-14 18:18:51 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
    + 2008-06-27 14:20:38 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
    - 2008-06-14 18:18:51 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
    + 2008-06-27 14:20:37 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
    - 2008-06-14 18:18:51 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
    + 2008-06-27 14:20:37 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
    - 2008-06-14 18:18:51 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
    + 2008-06-27 14:20:37 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
    - 2008-06-14 18:18:51 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
    + 2008-06-27 14:20:38 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
    - 2008-06-14 18:18:50 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
    + 2008-06-27 14:20:37 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
    - 2008-06-26 18:49:28 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
    + 2008-06-27 14:18:39 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
    - 2008-06-11 11:06:49 266,208 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    + 2008-06-27 15:47:17 266,208 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    - 2005-09-22 22:49:12 95,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
    + 2006-10-26 11:40:34 95,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
    - 2005-09-22 22:48:08 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
    + 2006-10-26 11:40:36 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
    - 2005-09-22 22:48:08 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
    + 2006-10-26 11:40:36 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
    - 2005-09-22 22:48:06 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
    + 2006-10-26 11:40:36 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
    - 2005-09-23 00:16:02 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
    + 2006-10-26 11:40:36 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
    - 2005-09-23 00:16:06 1,079,808 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
    + 2006-10-26 11:40:36 1,079,808 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
    - 2005-09-23 00:16:08 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
    + 2006-10-26 11:40:36 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
    - 2005-09-23 00:16:10 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
    + 2006-10-26 11:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
    - 2005-09-22 23:58:06 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
    + 2006-10-26 11:40:36 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
    - 2005-09-22 23:58:06 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
    + 2006-10-26 11:40:36 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
    - 2005-09-22 23:58:06 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
    + 2006-10-26 11:40:36 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
    - 2005-09-22 23:58:06 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
    + 2006-10-26 11:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
    - 2005-09-22 23:58:06 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
    + 2006-10-26 11:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
    - 2005-09-22 23:58:06 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
    + 2006-10-26 11:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
    - 2005-09-22 23:58:06 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
    + 2006-10-26 11:40:36 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
    - 2005-09-22 23:58:06 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
    + 2006-10-26 11:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
    - 2005-09-22 23:58:06 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
    + 2006-10-26 11:40:36 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 20:27 919016]
    "RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16:47 16859648 C:\WINDOWS\RTHDCPL.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll
    "VIDC.CSCD"= camcodec.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "SerialNumber"="A109A-K13-3ZXD-BAP5-TE"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\system32\\dpnsvr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 17:11]
    R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
    R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 11:26]
    S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-30 16:49]
    S3 SIWIO;SIW low-level I/O driver;C:\WINDOWS\TEMP\SiwIo.sys []

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-06-29 12:54:33 C:\WINDOWS\Tasks\GlaryInitialize.job"
    - C:\Program Files\Glary Utilities\initialize.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-29 16:49:23
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-29 16:50:44
    ComboFix-quarantined-files.txt 2008-06-29 14:50:40
    ComboFix2.txt 2008-06-26 22:43:38

    Pre-Run: 65,506,017,280 octets libres
    Post-Run: 65,489,182,720 octets libres

    278 --- E O F --- 2008-06-11 13:35:31
    a b 8 Sécurité
    29 Juin 2008 18:09:25

    Tu as encore des soucis ?
    29 Juin 2008 18:43:30

    Non c'est bon, tout est réglo =) Merci beaucoup !
    a b 8 Sécurité
    29 Juin 2008 19:30:38

    Bon surf.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS