Se connecter / S'enregistrer
Votre question

Virus connu mais..

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Janvier 2008 13:09:35

Alors bonjour, je vais tenté de vous expliquer en détail mon problème auquel j'ai mal réagis au début.

Bon d'abord je suis sous Windows XP SP2

Mes antivirus et anti-spyware sont Avast Ad-Aware et AVG

Je pense que le problème viens du virus MSN : C'est pas toi ça login@hotmail.com

Ce dernier envoyait à tout mes contacts des message comme j'ai reçu, enfin bon soit, j'ai décidé de désinstaller MSN (tout les msn que j'ai trouvé, et j'ai enlevé Mozilla (car il affichait une page blanche). En faite je n'avais plus internet. J'ai donc fouillé avec mon portable sur internet pour voir ce qu'étais ce virus et j'ai télécharger MSNFix puis lancé mais il s'arrétait de lui même après la deuxième partie du scan sans explication. Logique j'avais désinstaller MSN. J'ai ensuite décidé de télécharger du portable tout les fichiers et programme utile pour moi et vous pour que vous m'aidiez dans cette tâche :

- Hijackthis
- Vundofix
- MSNFix
- Ad-Aware
- AVG
- Spybot search and destroy (mais il ne fonctionne pas).

Là je me suis rendu compte que des fichiers au nom bizarre .exe apparaissait et que Avast les reconnaissaient en tant que Cheval de Troie. Je les aient trouvés dans C:/ et C:/Document and settings/propriétaire

Je les supprimes mais dés que mon ordi se relance, d'autre réaparraissent et ensuite se remultiplient à la longue. Autre chose, quand j'éteind mon pc jai une erreur .dwinn (je ne sais pas si ça à un rapport) et d'autr .exe trop rapide à lire. Maintenant je ne peut plus changer mon fond d'écran depuis que j'ai une erreur destokp...

Aussi les jeux que j'installent après le virus sont bourrés de bug tandis que ceux avant n'ont pas trop de problème.

Quand je lance mon pc, internet fonctionne pendant 3-4min, après il me met page introuvable, tandis que les téléchargements, eux, continuent comme si de rien n'était. Plus internet sur msn ou jeux vidéo multijoueur.

J'ai déjà lancé l'annalyse avec AVG, Avast et Ad-Aware mais ils supprimaient des virus ou cheval de troie mais ces derniers reviennent (je pense..). µ

Ah oui un dernier truc qui est peut-être une fausse manoeuvre de ma part, quand je lance le gestionnaire des tâches avec ctrl+alt+suppr il me dit que l'administrateur ne l'autorise pas...

Voilà, je suis à vos ordres :)  Merci d'avance...(surtout j'essaye d'éviter le formatage car je suis nul dans ce domaine mais si il faut le faire, faudra que vous m'aidiez...)

Merci encore :) 

Magster

Autres pages sur : virus connu

23 Janvier 2008 13:59:28

Ok voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:44:08, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\services.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\system32\kernelwind64.exe
C:\WINDOWS\system32\n2ewma1xxsv234.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Windows\xpupdate.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\WINDOWS\system32\dllgh8jkd1q1.exe
C:\WINDOWS\system32\dllgh8jkd1q5.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\bhij.exe
C:\WINDOWS\17PHolmes1148.exe
C:\Program Files\Rockstar Games\Grand Theft Auto Vice City\gta-vc.exe
C:\WINDOWS\system32\dllgh8jkd1q5.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\svchost.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O1 - Hosts: 124.217.252.77 www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O1 - Hosts: 124.217.252.77 www.bravesentry.com
O1 - Hosts: 124.217.252.77 bravesentry.com
O1 - Hosts: 124.217.252.78 secure.isoftpay.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socksys.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernelwind64.exe
O4 - HKLM\..\Run: [SystemSv121] C:\WINDOWS\system32\n2ewma1xxsv234.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [WintelUpdate] c:\bhij.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe
O23 - Service: Generic Host Process for Win-32 Service - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 10964 bytes
Contenus similaires
a b 8 Sécurité
23 Janvier 2008 15:11:12

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    23 Janvier 2008 17:34:43

    Le voici, à propos j'ai récupéré les fonctions du bureau (arrière plan) suite à ça et le ctrl+alt+suppr marche aussi.

    Voici le rapport Combofix :

    ComboFix 08-01-23.2 - Propri‚taire 2008-01-23 17:18:09.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1404 [GMT 1:00]
    Endroit: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .
    ADS - svchost.exe: deleted 27648 bytes in 1 streams.

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Propri‚taire\Application Data\install.dat
    C:\Program Files\bravesentry
    C:\Program Files\bravesentry\BraveSentry.lic
    C:\Program Files\bravesentry\BraveSentry0.bs
    C:\Program Files\bravesentry\BraveSentry0.dll
    C:\Program Files\bravesentry\BraveSentry1.bs
    C:\Program Files\bravesentry\BraveSentry2.dll
    C:\Program Files\bravesentry\BraveSentry3.dll
    C:\Program Files\bravesentry\Uninstall.exe
    C:\Program Files\Helper
    C:\Program Files\Helper\superfindout.dll
    C:\Program Files\Temporary
    C:\Program Files\Temporary\kernInst.exe
    C:\WINDOWS\b122.exe
    C:\WINDOWS\mrofinu1148.exe
    C:\WINDOWS\svchost.exe
    C:\WINDOWS\system32\5_exception.nls
    C:\WINDOWS\system32\adult.txt
    C:\WINDOWS\system32\dllgh8jkd1q1.exe
    C:\WINDOWS\system32\dllgh8jkd1q2.exe
    C:\WINDOWS\system32\dllgh8jkd1q5.exe
    C:\WINDOWS\system32\dllgh8jkd1q6.exe
    C:\WINDOWS\system32\dllgh8jkd1q7.exe
    C:\WINDOWS\system32\dllgh8jkd1q8.exe
    C:\WINDOWS\system32\finance.txt
    C:\WINDOWS\system32\lt.res
    C:\WINDOWS\system32\m1ax1d12132116143v.exe
    C:\WINDOWS\system32\other.txt
    C:\WINDOWS\system32\pharma.txt
    C:\WINDOWS\system32\sft.res
    C:\WINDOWS\system32\vx.tll
    C:\WINDOWS\Temp\441825183.exe
    C:\WINDOWS\xpupdate.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_SMTPDRV
    -------\runtime
    -------\smtpdrv


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-23 17:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-23 12:52 . 2008-01-23 12:52 58,368 --a------ C:\upaq.exe
    2008-01-23 12:52 . 2008-01-23 12:52 10,752 --a------ C:\bhij.exe
    2008-01-23 10:52 . 2008-01-23 10:52 21,504 --a------ C:\WINDOWS\system32\kernelwind64.exe
    2008-01-23 10:52 . 2008-01-23 10:52 17,270 --a------ C:\WINDOWS\system32\n2ewma1xxsv234.exe
    2008-01-23 00:24 . 2006-03-02 13:00 25,088 --a------ C:\WINDOWS\system32\userini.exe
    2008-01-22 15:57 . 2008-01-22 15:57 <REP> d-------- C:\Program Files\Dot1XCfg
    2008-01-22 15:47 . 2008-01-23 12:08 25,984 --a------ C:\WINDOWS\system32\drivers\Gdy30.sys
    2008-01-22 15:42 . 2008-01-23 12:24 36,864 --a------ C:\WINDOWS\mrofinu1148.exe.tmp
    2008-01-22 15:42 . 2008-01-23 12:53 2 --a------ C:\684127032
    2008-01-21 14:18 . 2008-01-21 14:18 <REP> d-------- C:\Program Files\Rockstar Games
    2008-01-21 13:01 . 2008-01-21 13:01 25,984 --a------ C:\WINDOWS\system32\drivers\Qgj50.sys
    2008-01-21 13:01 . 2008-01-21 13:01 25,600 --a------ C:\WINDOWS\system32\socksys.dll
    2008-01-21 13:00 . 2008-01-21 13:00 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
    2008-01-19 17:21 . 2008-01-22 18:08 <REP> d-------- C:\Program Files\Microsoft Games
    2008-01-19 09:13 . 2008-01-19 09:13 <REP> d-------- C:\Program Files\Lavasoft
    2008-01-18 21:57 . 2008-01-18 21:57 <REP> d-------- C:\MSNFix
    2008-01-14 18:42 . 2008-01-14 18:54 <REP> d-------- C:\Program Files\World of Warcraft
    2008-01-13 17:05 . 2008-01-14 18:39 <REP> d-------- C:\Program Files\No-IP
    2008-01-13 16:49 . 2008-01-13 16:49 <REP> d-------- C:\Program Files\PremiumSoft
    2008-01-13 16:49 . 2006-04-13 11:30 1,073,152 --a------ C:\WINDOWS\system32\libmysql_c.dll
    2008-01-12 15:39 . 2008-01-14 18:40 <REP> d-------- C:\Program Files\SQLyog Community
    2008-01-12 14:43 . 2008-01-14 18:39 <REP> d-------- C:\wamp
    2008-01-11 21:29 . 2008-01-11 21:29 <REP> d-------- C:\WINDOWS\system32\URTTemp
    2008-01-06 17:54 . 2008-01-06 17:54 <REP> d-------- C:\Program Files\Metal Slug Series
    2008-01-06 13:02 . 2008-01-06 13:02 <REP> d-------- C:\Program Files\Alcohol Soft
    2008-01-01 23:41 . 2008-01-15 18:21 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
    2007-12-30 15:58 . 2007-12-30 16:55 <REP> d-------- C:\Program Files\PhotoFiltre Studio
    2007-12-30 15:58 . 2007-12-30 15:58 45 ---h----- C:\WINDOWS\dsez1684.dat
    2007-12-28 14:01 . 2007-12-28 16:47 <REP> d-------- C:\Program Files\Project64 1.6
    2007-12-27 14:16 . 2007-12-27 14:16 <REP> d-------- C:\Downloads
    2007-12-27 01:45 . 2008-01-12 13:50 <REP> d-------- C:\Warhammer Online - Age of Reckoning
    2007-12-23 19:42 . 2007-12-23 19:42 <REP> d-------- C:\Dev-Cpp
    2007-12-23 19:30 . 2007-12-23 19:30 <REP> d-------- C:\Program Files\CodeBlocks
    2007-12-23 17:27 . 2007-12-23 17:27 319 --a------ C:\WINDOWS\game.ini
    2007-12-23 11:54 . 2007-12-27 14:16 <REP> d-------- C:\Program Files\FlashGet
    2007-12-23 11:54 . 2006-04-20 12:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-22 23:24 7,168 ----a-w C:\WINDOWS\system32\userinit.exe
    2008-01-22 19:23 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-01-22 14:58 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
    2008-01-21 13:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-19 08:13 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-15 18:12 --------- d-----w C:\Program Files\mIRC
    2008-01-15 18:09 --------- d-----w C:\Program Files\Star Downloader
    2008-01-15 17:28 --------- d-----w C:\Program Files\Windows Live
    2007-12-25 14:36 --------- d-----w C:\Program Files\Electronic Arts
    2007-12-24 16:19 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-12-24 16:19 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2007-12-24 16:06 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
    2007-12-23 16:13 --------- d-----w C:\Program Files\Activision
    2007-12-22 18:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-12-21 01:02 --------- d-----w C:\Program Files\TrackMania Nations ESWC
    2007-12-20 13:49 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-12-16 21:15 --------- d-----w C:\Program Files\Unreal Tournament 3
    2007-12-16 21:14 --------- d-----w C:\Program Files\AGEIA Technologies
    2007-12-16 15:29 --------- d-----w C:\Program Files\RivaTuner v2.06
    2007-12-15 12:19 --------- d-----w C:\Program Files\MegauploadToolbar
    2007-12-15 12:10 --------- d-----w C:\Program Files\CommentCaMarche
    2007-12-15 11:59 --------- d-----w C:\Program Files\VDCodecPack3.7
    2007-12-15 11:50 --------- d-----w C:\Program Files\Veoh Networks
    2007-12-14 17:21 --------- d-----w C:\Program Files\Skype
    2007-12-14 17:21 --------- d-----w C:\Program Files\Fichiers communs\Skype
    2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2007-12-11 20:20 --------- d-----w C:\Program Files\Teamspeak2_RC2
    2007-12-10 21:38 --------- d-----w C:\Program Files\VideoLAN
    2007-12-10 19:52 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-12-10 19:43 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
    2007-12-10 18:22 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-12-10 18:05 --------- d-----w C:\Program Files\AlienGUIse
    2007-12-10 18:03 --------- d-----w C:\Program Files\Fichiers communs\Stardock
    2007-12-10 18:02 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-12-10 18:01 --------- d-----w C:\Program Files\Alwil Software
    2007-12-10 18:00 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-12-10 17:57 --------- d-----w C:\Program Files\iTunes
    2007-12-10 17:57 --------- d-----w C:\Program Files\iPod
    2007-12-10 17:56 --------- d-----w C:\Program Files\QuickTime
    2007-12-10 17:56 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2007-12-10 17:56 --------- d-----w C:\Program Files\Apple Software Update
    2007-12-07 08:41 --------- d-----w C:\Program Files\WinTV
    2007-12-07 08:38 --------- d-----w C:\Program Files\CyberLink
    2007-12-07 08:37 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2007-12-07 08:37 --------- d-----w C:\Program Files\Ahead
    2007-12-07 08:20 --------- d-----w C:\Program Files\Attansic
    2007-12-07 08:02 --------- d-----w C:\Program Files\Analog Devices
    2007-12-07 07:56 --------- d-----w C:\Program Files\Intel
    2007-12-06 17:20 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-12-06 17:20 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-12-06 16:39 --------- d--h--w C:\Program Files\Uninstall Information
    2007-12-06 16:34 --------- d-----w C:\Program Files\microsoft frontpage
    2007-12-06 16:33 --------- d-----w C:\Program Files\Services en ligne
    2007-12-06 16:32 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
    2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:20 21686568]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 13:21 3461120]
    "Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [2008-01-22 15:57 61440]
    "WintelUpdate"="C:\bhij.exe" [2008-01-23 12:52 10752]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 11:07 843776]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]
    "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 09:45 385024]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
    "nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="NvMCTray.dll" [2006-08-11 14:43 86016 C:\WINDOWS\system32\nvmctray.dll]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-19 09:16 579072]
    "SystemSv121"="C:\WINDOWS\system32\n2ewma1xxsv234.exe" [2008-01-23 10:52 17270]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-19 09:16 219136]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gdy30.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qgj50.sys]
    @="Driver"

    R0 Gdy30;Gdy30;C:\WINDOWS\system32\Drivers\Gdy30.sys [2008-01-23 12:08]
    R2 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\DRIVERS\HCWBT8XX.sys [2002-03-01 00:35]
    S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2007-10-30 19:05]
    S2 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe []
    S2 Generic Host Process for Win-32 Service;Generic Host Process for Win-32 Service;"C:\WINDOWS\svchost.exe" []
    S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 05:28]
    S3 Qgj50;Qgj50;C:\WINDOWS\System32\drivers\Qgj50.sys [2008-01-21 13:01]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34b10211-c083-11dc-9202-00055d0106e4}]
    \Shell\Shell00\Command - H:\Start.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-01-02 22:56:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-23 17:24:45
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    C:\WINDOWS\system32\wsnpoem
    C:\WINDOWS\system32\ntos.exe 84480 bytes executable

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 2

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FFI]
    "ImagePath"="C:\WINDOWS\system32\svchost.exe:exm.exe"
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
    -> C:\Program Files\AlienGUIse\AlienwareDock\DockShellHookOEM.dll
    .
    25 Janvier 2008 13:30:43

    c'est fait :) 
    a b 8 Sécurité
    25 Janvier 2008 19:20:18

    Refais un scan Combofix :) 
    25 Janvier 2008 19:55:39

    ok voici le rapport :

    ComboFix 08-01-23.2 - Propriétaire 2008-01-25 19:40:50.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.572 [GMT 1:00]
    Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Propriétaire\Application Data\Install.dat
    C:\Program Files\bravesentry
    C:\Program Files\bravesentry\BraveSentry.exe
    C:\Program Files\bravesentry\BraveSentry.lic
    C:\Program Files\bravesentry\BraveSentry0.bs
    C:\Program Files\bravesentry\BraveSentry0.dll
    C:\Program Files\bravesentry\BraveSentry1.bs
    C:\Program Files\bravesentry\BraveSentry2.dll
    C:\Program Files\bravesentry\BraveSentry3.dll
    C:\WINDOWS\desktop.html
    C:\WINDOWS\system32\dllgh8jkd1q1.exe
    C:\WINDOWS\system32\dllgh8jkd1q2.exe
    C:\WINDOWS\system32\dllgh8jkd1q5.exe
    C:\WINDOWS\system32\dllgh8jkd1q6.exe
    C:\WINDOWS\system32\dllgh8jkd1q7.exe
    C:\WINDOWS\system32\dllgh8jkd1q8.exe
    C:\WINDOWS\system32\drivers\smtpdrv.sys
    C:\WINDOWS\system32\shift.exe.exe
    C:\WINDOWS\system32\svcp.csv
    C:\WINDOWS\system32\vx.tll
    C:\WINDOWS\system32\winsub.xml
    C:\WINDOWS\Temp\43139717.exe
    C:\WINDOWS\Temp\69896416.exe
    C:\WINDOWS\xpupdate.exe
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\Propri‚taire\Application Data\install.dat
    C:\Program Files\bravesentry
    C:\Program Files\bravesentry\BraveSentry.lic
    C:\Program Files\bravesentry\BraveSentry0.bs
    C:\Program Files\bravesentry\BraveSentry0.dll
    C:\Program Files\bravesentry\BraveSentry1.bs
    C:\Program Files\bravesentry\BraveSentry2.dll
    C:\Program Files\bravesentry\BraveSentry3.dll
    C:\Program Files\bravesentry\Uninstall.exe
    C:\Program Files\Helper
    C:\Program Files\Helper\superfindout.dll
    C:\Program Files\Temporary
    C:\Program Files\Temporary\kernInst.exe
    C:\WINDOWS\b122.exe
    C:\WINDOWS\mrofinu1148.exe
    C:\WINDOWS\svchost.exe
    C:\WINDOWS\system32\5_exception.nls
    C:\WINDOWS\system32\adult.txt
    C:\WINDOWS\system32\dllgh8jkd1q1.exe
    C:\WINDOWS\system32\dllgh8jkd1q2.exe
    C:\WINDOWS\system32\dllgh8jkd1q5.exe
    C:\WINDOWS\system32\dllgh8jkd1q6.exe
    C:\WINDOWS\system32\dllgh8jkd1q7.exe
    C:\WINDOWS\system32\dllgh8jkd1q8.exe
    C:\WINDOWS\system32\finance.txt
    C:\WINDOWS\system32\lt.res
    C:\WINDOWS\system32\m1ax1d12132116143v.exe
    C:\WINDOWS\system32\other.txt
    C:\WINDOWS\system32\pharma.txt
    C:\WINDOWS\system32\sft.res
    C:\WINDOWS\system32\vx.tll
    C:\WINDOWS\Temp\441825183.exe
    C:\WINDOWS\xpupdate.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_SMTPDRV
    -------\runtime
    -------\smtpdrv


    -------\LEGACY_MSUPDATE
    -------\LEGACY_SMTPDRV
    -------\msupdate
    -------\smtpdrv


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-25 13:25 . 2004-08-03 23:00 263,488 -r-hs---- C:\cmldr
    2008-01-25 13:25 . 2008-01-15 19:08 216 --a------ C:\BOOT.BAK
    2008-01-25 13:14 . 2008-01-25 13:14 0 --a------ C:\14B.tmp
    2008-01-25 13:14 . 2008-01-25 13:14 0 --a------ C:\14A.tmp
    2008-01-25 13:14 . 2008-01-25 13:14 0 --a------ C:\149.tmp
    2008-01-25 13:14 . 2008-01-25 13:14 0 --a------ C:\148.tmp
    2008-01-25 13:14 . 2008-01-25 13:14 0 --a------ C:\147.tmp
    2008-01-25 13:13 . 2008-01-25 13:13 0 --a------ C:\146.tmp
    2008-01-25 13:13 . 2008-01-25 13:13 0 --a------ C:\144.tmp
    2008-01-25 13:13 . 2008-01-25 13:13 0 --a------ C:\142.tmp
    2008-01-25 13:13 . 2008-01-25 13:13 0 --a------ C:\141.tmp
    2008-01-25 13:12 . 2008-01-25 13:12 0 --a------ C:\140.tmp
    2008-01-25 13:12 . 2008-01-25 13:12 0 --a------ C:\13F.tmp
    2008-01-25 13:12 . 2008-01-25 13:12 0 --a------ C:\13E.tmp
    2008-01-25 13:12 . 2008-01-25 13:12 0 --a------ C:\13D.tmp
    2008-01-25 13:12 . 2008-01-25 13:12 0 --a------ C:\13C.tmp
    2008-01-25 13:11 . 2008-01-25 13:11 0 --a------ C:\13A.tmp
    2008-01-25 13:11 . 2008-01-25 13:11 0 --a------ C:\139.tmp
    2008-01-25 13:11 . 2008-01-25 13:11 0 --a------ C:\138.tmp
    2008-01-25 13:11 . 2008-01-25 13:11 0 --a------ C:\137.tmp
    2008-01-25 13:11 . 2008-01-25 13:11 0 --a------ C:\136.tmp
    2008-01-25 13:11 . 2008-01-25 13:11 0 --a------ C:\135.tmp
    2008-01-25 13:11 . 2008-01-25 13:11 0 --a------ C:\134.tmp
    2008-01-25 13:10 . 2008-01-25 13:10 0 --a------ C:\A.tmp
    2008-01-25 13:10 . 2008-01-25 13:10 0 --a------ C:\9.tmp
    2008-01-25 13:10 . 2008-01-25 13:10 0 --a------ C:\8.tmp
    2008-01-25 13:10 . 2008-01-25 13:10 0 --a------ C:\7.tmp
    2008-01-25 13:10 . 2008-01-25 13:10 0 --a------ C:\6.tmp
    2008-01-25 13:10 . 2008-01-25 13:10 0 --a------ C:\5.tmp
    2008-01-25 13:10 . 2008-01-25 13:10 0 --a------ C:\133.tmp
    2008-01-25 12:55 . 2008-01-25 13:02 <REP> d-------- C:\Program Files\nLite
    2008-01-25 11:06 . 2008-01-25 11:06 <REP> d-------- C:\Program Files\Internet Download Manager
    2008-01-24 17:50 . 2008-01-25 13:02 <REP> d-------- C:\WinXP
    2008-01-24 00:02 . 2008-01-24 00:02 0 --a------ C:\BD.tmp
    2008-01-24 00:01 . 2008-01-24 00:01 0 --a------ C:\A6.tmp
    2008-01-24 00:00 . 2008-01-24 00:00 0 --a------ C:\82.tmp
    2008-01-23 23:59 . 2008-01-23 23:59 0 --a------ C:\5D.tmp
    2008-01-23 23:58 . 2008-01-23 23:58 0 --a------ C:\3F.tmp
    2008-01-23 23:57 . 2008-01-23 23:57 0 --a------ C:\4.tmp
    2008-01-23 23:57 . 2008-01-23 23:57 0 --a------ C:\3.tmp
    2008-01-23 23:57 . 2008-01-23 23:57 0 --a------ C:\26.tmp
    2008-01-23 23:57 . 2008-01-23 23:57 0 --a------ C:\2.tmp
    2008-01-23 23:57 . 2008-01-23 23:57 0 --a------ C:\1.tmp
    2008-01-23 18:15 . 2008-01-23 18:15 13,312 --a------ C:\WINDOWS\system32\mssrv32.exe
    2008-01-23 17:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-23 14:06 . 2008-01-08 13:13 202,160 --a------ C:\WINDOWS\system32\idmmbc.dll
    2008-01-23 12:52 . 2008-01-23 12:52 58,368 --a------ C:\upaq.exe
    2008-01-23 12:52 . 2008-01-23 12:52 10,752 --a------ C:\bhij.exe
    2008-01-23 10:52 . 2008-01-24 19:55 21,504 --a------ C:\WINDOWS\system32\kernelwind64.exe
    2008-01-23 10:52 . 2008-01-23 10:52 17,270 --a------ C:\WINDOWS\system32\n2ewma1xxsv234.exe
    2008-01-23 00:24 . 2006-03-02 13:00 25,088 --a------ C:\WINDOWS\system32\userini.exe
    2008-01-22 15:57 . 2008-01-22 15:57 <REP> d-------- C:\Program Files\Dot1XCfg
    2008-01-22 15:47 . 2008-01-25 19:47 25,984 --a------ C:\WINDOWS\system32\drivers\Gdy30.sys
    2008-01-22 15:42 . 2008-01-23 12:24 36,864 --a------ C:\WINDOWS\mrofinu1148.exe.tmp
    2008-01-22 15:42 . 2008-01-23 12:53 2 --a------ C:\684127032
    2008-01-21 14:18 . 2008-01-21 14:18 <REP> d-------- C:\Program Files\Rockstar Games
    2008-01-21 13:01 . 2008-01-21 13:01 25,984 --a------ C:\WINDOWS\system32\drivers\Qgj50.sys
    2008-01-21 13:01 . 2008-01-21 13:01 25,600 --a------ C:\WINDOWS\system32\socksys.dll
    2008-01-21 13:00 . 2008-01-21 13:00 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
    2008-01-19 17:21 . 2008-01-22 18:08 <REP> d-------- C:\Program Files\Microsoft Games
    2008-01-19 09:13 . 2008-01-19 09:13 <REP> d-------- C:\Program Files\Lavasoft
    2008-01-18 21:57 . 2008-01-18 21:57 <REP> d-------- C:\MSNFix
    2008-01-14 18:42 . 2008-01-14 18:54 <REP> d-------- C:\Program Files\World of Warcraft
    2008-01-13 17:05 . 2008-01-14 18:39 <REP> d-------- C:\Program Files\No-IP
    2008-01-13 16:49 . 2008-01-13 16:49 <REP> d-------- C:\Program Files\PremiumSoft
    2008-01-13 16:49 . 2006-04-13 11:30 1,073,152 --a------ C:\WINDOWS\system32\libmysql_c.dll
    2008-01-12 15:39 . 2008-01-14 18:40 <REP> d-------- C:\Program Files\SQLyog Community
    2008-01-12 14:43 . 2008-01-14 18:39 <REP> d-------- C:\wamp
    2008-01-11 21:29 . 2008-01-11 21:29 <REP> d-------- C:\WINDOWS\system32\URTTemp
    2008-01-06 17:54 . 2008-01-06 17:54 <REP> d-------- C:\Program Files\Metal Slug Series
    2008-01-06 13:02 . 2008-01-06 13:02 <REP> d-------- C:\Program Files\Alcohol Soft
    2008-01-01 23:41 . 2008-01-15 18:21 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
    2007-12-30 15:58 . 2007-12-30 16:55 <REP> d-------- C:\Program Files\PhotoFiltre Studio
    2007-12-30 15:58 . 2007-12-30 15:58 45 ---h----- C:\WINDOWS\dsez1684.dat
    2007-12-28 14:01 . 2007-12-28 16:47 <REP> d-------- C:\Program Files\Project64 1.6
    2007-12-27 14:16 . 2008-01-25 03:40 <REP> d-------- C:\Downloads
    2007-12-27 01:45 . 2008-01-12 13:50 <REP> d-------- C:\Warhammer Online - Age of Reckoning

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-25 02:46 --------- d-----w C:\Program Files\FlashGet
    2008-01-23 20:20 8,704 ----a-w C:\WINDOWS\system32\netdde.exe
    2008-01-23 20:19 8,704 ----a-w C:\WINDOWS\system32\msdtc.exe
    2008-01-23 20:19 8,704 ----a-w C:\WINDOWS\system32\mnmsrvc.exe
    2008-01-23 20:09 8,704 ----a-w C:\WINDOWS\system32\cisvc.exe.tmp
    2008-01-22 23:24 7,168 ----a-w C:\WINDOWS\system32\userinit.exe
    2008-01-22 19:23 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-01-22 14:58 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
    2008-01-21 13:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-19 08:13 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-15 18:12 --------- d-----w C:\Program Files\mIRC
    2008-01-15 18:09 --------- d-----w C:\Program Files\Star Downloader
    2008-01-15 17:28 --------- d-----w C:\Program Files\Windows Live
    2007-12-25 14:36 --------- d-----w C:\Program Files\Electronic Arts
    2007-12-24 16:19 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-12-24 16:19 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2007-12-23 18:30 --------- d-----w C:\Program Files\CodeBlocks
    2007-12-23 16:13 --------- d-----w C:\Program Files\Activision
    2007-12-22 18:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-12-21 01:02 --------- d-----w C:\Program Files\TrackMania Nations ESWC
    2007-12-20 13:49 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-12-16 21:15 --------- d-----w C:\Program Files\Unreal Tournament 3
    2007-12-16 21:14 --------- d-----w C:\Program Files\AGEIA Technologies
    2007-12-16 15:29 --------- d-----w C:\Program Files\RivaTuner v2.06
    2007-12-15 12:19 --------- d-----w C:\Program Files\MegauploadToolbar
    2007-12-15 12:10 --------- d-----w C:\Program Files\CommentCaMarche
    2007-12-15 11:59 --------- d-----w C:\Program Files\VDCodecPack3.7
    2007-12-15 11:50 --------- d-----w C:\Program Files\Veoh Networks
    2007-12-14 17:21 --------- d-----w C:\Program Files\Skype
    2007-12-14 17:21 --------- d-----w C:\Program Files\Fichiers communs\Skype
    2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2007-12-11 20:20 --------- d-----w C:\Program Files\Teamspeak2_RC2
    2007-12-10 21:38 --------- d-----w C:\Program Files\VideoLAN
    2007-12-10 19:52 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-12-10 19:43 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
    2007-12-10 18:22 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-12-10 18:05 --------- d-----w C:\Program Files\AlienGUIse
    2007-12-10 18:03 --------- d-----w C:\Program Files\Fichiers communs\Stardock
    2007-12-10 18:02 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-12-10 18:01 --------- d-----w C:\Program Files\Alwil Software
    2007-12-10 18:00 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-12-10 17:57 --------- d-----w C:\Program Files\iTunes
    2007-12-10 17:57 --------- d-----w C:\Program Files\iPod
    2007-12-10 17:56 --------- d-----w C:\Program Files\QuickTime
    2007-12-10 17:56 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2007-12-10 17:56 --------- d-----w C:\Program Files\Apple Software Update
    2007-12-07 08:41 --------- d-----w C:\Program Files\WinTV
    2007-12-07 08:38 --------- d-----w C:\Program Files\CyberLink
    2007-12-07 08:37 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2007-12-07 08:37 --------- d-----w C:\Program Files\Ahead
    2007-12-07 08:20 --------- d-----w C:\Program Files\Attansic
    2007-12-07 08:02 --------- d-----w C:\Program Files\Analog Devices
    2007-12-07 07:56 --------- d-----w C:\Program Files\Intel
    2007-12-06 17:20 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-12-06 17:20 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-12-06 16:39 --------- d--h--w C:\Program Files\Uninstall Information
    2007-12-06 16:34 --------- d-----w C:\Program Files\microsoft frontpage
    2007-12-06 16:33 --------- d-----w C:\Program Files\Services en ligne
    2007-12-06 16:32 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
    2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-23_17.25.58.68 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-25 11:53:54 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2008-01-25 11:53:58 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2008-01-25 11:53:58 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2008-01-25 11:53:59 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2008-01-25 11:53:57 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2008-01-25 11:53:51 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2008-01-25 11:53:51 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2008-01-25 11:54:02 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2008-01-25 11:53:55 5,025,792 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2008-01-25 11:53:53 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2008-01-25 11:53:51 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2008-01-25 11:53:52 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2008-01-25 11:53:57 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2008-01-25 11:53:58 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2008-01-25 11:53:58 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2008-01-25 11:53:52 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2008-01-25 11:53:52 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2008-01-25 11:53:53 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2008-01-25 11:53:53 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2008-01-25 11:53:52 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2008-01-25 11:54:03 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2008-01-25 11:54:02 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2008-01-25 11:53:50 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2008-01-25 11:54:02 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2008-01-25 11:54:03 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2008-01-25 11:53:51 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2008-01-25 11:53:50 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2008-01-25 11:53:50 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2008-01-25 11:54:00 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2008-01-25 11:53:54 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2008-01-25 11:54:01 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2008-01-25 11:53:59 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2008-01-25 11:53:51 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2008-01-25 11:53:57 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2008-01-25 11:53:54 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2008-01-25 11:53:54 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2008-01-25 11:53:55 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2008-01-25 11:54:01 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2008-01-25 11:53:59 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2008-01-25 11:54:01 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2008-01-25 11:54:00 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2008-01-25 11:54:00 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2008-01-25 11:53:53 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2008-01-25 11:53:55 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2008-01-25 11:54:02 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2008-01-25 11:53:55 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2008-01-25 11:53:56 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2008-01-25 11:53:56 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2008-01-25 11:53:56 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2008-01-25 11:54:01 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2008-01-25 11:54:21 11,411,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\06cc3058545a634c9d2c4c379aa2748c\mscorlib.ni.dll
    + 2008-01-25 11:54:57 6,688,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\817d7b38894ec140b1a0123ab0a1c26d\System.Data.ni.dll
    + 2008-01-25 11:55:08 10,723,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\a1aae76a54124647970e53ed530705f0\System.Design.ni.dll
    + 2008-01-25 11:54:33 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\01b080fec24c5641852a6532969118e8\System.Drawing.Design.ni.dll
    + 2008-01-25 11:54:35 1,626,112 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0fde1263748e7b488bb8f735febbc2d9\System.Drawing.ni.dll
    + 2008-01-25 11:54:45 13,107,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\14814ac262390041bd7293609823601f\System.Windows.Forms.ni.dll
    + 2008-01-25 11:54:50 5,640,192 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fa9bff84ecf2104781221d3ac66bf4cf\System.Xml.ni.dll
    + 2008-01-25 11:54:32 8,093,696 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\8566829254632c42ace345aac952e238\System.ni.dll
    - 2003-02-20 18:09:46 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
    + 2005-09-23 06:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
    - 2003-02-20 18:09:32 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
    + 2005-09-23 06:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
    + 2005-09-23 06:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
    + 2005-09-23 06:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
    + 2005-09-23 06:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
    - 2003-02-20 17:43:50 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
    + 2005-09-23 06:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
    - 2004-07-15 00:49:26 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
    + 2008-01-23 20:02:14 8,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
    + 2005-09-23 06:28:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
    + 2005-09-23 06:28:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
    + 2005-09-23 06:28:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
    + 2005-09-23 06:29:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
    + 2005-09-23 06:28:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
    + 2005-09-23 06:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
    + 2005-09-23 06:28:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
    + 2005-09-23 06:28:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
    + 2005-09-23 06:28:58 55,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
    + 2005-09-23 06:28:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
    + 2005-09-23 06:28:32 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
    + 2005-09-23 06:28:32 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
    + 2005-09-23 06:28:32 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
    + 2005-09-23 06:28:32 70,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
    + 2005-09-23 06:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
    + 2005-09-23 06:28:32 26,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
    + 2005-09-23 06:28:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
    + 2005-09-23 06:28:32 29,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    + 2005-09-23 06:28:32 29,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2005-09-23 06:28:32 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
    + 2005-09-23 06:28:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
    + 2005-09-23 06:28:56 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
    + 2005-09-23 06:28:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
    + 2005-09-23 06:28:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
    + 2005-09-23 06:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
    + 2005-09-23 06:28:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
    + 2005-09-23 06:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
    + 2005-09-23 06:28:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    + 2005-09-23 06:28:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
    + 2005-09-23 06:28:38 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
    + 2005-09-23 06:29:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
    + 2005-09-23 06:28:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
    + 2005-09-23 06:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
    + 2005-09-23 06:28:56 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
    + 2005-09-23 06:28:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
    + 2005-09-23 06:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
    + 2005-09-23 06:28:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
    + 2005-09-23 06:28:56 224,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
    + 2005-09-23 06:28:56 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
    + 2005-09-23 06:28:56 55,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
    + 2005-09-23 06:28:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
    + 2005-09-23 06:28:48 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
    + 2005-09-23 06:01:16 609,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    + 2005-09-23 05:29:48 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
    + 2005-09-23 05:32:24 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
    + 2005-09-23 05:34:10 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
    + 2005-09-23 05:34:12 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
    + 2005-09-23 05:34:44 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
    + 2005-09-23 05:36:24 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
    + 2005-09-23 02:46:14 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
    + 2005-09-23 05:38:26 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
    + 2005-09-23 05:38:52 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
    + 2005-09-23 05:40:30 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
    + 2005-09-23 05:40:32 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
    + 2005-09-23 05:40:56 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
    + 2005-09-23 05:42:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
    + 2005-09-23 05:44:58 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
    + 2005-09-23 05:46:38 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
    + 2005-09-23 05:46:38 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
    + 2005-09-23 05:46:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
    + 2005-09-23 05:47:04 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
    + 2005-09-23 05:47:30 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
    + 2005-09-23 05:47:32 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
    + 2005-09-23 05:47:32 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
    + 2005-09-23 05:30:18 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
    + 2005-09-23 05:47:06 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
    + 2005-09-23 05:29:50 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
    + 2005-09-23 05:36:48 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
    + 2005-09-23 06:57:06 245,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
    + 2005-09-23 06:28:48 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
    + 2005-09-23 06:28:48 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
    + 2005-09-23 06:28:48 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
    + 2005-09-23 06:28:48 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
    + 2005-09-23 06:28:48 745,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
    + 2005-09-23 06:29:10 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2005-09-23 06:29:10 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
    + 2005-09-23 06:29:08 667,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
    + 2005-09-23 06:28:30 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
    + 2005-09-23 06:29:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
    + 2005-09-23 06:28:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
    + 2005-09-23 06:28:30 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2005-09-23 06:28:30 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
    + 2005-09-23 06:28:32 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
    + 2005-09-23 06:28:48 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
    + 2005-09-23 06:28:56 800,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2005-09-23 06:28:56 73,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
    + 2005-09-23 06:28:56 288,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
    + 2005-09-23 06:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
    + 2005-09-23 06:28:56 326,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    + 2005-09-23 06:28:56 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
    + 2005-09-23 06:28:56 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2005-09-23 06:28:56 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
    + 2005-09-23 06:29:00 330,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
    + 2005-09-23 06:28:56 67,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
    + 2005-09-23 06:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
    + 2005-09-23 06:28:56 226,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
    + 2005-09-23 06:28:56 66,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    + 2005-09-23 06:28:56 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
    + 2005-09-23 06:28:50 5,615,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2005-09-23 06:29:00 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
    + 2005-09-23 06:28:56 96,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
    + 2005-09-23 06:28:56 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
    + 2005-09-23 06:28:56 78,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
    + 2005-09-23 06:28:50 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
    + 2005-09-23 06:28:56 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
    + 2005-09-23 06:28:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
    + 2005-09-23 06:29:02 59,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
    + 2005-09-23 06:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
    + 2005-09-23 06:28:56 107,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
    + 2005-09-23 06:29:00 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
    + 2005-09-23 06:28:56 377,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2005-09-23 06:28:56 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
    + 2005-09-23 06:28:58 389,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
    + 2005-09-23 06:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
    + 2005-09-23 06:28:56 2,878,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
    + 2005-09-23 06:28:56 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
    + 2005-09-23 06:28:56 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
    + 2005-09-23 06:28:38 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
    + 2005-09-23 06:28:56 5,050,368 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
    + 2005-09-23 06:28:56 397,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
    + 2005-09-23 06:28:56 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
    + 2005-09-23 06:28:56 3,018,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
    + 2005-09-23 06:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
    + 2005-09-23 06:28:56 700,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
    + 2005-09-23 06:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
    + 2005-09-23 06:28:56 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
    + 2005-09-23 06:28:56 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
    + 2005-09-23 06:28:56 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
    + 2005-09-23 06:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
    + 2005-09-23 06:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
    + 2005-09-23 06:28:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
    + 2005-09-23 06:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
    + 2005-09-23 06:28:56 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
    + 2005-09-23 06:28:56 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
    + 2005-09-23 06:28:56 5,025,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2005-09-23 06:28:56 835,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
    + 2005-09-23 06:28:56 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
    + 2005-09-23 06:28:56 823,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
    + 2005-09-23 06:28:56 5,316,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    + 2005-09-23 06:28:56 2,035,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
    + 2005-09-23 06:28:56 71,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
    + 2005-09-23 06:29:06 1,140,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    + 2005-09-23 06:28:30 1,306,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
    + 2005-09-23 06:28:32 298,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    + 2005-09-23 06:28:56 28,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
    - 2008-01-23 16:24:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-01-25 18:48:16 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-01-23 16:24:03 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-01-25 18:48:16 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2008-01-23 16:24:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-01-25 18:48:16 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2005-09-23 06:28:38 83,456 ----a-w C:\WINDOWS\system32\dfshim.dll
    - 2004-07-14 22:34:06 16,896 ----a-w C:\WINDOWS\system32\mscorier.dll
    + 2005-09-23 06:28:52 150,016 ----a-w C:\WINDOWS\system32\mscorier.dll
    - 2003-02-20 18:09:14 106,496 ----a-w C:\WINDOWS\system32\mscories.dll
    + 2005-09-23 06:28:52 74,240 ----a-w C:\WINDOWS\system32\mscories.dll
    - 2008-01-12 23:03:54 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-01-25 11:55:10 62,344 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-01-12 23:03:54 63,614 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-01-25 11:55:10 75,266 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-01-12 23:03:54 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-01-25 11:55:10 401,064 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-01-12 23:03:54 445,016 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-01-25 11:55:10 468,072 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-01-25 18:48:07 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_62c.dat
    + 2005-09-23 06:29:16 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
    + 2005-09-23 06:29:16 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
    + 2005-09-23 06:29:16 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
    + 2008-01-25 11:53:51 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2008-01-25 11:53:51 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:20 21686568]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 13:21 3461120]
    "Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [2008-01-22 15:57 61440]
    "WintelUpdate"="C:\bhij.exe" [2008-01-23 12:52 10752]
    "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-01-23 14:31 2577840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 11:07 843776]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]
    "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 09:45 385024]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
    "nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="NvMCTray.dll" [2006-08-11 14:43 86016 C:\WINDOWS\system32\nvmctray.dll]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-19 09:16 579072]
    "SystemSv121"="C:\WINDOWS\system32\n2ewma1xxsv234.exe" [2008-01-23 10:52 17270]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-19 09:16 219136]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gdy30.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qgj50.sys]
    @="Driver"

    R0 Gdy30;Gdy30;C:\WINDOWS\system32\Drivers\Gdy30.sys [2008-01-25 19:47]
    R2 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\DRIVERS\HCWBT8XX.sys [2002-03-01 00:35]
    S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2007-10-30 19:05]
    S2 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe []
    S2 Generic Host Process for Win-32 Service;Generic Host Process for Win-32 Service;"C:\WINDOWS\svchost.exe" []
    S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 05:28]
    S3 Qgj50;Qgj50;C:\WINDOWS\System32\drivers\Qgj50.sys [2008-01-21 13:01]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34b10211-c083-11dc-9202-00055d0106e4}]
    \Shell\Shell00\Command - H:\Start.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-01-23 22:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-25 19:49:04
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    C:\WINDOWS\system32\wsnpoem
    C:\WINDOWS\system32\burito.ini 36608 bytes
    C:\WINDOWS\system32\burito47b2-3635.sys 129792 bytes executable
    C:\WINDOWS\system32\ntos.exe 84480 bytes executable

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 4

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FFI]
    "ImagePath"="C:\WINDOWS\system32\svchost.exe:exm.exe"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\burito47b2-3635]
    "ImagePath"="\??\C:\WINDOWS\system32\burito47b2-3635.sys"
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
    -> C:\Program Files\AlienGUIse\AlienwareDock\DockShellHookOEM.dll
    .
    a b 8 Sécurité
    25 Janvier 2008 20:47:07

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Driver::
    FFI
    Generic Host Process for Win-32 Service

    Rootkit::
    C:\WINDOWS\system32\svchost.exe:exm.exe
    C:\WINDOWS\svchost.exe
    C:\WINDOWS\system32\burito.ini
    C:\WINDOWS\system32\burito47b2-3635.sys
    C:\WINDOWS\system32\ntos.exe

    File::
    C:\14B.tmp
    C:\14A.tmp
    C:\149.tmp
    C:\148.tmp
    C:\147.tmp
    C:\146.tmp
    C:\144.tmp
    C:\142.tmp
    C:\141.tmp
    C:\140.tmp
    C:\13F.tmp
    C:\13E.tmp
    C:\13D.tmp
    C:\13C.tmp
    C:\13A.tmp
    C:\139.tmp
    C:\138.tmp
    C:\137.tmp
    C:\136.tmp
    C:\135.tmp
    C:\134.tmp
    C:\A.tmp
    C:\9.tmp
    C:\8.tmp
    C:\7.tmp
    C:\6.tmp
    C:\5.tmp
    C:\133.tmp
    C:\BD.tmp
    C:\A6.tmp
    C:\82.tmp
    C:\5D.tmp
    C:\3F.tmp
    C:\4.tmp
    C:\3.tmp
    C:\26.tmp
    C:\2.tmp
    C:\1.tmp
    C:\WINDOWS\system32\mssrv32.exe
    C:\upaq.exe
    C:\bhij.exe
    C:\WINDOWS\system32\kernelwind64.exe
    C:\WINDOWS\system32\n2ewma1xxsv234.exe
    C:\WINDOWS\system32\userini.exe
    C:\WINDOWS\mrofinu1148.exe.tmp

    Folder::
    C:\Program Files\Dot1XCfg
    C:\WINDOWS\system32\wsnpoem

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Dot1XCfg"=-
    "WintelUpdate"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SystemSv121"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    25 Janvier 2008 21:58:56

    Après le redémarrage, j'ai un autre problème, le processus explorer.exe ne se lance plus, donc je dois tout faire avec ctrl+alt+suprr. Donc impossible d'avoir un rapport combofix...
    a b 8 Sécurité
    25 Janvier 2008 22:05:49

    C:\Combofix.txt ?
    25 Janvier 2008 22:13:37

    oui j'en ai un qui ressemble assé à ce que tu m'as donné, tu le veux ? J'ai aussi réussi à faire un scan Hijackthis?
    a b 8 Sécurité
    25 Janvier 2008 22:21:08

    Oui. D'aboord ce rapport :) 
    25 Janvier 2008 22:32:22

    le rapport Combofix :

    ComboFix 08-01-23.2 - Propriétaire 2008-01-25 22:11:07.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1659 [GMT 1:00]
    Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Propriétaire\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE
    C:\1.tmp
    C:\133.tmp
    C:\134.tmp
    C:\135.tmp
    C:\136.tmp
    C:\137.tmp
    C:\138.tmp
    C:\139.tmp
    C:\13A.tmp
    C:\13C.tmp
    C:\13D.tmp
    C:\13E.tmp
    C:\13F.tmp
    C:\140.tmp
    C:\141.tmp
    C:\142.tmp
    C:\144.tmp
    C:\146.tmp
    C:\147.tmp
    C:\148.tmp
    C:\149.tmp
    C:\14A.tmp
    C:\14B.tmp
    C:\2.tmp
    C:\26.tmp
    C:\3.tmp
    C:\3F.tmp
    C:\4.tmp
    C:\5.tmp
    C:\5D.tmp
    C:\6.tmp
    C:\7.tmp
    C:\8.tmp
    C:\82.tmp
    C:\9.tmp
    C:\A.tmp
    C:\A6.tmp
    C:\BD.tmp
    C:\bhij.exe
    C:\upaq.exe
    C:\WINDOWS\mrofinu1148.exe.tmp
    C:\WINDOWS\system32\kernelwind64.exe
    C:\WINDOWS\system32\mssrv32.exe
    C:\WINDOWS\system32\n2ewma1xxsv234.exe
    C:\WINDOWS\system32\userini.exe
    .

    26 Janvier 2008 14:16:29

    Le rapport Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:12, on 2008-01-25
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\imapi.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe
    C:\ComboFix\nircmd.cfexe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6F3A8017-FF54-472A-BE06-8F25B350E0E4}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{899341D3-10F6-4E1C-A57E-2E900BE4FB2D}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9E3ECC32-0C0E-4134-B8B3-506594E5E72B}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F7F5CC84-51D4-40CA-BA55-131A0314CA5C}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FA1426F3-7F41-4F64-A1C6-51A7F1375021}: NameServer = 193.252.118.111
    O17 - HKLM\System\CS1\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
    O17 - HKLM\System\CS2\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: aswUpdSv - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Avg7Alrt - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
    O23 - Service: Avg7UpdSvc - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
    O23 - Service: AVGEMS - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
    O23 - Service: IDriverT - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: mnmsrvc - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe
    O23 - Service: NVSvc - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
    O23 - Service: RasMan - Unknown owner - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ie7D.tmp
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 8798 bytes
    a b 8 Sécurité
    26 Janvier 2008 17:50:40

    Pas complet le Combofix.
    26 Janvier 2008 18:01:29

    Bah désolé mais chaque fois que je relance le pc, le processus explorer.exe ne se lance pas et donc le combofix ne doit surement pas terminé son rapport...
    26 Janvier 2008 18:03:27

    j'ai trouvé la technique pour le lancer en executant un document ce qui ccrée une erreur et lance le bureau mais pas la fin de combofix...
    26 Janvier 2008 18:16:27

    Voilà en chipotant j'y suis arrivé :

    ComboFix 08-01-23.2 - Propriétaire 2008-01-26 18:05:43.5 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1467 [GMT 1:00]
    Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Propriétaire\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE
    C:\1.tmp
    C:\133.tmp
    C:\134.tmp
    C:\135.tmp
    C:\136.tmp
    C:\137.tmp
    C:\138.tmp
    C:\139.tmp
    C:\13A.tmp
    C:\13C.tmp
    C:\13D.tmp
    C:\13E.tmp
    C:\13F.tmp
    C:\140.tmp
    C:\141.tmp
    C:\142.tmp
    C:\144.tmp
    C:\146.tmp
    C:\147.tmp
    C:\148.tmp
    C:\149.tmp
    C:\14A.tmp
    C:\14B.tmp
    C:\2.tmp
    C:\26.tmp
    C:\3.tmp
    C:\3F.tmp
    C:\4.tmp
    C:\5.tmp
    C:\5D.tmp
    C:\6.tmp
    C:\7.tmp
    C:\8.tmp
    C:\82.tmp
    C:\9.tmp
    C:\A.tmp
    C:\A6.tmp
    C:\BD.tmp
    C:\bhij.exe
    C:\upaq.exe
    C:\WINDOWS\mrofinu1148.exe.tmp
    C:\WINDOWS\system32\kernelwind64.exe
    C:\WINDOWS\system32\mssrv32.exe
    C:\WINDOWS\system32\n2ewma1xxsv234.exe
    C:\WINDOWS\system32\userini.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\svchost.exe
    C:\WINDOWS\system32\burito.ini
    C:\WINDOWS\system32\burito47b2-3635.sys
    C:\WINDOWS\system32\drivers\smtpdrv.sys
    C:\WINDOWS\system32\ntos.exe
    .
    ---- Previous Run -------
    .
    C:\1.tmp
    C:\133.tmp
    C:\134.tmp
    C:\135.tmp
    C:\136.tmp
    C:\137.tmp
    C:\138.tmp
    C:\139.tmp
    C:\13A.tmp
    C:\13C.tmp
    C:\13D.tmp
    C:\13E.tmp
    C:\13F.tmp
    C:\140.tmp
    C:\141.tmp
    C:\142.tmp
    C:\144.tmp
    C:\146.tmp
    C:\147.tmp
    C:\148.tmp
    C:\149.tmp
    C:\14A.tmp
    C:\14B.tmp
    C:\2.tmp
    C:\26.tmp
    C:\3.tmp
    C:\3F.tmp
    C:\4.tmp
    C:\5.tmp
    C:\5D.tmp
    C:\6.tmp
    C:\7.tmp
    C:\8.tmp
    C:\82.tmp
    C:\9.tmp
    C:\A.tmp
    C:\A6.tmp
    C:\BD.tmp
    C:\bhij.exe
    C:\Documents and Settings\Propri‚taire\Application Data\Install.dat
    C:\Documents and Settings\Propriétaire\Application Data\install.dat
    C:\Program Files\bravesentry
    C:\Program Files\bravesentry\BraveSentry.exe
    C:\Program Files\bravesentry\BraveSentry.lic
    C:\Program Files\bravesentry\BraveSentry0.bs
    C:\Program Files\bravesentry\BraveSentry0.dll
    C:\Program Files\bravesentry\BraveSentry1.bs
    C:\Program Files\bravesentry\BraveSentry2.dll
    C:\Program Files\bravesentry\BraveSentry3.dll
    C:\Program Files\bravesentry\Uninstall.exe
    C:\Program Files\Dot1XCfg
    C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    C:\Program Files\Helper
    C:\Program Files\Helper\superfindout.dll
    C:\Program Files\Temporary
    C:\Program Files\Temporary\kernInst.exe
    C:\upaq.exe
    C:\WINDOWS\b122.exe
    C:\WINDOWS\desktop.html
    C:\WINDOWS\mrofinu1148.exe
    C:\WINDOWS\mrofinu1148.exe.tmp
    C:\WINDOWS\svchost.exe
    C:\WINDOWS\system32\5_exception.nls
    C:\WINDOWS\system32\adult.txt
    C:\WINDOWS\system32\dllgh8jkd1q1.exe
    C:\WINDOWS\system32\dllgh8jkd1q2.exe
    C:\WINDOWS\system32\dllgh8jkd1q5.exe
    C:\WINDOWS\system32\dllgh8jkd1q6.exe
    C:\WINDOWS\system32\dllgh8jkd1q7.exe
    C:\WINDOWS\system32\dllgh8jkd1q8.exe
    C:\WINDOWS\system32\drivers\smtpdrv.sys
    C:\WINDOWS\system32\finance.txt
    C:\WINDOWS\system32\kernelwind64.exe
    C:\WINDOWS\system32\lt.res
    C:\WINDOWS\system32\m1ax1d12132116143v.exe
    C:\WINDOWS\system32\mssrv32.exe
    C:\WINDOWS\system32\n2ewma1xxsv234.exe
    C:\WINDOWS\system32\other.txt
    C:\WINDOWS\system32\pharma.txt
    C:\WINDOWS\system32\sft.res
    C:\WINDOWS\system32\shift.exe.exe
    C:\WINDOWS\system32\svcp.csv
    C:\WINDOWS\system32\userini.exe
    C:\WINDOWS\system32\vx.tll
    C:\WINDOWS\system32\winsub.xml
    C:\WINDOWS\system32\wsnpoem
    C:\WINDOWS\system32\wsnpoem\audio.dll
    C:\WINDOWS\system32\wsnpoem\video.dll
    C:\WINDOWS\Temp\43139717.exe
    C:\WINDOWS\Temp\441825183.exe
    C:\WINDOWS\Temp\69896416.exe
    C:\WINDOWS\xpupdate.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_SMTPDRV
    -------\runtime
    -------\smtpdrv


    -------\LEGACY_MSUPDATE
    -------\LEGACY_SMTPDRV
    -------\msupdate
    -------\smtpdrv


    -------\LEGACY_FFI
    -------\LEGACY_GENERIC_HOST_PROCESS_FOR_WIN-32_SERVICE
    -------\FFI
    -------\Generic Host Process for Win-32 Service
    -------\msupdate
    -------\smtpdrv


    -------\LEGACY_SMTPDRV
    -------\smtpdrv


    -------\LEGACY_SMTPDRV
    -------\smtpdrv


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-26 to 2008-01-26 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-25 13:25 . 2004-08-03 23:00 263,488 -r-hs---- C:\cmldr
    2008-01-25 13:25 . 2008-01-15 19:08 216 --a------ C:\BOOT.BAK
    2008-01-25 12:55 . 2008-01-25 13:02 <REP> d-------- C:\Program Files\nLite
    2008-01-25 11:06 . 2008-01-25 11:06 <REP> d-------- C:\Program Files\Internet Download Manager
    2008-01-24 17:50 . 2008-01-25 13:02 <REP> d-------- C:\WinXP
    2008-01-24 00:02 . 2008-01-24 00:02 0 --a------ C:\BC.tmp
    2008-01-24 00:01 . 2008-01-24 00:01 0 --a------ C:\A5.tmp
    2008-01-24 00:00 . 2008-01-24 00:00 0 --a------ C:\81.tmp
    2008-01-23 23:59 . 2008-01-23 23:59 0 --a------ C:\5C.tmp
    2008-01-23 23:58 . 2008-01-23 23:58 0 --a------ C:\3E.tmp
    2008-01-23 17:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-23 14:06 . 2008-01-08 13:13 202,160 --a------ C:\WINDOWS\system32\idmmbc.dll
    2008-01-22 15:47 . 2008-01-26 18:07 25,984 --a------ C:\WINDOWS\system32\drivers\Gdy30.sys
    2008-01-22 15:42 . 2008-01-23 12:53 2 --a------ C:\684127032
    2008-01-21 14:18 . 2008-01-21 14:18 <REP> d-------- C:\Program Files\Rockstar Games
    2008-01-21 13:01 . 2008-01-21 13:01 25,984 --a------ C:\WINDOWS\system32\drivers\Qgj50.sys
    2008-01-21 13:01 . 2008-01-21 13:01 25,600 --a------ C:\WINDOWS\system32\socksys.dll
    2008-01-21 13:00 . 2008-01-21 13:00 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
    2008-01-19 17:21 . 2008-01-22 18:08 <REP> d-------- C:\Program Files\Microsoft Games
    2008-01-19 09:13 . 2008-01-19 09:13 <REP> d-------- C:\Program Files\Lavasoft
    2008-01-18 21:57 . 2008-01-18 21:57 <REP> d-------- C:\MSNFix
    2008-01-14 18:42 . 2008-01-14 18:54 <REP> d-------- C:\Program Files\World of Warcraft
    2008-01-13 17:05 . 2008-01-14 18:39 <REP> d-------- C:\Program Files\No-IP
    2008-01-13 16:49 . 2008-01-13 16:49 <REP> d-------- C:\Program Files\PremiumSoft
    2008-01-13 16:49 . 2006-04-13 11:30 1,073,152 --a------ C:\WINDOWS\system32\libmysql_c.dll
    2008-01-12 15:39 . 2008-01-14 18:40 <REP> d-------- C:\Program Files\SQLyog Community
    2008-01-12 14:43 . 2008-01-14 18:39 <REP> d-------- C:\wamp
    2008-01-11 21:29 . 2008-01-11 21:29 <REP> d-------- C:\WINDOWS\system32\URTTemp
    2008-01-06 17:54 . 2008-01-06 17:54 <REP> d-------- C:\Program Files\Metal Slug Series
    2008-01-06 13:02 . 2008-01-06 13:02 <REP> d-------- C:\Program Files\Alcohol Soft
    2008-01-01 23:41 . 2008-01-15 18:21 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
    2007-12-30 15:58 . 2007-12-30 16:55 <REP> d-------- C:\Program Files\PhotoFiltre Studio
    2007-12-30 15:58 . 2007-12-30 15:58 45 ---h----- C:\WINDOWS\dsez1684.dat
    2007-12-28 14:01 . 2007-12-28 16:47 <REP> d-------- C:\Program Files\Project64 1.6
    2007-12-27 14:16 . 2008-01-25 03:40 <REP> d-------- C:\Downloads
    2007-12-27 01:45 . 2008-01-12 13:50 <REP> d-------- C:\Warhammer Online - Age of Reckoning

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-25 02:46 --------- d-----w C:\Program Files\FlashGet
    2008-01-22 19:23 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-01-21 13:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-19 08:13 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-15 18:12 --------- d-----w C:\Program Files\mIRC
    2008-01-15 18:09 --------- d-----w C:\Program Files\Star Downloader
    2008-01-15 17:28 --------- d-----w C:\Program Files\Windows Live
    2007-12-25 14:36 --------- d-----w C:\Program Files\Electronic Arts
    2007-12-24 16:19 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-12-23 18:30 --------- d-----w C:\Program Files\CodeBlocks
    2007-12-23 16:13 --------- d-----w C:\Program Files\Activision
    2007-12-22 18:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-12-21 01:02 --------- d-----w C:\Program Files\TrackMania Nations ESWC
    2007-12-20 13:49 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-12-16 21:15 --------- d-----w C:\Program Files\Unreal Tournament 3
    2007-12-16 21:14 --------- d-----w C:\Program Files\AGEIA Technologies
    2007-12-16 15:29 --------- d-----w C:\Program Files\RivaTuner v2.06
    2007-12-15 12:19 --------- d-----w C:\Program Files\MegauploadToolbar
    2007-12-15 12:10 --------- d-----w C:\Program Files\CommentCaMarche
    2007-12-15 11:59 --------- d-----w C:\Program Files\VDCodecPack3.7
    2007-12-15 11:50 --------- d-----w C:\Program Files\Veoh Networks
    2007-12-14 17:21 --------- d-----w C:\Program Files\Skype
    2007-12-14 17:21 --------- d-----w C:\Program Files\Fichiers communs\Skype
    2007-12-11 20:20 --------- d-----w C:\Program Files\Teamspeak2_RC2
    2007-12-10 21:38 --------- d-----w C:\Program Files\VideoLAN
    2007-12-10 18:22 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-12-10 18:05 --------- d-----w C:\Program Files\AlienGUIse
    2007-12-10 18:03 --------- d-----w C:\Program Files\Fichiers communs\Stardock
    2007-12-10 18:02 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-12-10 18:01 --------- d-----w C:\Program Files\Alwil Software
    2007-12-10 18:00 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-12-10 17:57 --------- d-----w C:\Program Files\iTunes
    2007-12-10 17:57 --------- d-----w C:\Program Files\iPod
    2007-12-10 17:56 --------- d-----w C:\Program Files\QuickTime
    2007-12-10 17:56 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2007-12-10 17:56 --------- d-----w C:\Program Files\Apple Software Update
    2007-12-07 08:41 --------- d-----w C:\Program Files\WinTV
    2007-12-07 08:38 --------- d-----w C:\Program Files\CyberLink
    2007-12-07 08:37 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2007-12-07 08:37 --------- d-----w C:\Program Files\Ahead
    2007-12-07 08:20 --------- d-----w C:\Program Files\Attansic
    2007-12-07 08:02 --------- d-----w C:\Program Files\Analog Devices
    2007-12-07 07:56 --------- d-----w C:\Program Files\Intel
    2007-12-06 17:20 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-12-06 17:20 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-12-06 16:39 --------- d--h--w C:\Program Files\Uninstall Information
    2007-12-06 16:34 --------- d-----w C:\Program Files\microsoft frontpage
    2007-12-06 16:33 --------- d-----w C:\Program Files\Services en ligne
    2007-12-06 16:32 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((( snapshot_2008-01-25_19.50.26.26 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-25 19:00:43 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\a8f437a4f2dafe4b91b0ff90f647e08b\Accessibility.ni.dll
    + 2008-01-25 19:00:46 860,160 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bea24dea872e7b4ab0016e50576acd00\AspNetMMCExt.ni.dll
    + 2008-01-25 19:00:47 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c784e07c20902640b402fe13937c80c8\CustomMarshalers.ni.dll
    + 2008-01-25 19:00:47 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\5fab55607eeacf4e9e21f7b980ddae70\dfsvc.ni.exe
    + 2008-01-25 19:00:49 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c364c6004f8ea24585fa7dd2c285362d\Microsoft.Build.Engine.ni.dll
    + 2008-01-25 19:00:49 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\b5307fa6252e5045853dd3a9e6037c98\Microsoft.Build.Framework.ni.dll
    + 2008-01-25 19:00:52 1,691,648 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d3d913c07aba7c499f378f346626cdb8\Microsoft.Build.Tasks.ni.dll
    + 2008-01-25 19:00:52 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\494189879e4fc2438fcfe3a6436d2dc9\Microsoft.Build.Utilities.ni.dll
    + 2008-01-25 19:00:54 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32f20ef61c854d4fbcaa4b152303fc2a\Microsoft.VisualBasic.ni.dll
    + 2008-01-25 19:00:56 962,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\a0b8b0623e3f5645a2f85568856e28db\System.Configuration.ni.dll
    + 2008-01-25 19:00:57 1,712,128 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\588ec8194431354bb2c6bf9cf0eefb5f\System.Deployment.ni.dll
    + 2008-01-25 19:00:59 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\4b6e520c714b2c4f9e8d6a78bf106449\System.DirectoryServices.Protocols.ni.dll
    + 2008-01-25 19:00:58 1,220,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8078000f25e30842b5c7cfb154b16152\System.DirectoryServices.ni.dll
    + 2008-01-25 19:01:00 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7f9520b3f2b4a54da5f8538e11109fc9\System.EnterpriseServices.ni.dll
    + 2008-01-25 19:01:00 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7f9520b3f2b4a54da5f8538e11109fc9\System.EnterpriseServices.Wrapper.dll
    + 2008-01-25 19:01:01 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\ed8677a52a2f9243ac461590d8bed761\System.Security.ni.dll
    + 2008-01-25 19:01:02 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\90945bb0199a854cb67f6d95ae66e496\System.Transactions.ni.dll
    + 2008-01-25 19:01:16 2,310,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\13fa232c263991408a3afb07d43b8b9d\System.Web.Mobile.ni.dll
    + 2008-01-25 19:01:17 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\323d64452beab6438ce9d0ec1aec3911\System.Web.RegularExpressions.ni.dll
    + 2008-01-25 19:01:19 1,945,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e34e395e16f5ab49b9b78f3e77859880\System.Web.Services.ni.dll
    + 2008-01-25 19:01:13 11,808,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\f79d94aae104e9468afeee99118161c5\System.Web.ni.dll
    - 2008-01-23 16:17:22 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-01-26 17:05:24 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    - 2008-01-23 16:17:22 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-01-26 17:05:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    - 2008-01-23 16:17:22 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-01-26 17:05:24 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    - 2008-01-23 16:17:22 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-01-26 17:05:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    - 2008-01-23 16:17:22 3,796,992 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    + 2008-01-26 17:05:24 4,853,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    - 2008-01-23 16:17:22 45,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-26 17:05:25 49,152 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2008-01-25 20:47:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5fc.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:20 21686568]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 13:21 3461120]
    "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-01-23 14:31 2577840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 11:07 843776]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]
    "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 09:45 385024]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
    "nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="NvMCTray.dll" [2006-08-11 14:43 86016 C:\WINDOWS\system32\nvmctray.dll]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-19 09:16 579072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-19 09:16 219136]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gdy30.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qgj50.sys]
    @="Driver"

    R0 Gdy30;Gdy30;C:\WINDOWS\system32\Drivers\Gdy30.sys [2008-01-26 18:07]
    R2 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\DRIVERS\HCWBT8XX.sys [2002-03-01 00:35]
    S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2007-10-30 19:05]
    S2 burito47b2-3635;burito47b2-3635;C:\WINDOWS\system32\burito47b2-3635.sys []
    S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 05:28]
    S3 Qgj50;Qgj50;C:\WINDOWS\System32\drivers\Qgj50.sys [2008-01-21 13:01]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34b10211-c083-11dc-9202-00055d0106e4}]
    \Shell\Shell00\Command - H:\Start.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-01-23 22:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-26 18:10:42
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\Explorer.exe [6.00.2900.3156]
    -> C:\Program Files\AlienGUIse\AlienwareDock\DockShellHookOEM.dll
    .
    a b 8 Sécurité
    27 Janvier 2008 19:10:28

    Reposte un rapport Hijackthis :) 
    27 Janvier 2008 19:34:55

    Voici le rapport Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:31, on 2008-01-27
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\imapi.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\~e5.0001
    C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe
    C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6F3A8017-FF54-472A-BE06-8F25B350E0E4}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{899341D3-10F6-4E1C-A57E-2E900BE4FB2D}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9E3ECC32-0C0E-4134-B8B3-506594E5E72B}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F7F5CC84-51D4-40CA-BA55-131A0314CA5C}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FA1426F3-7F41-4F64-A1C6-51A7F1375021}: NameServer = 193.252.118.111
    O17 - HKLM\System\CS1\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
    O17 - HKLM\System\CS2\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: aswUpdSv - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Avg7Alrt - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
    O23 - Service: Avg7UpdSvc - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
    O23 - Service: AVGEMS - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
    O23 - Service: IDriverT - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: mnmsrvc - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe
    O23 - Service: NVSvc - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
    O23 - Service: RasMan - Unknown owner - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ie7D.tmp
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 9339 bytes
    a b 8 Sécurité
    27 Janvier 2008 22:45:22

    Tu as combien d'antivirus ?
    27 Janvier 2008 23:02:41

    J'en ai deux : AVG et Avast j'ai donné mes infos au tout début du topic au cas ou :p  Oui je sais que t'a pas le temps de tout lire ;) 
    a b 8 Sécurité
    28 Janvier 2008 17:47:23

    Désinstalle les deux pour mettre AntiVir :) 
    28 Janvier 2008 18:26:31

    ok chef, je fais une analyse complete ensuite je suppose ?
    a b 8 Sécurité
    28 Janvier 2008 18:32:34

    Oui :) 
    29 Janvier 2008 00:34:36

    Analyse faite, voici un rapport Hijackthis comme je suppose que tu le demanderas ;) 

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:32, on 2008-01-29
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\imapi.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: COM+ Service - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - C:\WINDOWS\system32\winload.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: Yahoo Toolbar - {54C7D1DD-4296-451e-B756-1E94F665B4FF} - C:\WINDOWS\system32\yatool.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6F3A8017-FF54-472A-BE06-8F25B350E0E4}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{899341D3-10F6-4E1C-A57E-2E900BE4FB2D}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9E3ECC32-0C0E-4134-B8B3-506594E5E72B}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F7F5CC84-51D4-40CA-BA55-131A0314CA5C}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FA1426F3-7F41-4F64-A1C6-51A7F1375021}: NameServer = 193.252.118.111
    O17 - HKLM\System\CS1\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
    O17 - HKLM\System\CS2\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: COM+ Service - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - C:\WINDOWS\system32\winload.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: IDriverT - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: mnmsrvc - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe
    O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe
    O23 - Service: NVSvc - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
    O23 - Service: RasMan - Unknown owner - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ie7D.tmp
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 9259 bytes
    a b 8 Sécurité
    29 Janvier 2008 12:13:59

    Refais un scan Combofix.
    29 Janvier 2008 21:51:10

    je viens de lancer combofix (sans rien seulement combofix) et maintenant j'ai à nouveau les mêmes problemes qu'avant, je suis sur le portable là, voici le rapport :

    ComboFix 08-01-23.2 - Propriétaire 2008-01-29 21:25:50.6 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1188 [GMT 1:00]
    Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\mt_32.dll
    C:\WINDOWS\system32\winload.dll
    .
    ---- Previous Run -------
    .
    C:\1.tmp
    C:\133.tmp
    C:\134.tmp
    C:\135.tmp
    C:\136.tmp
    C:\137.tmp
    C:\138.tmp
    C:\139.tmp
    C:\13A.tmp
    C:\13C.tmp
    C:\13D.tmp
    C:\13E.tmp
    C:\13F.tmp
    C:\140.tmp
    C:\141.tmp
    C:\142.tmp
    C:\144.tmp
    C:\146.tmp
    C:\147.tmp
    C:\148.tmp
    C:\149.tmp
    C:\14A.tmp
    C:\14B.tmp
    C:\2.tmp
    C:\26.tmp
    C:\3.tmp
    C:\3F.tmp
    C:\4.tmp
    C:\5.tmp
    C:\5D.tmp
    C:\6.tmp
    C:\7.tmp
    C:\8.tmp
    C:\82.tmp
    C:\9.tmp
    C:\A.tmp
    C:\A6.tmp
    C:\BD.tmp
    C:\bhij.exe
    C:\Documents and Settings\Propri‚taire\Application Data\Install.dat
    C:\Documents and Settings\Propriétaire\Application Data\install.dat
    C:\Program Files\bravesentry
    C:\Program Files\bravesentry\BraveSentry.exe
    C:\Program Files\bravesentry\BraveSentry.lic
    C:\Program Files\bravesentry\BraveSentry0.bs
    C:\Program Files\bravesentry\BraveSentry0.dll
    C:\Program Files\bravesentry\BraveSentry1.bs
    C:\Program Files\bravesentry\BraveSentry2.dll
    C:\Program Files\bravesentry\BraveSentry3.dll
    C:\Program Files\bravesentry\Uninstall.exe
    C:\Program Files\Dot1XCfg
    C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    C:\Program Files\Helper
    C:\Program Files\Helper\superfindout.dll
    C:\Program Files\Temporary
    C:\Program Files\Temporary\kernInst.exe
    C:\upaq.exe
    C:\WINDOWS\b122.exe
    C:\WINDOWS\desktop.html
    C:\WINDOWS\mrofinu1148.exe
    C:\WINDOWS\mrofinu1148.exe.tmp
    C:\WINDOWS\svchost.exe
    C:\WINDOWS\system32\5_exception.nls
    C:\WINDOWS\system32\adult.txt
    C:\WINDOWS\system32\dllgh8jkd1q1.exe
    C:\WINDOWS\system32\dllgh8jkd1q2.exe
    C:\WINDOWS\system32\dllgh8jkd1q5.exe
    C:\WINDOWS\system32\dllgh8jkd1q6.exe
    C:\WINDOWS\system32\dllgh8jkd1q7.exe
    C:\WINDOWS\system32\dllgh8jkd1q8.exe
    C:\WINDOWS\system32\drivers\smtpdrv.sys
    C:\WINDOWS\system32\finance.txt
    C:\WINDOWS\system32\kernelwind64.exe
    C:\WINDOWS\system32\lt.res
    C:\WINDOWS\system32\m1ax1d12132116143v.exe
    C:\WINDOWS\system32\mssrv32.exe
    C:\WINDOWS\system32\n2ewma1xxsv234.exe
    C:\WINDOWS\system32\other.txt
    C:\WINDOWS\system32\pharma.txt
    C:\WINDOWS\system32\sft.res
    C:\WINDOWS\system32\shift.exe.exe
    C:\WINDOWS\system32\svcp.csv
    C:\WINDOWS\system32\userini.exe
    C:\WINDOWS\system32\vx.tll
    C:\WINDOWS\system32\winsub.xml
    C:\WINDOWS\system32\wsnpoem
    C:\WINDOWS\system32\wsnpoem\audio.dll
    C:\WINDOWS\system32\wsnpoem\video.dll
    C:\WINDOWS\Temp\43139717.exe
    C:\WINDOWS\Temp\441825183.exe
    C:\WINDOWS\Temp\69896416.exe
    C:\windows\xpupdate.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_SMTPDRV
    -------\runtime
    -------\smtpdrv


    -------\LEGACY_MSUPDATE
    -------\LEGACY_SMTPDRV
    -------\msupdate
    -------\smtpdrv


    -------\LEGACY_FFI
    -------\LEGACY_GENERIC_HOST_PROCESS_FOR_WIN-32_SERVICE
    -------\FFI
    -------\Generic Host Process for Win-32 Service
    -------\msupdate
    -------\smtpdrv


    -------\LEGACY_SMTPDRV
    -------\smtpdrv


    -------\LEGACY_SMTPDRV
    -------\smtpdrv


    -------\LEGACY_MSUPDATE
    -------\LEGACY_SMTPDRV
    -------\msupdate
    -------\smtpdrv


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-28 to 2008-01-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-28 19:59 . 2008-01-28 19:59 9,216 --a------ C:\WINDOWS\system32\rcpdu.dll
    2008-01-28 19:59 . 2008-01-28 19:59 8,192 --a------ C:\WINDOWS\system32\regapi32.dll
    2008-01-28 19:59 . 2008-01-28 19:59 7,680 --a------ C:\WINDOWS\system32\gdid32.dll
    2008-01-28 19:59 . 2008-01-28 19:58 6,144 --a------ C:\WINDOWS\system32\netd.dll
    2008-01-28 19:59 . 2008-01-28 19:59 4,608 --a------ C:\WINDOWS\system32\credigui.dll
    2008-01-28 19:59 . 2008-01-28 19:59 3,072 --a------ C:\WINDOWS\system32\pxcrt.dll
    2008-01-28 19:59 . 2008-01-28 19:59 3,072 --a------ C:\WINDOWS\system32\kbdsdf.dll
    2008-01-28 19:58 . 2008-01-28 19:58 <REP> d-------- C:\Program Files\Avira
    2008-01-28 19:55 . 2008-01-28 19:55 7,168 --a------ C:\WINDOWS\system32\protect.dll
    2008-01-28 19:55 . 2008-01-28 19:55 4,608 --a------ C:\WINDOWS\system32\psx.dll
    2008-01-28 19:55 . 2008-01-28 19:55 4,096 --a------ C:\WINDOWS\system32\mscert.dll
    2008-01-28 19:54 . 2008-01-28 19:54 9,216 --a------ C:\WINDOWS\system32\yatool.dll
    2008-01-28 19:54 . 2008-01-28 19:54 8,192 --a------ C:\WINDOWS\system32\iphelp.dll
    2008-01-28 19:54 . 2008-01-28 19:54 5,120 --a------ C:\WINDOWS\system32\rsh.dll
    2008-01-27 22:19 . 2008-01-27 22:19 24,576 --a------ C:\WINDOWS\system32\mssrv32.exe
    2008-01-25 13:25 . 2004-08-03 23:00 263,488 -r-hs---- C:\cmldr
    2008-01-25 13:25 . 2008-01-15 19:08 216 --a------ C:\BOOT.BAK
    2008-01-25 12:55 . 2008-01-25 13:02 <REP> d-------- C:\Program Files\nLite
    2008-01-25 11:06 . 2008-01-25 11:06 <REP> d-------- C:\Program Files\Internet Download Manager
    2008-01-24 17:50 . 2008-01-25 13:02 <REP> d-------- C:\WinXP
    2008-01-24 00:02 . 2008-01-24 00:02 0 --a------ C:\BC.tmp
    2008-01-24 00:01 . 2008-01-24 00:01 0 --a------ C:\A5.tmp
    2008-01-24 00:00 . 2008-01-24 00:00 0 --a------ C:\81.tmp
    2008-01-23 23:59 . 2008-01-23 23:59 0 --a------ C:\5C.tmp
    2008-01-23 23:58 . 2008-01-23 23:58 0 --a------ C:\3E.tmp
    2008-01-23 17:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-23 14:06 . 2008-01-08 13:13 202,160 --a------ C:\WINDOWS\system32\idmmbc.dll
    2008-01-22 15:47 . 2008-01-29 21:30 25,984 --a------ C:\WINDOWS\system32\drivers\Gdy30.sys
    2008-01-22 15:42 . 2008-01-23 12:53 2 --a------ C:\684127032
    2008-01-21 14:18 . 2008-01-21 14:18 <REP> d-------- C:\Program Files\Rockstar Games
    2008-01-21 13:01 . 2008-01-21 13:01 25,984 --a------ C:\WINDOWS\system32\drivers\Qgj50.sys
    2008-01-21 13:01 . 2008-01-21 13:01 25,600 --a------ C:\WINDOWS\system32\socksys.dll
    2008-01-21 13:00 . 2008-01-21 13:00 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
    2008-01-19 17:21 . 2008-01-22 18:08 <REP> d-------- C:\Program Files\Microsoft Games
    2008-01-19 09:13 . 2008-01-19 09:13 <REP> d-------- C:\Program Files\Lavasoft
    2008-01-18 21:57 . 2008-01-18 21:57 <REP> d-------- C:\MSNFix
    2008-01-14 18:42 . 2008-01-14 18:54 <REP> d-------- C:\Program Files\World of Warcraft
    2008-01-13 17:05 . 2008-01-14 18:39 <REP> d-------- C:\Program Files\No-IP
    2008-01-13 16:49 . 2008-01-13 16:49 <REP> d-------- C:\Program Files\PremiumSoft
    2008-01-13 16:49 . 2006-04-13 11:30 1,073,152 --a------ C:\WINDOWS\system32\libmysql_c.dll
    2008-01-12 15:39 . 2008-01-14 18:40 <REP> d-------- C:\Program Files\SQLyog Community
    2008-01-12 14:43 . 2008-01-14 18:39 <REP> d-------- C:\wamp
    2008-01-11 21:29 . 2008-01-11 21:29 <REP> d-------- C:\WINDOWS\system32\URTTemp
    2008-01-06 17:54 . 2008-01-06 17:54 <REP> d-------- C:\Program Files\Metal Slug Series
    2008-01-06 13:02 . 2008-01-06 13:02 <REP> d-------- C:\Program Files\Alcohol Soft
    2008-01-01 23:41 . 2008-01-15 18:21 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
    2007-12-30 15:58 . 2007-12-30 16:55 <REP> d-------- C:\Program Files\PhotoFiltre Studio
    2007-12-30 15:58 . 2007-12-30 15:58 45 ---h----- C:\WINDOWS\dsez1684.dat

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-28 19:17 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-01-25 02:46 --------- d-----w C:\Program Files\FlashGet
    2008-01-23 20:20 8,704 ----a-w C:\WINDOWS\system32\netdde.exe
    2008-01-23 20:19 8,704 ----a-w C:\WINDOWS\system32\msdtc.exe
    2008-01-23 20:19 8,704 ----a-w C:\WINDOWS\system32\mnmsrvc.exe
    2008-01-23 20:09 8,704 ----a-w C:\WINDOWS\system32\cisvc.exe.tmp
    2008-01-22 14:58 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
    2008-01-21 13:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-19 08:13 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-15 18:12 --------- d-----w C:\Program Files\mIRC
    2008-01-15 18:09 --------- d-----w C:\Program Files\Star Downloader
    2008-01-15 17:28 --------- d-----w C:\Program Files\Windows Live
    2007-12-28 15:47 --------- d-----w C:\Program Files\Project64 1.6
    2007-12-25 14:36 --------- d-----w C:\Program Files\Electronic Arts
    2007-12-24 16:19 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-12-24 16:19 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2007-12-23 18:30 --------- d-----w C:\Program Files\CodeBlocks
    2007-12-23 16:13 --------- d-----w C:\Program Files\Activision
    2007-12-22 18:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-12-21 01:02 --------- d-----w C:\Program Files\TrackMania Nations ESWC
    2007-12-20 13:49 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-12-16 21:15 --------- d-----w C:\Program Files\Unreal Tournament 3
    2007-12-16 21:14 --------- d-----w C:\Program Files\AGEIA Technologies
    2007-12-16 15:29 --------- d-----w C:\Program Files\RivaTuner v2.06
    2007-12-15 12:19 --------- d-----w C:\Program Files\MegauploadToolbar
    2007-12-15 12:10 --------- d-----w C:\Program Files\CommentCaMarche
    2007-12-15 11:59 --------- d-----w C:\Program Files\VDCodecPack3.7
    2007-12-15 11:50 --------- d-----w C:\Program Files\Veoh Networks
    2007-12-14 17:21 --------- d-----w C:\Program Files\Skype
    2007-12-14 17:21 --------- d-----w C:\Program Files\Fichiers communs\Skype
    2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2007-12-11 20:20 --------- d-----w C:\Program Files\Teamspeak2_RC2
    2007-12-10 21:38 --------- d-----w C:\Program Files\VideoLAN
    2007-12-10 19:52 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-12-10 19:43 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
    2007-12-10 18:22 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-12-10 18:05 --------- d-----w C:\Program Files\AlienGUIse
    2007-12-10 18:03 --------- d-----w C:\Program Files\Fichiers communs\Stardock
    2007-12-10 18:02 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-12-10 18:01 --------- d-----w C:\Program Files\Alwil Software
    2007-12-10 18:00 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-12-10 17:57 --------- d-----w C:\Program Files\iTunes
    2007-12-10 17:57 --------- d-----w C:\Program Files\iPod
    2007-12-10 17:56 --------- d-----w C:\Program Files\QuickTime
    2007-12-10 17:56 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2007-12-10 17:56 --------- d-----w C:\Program Files\Apple Software Update
    2007-12-07 08:41 --------- d-----w C:\Program Files\WinTV
    2007-12-07 08:38 --------- d-----w C:\Program Files\CyberLink
    2007-12-07 08:37 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2007-12-07 08:37 --------- d-----w C:\Program Files\Ahead
    2007-12-07 08:20 --------- d-----w C:\Program Files\Attansic
    2007-12-07 08:02 --------- d-----w C:\Program Files\Analog Devices
    2007-12-07 07:56 --------- d-----w C:\Program Files\Intel
    2007-12-06 17:20 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-12-06 17:20 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-12-06 16:39 --------- d--h--w C:\Program Files\Uninstall Information
    2007-12-06 16:34 --------- d-----w C:\Program Files\microsoft frontpage
    2007-12-06 16:33 --------- d-----w C:\Program Files\Services en ligne
    2007-12-06 16:32 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((( snapshot_2008-01-26_18.11.38.14 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-25 18:48:16 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-01-29 20:31:35 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-01-25 18:48:16 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-01-29 20:31:35 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2008-01-25 18:48:16 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-01-29 20:31:35 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-01-28 17:30:06 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
    + 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    - 2008-01-22 23:24:00 7,168 ----a-w C:\WINDOWS\system32\userinit.exe
    + 2006-03-02 12:00:00 25,088 ----a-w C:\WINDOWS\system32\userinit.exe
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54C7D1DD-4296-451e-B756-1E94F665B4FF}]
    2008-01-28 19:54 9216 --a------ C:\WINDOWS\system32\yatool.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:20 21686568]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 13:21 3461120]
    "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-01-23 14:31 2577840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 11:07 843776]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]
    "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 09:45 385024]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
    "nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="NvMCTray.dll" [2006-08-11 14:43 86016 C:\WINDOWS\system32\nvmctray.dll]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gdy30.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qgj50.sys]
    @="Driver"

    R0 Gdy30;Gdy30;C:\WINDOWS\system32\Drivers\Gdy30.sys [2008-01-29 21:30]
    R2 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\DRIVERS\HCWBT8XX.sys [2002-03-01 00:35]
    S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2007-10-30 19:05]
    S2 burito47b2-3635;burito47b2-3635;C:\WINDOWS\system32\burito47b2-3635.sys []
    S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 05:28]
    S3 Qgj50;Qgj50;C:\WINDOWS\System32\drivers\Qgj50.sys [2008-01-21 13:01]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34b10211-c083-11dc-9202-00055d0106e4}]
    \Shell\Shell00\Command - H:\Start.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-01-23 22:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-29 21:32:45
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    C:\WINDOWS\system32\wsnpoem
    C:\WINDOWS\system32\ntos.exe 502784 bytes executable

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 2

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
    -> C:\Program Files\AlienGUIse\AlienwareDock\DockShellHookOEM.dll
    .
    a b 8 Sécurité
    30 Janvier 2008 13:35:36

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Driver::
    Qgj50
    Gdy30

    Rootkit::
    C:\WINDOWS\system32\mssrv32.exe
    C:\WINDOWS\system32\drivers\Qgj50.sys
    C:\WINDOWS\dsez1684.dat
    C:\WINDOWS\system32\yatool.dll
    C:\WINDOWS\system32\Drivers\Gdy30.sys
    C:\WINDOWS\system32\ntos.exe

    Folder::
    C:\WINDOWS\system32\wsnpoem

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54C7D1DD-4296-451e-B756-1E94F665B4FF}]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    30 Janvier 2008 15:27:17

    voilà combofix on dirait qui y a un problème avec la console

    ComboFix 08-01-23.2 - Propriétaire 2008-01-30 15:13:40.8 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1547 [GMT 1:00]
    Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Propriétaire\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\dsez1684.dat
    C:\WINDOWS\system32\Drivers\Gdy30.sys
    C:\WINDOWS\system32\drivers\Qgj50.sys
    C:\WINDOWS\system32\mssrv32.exe
    C:\WINDOWS\system32\ntos.exe
    C:\WINDOWS\system32\yatool.dll
    .
    ---- Previous Run -------
    .
    C:\1.tmp
    C:\133.tmp
    C:\134.tmp
    C:\135.tmp
    C:\136.tmp
    C:\137.tmp
    C:\138.tmp
    C:\139.tmp
    C:\13A.tmp
    C:\13C.tmp
    C:\13D.tmp
    C:\13E.tmp
    C:\13F.tmp
    C:\140.tmp
    C:\141.tmp
    C:\142.tmp
    C:\144.tmp
    C:\146.tmp
    C:\147.tmp
    C:\148.tmp
    C:\149.tmp
    C:\14A.tmp
    C:\14B.tmp
    C:\2.tmp
    C:\26.tmp
    C:\3.tmp
    C:\3F.tmp
    C:\4.tmp
    C:\5.tmp
    C:\5D.tmp
    C:\6.tmp
    C:\7.tmp
    C:\8.tmp
    C:\82.tmp
    C:\9.tmp
    C:\A.tmp
    C:\A6.tmp
    C:\BD.tmp
    C:\bhij.exe
    C:\Documents and Settings\Propri‚taire\Application Data\Install.dat
    C:\Documents and Settings\Propriétaire\Application Data\install.dat
    C:\Program Files\bravesentry
    C:\Program Files\bravesentry\BraveSentry.exe
    C:\Program Files\bravesentry\BraveSentry.lic
    C:\Program Files\bravesentry\BraveSentry0.bs
    C:\Program Files\bravesentry\BraveSentry0.dll
    C:\Program Files\bravesentry\BraveSentry1.bs
    C:\Program Files\bravesentry\BraveSentry2.dll
    C:\Program Files\bravesentry\BraveSentry3.dll
    C:\Program Files\bravesentry\Uninstall.exe
    C:\Program Files\Dot1XCfg
    C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    C:\Program Files\Helper
    C:\Program Files\Helper\superfindout.dll
    C:\Program Files\Temporary
    C:\Program Files\Temporary\kernInst.exe
    C:\upaq.exe
    C:\WINDOWS\b122.exe
    C:\WINDOWS\desktop.html
    C:\WINDOWS\mrofinu1148.exe
    C:\WINDOWS\mrofinu1148.exe.tmp
    C:\WINDOWS\svchost.exe
    C:\WINDOWS\system32\5_exception.nls
    C:\WINDOWS\system32\adult.txt
    C:\WINDOWS\system32\dllgh8jkd1q1.exe
    C:\WINDOWS\system32\dllgh8jkd1q2.exe
    C:\WINDOWS\system32\dllgh8jkd1q5.exe
    C:\WINDOWS\system32\dllgh8jkd1q6.exe
    C:\WINDOWS\system32\dllgh8jkd1q7.exe
    C:\WINDOWS\system32\dllgh8jkd1q8.exe
    C:\WINDOWS\system32\drivers\smtpdrv.sys
    C:\WINDOWS\system32\finance.txt
    C:\WINDOWS\system32\kernelwind64.exe
    C:\WINDOWS\system32\lt.res
    C:\WINDOWS\system32\m1ax1d12132116143v.exe
    C:\WINDOWS\system32\mssrv32.exe
    C:\WINDOWS\system32\mt_32.dll
    C:\WINDOWS\system32\n2ewma1xxsv234.exe
    C:\WINDOWS\system32\other.txt
    C:\WINDOWS\system32\pharma.txt
    C:\WINDOWS\system32\sft.res
    C:\WINDOWS\system32\shift.exe.exe
    C:\WINDOWS\system32\svcp.csv
    C:\WINDOWS\system32\userini.exe
    C:\WINDOWS\system32\vx.tll
    C:\WINDOWS\system32\winload.dll
    C:\WINDOWS\system32\winsub.xml
    C:\WINDOWS\system32\wsnpoem
    C:\WINDOWS\system32\wsnpoem\audio.dll
    C:\WINDOWS\system32\wsnpoem\video.dll
    C:\WINDOWS\Temp\43139717.exe
    C:\WINDOWS\Temp\441825183.exe
    C:\WINDOWS\Temp\69896416.exe
    C:\windows\xpupdate.exe
    C:\WINDOWS\system32\wsnpoem

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_SMTPDRV
    -------\runtime
    -------\smtpdrv


    -------\LEGACY_MSUPDATE
    -------\LEGACY_SMTPDRV
    -------\msupdate
    -------\smtpdrv


    -------\LEGACY_FFI
    -------\LEGACY_GENERIC_HOST_PROCESS_FOR_WIN-32_SERVICE
    -------\FFI
    -------\Generic Host Process for Win-32 Service
    -------\msupdate
    -------\smtpdrv


    -------\LEGACY_SMTPDRV
    -------\smtpdrv


    -------\LEGACY_SMTPDRV
    -------\smtpdrv


    -------\LEGACY_MSUPDATE
    -------\LEGACY_SMTPDRV
    -------\msupdate
    -------\smtpdrv


    -------\LEGACY_GDY30
    -------\Gdy30
    -------\Qgj50
    -------\smtpdrv




    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-28 to 2008-01-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-28 19:59 . 2008-01-28 19:59 9,216 --a------ C:\WINDOWS\system32\rcpdu.dll
    2008-01-28 19:59 . 2008-01-28 19:59 8,192 --a------ C:\WINDOWS\system32\regapi32.dll
    2008-01-28 19:59 . 2008-01-28 19:59 7,680 --a------ C:\WINDOWS\system32\gdid32.dll
    2008-01-28 19:59 . 2008-01-28 19:58 6,144 --a------ C:\WINDOWS\system32\netd.dll
    2008-01-28 19:59 . 2008-01-28 19:59 4,608 --a------ C:\WINDOWS\system32\credigui.dll
    2008-01-28 19:59 . 2008-01-28 19:59 3,072 --a------ C:\WINDOWS\system32\pxcrt.dll
    2008-01-28 19:59 . 2008-01-28 19:59 3,072 --a------ C:\WINDOWS\system32\kbdsdf.dll
    2008-01-28 19:58 . 2008-01-28 19:58 <REP> d-------- C:\Program Files\Avira
    2008-01-28 19:55 . 2008-01-28 19:55 7,168 --a------ C:\WINDOWS\system32\protect.dll
    2008-01-28 19:55 . 2008-01-28 19:55 4,608 --a------ C:\WINDOWS\system32\psx.dll
    2008-01-28 19:55 . 2008-01-28 19:55 4,096 --a------ C:\WINDOWS\system32\mscert.dll
    2008-01-28 19:54 . 2008-01-28 19:54 8,192 --a------ C:\WINDOWS\system32\iphelp.dll
    2008-01-28 19:54 . 2008-01-28 19:54 5,120 --a------ C:\WINDOWS\system32\rsh.dll
    2008-01-25 13:25 . 2004-08-03 23:00 263,488 -r-hs---- C:\cmldr
    2008-01-25 13:25 . 2008-01-15 19:08 216 --a------ C:\BOOT.BAK
    2008-01-25 12:55 . 2008-01-25 13:02 <REP> d-------- C:\Program Files\nLite
    2008-01-25 11:06 . 2008-01-25 11:06 <REP> d-------- C:\Program Files\Internet Download Manager
    2008-01-24 17:50 . 2008-01-25 13:02 <REP> d-------- C:\WinXP
    2008-01-24 00:02 . 2008-01-24 00:02 0 --a------ C:\BC.tmp
    2008-01-24 00:01 . 2008-01-24 00:01 0 --a------ C:\A5.tmp
    2008-01-24 00:00 . 2008-01-24 00:00 0 --a------ C:\81.tmp
    2008-01-23 23:59 . 2008-01-23 23:59 0 --a------ C:\5C.tmp
    2008-01-23 23:58 . 2008-01-23 23:58 0 --a------ C:\3E.tmp
    2008-01-23 17:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-23 14:06 . 2008-01-08 13:13 202,160 --a------ C:\WINDOWS\system32\idmmbc.dll
    2008-01-22 15:42 . 2008-01-23 12:53 2 --a------ C:\684127032
    2008-01-21 14:18 . 2008-01-21 14:18 <REP> d-------- C:\Program Files\Rockstar Games
    2008-01-21 13:01 . 2008-01-21 13:01 25,600 --a------ C:\WINDOWS\system32\socksys.dll
    2008-01-21 13:00 . 2008-01-21 13:00 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
    2008-01-19 17:21 . 2008-01-22 18:08 <REP> d-------- C:\Program Files\Microsoft Games
    2008-01-19 09:13 . 2008-01-19 09:13 <REP> d-------- C:\Program Files\Lavasoft
    2008-01-18 21:57 . 2008-01-18 21:57 <REP> d-------- C:\MSNFix
    2008-01-14 18:42 . 2008-01-14 18:54 <REP> d-------- C:\Program Files\World of Warcraft
    2008-01-13 17:05 . 2008-01-14 18:39 <REP> d-------- C:\Program Files\No-IP
    2008-01-13 16:49 . 2008-01-13 16:49 <REP> d-------- C:\Program Files\PremiumSoft
    2008-01-13 16:49 . 2006-04-13 11:30 1,073,152 --a------ C:\WINDOWS\system32\libmysql_c.dll
    2008-01-12 15:39 . 2008-01-14 18:40 <REP> d-------- C:\Program Files\SQLyog Community
    2008-01-12 14:43 . 2008-01-14 18:39 <REP> d-------- C:\wamp
    2008-01-11 21:29 . 2008-01-11 21:29 <REP> d-------- C:\WINDOWS\system32\URTTemp
    2008-01-06 17:54 . 2008-01-06 17:54 <REP> d-------- C:\Program Files\Metal Slug Series
    2008-01-06 13:02 . 2008-01-06 13:02 <REP> d-------- C:\Program Files\Alcohol Soft
    2008-01-01 23:41 . 2008-01-15 18:21 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
    2007-12-30 15:58 . 2007-12-30 16:55 <REP> d-------- C:\Program Files\PhotoFiltre Studio
    2007-12-28 14:01 . 2007-12-28 16:47 <REP> d-------- C:\Program Files\Project64 1.6
    2007-12-27 14:16 . 2008-01-25 03:40 <REP> d-------- C:\Downloads
    2007-12-27 01:45 . 2008-01-12 13:50 <REP> d-------- C:\Warhammer Online - Age of Reckoning
    2007-12-23 19:42 . 2007-12-23 19:42 <REP> d-------- C:\Dev-Cpp
    2007-12-23 19:30 . 2007-12-23 19:30 <REP> d-------- C:\Program Files\CodeBlocks
    2007-12-23 17:27 . 2007-12-23 17:27 319 --a------ C:\WINDOWS\game.ini
    2007-12-23 11:54 . 2008-01-25 03:46 <REP> d-------- C:\Program Files\FlashGet
    2007-12-23 11:54 . 2006-04-20 12:51 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
    2007-12-20 18:34 . 2007-12-20 18:43 <REP> d-------- C:\UT2004
    2007-12-20 13:57 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2007-12-20 13:25 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2007-12-20 13:25 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
    2007-12-18 15:46 . 2008-01-15 19:09 <REP> d-------- C:\Program Files\Star Downloader
    2007-12-17 16:36 . 2007-12-21 02:02 <REP> d-------- C:\Program Files\TrackMania Nations ESWC
    2007-12-16 22:50 . 2007-12-16 22:50 <REP> d-------- C:\Fraps
    2007-12-16 22:15 . 2007-12-16 22:15 <REP> d-------- C:\Program Files\Unreal Tournament 3
    2007-12-16 22:14 . 2007-12-16 22:14 <REP> d-------- C:\WINDOWS\system32\AGEIA
    2007-12-16 22:14 . 2008-01-19 09:13 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-12-16 22:14 . 2007-12-16 22:14 <REP> d-------- C:\Program Files\AGEIA Technologies
    2007-12-16 17:17 . 2008-01-28 20:09 49 --a------ C:\WINDOWS\NeroDigital.ini
    2007-12-16 17:16 . 2008-01-04 20:40 <REP> d--h----- C:\WINDOWS\system\top secret
    2007-12-16 16:42 . 2008-01-25 03:17 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2007-12-16 16:32 . 2007-10-30 19:05 4,224 --a------ C:\WINDOWS\system32\drivers\NVStrap.sys
    2007-12-16 16:29 . 2007-12-16 16:29 <REP> d-------- C:\Program Files\RivaTuner v2.06
    2007-12-15 13:19 . 2007-12-15 13:19 <REP> d-------- C:\Program Files\MegauploadToolbar
    2007-12-15 13:10 . 2007-12-15 13:10 <REP> d-------- C:\Program Files\CommentCaMarche
    2007-12-15 12:59 . 2007-12-15 12:59 <REP> d-------- C:\Program Files\VDCodecPack3.7
    2007-12-15 12:50 . 2007-12-15 12:50 <REP> d-------- C:\Program Files\Veoh Networks
    2007-12-15 12:49 . 2007-12-15 12:49 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2007-12-14 18:21 . 2007-12-14 18:21 <REP> d-------- C:\Program Files\Skype
    2007-12-14 18:21 . 2007-12-14 18:21 <REP> d-------- C:\Program Files\Fichiers communs\Skype
    2007-12-14 11:32 . 2007-12-14 11:32 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
    2007-12-10 22:38 . 2007-12-10 22:38 <REP> d-------- C:\Program Files\VideoLAN
    2007-12-10 22:11 . 2007-12-23 17:13 <REP> d-------- C:\Program Files\Activision
    2007-12-10 22:10 . 2007-12-10 22:10 <REP> d--hs---- C:\WINDOWS\ftpcache
    2007-12-10 20:52 . 2007-12-10 20:52 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2007-12-10 20:43 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
    2007-12-10 20:43 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
    2007-12-10 20:43 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
    2007-12-10 20:43 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
    2007-12-10 20:43 . 2007-12-10 20:43 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
    2007-12-10 20:43 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
    2007-12-10 20:43 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
    2007-12-10 20:43 . 2007-12-24 17:19 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2007-12-10 20:43 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
    2007-12-10 20:43 . 2007-12-24 17:19 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-12-10 20:33 . 2007-12-25 15:36 <REP> d-------- C:\Program Files\Electronic Arts
    2007-12-10 19:18 . 2008-01-15 18:28 <REP> d-------- C:\Program Files\Windows Live
    2007-12-10 19:18 . 2007-12-10 19:22 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-12-10 19:16 . 2007-12-10 19:16 1,158 --a------ C:\WINDOWS\mozver.dat
    2007-12-10 19:10 . 2007-12-10 19:10 <REP> d-------- C:\WINDOWS\OvtCam
    2007-12-10 19:05 . 2005-02-01 14:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp
    2007-12-10 19:05 . 2007-12-20 20:50 3,932,214 --a------ C:\WINDOWS\AW_XenoMorph1280.bmp
    2007-12-10 19:04 . 2007-12-10 19:04 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp
    2007-12-10 19:03 . 2007-12-10 19:03 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
    2007-12-10 19:03 . 2007-12-10 19:05 <REP> d-------- C:\Program Files\AlienGUIse
    2007-12-10 19:03 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-06 17:20 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
    2007-12-06 17:20 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-12-06 16:39 --------- d--h--w C:\Program Files\Uninstall Information
    2007-12-06 16:34 --------- d-----w C:\Program Files\microsoft frontpage
    2007-12-06 16:33 --------- d-----w C:\Program Files\Services en ligne
    2007-12-06 16:32 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
    2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((( snapshot_2008-01-30_14.59.52.70 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-30 13:53:56 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-01-30 14:13:38 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    - 2008-01-30 13:53:56 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-01-30 14:13:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    - 2008-01-30 13:53:56 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-01-30 14:13:38 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    - 2008-01-30 13:53:56 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-01-30 14:13:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    - 2008-01-30 13:53:57 4,853,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    + 2008-01-30 14:13:38 4,853,760 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    - 2008-01-30 13:53:57 49,152 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-30 14:13:38 49,152 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:20 21686568]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 13:21 3461120]
    "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-01-23 14:31 2577840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 11:07 843776]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]
    "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 09:45 385024]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848]
    "nwiz"="nwiz.exe" [2006-08-11 14:43 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="NvMCTray.dll" [2006-08-11 14:43 86016 C:\WINDOWS\system32\nvmctray.dll]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gdy30.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qgj50.sys]
    @="Driver"

    R2 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\DRIVERS\HCWBT8XX.sys [2002-03-01 00:35]
    S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2007-10-30 19:05]
    S2 burito47b2-3635;burito47b2-3635;C:\WINDOWS\system32\burito47b2-3635.sys []
    S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 05:28]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34b10211-c083-11dc-9202-00055d0106e4}]
    \Shell\Shell00\Command - H:\Start.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-01-23 22:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-30 15:16:30
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
    -> C:\Program Files\AlienGUIse\AlienwareDock\DockShellHookOEM.dll
    .

    Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:19, on 2008-01-30
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\imapi.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6F3A8017-FF54-472A-BE06-8F25B350E0E4}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{899341D3-10F6-4E1C-A57E-2E900BE4FB2D}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9E3ECC32-0C0E-4134-B8B3-506594E5E72B}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F7F5CC84-51D4-40CA-BA55-131A0314CA5C}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FA1426F3-7F41-4F64-A1C6-51A7F1375021}: NameServer = 193.252.118.111
    O17 - HKLM\System\CS1\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
    O17 - HKLM\System\CS2\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: IDriverT - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: mnmsrvc - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe
    O23 - Service: NVSvc - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
    O23 - Service: RasMan - Unknown owner - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ie7D.tmp
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 8616 bytes

    a b 8 Sécurité
    30 Janvier 2008 15:56:04

    Re,

    ----------
    -> Démarrer
    -> Exécuter...
    Tape Services.msc puis valide
    Double clique sur RasMan
    Type de démarrage : "Désactiver"
    Clique en bas sur "Arrêter"
    Valide les changements.
    -----
    Ouvre Hijackthis puis:
    -> Open the Misc Tools Section
    -> Delete an NT Service
    Tape RasMan puis valide.
    ----------
    30 Janvier 2008 16:42:06

    c'est fait :) 
    a b 8 Sécurité
    30 Janvier 2008 18:51:30

    Reposte un rapport Hijackthis.
    30 Janvier 2008 19:00:54

    voici le rapport :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:59, on 2008-01-30
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\imapi.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe
    C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6F3A8017-FF54-472A-BE06-8F25B350E0E4}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{899341D3-10F6-4E1C-A57E-2E900BE4FB2D}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9E3ECC32-0C0E-4134-B8B3-506594E5E72B}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F7F5CC84-51D4-40CA-BA55-131A0314CA5C}: NameServer = 193.252.118.111
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FA1426F3-7F41-4F64-A1C6-51A7F1375021}: NameServer = 193.252.118.111
    O17 - HKLM\System\CS1\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
    O17 - HKLM\System\CS2\Services\Tcpip\..\{6D0A6036-14B1-41AE-9A2C-7E352F01FC39}: NameServer = 193.252.118.111
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: IDriverT - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: mnmsrvc - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe
    O23 - Service: NVSvc - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 8428 bytes
    a b 8 Sécurité
    30 Janvier 2008 19:05:08

    C'est mieux ?
    30 Janvier 2008 19:17:31

    Bah ça à l'air d'allé mieux mais j'ai encore sur internet un : error lander (comme titre) et une page blanche...peut-être que le temps de chargement de la page est dépassé. Je vis en belgique et j'ai dépassé ma limite de dl par moi donc je suis en 56k...mais au cas ou si tu sais si c'est normal.. Merci en tout cas ;) 
    a b 8 Sécurité
    30 Janvier 2008 19:25:29

    Tu devrais désinstaller Internet Download Manager.
    30 Janvier 2008 22:57:24

    Ok je vais le faire, et pour les fichiers .tmp dans mon c:/ j'en fais quoi ?
    a b 8 Sécurité
    31 Janvier 2008 18:16:53

    Tu peux les supprimer si tu veux.
    1 Février 2008 06:50:39

    Ok et j'ai toujours un problème avec internet et j'ai désinstallé IDM
    a b 8 Sécurité
    1 Février 2008 13:58:29

    Pense pas à un virus pour ça.
    1 Février 2008 18:26:57

    Ca va, internet refonctionne. Je te dirais quoi si jamais j'ai à nouveau un pb ;) 

    Merci encore ;) 

    Mag'
    a b 8 Sécurité
    1 Février 2008 18:38:24

    Ok ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS