Se connecter / S'enregistrer
Votre question

Crypt/xpack.gen... enfin, j'crois.

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Mai 2008 11:11:23

Bonjour à tous,

Je suis depuis plusieurs jours infecté par quelque chose dont je n'arrive pas à me débarrasser simplement. Je cri donc à l'aide auprès de gens avisés.

Merci.

[DaV]

Autres pages sur : crypt xpack gen

22 Mai 2008 11:15:38

En plus de cela, je ne sait pas si c'est lié, mais j'ai beaucoup de mal à accéder à Google notamment... (recherche, Google agenda, etc...)
Voici mon rapport HiJack this :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14, on 2008-05-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BM2f1ab20f] Rundll32.exe "C:\WINDOWS\system32\ldhtcebt.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Barre latérale Google Desktop.lnk = C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Administrateur\Bureau\Naturficial_Flower_by_playmobil.jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Administrateur\Bureau\Billiard_balls_by_lg_studio.jpg

--
End of file - 7064 bytes
a b 8 Sécurité
22 Mai 2008 13:28:00

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    Contenus similaires
    Pas de réponse à votre question ? Demandez !
    22 Mai 2008 14:59:08

    Voici mon rapport de ComboFix.exe lancé depuis le bureau.

    Merci.

    ComboFix 08-05-21.2 - Administrateur 2008-05-22 14:53:30.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2626 [GMT 2:00]
    Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BM2f1ab20f.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\cbXOGXpn.dll
    C:\WINDOWS\system32\cdemudph.dll
    C:\WINDOWS\system32\foekpqog.dll
    C:\WINDOWS\system32\foqvvesk.exe
    C:\WINDOWS\system32\hkyroggg.dll
    C:\WINDOWS\system32\iafphrrq.dll
    C:\WINDOWS\system32\kdplsrml.dll
    C:\WINDOWS\system32\ldhtcebt.dll
    C:\WINDOWS\system32\luvhytmx.dll
    C:\WINDOWS\system32\NUDcLRqr.ini
    C:\WINDOWS\system32\NUDcLRqr.ini2
    C:\WINDOWS\system32\nxcjgtct.dll
    C:\WINDOWS\system32\onxixtvr.exe
    C:\WINDOWS\system32\puaaurig.dll
    C:\WINDOWS\system32\pwcvfygx.dll
    C:\WINDOWS\system32\qqavhhuq.dll
    C:\WINDOWS\system32\qrclrlum.dll
    C:\WINDOWS\system32\qumkiqrj.dll
    C:\WINDOWS\system32\rqRLcDUN.dll
    C:\WINDOWS\system32\tqphgvta.dll
    C:\WINDOWS\system32\ufukaetp.exe
    C:\WINDOWS\system32\uyktokpb.dll
    C:\WINDOWS\system32\wcfhhvbp.dll
    C:\WINDOWS\system32\whsxdfme.dll
    C:\WINDOWS\system32\wpfehqdc.dll
    C:\WINDOWS\system32\wuhdupal.dll
    C:\WINDOWS\system32\xnwofixn.dll
    .
    ---- Previous Run -------
    .
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\aosjxuxo.ini
    C:\WINDOWS\system32\auhgcksr.ini
    C:\WINDOWS\system32\bnbmnphv.exe
    C:\WINDOWS\system32\dralcrev.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\ncymddlj.ini
    C:\WINDOWS\system32\nxifownx.ini
    C:\WINDOWS\system32\pbvhhfcw.ini
    C:\WINDOWS\system32\pbvhhfcw.ini2
    C:\WINDOWS\system32\pnqyisxo.ini
    C:\WINDOWS\system32\tismgmiw.ini
    C:\WINDOWS\system32\tpatwydh.ini
    C:\WINDOWS\system32\TvvEOXbc.ini
    C:\WINDOWS\system32\TvvEOXbc.ini2
    C:\WINDOWS\system32\vuyxpyfr.ini
    C:\WINDOWS\system32\vyohvimm.ini

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-22 11:33 . 2008-05-22 11:33 135,680 --a------ C:\WINDOWS\system32\lnhyxrji.dll
    2008-05-21 15:49 . 2008-05-21 15:49 134,144 --a------ C:\WINDOWS\system32\rlqxqedy.dll
    2008-05-21 10:58 . 2008-05-21 10:58 134,144 --a------ C:\WINDOWS\system32\cvmojeqp.dll
    2008-05-21 09:57 . 2008-05-22 11:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-05-21 09:57 . 2008-05-21 09:57 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-05-19 12:08 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
    2008-05-19 12:08 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
    2008-05-19 12:04 . 2008-05-19 12:04 <REP> d-------- C:\Program Files\MagicISO
    2008-05-19 11:27 . 2008-05-19 11:33 <REP> d-------- C:\Program Files\Ultra Video To Flash Converter
    2008-05-19 11:27 . 2004-02-22 16:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
    2008-05-19 11:27 . 2006-12-31 10:16 313,344 --a------ C:\WINDOWS\system32\avisynth.dll
    2008-05-19 11:16 . 2008-05-19 11:30 <REP> d-------- C:\Program Files\Total Video Converter
    2008-05-19 11:00 . 2008-05-19 11:02 270 --a------ C:\WINDOWS\system32\temp_0000_65-20.aok
    2008-05-19 10:57 . 2008-05-19 10:57 117 --a------ C:\WINDOWS\system32\test.aok
    2008-05-19 10:36 . 2008-05-19 10:46 <REP> d-------- C:\Program Files\QuickMediaConverter
    2008-05-18 20:59 . 2008-05-18 20:59 <REP> d-------- C:\VundoFix Backups
    2008-05-18 16:03 . 2008-05-18 16:03 <REP> d-------- C:\WINDOWS\Applian FLV Player
    2008-05-18 16:03 . 2008-05-18 16:03 <REP> d-------- C:\Program Files\FLV Player
    2008-05-18 15:44 . 2008-05-18 15:47 <REP> d-------- C:\Documents and Settings\Administrateur\dwhelper
    2008-05-17 12:48 . 2008-05-17 12:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ItsLabel
    2008-05-16 21:21 . 2008-05-16 21:21 <REP> d-------- C:\Program Files\FileZilla FTP Client
    2008-05-16 21:21 . 2008-05-22 12:52 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FileZilla
    2008-05-16 17:51 . 2008-05-16 17:51 <REP> d-------- C:\Program Files\CCleaner
    2008-05-16 17:13 . 2008-05-22 10:29 <REP> d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
    2008-05-16 17:12 . 2008-05-17 16:33 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EoRezo
    2008-05-16 11:21 . 2008-05-16 11:21 <REP> d-------- C:\WINDOWS\system32\xircom
    2008-05-16 11:21 . 2008-05-16 11:21 <REP> d-------- C:\WINDOWS\srchasst
    2008-05-16 11:21 . 2008-05-16 11:21 <REP> d-------- C:\Program Files\microsoft frontpage
    2008-05-16 11:12 . 2008-05-16 11:12 12 --a------ C:\WINDOWS\system32\2c29931d
    2008-05-16 10:09 . 2008-05-16 10:51 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2008-05-16 09:37 . 2008-05-16 09:39 <REP> d-------- C:\Program Files\QuickTime
    2008-05-16 09:31 . 2008-05-16 09:31 <REP> d-------- C:\Program Files\Avira
    2008-05-16 09:31 . 2008-05-16 09:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-05-16 09:13 . 2008-05-16 09:17 <REP> d-------- C:\fixwareout
    2008-05-16 09:04 . 2008-05-16 09:04 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-15 21:12 . 2008-05-15 21:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2008-05-15 12:05 . 2008-05-15 17:31 210 --a------ C:\WINDOWS\system32\ncymddlj.tmp
    2008-05-15 10:47 . 2008-05-15 10:47 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-05-12 11:52 . 2008-05-12 11:52 1,505,043 ---hs---- C:\WINDOWS\system32\pnqyisxo.tmp
    2008-05-07 14:53 . 2008-05-07 14:53 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
    2008-05-07 14:52 . 2008-05-07 14:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
    2008-05-07 14:52 . 2008-05-07 14:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Propellerhead Software
    2008-05-07 14:50 . 2008-05-07 14:50 <REP> d-------- C:\Program Files\Propellerhead
    2008-05-07 12:32 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2008-05-07 09:41 . 2008-05-07 09:41 <REP> d-------- C:\Program Files\M-Audio
    2008-05-06 23:30 . 2008-05-13 03:49 <REP> d-------- C:\Program Files\Native Instruments
    2008-05-06 23:30 . 2008-05-13 03:49 <REP> d-------- C:\Program Files\Fichiers communs\Native Instruments
    2008-05-06 20:49 . 2008-05-06 21:00 1,480 --a------ C:\WINDOWS\CDPLAYER.UNI
    2008-05-06 15:53 . 2008-05-09 00:50 38 --a------ C:\WINDOWS\avisplitter.INI
    2008-05-05 16:36 . 2008-05-05 16:36 <REP> d-------- C:\WINDOWS\Easy CD-DA Extractor 11.5
    2008-05-05 16:36 . 2008-05-05 16:36 <REP> d-------- C:\Program Files\Easy CD-DA Extractor 11
    2008-05-05 16:36 . 2008-05-05 16:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-05-05 16:34 . 2008-05-06 21:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-05-05 16:26 . 2008-05-22 11:46 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-05-05 16:24 . 2008-05-05 16:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
    2008-05-05 16:07 . 2008-05-05 16:07 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-05-05 16:06 . 2008-05-05 16:14 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-05-03 16:58 . 2008-05-03 16:58 <REP> d-------- C:\Program Files\Apple Software Update
    2008-04-30 15:05 . 2008-04-30 15:05 <REP> d-------- C:\Program Files\Alcohol Soft
    2008-04-30 15:03 . 2008-04-30 15:03 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-04-29 20:01 . 2008-05-21 16:06 16 --a------ C:\WINDOWS\system32\w3data.vss
    2008-04-29 20:01 . 2008-05-21 16:06 16 --a------ C:\WINDOWS\system32\msvcsv60.dll
    2008-04-29 20:01 . 2008-05-21 16:06 16 --a------ C:\WINDOWS\msocreg32.dat
    2008-04-29 16:11 . 2008-04-29 16:11 <REP> d-------- C:\Program Files\IK Multimedia
    2008-04-29 15:39 . 2008-04-29 15:40 <REP> d-------- C:\Program Files\Waves
    2008-04-29 14:25 . 2008-04-29 14:25 3,693,554 --a------ C:\WINDOWS\system32\TmpA1392546
    2008-04-29 13:52 . 2008-04-29 13:52 3,693,554 --a------ C:\WINDOWS\system32\TmpA13018890
    2008-04-29 10:51 . 2008-04-29 10:51 3,693,554 --a------ C:\WINDOWS\system32\TmpA2175078
    2008-04-29 10:14 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\system32\ActiveSkin.ocx
    2008-04-29 10:14 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE
    2008-04-29 10:14 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI
    2008-04-28 13:16 . 2008-04-30 19:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Waves Preferences
    2008-04-28 13:16 . 2008-04-28 13:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Waves
    2008-04-28 13:14 . 2008-04-28 13:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Waves Audio
    2008-04-28 08:56 . 2008-04-28 08:56 34 --a------ C:\WINDOWS\Blink.ini
    2008-04-25 09:47 . 2008-05-17 12:48 51 --a------ C:\WINDOWS\CDEDJECT.INI
    2008-04-25 09:46 . 2008-04-25 09:46 <REP> d-------- C:\Program Files\HotKey CD-Eject
    2008-04-25 09:37 . 2008-04-25 09:37 <REP> d-------- C:\Program Files\Antares Audio Technologies
    2008-04-24 20:13 . 2008-04-24 20:13 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-04-24 15:15 . 2008-04-24 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\iZotope
    2008-04-24 15:11 . 2008-05-06 23:29 <REP> d-------- C:\Program Files\iZotope
    2008-04-24 15:11 . 2008-04-24 15:11 <REP> d-------- C:\Program Files\Fichiers communs\iZotope
    2008-04-24 10:57 . 2008-04-24 10:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-04-24 10:31 . 2008-04-24 10:31 <REP> d-------- C:\Program Files\Nero
    2008-04-24 10:31 . 2008-04-24 10:57 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-04-23 20:38 . 2008-04-23 20:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\WinAmp Control
    2008-04-23 20:20 . 2006-03-01 04:53 773,120 --a------ C:\WINDOWS\bubbles.scr
    2008-04-23 16:36 . 2008-04-23 16:36 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
    2008-04-23 16:35 . 2008-04-23 16:35 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2008-04-23 10:44 . 2008-05-15 21:30 <REP> d-------- C:\Program Files\iColorFolder
    2008-04-23 09:42 . 2006-02-16 03:07 43,904 --a------ C:\WINDOWS\system32\drivers\sbp2port.sys
    2008-04-22 18:01 . 2008-04-22 18:01 <REP> d-------- C:\Program Files\Google
    2008-04-22 14:57 . 2008-04-22 14:57 <REP> d-------- C:\Program Files\Microsoft Works
    2008-04-22 14:54 . 2008-04-22 14:54 <REP> d-------- C:\WINDOWS\SHELLNEW
    2008-04-22 14:54 . 2008-04-22 14:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-04-22 14:53 . 2008-04-22 14:53 <REP> dr-h----- C:\MSOCache
    2008-04-22 14:40 . 2008-05-22 11:54 <REP> d-------- C:\Program Files\Mozilla Thunderbird
    2008-04-22 14:40 . 2008-04-22 14:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Thunderbird
    2008-04-22 14:40 . 2008-04-22 14:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback
    2008-04-22 08:18 . 2008-04-22 08:18 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Image Zone Express
    2008-04-22 08:17 . 2008-04-22 08:17 <REP> d-------- C:\Program Files\RocketDock
    2008-04-22 08:06 . 2008-04-22 08:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\HP
    2008-04-22 08:04 . 2008-04-22 08:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP
    2008-04-22 08:01 . 2008-04-22 08:01 <REP> d-------- C:\Program Files\Hewlett-Packard
    2008-04-22 08:01 . 2008-04-22 08:02 <REP> d-------- C:\Program Files\Fichiers communs\HP
    2008-04-22 08:01 . 2008-04-22 08:01 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
    2008-04-22 08:00 . 2006-06-27 09:58 876,544 -ra------ C:\WINDOWS\system32\hpwwiax1.dll
    2008-04-22 08:00 . 2006-04-02 09:41 835,072 -ra------ C:\WINDOWS\system32\hpwtiop1.dll
    2008-04-22 08:00 . 2006-03-20 02:48 286,720 -ra------ C:\WINDOWS\system32\HPZc3212.dll
    2008-04-22 08:00 . 2005-08-26 03:19 258,122 -ra------ C:\WINDOWS\system32\hpovst09.dll
    2008-04-22 08:00 . 2005-10-12 04:20 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll
    2008-04-22 08:00 . 2006-07-03 11:54 38,400 --a------ C:\WINDOWS\system32\hpz3l4sa.dll
    2008-04-22 08:00 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\drivers\serscan.sys
    2008-04-22 08:00 . 2008-04-22 08:00 156 --a------ C:\WINDOWS\system32\AddPort.ini
    2008-04-22 07:59 . 2008-04-22 08:00 <REP> d-------- C:\TEMP
    2008-04-22 07:59 . 2008-04-22 08:00 831 --a------ C:\WINDOWS\hpntwksetup.ini
    2008-04-22 07:58 . 2008-04-22 07:58 <REP> d-------- C:\WINDOWS\carrier
    2008-04-22 07:51 . 2008-04-22 08:06 153,353 --a------ C:\WINDOWS\hpwins05.dat
    2008-04-22 03:27 . 2008-04-22 03:27 <REP> d-------- C:\Program Files\Alwil Software
    2008-04-22 03:27 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-04-22 03:27 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-04-22 03:27 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-04-22 03:26 . 2008-04-22 08:02 <REP> d-------- C:\Program Files\HP
    2008-04-22 03:01 . 2008-04-22 03:01 <REP> d-------- C:\Program Files\Winamp
    2008-04-22 03:01 . 2008-05-06 20:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Winamp

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-19 10:02 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent
    2008-05-16 09:44 54,256 ----a-w C:\WINDOWS\system32\drivers\iLokDrvr.sys
    2008-05-15 09:30 208,896 ----a-w C:\WINDOWS\system32\TubeFinder.exe
    2008-04-29 11:52 --------- d-----w C:\Program Files\IrfanView
    2008-04-22 00:55 --------- d-----w C:\Program Files\uTorrent
    2008-04-22 00:27 --------- d-----w C:\Program Files\iLok
    2008-04-21 22:56 --------- d-----w C:\Program Files\Intel
    2008-04-21 22:43 --------- d-----w C:\Program Files\Java
    2008-04-21 22:43 --------- d-----w C:\Program Files\Foxit
    2008-04-21 22:42 --------- d-----w C:\Program Files\MSXML 6.0
    2008-04-21 22:42 --------- d-----w C:\Program Files\MSXML 4.0
    2008-04-21 22:42 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-04-21 22:41 --------- d-----w C:\Program Files\Services en ligne
    2008-04-21 22:39 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-04-15 18:46 270,336 ----a-w C:\WINDOWS\system32\DigiPlatformSupport.dll
    2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
    2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
    2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-16_11.23.33.65 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-05-18 14:03:29 473,600 ----a-w C:\WINDOWS\Applian FLV Player\uninstall.exe
    - 2008-05-16 09:21:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-22 12:56:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-19 10:08:38 65,536 ----a-r C:\WINDOWS\Installer\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}\ARPPRODUCTICON.exe
    + 2008-05-19 10:08:25 65,536 ----a-r C:\WINDOWS\Installer\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}\ARPPRODUCTICON.exe
    + 2008-05-19 09:27:20 34,308 ----a-w C:\WINDOWS\system32\bassmod.dll
    + 1998-07-12 19:00:00 32,768 ----a-w C:\WINDOWS\system32\CMDLGFR.DLL
    - 2008-04-23 14:20:42 54,256 -c--a-w C:\WINDOWS\system32\DRVSTORE\iLokDrvr_59E52B1134BCBE10AFBB4D22AB2D85F4ADED304A\iLokDrvr.sys
    + 2008-05-16 09:44:17 54,256 -c--a-w C:\WINDOWS\system32\DRVSTORE\iLokDrvr_59E52B1134BCBE10AFBB4D22AB2D85F4ADED304A\iLokDrvr.sys
    - 2008-05-06 07:21:39 1,484,328 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    + 2008-05-22 12:56:34 1,484,496 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    + 2007-02-20 13:34:06 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe
    + 2005-08-27 11:38:58 128,648 ----a-w C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
    - 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    + 2007-02-20 14:04:02 2,463,976 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    - 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
    + 2007-02-20 14:04:04 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
    + 1998-07-12 23:00:00 141,312 ----a-w C:\WINDOWS\system32\MSCMCFR.DLL
    - 2004-08-19 14:09:36 1,392,671 ----a-w C:\WINDOWS\system32\msvbvm60.dll
    + 2004-02-23 19:42:40 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60.dll
    + 1998-07-13 00:00:00 9,728 ----a-w C:\WINDOWS\system32\PCCLPFR.DLL
    + 2000-10-01 19:00:00 119,568 ----a-w C:\WINDOWS\system32\VB6FR.DLL
    + 2000-07-15 05:00:00 101,888 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36b37c03-cf0e-4760-8a61-5e93d1c5e53b}]
    2008-05-22 11:33 135680 --a------ C:\WINDOWS\system32\lnhyxrji.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EoEngine"="" []
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-07 07:51 8523776]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_3"="advpack.dll" [2004-08-19 16:09 101888 C:\WINDOWS\system32\advpack.dll]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoDesktopCleanupWizard"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)
    "NoResolveSearch"= 1 (0x1)
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)
    "NoResolveSearch"= 1 (0x1)
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= C:\Documents and Settings\Administrateur\Bureau\Naturficial_Flower_by_playmobil.jpg
    FriendlyName=

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
    Source= C:\Documents and Settings\Administrateur\Bureau\Billiard_balls_by_lg_studio.jpg
    FriendlyName=

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "wave1"= Digi32.dll
    "VIDC.YV12"= yv12vfw.dll
    "midi1"= ma_cmidn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [2006-12-08 21:50]
    R2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\system32\DRIVERS\diginet.sys [2007-10-31 01:16]
    R3 dalwdmservice;dal service;C:\WINDOWS\system32\drivers\dalwdm.sys [2007-10-31 01:15]
    R3 iLokDrvr;iLok;C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys [2008-05-16 11:44]
    R3 MA_CMIDI;M-Audio USB Driver;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2006-08-16 09:23]
    S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-22 18:01]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-05-16 15:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-22 14:57:10
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...


    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\icon_snow.png 3223 bytes

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 1

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-22 14:59:09 - machine was rebooted [Administrateur]
    ComboFix-quarantined-files.txt 2008-05-22 12:58:44

    Pre-Run: 59,177,263,104 octets libres
    Post-Run: 59,256,795,136 octets libres

    352
    a b 8 Sécurité
    22 Mai 2008 15:40:37

    Re,

    Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
    Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

    Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
    - Exécute l'option R.
    -- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

    [#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
    Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]

    Poste le rapport situé dans le dossier MSNFix.
    Le nom du rapport correspond au moment de sa création : date_heure.log
    22 Mai 2008 16:25:16

    Bon, la bonne nouvelle, c'est que mon ordi ne reste pas insensible à tes traitements, ce qui est déjà pas mal. Il trouve des choses j'ai l'impression.

    Merci encore, c'est très cool de m'aider avec mon microbe.

    MSNFix 1.717

    C:\Documents and Settings\Administrateur\Bureau\MSNFix
    Fix exécuté le 22/05/2008 - 16:11:27,28 By Administrateur
    mode normal

    ************************ Recherche les fichiers présents

    ... C:\??????.exe

    ************************ Recherche les dossiers présents

    Aucun dossier trouvé




    ************************ Suppression des fichiers

    .. OK ... C:\??????.exe



    ************************ Nettoyage du registre



    Les fichiers encore présents seront supprimés au prochain redémarrage


    Aucun Fichier trouvé



    ************************ Fichiers suspects

    Aucun Fichier trouvé


    Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 22052008_16160167.zip

    ************************ HKLM\...\Winlogon\Userinit

    Userinit = C:\WINDOWS\system32\userinit.exe,

    Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-aler...


    ------------------------------------------------------------------------
    Auteur : !aur3n7 Contact: http://changelog.fr
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------

    a b 8 Sécurité
    22 Mai 2008 16:49:42

    Re,

    On continue :) 

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    23 Mai 2008 09:52:31

    ça a pris un peu de temps, mais tu dois déjà être au courant que ce test là est long j'imagine...
    Voici le rapport :

    Malwarebytes' Anti-Malware 1.12
    Version de la base de données: 777

    Type de recherche: Examen complet (C:\|D:\|E:\|)
    Eléments examinés: 168550
    Temps écoulé: 4 hour(s), 54 minute(s), 49 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    a b 8 Sécurité
    23 Mai 2008 11:01:54

    Refais un scan Combofix :) 
    23 Mai 2008 11:06:23

    Le rapport de ComboFix:

    ComboFix 08-05-21.2 - Administrateur 2008-05-23 11:06:10.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2583 [GMT 2:00]
    Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\_000005_.tmp.dll
    C:\WINDOWS\system32\_000006_.tmp.dll
    C:\WINDOWS\system32\_000007_.tmp.dll
    C:\WINDOWS\system32\msvcsv60.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-23 09:54 . 2008-05-23 09:54 <REP> d-------- C:\WINDOWS\LastGood
    2008-05-23 09:54 . 2008-05-23 09:56 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-05-22 17:02 . 2008-05-22 17:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-05-22 17:01 . 2008-05-22 17:01 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-22 17:01 . 2008-05-22 17:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-22 17:01 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-22 17:01 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-22 16:17 . 2007-10-25 18:43 8,516,608 --a------ C:\WINDOWS\system32\SETCA.tmp
    2008-05-22 16:17 . 2007-10-25 18:43 8,516,608 --------- C:\WINDOWS\system32\dllcache\shell32.dll
    2008-05-22 16:17 . 2007-07-09 15:19 582,656 --a------ C:\WINDOWS\system32\SETA3.tmp
    2008-05-22 16:17 . 2007-07-09 15:19 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-05-22 11:33 . 2008-05-22 11:33 135,680 --a------ C:\WINDOWS\system32\lnhyxrji.dll
    2008-05-21 15:49 . 2008-05-21 15:49 134,144 --a------ C:\WINDOWS\system32\rlqxqedy.dll
    2008-05-21 10:58 . 2008-05-21 10:58 134,144 --a------ C:\WINDOWS\system32\cvmojeqp.dll
    2008-05-21 09:57 . 2008-05-22 11:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-05-21 09:57 . 2008-05-21 09:57 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-05-19 12:08 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
    2008-05-19 12:08 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
    2008-05-19 12:04 . 2008-05-19 12:04 <REP> d-------- C:\Program Files\MagicISO
    2008-05-19 11:27 . 2008-05-19 11:33 <REP> d-------- C:\Program Files\Ultra Video To Flash Converter
    2008-05-19 11:27 . 2004-02-22 16:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
    2008-05-19 11:27 . 2006-12-31 10:16 313,344 --a------ C:\WINDOWS\system32\avisynth.dll
    2008-05-19 11:16 . 2008-05-19 11:30 <REP> d-------- C:\Program Files\Total Video Converter
    2008-05-19 11:00 . 2008-05-19 11:02 270 --a------ C:\WINDOWS\system32\temp_0000_65-20.aok
    2008-05-19 10:57 . 2008-05-19 10:57 117 --a------ C:\WINDOWS\system32\test.aok
    2008-05-19 10:36 . 2008-05-19 10:46 <REP> d-------- C:\Program Files\QuickMediaConverter
    2008-05-18 20:59 . 2008-05-18 20:59 <REP> d-------- C:\VundoFix Backups
    2008-05-18 16:03 . 2008-05-18 16:03 <REP> d-------- C:\WINDOWS\Applian FLV Player
    2008-05-18 16:03 . 2008-05-18 16:03 <REP> d-------- C:\Program Files\FLV Player
    2008-05-18 15:44 . 2008-05-18 15:47 <REP> d-------- C:\Documents and Settings\Administrateur\dwhelper
    2008-05-17 12:48 . 2008-05-17 12:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ItsLabel
    2008-05-16 21:21 . 2008-05-16 21:21 <REP> d-------- C:\Program Files\FileZilla FTP Client
    2008-05-16 21:21 . 2008-05-23 10:19 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FileZilla
    2008-05-16 17:51 . 2008-05-16 17:51 <REP> d-------- C:\Program Files\CCleaner
    2008-05-16 17:13 . 2008-05-23 10:34 <REP> d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
    2008-05-16 17:12 . 2008-05-17 16:33 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EoRezo
    2008-05-16 11:21 . 2008-05-16 11:21 <REP> d-------- C:\WINDOWS\system32\xircom
    2008-05-16 11:21 . 2008-05-16 11:21 <REP> d-------- C:\WINDOWS\srchasst
    2008-05-16 11:21 . 2008-05-16 11:21 <REP> d-------- C:\Program Files\microsoft frontpage
    2008-05-16 11:12 . 2008-05-16 11:12 12 --a------ C:\WINDOWS\system32\2c29931d
    2008-05-16 10:09 . 2008-05-16 10:51 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2008-05-16 09:37 . 2008-05-16 09:39 <REP> d-------- C:\Program Files\QuickTime
    2008-05-16 09:31 . 2008-05-16 09:31 <REP> d-------- C:\Program Files\Avira
    2008-05-16 09:31 . 2008-05-16 09:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-05-16 09:13 . 2008-05-16 09:17 <REP> d-------- C:\fixwareout
    2008-05-16 09:04 . 2008-05-16 09:04 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-15 21:12 . 2008-05-15 21:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2008-05-15 12:05 . 2008-05-15 17:31 210 --a------ C:\WINDOWS\system32\ncymddlj.tmp
    2008-05-15 10:47 . 2008-05-15 10:47 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-05-12 11:52 . 2008-05-12 11:52 1,505,043 ---hs---- C:\WINDOWS\system32\pnqyisxo.tmp
    2008-05-07 14:53 . 2008-05-07 14:53 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
    2008-05-07 14:52 . 2008-05-07 14:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
    2008-05-07 14:52 . 2008-05-07 14:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Propellerhead Software
    2008-05-07 14:50 . 2008-05-07 14:50 <REP> d-------- C:\Program Files\Propellerhead
    2008-05-07 12:32 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2008-05-07 09:41 . 2008-05-07 09:41 <REP> d-------- C:\Program Files\M-Audio
    2008-05-06 23:30 . 2008-05-13 03:49 <REP> d-------- C:\Program Files\Native Instruments
    2008-05-06 23:30 . 2008-05-13 03:49 <REP> d-------- C:\Program Files\Fichiers communs\Native Instruments
    2008-05-06 20:49 . 2008-05-06 21:00 1,480 --a------ C:\WINDOWS\CDPLAYER.UNI
    2008-05-06 15:53 . 2008-05-09 00:50 38 --a------ C:\WINDOWS\avisplitter.INI
    2008-05-05 16:36 . 2008-05-05 16:36 <REP> d-------- C:\WINDOWS\Easy CD-DA Extractor 11.5
    2008-05-05 16:36 . 2008-05-05 16:36 <REP> d-------- C:\Program Files\Easy CD-DA Extractor 11
    2008-05-05 16:36 . 2008-05-05 16:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-05-05 16:34 . 2008-05-06 21:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-05-05 16:26 . 2008-05-22 11:46 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-05-05 16:24 . 2008-05-05 16:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
    2008-05-05 16:07 . 2008-05-05 16:07 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-05-05 16:06 . 2008-05-05 16:14 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-05-03 16:58 . 2008-05-03 16:58 <REP> d-------- C:\Program Files\Apple Software Update
    2008-04-30 15:05 . 2008-04-30 15:05 <REP> d-------- C:\Program Files\Alcohol Soft
    2008-04-30 15:03 . 2008-04-30 15:03 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-04-29 20:01 . 2008-05-21 16:06 16 --a------ C:\WINDOWS\system32\w3data.vss
    2008-04-29 20:01 . 2008-05-21 16:06 16 --a------ C:\WINDOWS\msocreg32.dat
    2008-04-29 16:11 . 2008-04-29 16:11 <REP> d-------- C:\Program Files\IK Multimedia
    2008-04-29 15:39 . 2008-04-29 15:40 <REP> d-------- C:\Program Files\Waves
    2008-04-29 14:25 . 2008-04-29 14:25 3,693,554 --a------ C:\WINDOWS\system32\TmpA1392546
    2008-04-29 13:52 . 2008-04-29 13:52 3,693,554 --a------ C:\WINDOWS\system32\TmpA13018890
    2008-04-29 10:51 . 2008-04-29 10:51 3,693,554 --a------ C:\WINDOWS\system32\TmpA2175078
    2008-04-29 10:14 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\system32\ActiveSkin.ocx
    2008-04-29 10:14 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.MSNFix
    2008-04-29 10:14 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI
    2008-04-28 13:16 . 2008-04-30 19:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Waves Preferences
    2008-04-28 13:16 . 2008-04-28 13:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Waves
    2008-04-28 13:14 . 2008-04-28 13:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Waves Audio
    2008-04-28 08:56 . 2008-04-28 08:56 34 --a------ C:\WINDOWS\Blink.ini
    2008-04-25 09:47 . 2008-05-17 12:48 51 --a------ C:\WINDOWS\CDEDJECT.INI
    2008-04-25 09:46 . 2008-04-25 09:46 <REP> d-------- C:\Program Files\HotKey CD-Eject
    2008-04-25 09:37 . 2008-04-25 09:37 <REP> d-------- C:\Program Files\Antares Audio Technologies
    2008-04-24 20:13 . 2008-04-24 20:13 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-04-24 15:15 . 2008-04-24 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\iZotope
    2008-04-24 15:11 . 2008-05-06 23:29 <REP> d-------- C:\Program Files\iZotope
    2008-04-24 15:11 . 2008-04-24 15:11 <REP> d-------- C:\Program Files\Fichiers communs\iZotope
    2008-04-24 10:57 . 2008-04-24 10:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-04-24 10:31 . 2008-04-24 10:31 <REP> d-------- C:\Program Files\Nero
    2008-04-24 10:31 . 2008-04-24 10:57 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-04-23 20:38 . 2008-04-23 20:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\WinAmp Control
    2008-04-23 20:20 . 2006-03-01 04:53 773,120 --a------ C:\WINDOWS\bubbles.scr
    2008-04-23 16:36 . 2008-04-23 16:36 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
    2008-04-23 16:35 . 2008-04-23 16:35 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2008-04-23 10:44 . 2008-05-15 21:30 <REP> d-------- C:\Program Files\iColorFolder
    2008-04-23 09:42 . 2006-02-16 03:07 43,904 --a------ C:\WINDOWS\system32\drivers\sbp2port.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-23 08:50 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-05-23 08:19 1,083 ----a-w C:\WINDOWS\Fonts\LTe50150.pfm
    2008-05-21 14:14 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Digidesign
    2008-05-19 10:02 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent
    2008-05-16 09:44 54,256 ----a-w C:\WINDOWS\system32\drivers\iLokDrvr.sys
    2008-05-15 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-05-15 09:30 208,896 ----a-w C:\WINDOWS\system32\TubeFinder.exe
    2008-05-07 07:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-06 18:48 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Winamp
    2008-05-05 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-04-29 11:52 --------- d-----w C:\Program Files\IrfanView
    2008-04-23 13:47 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Apple Computer
    2008-04-22 16:01 --------- d-----w C:\Program Files\Google
    2008-04-22 12:57 --------- d-----w C:\Program Files\Microsoft Works
    2008-04-22 12:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-04-22 12:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Thunderbird
    2008-04-22 12:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Talkback
    2008-04-22 06:18 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Image Zone Express
    2008-04-22 06:17 --------- d-----w C:\Program Files\RocketDock
    2008-04-22 06:06 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\HP
    2008-04-22 06:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
    2008-04-22 06:02 --------- d-----w C:\Program Files\HP
    2008-04-22 06:02 --------- d-----w C:\Program Files\Fichiers communs\HP
    2008-04-22 06:01 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-04-22 06:01 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
    2008-04-22 01:27 --------- d-----w C:\Program Files\Alwil Software
    2008-04-22 01:01 --------- d-----w C:\Program Files\Winamp
    2008-04-22 00:55 --------- d-----w C:\Program Files\uTorrent
    2008-04-22 00:27 --------- d-----w C:\Program Files\iLok
    2008-04-21 23:34 --------- d-----w C:\Program Files\Fichiers communs\PACE Anti-Piracy
    2008-04-21 23:34 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-04-21 23:34 --------- d-----w C:\Program Files\Bonjour
    2008-04-21 23:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
    2008-04-21 23:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-04-21 23:34 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\PACE Anti-Piracy
    2008-04-21 23:26 --------- d-----w C:\Program Files\InterLok
    2008-04-21 23:24 --------- d-----w C:\Program Files\Fichiers communs\Digidesign
    2008-04-21 23:24 --------- d-----w C:\Program Files\Digidesign
    2008-04-21 23:21 --------- d-----w C:\Program Files\Fichiers communs\LogiShared
    2008-04-21 23:21 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Logitech
    2008-04-21 23:21 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Leadertech
    2008-04-21 23:20 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-04-21 23:20 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
    2008-04-21 23:20 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2008-04-21 23:19 --------- d-----w C:\Program Files\Logitech
    2008-04-21 23:19 --------- d-----w C:\Program Files\Fichiers communs\Logitech
    2008-04-21 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
    2008-04-21 23:19 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\InstallShield
    2008-04-21 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
    2008-04-21 23:14 --------- d-----w C:\Program Files\My Company Name
    2008-04-21 23:10 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-04-21 23:10 --------- d-----w C:\Program Files\ASUS
    2008-04-21 23:08 --------- d-----w C:\Program Files\Marvell
    2008-04-21 23:08 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\TMP
    2008-04-21 23:03 --------- d-----w C:\Program Files\Analog Devices
    2008-04-21 22:56 --------- d-----w C:\Program Files\Intel
    2008-04-21 22:43 --------- d-----w C:\Program Files\Java
    2008-04-21 22:43 --------- d-----w C:\Program Files\Foxit
    2008-04-21 22:42 --------- d-----w C:\Program Files\MSXML 6.0
    2008-04-21 22:42 --------- d-----w C:\Program Files\MSXML 4.0
    2008-04-21 22:42 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-04-21 22:41 --------- d-----w C:\Program Files\Services en ligne
    2008-04-21 22:39 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-04-15 18:46 270,336 ----a-w C:\WINDOWS\system32\DigiPlatformSupport.dll
    2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
    2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
    2008-03-25 08:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
    2008-03-25 08:20 219,936 ------w C:\WINDOWS\system32\dllcache\msltus40.dll
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
    2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-03-20 07:56 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 07:56 1,846,016 ------w C:\WINDOWS\system32\dllcache\win32k.sys
    2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-16_11.23.33.65 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-05-18 14:03:29 473,600 ----a-w C:\WINDOWS\Applian FLV Player\uninstall.exe
    - 2008-05-16 09:21:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-23 07:52:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    - 2007-09-09 15:02:04 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
    + 2007-06-29 09:59:14 318,976 ----a-w C:\WINDOWS\inf\unregmp2.exe
    + 2008-05-19 10:08:38 65,536 ----a-r C:\WINDOWS\Installer\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}\ARPPRODUCTICON.exe
    + 2008-05-19 10:08:25 65,536 ----a-r C:\WINDOWS\Installer\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}\ARPPRODUCTICON.exe
    + 2008-05-19 09:27:20 34,308 ----a-w C:\WINDOWS\system32\bassmod.dll
    - 2007-09-09 15:00:46 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
    + 2008-02-16 09:31:57 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
    + 1998-07-12 19:00:00 32,768 ----a-w C:\WINDOWS\system32\CMDLGFR.DLL
    - 2007-09-09 15:00:47 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
    + 2008-02-16 09:31:58 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
    + 2008-02-16 09:31:57 1,024,512 ------w C:\WINDOWS\system32\dllcache\browseui.dll
    + 2008-02-16 09:31:57 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
    + 2008-02-16 09:31:58 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll
    + 2008-03-25 04:50:25 554,008 ------w C:\WINDOWS\system32\dllcache\dao360.dll
    + 2008-02-20 05:20:23 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
    + 2008-02-20 18:50:24 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
    + 2008-02-16 09:31:58 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    + 2008-02-16 09:31:58 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
    + 2008-02-16 09:31:58 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
    + 2008-02-20 06:52:42 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
    + 2008-02-15 09:07:53 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
    + 2008-02-16 09:31:58 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
    + 2007-08-21 06:25:34 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
    + 2008-02-16 09:31:58 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll
    + 2007-12-18 14:41:58 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
    + 2008-02-16 09:31:58 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2007-11-07 09:50:06 733,696 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
    + 2007-07-06 10:05:47 72,960 ------w C:\WINDOWS\system32\dllcache\mqac.sys
    + 2007-07-06 12:50:47 138,240 ------w C:\WINDOWS\system32\dllcache\mqad.dll
    + 2007-07-06 12:50:47 47,104 ------w C:\WINDOWS\system32\dllcache\mqdscli.dll
    + 2007-07-06 12:50:47 16,896 ------w C:\WINDOWS\system32\dllcache\mqise.dll
    + 2007-07-06 12:50:47 660,992 ------w C:\WINDOWS\system32\dllcache\mqqm.dll
    + 2007-07-06 12:50:47 177,152 ------w C:\WINDOWS\system32\dllcache\mqrt.dll
    + 2007-07-06 12:50:47 95,744 ------w C:\WINDOWS\system32\dllcache\mqsec.dll
    + 2007-07-06 12:50:47 48,640 ------w C:\WINDOWS\system32\dllcache\mqupgrd.dll
    + 2007-07-06 12:50:47 527,360 ------w C:\WINDOWS\system32\dllcache\mqutil.dll
    + 2007-12-18 09:51:35 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
    + 2008-03-25 04:50:28 518,944 ------w C:\WINDOWS\system32\dllcache\msexch40.dll
    + 2008-03-25 04:50:30 326,432 ------w C:\WINDOWS\system32\dllcache\msexcl40.dll
    + 2008-02-16 09:31:59 3,087,872 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    + 2008-02-16 09:31:59 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
    + 2008-03-25 04:50:34 1,516,568 ------w C:\WINDOWS\system32\dllcache\msjet40.dll
    + 2008-03-25 04:50:40 355,112 ------w C:\WINDOWS\system32\dllcache\msjetol1.dll
    + 2008-03-25 04:50:42 60,192 ------w C:\WINDOWS\system32\dllcache\msjter40.dll
    + 2008-03-25 04:50:42 248,608 ------w C:\WINDOWS\system32\dllcache\msjtes40.dll
    + 2008-03-25 04:50:45 355,104 ------w C:\WINDOWS\system32\dllcache\mspbde40.dll
    + 2008-02-16 09:31:59 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
    + 2008-03-25 04:50:47 432,928 ------w C:\WINDOWS\system32\dllcache\msrd2x40.dll
    + 2008-03-25 04:50:49 322,336 ------w C:\WINDOWS\system32\dllcache\msrd3x40.dll
    + 2008-03-25 04:50:52 559,904 ------w C:\WINDOWS\system32\dllcache\msrepl40.dll
    + 2008-03-25 04:50:55 264,992 ------w C:\WINDOWS\system32\dllcache\mstext40.dll
    + 2008-02-16 09:31:59 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
    + 2008-03-25 04:50:57 838,432 ------w C:\WINDOWS\system32\dllcache\mswdat10.dll
    + 2008-03-25 04:50:58 355,104 ------w C:\WINDOWS\system32\dllcache\msxbde40.dll
    + 2007-12-04 18:41:36 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
    + 2008-02-16 09:31:59 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
    + 2007-10-29 22:36:31 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
    + 2008-02-16 09:32:00 1,499,648 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
    + 2008-02-16 09:32:00 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
    + 2007-10-30 16:53:32 360,832 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
    + 2008-02-16 09:32:00 620,544 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
    + 2007-12-18 14:41:59 417,792 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
    + 2008-02-16 09:32:00 670,208 ------w C:\WINDOWS\system32\dllcache\wininet.dll
    + 2007-10-25 07:28:30 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
    - 2004-08-03 20:58:22 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
    + 2007-07-06 10:05:47 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
    - 2004-08-03 21:00:58 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    + 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    - 2007-09-09 14:59:50 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    + 2007-11-13 10:25:54 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    - 2007-09-09 15:00:08 360,704 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    + 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    - 2008-04-23 14:20:42 54,256 -c--a-w C:\WINDOWS\system32\DRVSTORE\iLokDrvr_59E52B1134BCBE10AFBB4D22AB2D85F4ADED304A\iLokDrvr.sys
    + 2008-05-16 09:44:17 54,256 -c--a-w C:\WINDOWS\system32\DRVSTORE\iLokDrvr_59E52B1134BCBE10AFBB4D22AB2D85F4ADED304A\iLokDrvr.sys
    - 2007-09-09 15:00:47 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    + 2008-02-16 09:31:58 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    - 2007-09-09 15:00:48 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
    + 2008-02-16 09:31:58 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
    - 2007-09-09 15:00:48 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
    + 2008-02-16 09:31:58 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
    - 2008-05-06 07:21:39 1,484,328 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    + 2008-05-22 12:56:34 1,484,496 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    - 2007-09-09 15:00:48 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
    + 2008-02-16 09:31:58 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
    - 2007-09-09 14:58:54 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    + 2007-08-21 06:25:34 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    - 2007-09-09 15:00:49 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
    + 2008-02-16 09:31:58 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
    - 2007-09-09 15:00:49 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
    + 2008-02-16 09:31:58 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
    - 2007-09-09 14:59:01 733,184 ----a-w C:\WINDOWS\system32\lsasrv.dll
    + 2007-11-07 09:50:06 733,696 ----a-w C:\WINDOWS\system32\lsasrv.dll
    + 2007-02-20 13:34:06 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe
    + 2005-08-27 11:38:58 128,648 ----a-w C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
    - 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    + 2007-02-20 14:04:02 2,463,976 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    - 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
    + 2007-02-20 14:04:04 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
    - 2004-08-19 14:09:32 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
    + 2007-07-06 12:50:47 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
    - 2004-08-19 14:09:32 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
    + 2007-07-06 12:50:47 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
    - 2004-08-19 14:09:32 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
    + 2007-07-06 12:50:47 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
    - 2004-08-19 14:09:32 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
    + 2007-07-06 12:50:47 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
    - 2004-08-19 14:09:32 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
    + 2007-07-06 12:50:47 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
    - 2004-08-19 14:09:32 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
    + 2007-07-06 12:50:47 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
    - 2004-08-19 14:09:34 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
    + 2007-07-06 12:50:47 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
    - 2004-08-19 14:09:34 527,360 ----a-w C:\WINDOWS\system32\mqutil.dll
    + 2007-07-06 12:50:47 527,360 ----a-w C:\WINDOWS\system32\mqutil.dll
    + 1998-07-12 23:00:00 141,312 ----a-w C:\WINDOWS\system32\MSCMCFR.DLL
    - 2004-08-19 14:09:34 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
    + 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
    - 2004-08-19 14:09:34 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
    + 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
    - 2007-09-09 15:00:52 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
    + 2008-02-16 09:31:59 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
    - 2004-08-19 14:09:34 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
    + 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
    - 2004-07-17 09:34:48 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
    + 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
    - 2004-08-19 14:09:34 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
    + 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
    - 2004-08-19 14:09:34 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
    + 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
    - 2004-08-19 14:09:34 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
    + 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
    - 2007-09-09 15:00:53 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
    + 2008-02-16 09:31:59 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
    - 2004-08-19 14:09:34 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
    + 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
    - 2004-08-19 14:09:34 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
    + 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
    - 2004-08-19 14:09:34 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
    + 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
    - 2004-08-19 14:09:36 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
    + 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
    - 2007-09-09 15:00:53 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
    + 2008-02-16 09:31:59 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
    - 2004-08-19 14:09:36 1,392,671 ----a-w C:\WINDOWS\system32\msvbvm60.dll
    + 2004-02-23 19:42:40 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60.dll
    - 2007-09-09 14:59:23 838,360 ----a-w C:\WINDOWS\system32\mswdat10.dll
    + 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
    - 2004-08-19 14:09:36 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
    + 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
    - 2007-09-09 14:59:38 549,376 ----a-w C:\WINDOWS\system32\oleaut32.dll
    + 2007-12-04 18:41:36 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
    + 1998-07-13 00:00:00 9,728 ----a-w C:\WINDOWS\system32\PCCLPFR.DLL
    - 2007-09-09 15:00:53 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
    + 2008-02-16 09:31:59 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
    - 2007-09-09 14:59:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    + 2007-10-29 22:36:31 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    - 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
    + 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
    + 2000-10-01 19:00:00 119,568 ----a-w C:\WINDOWS\system32\VB6FR.DLL
    + 2000-07-15 05:00:00 101,888 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL
    - 2007-09-09 15:02:06 222,208 ----a-w C:\WINDOWS\system32\wmasf.dll
    + 2007-10-25 07:28:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36b37c03-cf0e-4760-8a61-5e93d1c5e53b}]
    2008-05-22 11:33 135680 --a------ C:\WINDOWS\system32\lnhyxrji.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EoEngine"="" []
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-07 07:51 8523776]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_3"="advpack.dll" [2004-08-19 16:09 101888 C:\WINDOWS\system32\advpack.dll]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Barre lat‚rale Google Desktop.lnk - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-22 18:01:16 29744]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-22 01:19:35 692224]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoDesktopCleanupWizard"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)
    "NoResolveSearch"= 1 (0x1)
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)
    "NoResolveSearch"= 1 (0x1)
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= C:\Documents and Settings\Administrateur\Bureau\Naturficial_Flower_by_playmobil.jpg
    FriendlyName=

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
    Source= C:\Documents and Settings\Administrateur\Bureau\Billiard_balls_by_lg_studio.jpg
    FriendlyName=

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "wave1"= Digi32.dll
    "VIDC.YV12"= yv12vfw.dll
    "midi1"= ma_cmidn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [2006-12-08 21:50]
    R2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\system32\DRIVERS\diginet.sys [2007-10-31 01:16]
    R3 dalwdmservice;dal service;C:\WINDOWS\system32\drivers\dalwdm.sys [2007-10-31 01:15]
    R3 iLokDrvr;iLok;C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys [2008-05-16 11:44]
    R3 MA_CMIDI;M-Audio USB Driver;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2006-08-16 09:23]
    S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-22 18:01]
    S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-16 15:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-23 11:07:34
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-23 11:07:59
    ComboFix-quarantined-files.txt 2008-05-23 09:07:57
    ComboFix2.txt 2008-05-22 12:59:10

    Pre-Run: 59,137,875,968 octets libres
    Post-Run: 59,134,160,896 octets libres

    466 --- E O F --- 2008-05-23 07:56:29
    23 Mai 2008 11:20:09

    T'as une idée de ce que c'est que ce microbe? vu les tests que tu me fais faire, j'pense que oui, mais je demande, z'au cas z'ou?!
    a b 8 Sécurité
    23 Mai 2008 12:43:37

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\lnhyxrji.dll
    C:\WINDOWS\system32\rlqxqedy.dll
    C:\WINDOWS\system32\cvmojeqp.dll
    C:\WINDOWS\system32\ncymddlj.tmp
    C:\WINDOWS\system32\pnqyisxo.tmp

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36b37c03-cf0e-4760-8a61-5e93d1c5e53b}]


    Ouvre le Bloc-notes (Démarrer>Exécuter...>notepad) puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :


    Cela va relancer ComboFix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport HijackThis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    23 Mai 2008 13:08:58

    J'ai bien mis le CFScript.txt dans ComboFix, mais il ne m'a pas demandé de choisir une option, il a fait son scan tout seul. Et il ne m'a pas demandé de redémarrer, mais j'ai rebooté qd mm.
    Voici les rapports:


    ComboFix 08-05-21.2 - Administrateur 2008-05-23 13:00:36.5 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2767 [GMT 2:00]
    Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\cvmojeqp.dll
    C:\WINDOWS\system32\lnhyxrji.dll
    C:\WINDOWS\system32\ncymddlj.tmp
    C:\WINDOWS\system32\pnqyisxo.tmp
    C:\WINDOWS\system32\rlqxqedy.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\WINDOWS\system32\cvmojeqp.dll
    C:\WINDOWS\system32\lnhyxrji.dll
    C:\WINDOWS\system32\ncymddlj.tmp
    C:\WINDOWS\system32\pnqyisxo.tmp
    C:\WINDOWS\system32\rlqxqedy.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-23 12:52 . 2008-05-23 12:52 823,296 --a------ C:\WINDOWS\isRS-000.tmp
    2008-05-23 12:52 . 2006-09-24 17:11 389,120 --a------ C:\WINDOWS\system32\is-QC62H.tmp
    2008-05-23 09:54 . 2008-05-23 09:54 <REP> d-------- C:\WINDOWS\LastGood
    2008-05-23 09:54 . 2008-05-23 09:56 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-05-22 17:02 . 2008-05-22 17:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-05-22 17:01 . 2008-05-22 17:01 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-22 17:01 . 2008-05-22 17:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-22 17:01 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-22 17:01 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-22 16:17 . 2007-10-25 18:43 8,516,608 --a------ C:\WINDOWS\system32\SETCA.tmp
    2008-05-22 16:17 . 2007-10-25 18:43 8,516,608 --------- C:\WINDOWS\system32\dllcache\shell32.dll
    2008-05-22 16:17 . 2007-07-09 15:19 582,656 --a------ C:\WINDOWS\system32\SETA3.tmp
    2008-05-22 16:17 . 2007-07-09 15:19 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-05-21 09:57 . 2008-05-23 12:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-05-21 09:57 . 2008-05-21 09:57 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-05-19 12:08 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
    2008-05-19 12:08 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
    2008-05-19 12:04 . 2008-05-19 12:04 <REP> d-------- C:\Program Files\MagicISO
    2008-05-19 11:27 . 2008-05-23 12:18 <REP> d-------- C:\Program Files\Ultra Video To Flash Converter
    2008-05-19 11:16 . 2008-05-19 11:30 <REP> d-------- C:\Program Files\Total Video Converter
    2008-05-19 11:00 . 2008-05-19 11:02 270 --a------ C:\WINDOWS\system32\temp_0000_65-20.aok
    2008-05-19 10:57 . 2008-05-19 10:57 117 --a------ C:\WINDOWS\system32\test.aok
    2008-05-19 10:36 . 2008-05-19 10:46 <REP> d-------- C:\Program Files\QuickMediaConverter
    2008-05-18 20:59 . 2008-05-18 20:59 <REP> d-------- C:\VundoFix Backups
    2008-05-18 16:03 . 2008-05-18 16:03 <REP> d-------- C:\WINDOWS\Applian FLV Player
    2008-05-18 16:03 . 2008-05-18 16:03 <REP> d-------- C:\Program Files\FLV Player
    2008-05-18 15:44 . 2008-05-18 15:47 <REP> d-------- C:\Documents and Settings\Administrateur\dwhelper
    2008-05-17 12:48 . 2008-05-17 12:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ItsLabel
    2008-05-16 21:21 . 2008-05-16 21:21 <REP> d-------- C:\Program Files\FileZilla FTP Client
    2008-05-16 21:21 . 2008-05-23 12:57 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FileZilla
    2008-05-16 17:51 . 2008-05-16 17:51 <REP> d-------- C:\Program Files\CCleaner
    2008-05-16 17:13 . 2008-05-23 10:34 <REP> d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
    2008-05-16 17:12 . 2008-05-17 16:33 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EoRezo
    2008-05-16 11:21 . 2008-05-16 11:21 <REP> d-------- C:\WINDOWS\system32\xircom
    2008-05-16 11:21 . 2008-05-16 11:21 <REP> d-------- C:\WINDOWS\srchasst
    2008-05-16 11:21 . 2008-05-16 11:21 <REP> d-------- C:\Program Files\microsoft frontpage
    2008-05-16 11:12 . 2008-05-16 11:12 12 --a------ C:\WINDOWS\system32\2c29931d
    2008-05-16 10:09 . 2008-05-16 10:51 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2008-05-16 09:37 . 2008-05-16 09:39 <REP> d-------- C:\Program Files\QuickTime
    2008-05-16 09:31 . 2008-05-16 09:31 <REP> d-------- C:\Program Files\Avira
    2008-05-16 09:31 . 2008-05-16 09:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-05-16 09:13 . 2008-05-16 09:17 <REP> d-------- C:\fixwareout
    2008-05-16 09:04 . 2008-05-16 09:04 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-15 21:12 . 2008-05-15 21:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2008-05-15 10:47 . 2008-05-15 10:47 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-05-07 14:53 . 2008-05-07 14:53 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
    2008-05-07 14:52 . 2008-05-07 14:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
    2008-05-07 14:52 . 2008-05-07 14:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Propellerhead Software
    2008-05-07 14:50 . 2008-05-07 14:50 <REP> d-------- C:\Program Files\Propellerhead
    2008-05-07 12:32 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2008-05-07 09:41 . 2008-05-07 09:41 <REP> d-------- C:\Program Files\M-Audio
    2008-05-06 23:30 . 2008-05-13 03:49 <REP> d-------- C:\Program Files\Native Instruments
    2008-05-06 23:30 . 2008-05-13 03:49 <REP> d-------- C:\Program Files\Fichiers communs\Native Instruments
    2008-05-06 20:49 . 2008-05-06 21:00 1,480 --a------ C:\WINDOWS\CDPLAYER.UNI
    2008-05-06 15:53 . 2008-05-09 00:50 38 --a------ C:\WINDOWS\avisplitter.INI
    2008-05-05 16:36 . 2008-05-05 16:36 <REP> d-------- C:\WINDOWS\Easy CD-DA Extractor 11.5
    2008-05-05 16:36 . 2008-05-05 16:36 <REP> d-------- C:\Program Files\Easy CD-DA Extractor 11
    2008-05-05 16:36 . 2008-05-05 16:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-05-05 16:34 . 2008-05-06 21:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-05-05 16:26 . 2008-05-23 12:45 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-05-05 16:24 . 2008-05-05 16:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
    2008-05-05 16:07 . 2008-05-05 16:07 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-05-05 16:06 . 2008-05-05 16:14 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-05-03 16:58 . 2008-05-03 16:58 <REP> d-------- C:\Program Files\Apple Software Update
    2008-04-30 15:05 . 2008-04-30 15:05 <REP> d-------- C:\Program Files\Alcohol Soft
    2008-04-30 15:03 . 2008-04-30 15:03 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-04-29 20:01 . 2008-05-21 16:06 16 --a------ C:\WINDOWS\system32\w3data.vss
    2008-04-29 20:01 . 2008-05-21 16:06 16 --a------ C:\WINDOWS\msocreg32.dat
    2008-04-29 16:11 . 2008-04-29 16:11 <REP> d-------- C:\Program Files\IK Multimedia
    2008-04-29 15:39 . 2008-04-29 15:40 <REP> d-------- C:\Program Files\Waves
    2008-04-29 14:25 . 2008-04-29 14:25 3,693,554 --a------ C:\WINDOWS\system32\TmpA1392546
    2008-04-29 13:52 . 2008-04-29 13:52 3,693,554 --a------ C:\WINDOWS\system32\TmpA13018890
    2008-04-29 10:51 . 2008-04-29 10:51 3,693,554 --a------ C:\WINDOWS\system32\TmpA2175078
    2008-04-29 10:14 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\system32\ActiveSkin.ocx
    2008-04-29 10:14 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.MSNFix
    2008-04-29 10:14 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI
    2008-04-28 13:16 . 2008-04-30 19:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Waves Preferences
    2008-04-28 13:16 . 2008-04-28 13:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Waves
    2008-04-28 13:14 . 2008-04-28 13:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Waves Audio
    2008-04-28 08:56 . 2008-04-28 08:56 34 --a------ C:\WINDOWS\Blink.ini
    2008-04-25 09:47 . 2008-05-23 12:32 51 --a------ C:\WINDOWS\CDEDJECT.INI
    2008-04-25 09:46 . 2008-04-25 09:46 <REP> d-------- C:\Program Files\HotKey CD-Eject
    2008-04-25 09:37 . 2008-04-25 09:37 <REP> d-------- C:\Program Files\Antares Audio Technologies
    2008-04-24 20:13 . 2008-04-24 20:13 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-04-24 15:15 . 2008-04-24 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\iZotope
    2008-04-24 15:11 . 2008-05-06 23:29 <REP> d-------- C:\Program Files\iZotope
    2008-04-24 15:11 . 2008-04-24 15:11 <REP> d-------- C:\Program Files\Fichiers communs\iZotope
    2008-04-24 10:57 . 2008-04-24 10:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-04-24 10:31 . 2008-04-24 10:31 <REP> d-------- C:\Program Files\Nero
    2008-04-24 10:31 . 2008-04-24 10:57 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-04-23 20:38 . 2008-04-23 20:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\WinAmp Control
    2008-04-23 20:20 . 2006-03-01 04:53 773,120 --a------ C:\WINDOWS\bubbles.scr
    2008-04-23 16:36 . 2008-04-23 16:36 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
    2008-04-23 16:35 . 2008-05-23 12:52 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2008-04-23 10:44 . 2008-05-15 21:30 <REP> d-------- C:\Program Files\iColorFolder
    2008-04-23 09:42 . 2006-02-16 03:07 43,904 --a------ C:\WINDOWS\system32\drivers\sbp2port.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-23 10:58 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent
    2008-05-23 10:17 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-05-23 08:19 1,083 ----a-w C:\WINDOWS\Fonts\LTe50150.pfm
    2008-05-21 14:14 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Digidesign
    2008-05-16 09:44 54,256 ----a-w C:\WINDOWS\system32\drivers\iLokDrvr.sys
    2008-05-15 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-05-15 09:30 208,896 ----a-w C:\WINDOWS\system32\TubeFinder.exe
    2008-05-07 07:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-06 18:48 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Winamp
    2008-05-05 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-04-29 11:52 --------- d-----w C:\Program Files\IrfanView
    2008-04-23 13:47 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Apple Computer
    2008-04-22 16:01 --------- d-----w C:\Program Files\Google
    2008-04-22 12:57 --------- d-----w C:\Program Files\Microsoft Works
    2008-04-22 12:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-04-22 12:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Thunderbird
    2008-04-22 12:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Talkback
    2008-04-22 06:18 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Image Zone Express
    2008-04-22 06:17 --------- d-----w C:\Program Files\RocketDock
    2008-04-22 06:06 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\HP
    2008-04-22 06:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
    2008-04-22 06:02 --------- d-----w C:\Program Files\HP
    2008-04-22 06:02 --------- d-----w C:\Program Files\Fichiers communs\HP
    2008-04-22 06:01 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-04-22 06:01 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
    2008-04-22 01:27 --------- d-----w C:\Program Files\Alwil Software
    2008-04-22 01:01 --------- d-----w C:\Program Files\Winamp
    2008-04-22 00:55 --------- d-----w C:\Program Files\uTorrent
    2008-04-22 00:27 --------- d-----w C:\Program Files\iLok
    2008-04-21 23:34 --------- d-----w C:\Program Files\Fichiers communs\PACE Anti-Piracy
    2008-04-21 23:34 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-04-21 23:34 --------- d-----w C:\Program Files\Bonjour
    2008-04-21 23:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
    2008-04-21 23:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-04-21 23:34 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\PACE Anti-Piracy
    2008-04-21 23:26 --------- d-----w C:\Program Files\InterLok
    2008-04-21 23:24 --------- d-----w C:\Program Files\Fichiers communs\Digidesign
    2008-04-21 23:24 --------- d-----w C:\Program Files\Digidesign
    2008-04-21 23:21 --------- d-----w C:\Program Files\Fichiers communs\LogiShared
    2008-04-21 23:21 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Logitech
    2008-04-21 23:21 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Leadertech
    2008-04-21 23:20 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-04-21 23:20 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
    2008-04-21 23:20 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2008-04-21 23:19 --------- d-----w C:\Program Files\Logitech
    2008-04-21 23:19 --------- d-----w C:\Program Files\Fichiers communs\Logitech
    2008-04-21 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
    2008-04-21 23:19 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\InstallShield
    2008-04-21 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
    2008-04-21 23:14 --------- d-----w C:\Program Files\My Company Name
    2008-04-21 23:10 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-04-21 23:10 --------- d-----w C:\Program Files\ASUS
    2008-04-21 23:08 --------- d-----w C:\Program Files\Marvell
    2008-04-21 23:08 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\TMP
    2008-04-21 23:03 --------- d-----w C:\Program Files\Analog Devices
    2008-04-21 22:56 --------- d-----w C:\Program Files\Intel
    2008-04-21 22:43 --------- d-----w C:\Program Files\Java
    2008-04-21 22:43 --------- d-----w C:\Program Files\Foxit
    2008-04-21 22:42 --------- d-----w C:\Program Files\MSXML 6.0
    2008-04-21 22:42 --------- d-----w C:\Program Files\MSXML 4.0
    2008-04-21 22:42 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-04-21 22:41 --------- d-----w C:\Program Files\Services en ligne
    2008-04-21 22:39 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-04-15 18:46 270,336 ----a-w C:\WINDOWS\system32\DigiPlatformSupport.dll
    2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
    2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
    2008-03-25 08:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
    2008-03-25 08:20 219,936 ------w C:\WINDOWS\system32\dllcache\msltus40.dll
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
    2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-03-20 07:56 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 07:56 1,846,016 ------w C:\WINDOWS\system32\dllcache\win32k.sys
    2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EoEngine"="" []
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-07 07:51 8523776]
    "Hot CD Eject"="C:\Program Files\HotKey CD-Eject\Cdeject.exe" [2002-04-02 08:35 385536]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_3"="advpack.dll" [2004-08-19 16:09 101888 C:\WINDOWS\system32\advpack.dll]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Barre lat‚rale Google Desktop.lnk - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-22 18:01:16 29744]
    HotKey CD Eject.lnk - C:\Program Files\HotKey CD-Eject\Cdeject.exe [2002-04-02 08:35:04 385536]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-22 01:19:35 692224]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoDesktopCleanupWizard"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)
    "NoResolveSearch"= 1 (0x1)
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)
    "NoResolveSearch"= 1 (0x1)
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= C:\Documents and Settings\Administrateur\Bureau\Naturficial_Flower_by_playmobil.jpg
    FriendlyName=

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
    Source= C:\Documents and Settings\Administrateur\Bureau\Billiard_balls_by_lg_studio.jpg
    FriendlyName=

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "wave1"= Digi32.dll
    "VIDC.YV12"= yv12vfw.dll
    "midi1"= ma_cmidn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

    R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [2006-12-08 21:50]
    R2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\system32\DRIVERS\diginet.sys [2007-10-31 01:16]
    R3 dalwdmservice;dal service;C:\WINDOWS\system32\drivers\dalwdm.sys [2007-10-31 01:15]
    R3 iLokDrvr;iLok;C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys [2008-05-16 11:44]
    R3 MA_CMIDI;M-Audio USB Driver;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2006-08-16 09:23]
    S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-22 18:01]
    S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-16 15:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-23 13:00:59
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-23 13:01:12
    ComboFix-quarantined-files.txt 2008-05-23 11:01:11
    ComboFix2.txt 2008-05-23 09:08:00
    ComboFix3.txt 2008-05-22 12:59:10

    Pre-Run: 59,132,575,744 octets libres
    Post-Run: 59,125,268,480 octets libres

    304 --- E O F --- 2008-05-23 07:56:29



    Et HiJackThis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:10:43, on 23/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HotKey CD-Eject\Cdeject.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Hot CD Eject] C:\Program Files\HotKey CD-Eject\Cdeject.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Global Startup: Barre latérale Google Desktop.lnk = C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Administrateur\Bureau\Naturficial_Flower_by_playmobil.jpg
    O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Administrateur\Bureau\Billiard_balls_by_lg_studio.jpg

    --
    End of file - 7230 bytes
    a b 8 Sécurité
    23 Mai 2008 13:16:34

    Ton pc se comporte mieux ?
    23 Mai 2008 14:52:20

    ça m'a l'air pas mal, je l'utilise cet APM, et je te confirme ce soir... En tout cas, je te dis dès à présent, MERCI BEAUCOUP!!
    Atte'!
    23 Mai 2008 17:47:41

    Avira Antivir m'a encore sonné 2 fois dans l'APM pour des fichiers infectés par Crypt/xpack.gen. Ces fichiers ont des nom dont on dirait que se sont à chaque fois des suites aléatoires de chiffres et de lettres, mais à chaque fois du même nombre de caractères. Je ne sais pas si ça peut aider, mais comme j'ai remarqué ça, je te le dis...

    David.
    a b 8 Sécurité
    23 Mai 2008 18:00:04

    Tu as l'emplacement ?
    26 Mai 2008 14:12:02

    Bien écoute, après ce WE pendant lequel je ne me suis pas servi de l'ordi, plus aucun message d'Avira Antivir depuis ce matin...
    A priori ça a l'air d'avoir disparu.

    Merci beaucoup, c'est génial de retrouver un ordi qui marche comme il faut... je ne crie pas victoire parce que je n'ai strictement rien fait depuis le dernier message d'Antivir donc, c'est pour le moins étrange.

    En tout cas, toutes mes félicitations et mes remerciements pour cette remise en forme express.
    a b 8 Sécurité
    26 Mai 2008 14:14:56

    De rien ;) 
    27 Mai 2008 20:39:01

    Bon, ben tout à l'air de fonctionner normalement et plus aucune alerte.

    Petite question bonus, est-ce qu'il y a un utilitaire pour désinstaller les softs que tu m'as fais installer par hasard?
    a b 8 Sécurité
    28 Mai 2008 12:52:54

    Oui : ToolsCleaner
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS