Votre question

problème plusieurs virus (generic, purityscan...)

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Novembre 2007 12:39:36

Bonjour à tous,

Voila j'ai quelques petits problèmes de virus récurents. En effets ils reviennent à chaque nouveau scan (j'utilise avg antispyware 7.5 et cccleaner). Je les fait bien sur en mode sans echec.

Le virus qui reviennent sont:
adware.generic
downloader.purityscan
trojan.small

J'aurais besoin d'un coup de main... Merci !

Voici mon HiJack (en mode sans echec, faut-il le faire en mode normal???, dois-je cocher et fixer ???):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:37, on 24/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\tom\LOCALS~1\Temp\Rar$EX03.187\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
O4 - HKLM\..\Run: [IPv6 Helper Driver] csass.exe
O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [Windows Service Manager] winsvc.exe
O4 - HKLM\..\Run: [_BOOT_WIN32] C:\WINDOWS\System32\bootchk.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [yjslojel] rundll32.exe "C:\Program Files\yjslojel\axermxyp.dll",Init
O4 - HKLM\..\Run: [mxenyzkl] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\mxenyzkl.dll"
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvbuj.dll,startup
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\RunServices: [IPv6 Helper Driver] csass.exe
O4 - HKLM\..\RunServices: [Windows Service Manager] winsvc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Sra] "C:\DOCUME~1\tom\MESDOC~1\DOBE~1\notepad.exe" -vt ndrv
O4 - HKCU\..\Run: [Leceps] C:\WINDOWS\?ystem32\w?nspool.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton Internet Security.lnk = C:\Program Files\Norton Internet Security\nisfirst.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://secure.edhec.com/postauthI/epi.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.clickteam.com/vitalize3/vitalize.cab
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPxySvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IPv6 Helper Driver - Unknown owner - C:\WINDOWS\System32\csass.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Unknown owner - C:\Program Files\Norton Internet Security\NISUM.EXE (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: Windows Service Manager (WSM) - Unknown owner - C:\WINDOWS\System32\winsvc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7662 bytes

Autres pages sur : probleme plusieurs virus generic purityscan

a b 8 Sécurité
24 Novembre 2007 13:05:00

Bonjour,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    24 Novembre 2007 13:41:28

    Voici voila:

    ComboFix 07-11-19.3 - tom 2007-11-24 13:24:53.1 - NTFSx86 MINIMAL
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.382 [GMT 1:00]
    Running from: I:\ComboFix.exe
    .

    Incapable d'obtenir les privilèges Système

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data.\mxenyzkl.dll
    C:\Documents and Settings\tom\Bureau\Find Spyware Remover.lnk
    C:\Documents and Settings\tom\Bureau\Free Online Dating.lnk
    C:\Documents and Settings\tom\Bureau\Go to Casino.lnk
    C:\Documents and Settings\tom\Menu Démarrer\Programmes\Outerinfo
    C:\Documents and Settings\tom\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
    C:\Documents and Settings\tom\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
    C:\Documents and Settings\tom\Mes documents\DOBE~1
    C:\Documents and Settings\tom\Mes documents\DOBE~1\?dobe\
    C:\Documents and Settings\tom\Mes documents\DOBE~1\notepad.exe
    C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\FF\chrome.manifest
    C:\Program Files\outerinfo\FF\components\FF.dll
    C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
    C:\Program Files\outerinfo\FF\install.rdf
    C:\Program Files\outerinfo\OiUninstaller.exe
    C:\Program Files\outerinfo\outerinfo.ico
    C:\Program Files\outerinfo\Terms.rtf
    C:\Program Files\SecCenter
    C:\Program Files\SecCenter\scprot4.exe
    C:\Program Files\smss.exe
    C:\Program Files\Ultimate Cleaner
    C:\WINDOWS\avp.exe
    C:\WINDOWS\Casino.ico
    C:\WINDOWS\Free Online Dating.ico
    C:\WINDOWS\mgrs.exe
    C:\WINDOWS\Spyware Remover.ico
    C:\WINDOWS\system32\ddcyy.dll
    C:\WINDOWS\system32\drvbujr.dll
    C:\WINDOWS\system32\gha.dll
    C:\WINDOWS\system32\MabryObj.dll
    C:\WINDOWS\system32\tnrtmwuk
    C:\WINDOWS\system32\tnrtmwuk\bg1.gif
    C:\WINDOWS\system32\tnrtmwuk\bgtop.gif
    C:\WINDOWS\system32\tnrtmwuk\bottom1.gif
    C:\WINDOWS\system32\tnrtmwuk\essentials.gif
    C:\WINDOWS\system32\tnrtmwuk\icon1.ico
    C:\WINDOWS\system32\tnrtmwuk\install1.gif
    C:\WINDOWS\system32\tnrtmwuk\left1.gif
    C:\WINDOWS\system32\tnrtmwuk\li.gif
    C:\WINDOWS\system32\tnrtmwuk\logo.gif
    C:\WINDOWS\system32\tnrtmwuk\main.htm
    C:\WINDOWS\system32\tnrtmwuk\mainframe.htm
    C:\WINDOWS\system32\tnrtmwuk\reinstall1.gif
    C:\WINDOWS\system32\tnrtmwuk\right1.gif
    C:\WINDOWS\system32\tnrtmwuk\s1.htm
    C:\WINDOWS\system32\tnrtmwuk\s2.htm
    C:\WINDOWS\system32\tnrtmwuk\s3.htm
    C:\WINDOWS\system32\tnrtmwuk\SMTop1.gif
    C:\WINDOWS\system32\tnrtmwuk\SMTop2.gif
    C:\WINDOWS\system32\tnrtmwuk\SMTop3.gif
    C:\WINDOWS\system32\tnrtmwuk\SMTop4.gif
    C:\WINDOWS\system32\tnrtmwuk\soft1_off.gif
    C:\WINDOWS\system32\tnrtmwuk\soft1_off_ext.gif
    C:\WINDOWS\system32\tnrtmwuk\soft1_on.gif
    C:\WINDOWS\system32\tnrtmwuk\soft1_on_ext.gif
    C:\WINDOWS\system32\tnrtmwuk\soft2_off.gif
    C:\WINDOWS\system32\tnrtmwuk\soft2_off_ext.gif
    C:\WINDOWS\system32\tnrtmwuk\soft2_on.gif
    C:\WINDOWS\system32\tnrtmwuk\soft2_on_ext.gif
    C:\WINDOWS\system32\tnrtmwuk\soft3_off.gif
    C:\WINDOWS\system32\tnrtmwuk\soft3_off_ext.gif
    C:\WINDOWS\system32\tnrtmwuk\soft3_on.gif
    C:\WINDOWS\system32\tnrtmwuk\soft3_on_ext.gif
    C:\WINDOWS\system32\tnrtmwuk\softbottom_off.gif
    C:\WINDOWS\system32\tnrtmwuk\softbottom_on.gif
    C:\WINDOWS\system32\tnrtmwuk\softleft_off.gif
    C:\WINDOWS\system32\tnrtmwuk\softleft_on.gif
    C:\WINDOWS\system32\tnrtmwuk\tnrtmwuk1.exe
    C:\WINDOWS\system32\tnrtmwuk\tnrtmwuk2.exe
    C:\WINDOWS\system32\tnrtmwuk\top1.gif
    C:\WINDOWS\system32\tnrtmwuk\top2.gif
    C:\WINDOWS\system32\tnrtmwuk\turnoff1.gif
    C:\WINDOWS\system32\tnrtmwuk\turnon1.gif
    C:\WINDOWS\system32\winnjy32.dll
    C:\WINDOWS\system32\yycdd.ini
    C:\WINDOWS\system32\yycdd.ini2
    C:\WINDOWS\ystem3~1
    C:\WINDOWS\ystem3~1\w?nspool.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_NWSAPAGENT
    -------\NwSapAgent


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-24 to 2007-11-24 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-24 13:34 <REP> d-------- C:\WINDOWS\system32\tmp00007300
    2007-11-23 21:29 <REP> d-------- C:\WINDOWS\AU_Temp
    2007-11-23 21:05 143 --a------ C:\WINDOWS\system32\mcrh.tmp
    2007-11-23 19:32 <REP> d-------- C:\Documents and Settings\tom\Application Data\Grisoft
    2007-11-23 19:32 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-11-23 19:31 <REP> d-------- C:\Program Files\CCleaner
    2007-11-23 19:18 <REP> d-------- C:\Program Files\Panda Security
    2007-11-23 18:56 <REP> d-------- C:\Program Files\E404 Helper
    2007-11-23 18:56 10,240 --a------ C:\Program Files\spoolsv.exe
    2007-11-23 18:54 <REP> d-------- C:\Program Files\yjslojel
    2007-11-23 18:54 <REP> d-------- C:\Program Files\MalwareAlarm
    2007-11-23 18:54 <REP> d-------- C:\Program Files\Ezqdexjt
    2007-11-23 18:54 102,912 --a------ C:\WINDOWS\system32\drvbuj.dll
    2007-11-23 18:54 34,304 --------- C:\WINDOWS\system32\awtttqo.dll
    2007-11-23 18:46 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2007-11-23 18:24 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
    2007-11-23 18:13 <REP> d-------- C:\Program Files\Sierra
    2007-11-23 18:12 <REP> d-------- C:\Documents and Settings\tom\Application Data\InstallShield
    2007-11-13 13:54 <REP> d-------- C:\Documents and Settings\tom\Application Data\Aventail
    2007-11-13 13:54 31,232 --a------ C:\WINDOWS\system32\drivers\odptdi.sys
    2007-11-01 19:24 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-11-01 11:34 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-10-31 20:42 <REP> d-------- C:\Program Files\Google
    2007-10-30 17:25 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
    2007-10-30 17:25 128,816 --a------ C:\WINDOWS\system32\TZLog.log
    2007-10-30 17:25 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
    2007-10-30 17:25 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
    2007-10-30 17:24 <REP> d-------- C:\Program Files\MSXML 4.0
    2007-10-29 07:44 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-28 21:45 <REP> d-------- C:\Documents and Settings\tom\Contacts
    2007-10-28 21:44 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-10-28 11:54 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
    2007-10-28 11:54 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
    2007-10-28 11:54 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
    2007-10-28 11:54 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
    2007-10-27 10:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-24 12:35 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-11-23 23:12 --------- d-----w C:\Program Files\Common Files
    2007-11-23 20:29 86,094 ----a-w C:\WINDOWS\BPMNT.dll
    2007-11-23 20:29 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
    2007-11-23 20:18 71,749 ----a-w C:\WINDOWS\HCExtOutput.dll
    2007-11-23 20:18 267,845 ----a-w C:\WINDOWS\tsc.exe
    2007-11-23 20:08 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
    2007-11-23 20:08 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
    2007-11-23 20:08 286,720 ----a-w C:\WINDOWS\PATCH.EXE
    2007-11-23 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-23 17:44 --------- d-----w C:\Program Files\eMule
    2007-11-23 17:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-28 20:44 --------- d-----w C:\Program Files\MSN Messenger
    2007-10-27 09:02 --------- d-----w C:\Documents and Settings\tom\Application Data\AVG7
    2007-10-25 16:56 8,510,976 ------w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-18 15:44 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
    2007-10-18 15:43 --------- d-----w C:\Program Files\NETGEAR
    2007-10-15 08:15 --------- d-----w C:\Program Files\Wanadoo
    2006-09-25 16:41 80,360 -c--a-w C:\Documents and Settings\tom\Application Data\GDIPFONTCACHEV1.DAT
    2003-09-07 22:59 32 -csha-w C:\WINDOWS\{CB9C41C3-0874-43CE-B1A5-29F69AC29F05}.dat
    2003-09-07 22:59 32 -csha-w C:\WINDOWS\system32\{58A878A1-56E5-41C1-B804-0FC17B50BA30}.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468}]
    2007-11-23 18:54 34304 --------- C:\WINDOWS\system32\awtttqo.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
    2007-11-23 18:56 18432 --a------ C:\Program Files\E404 Helper\e404.v6.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-08 20:32]
    "Sra"="C:\DOCUME~1\tom\MESDOC~1\DOBE~1\notepad.exe" []
    "Leceps"="C:\WINDOWS\?ystem32\w?nspool.exe" [2002-08-30 12:00]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2003-04-24 15:53 C:\WINDOWS\SOUNDMAN.EXE]
    "EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 08:43]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-19 12:31]
    "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31]
    "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2002-06-07 11:34]
    "CleanEasyImg"="c:\apps\easydvd\cleanall.exe" []
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2003-07-15 14:36]
    "ccRegVfy"="C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2003-07-15 14:42]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-08-06 20:16]
    "Demon"="C:\PROGRA~1\MESSAG~1\Demon.exe" [2002-09-03 10:26]
    "KAZAA"="C:\Program Files\Kazaa\kazaa.exe" []
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-08-06 20:15]
    "NsUpdate"="C:\WINDOWS\NsUpdate.exe" []
    "IPv6 Helper Driver"="csass.exe" []
    "windows auto update"="" []
    "Microsoft Inet Xp.."="" []
    "windows automation"="" []
    "www.hidro.4t.com"="" []
    "BDMCon"="C:\progra~1\softwin\bitdef~1\bdmcon.exe" [2004-03-01 13:41]
    "BDNewsAgent"="C:\progra~1\softwin\bitdef~1\bdnagent.exe" [2004-07-28 22:40]
    "Windows Service Manager"="winsvc.exe" []
    "_BOOT_WIN32"="C:\WINDOWS\System32\bootchk.exe" []
    "hpfsched"="C:\WINDOWS\hpfsched.exe" [1998-09-23 22:42]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 18:19]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 18:57]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 18:51]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "IPv6 Helper Driver"="csass.exe" []
    "Windows Service Manager"="winsvc.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468}"= C:\WINDOWS\system32\awtttqo.dll [2007-11-23 18:54 34304]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtttqo]
    awtttqo.dll 2007-11-23 18:54 34304 C:\WINDOWS\system32\awtttqo.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcyy.dll

    R1 Odptdi;Odptdi;\??\C:\WINDOWS\system32\drivers\odptdi.sys
    R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys
    R2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS
    R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    S2 IPv6 Helper Driver;IPv6 Helper Driver;"C:\WINDOWS\System32\csass.exe" -service
    S2 WSM;Windows Service Manager;"C:\WINDOWS\System32\winsvc.exe" -service
    S3 Fadpu16E;Fadpu16E;\??\C:\DOCUME~1\tom\LOCALS~1\Temp\Fadpu16E.sys
    S3 NetMate;CATC USB/Ethernet Link device driver;C:\WINDOWS\system32\DRIVERS\netmate2.sys
    S3 PID_0920;Labtec WebCam(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
    S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2003-09-20 21:00:43 C:\WINDOWS\Tasks\HDReg.job"
    - c:\Apps\HDReg\HDRegRem.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-24 13:35:31
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-24 13:38:48
    .
    --- E O F ---
    Contenus similaires
    24 Novembre 2007 13:44:27

    J'ai du ignorer deux messages car sinon il fermait...
    24 Novembre 2007 14:16:03

    J'ai toujours un downloader.purityscan.ee
    24 Novembre 2007 14:52:46

    Est-ce quelqu'un peut m'aider siouplait ?
    24 Novembre 2007 15:25:28

    Voici un nouveau scan hijack, merci pour votre aide:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:22:56, on 24/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\MESSAG~1\Demon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\tom\LOCALS~1\Temp\Rar$EX00.984\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} - C:\WINDOWS\system32\awtttqo.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v6.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
    O4 - HKLM\..\Run: [IPv6 Helper Driver] csass.exe
    O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe
    O4 - HKLM\..\Run: [Windows Service Manager] winsvc.exe
    O4 - HKLM\..\Run: [_BOOT_WIN32] C:\WINDOWS\System32\bootchk.exe
    O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\RunServices: [IPv6 Helper Driver] csass.exe
    O4 - HKLM\..\RunServices: [Windows Service Manager] winsvc.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Sra] "C:\DOCUME~1\tom\MESDOC~1\DOBE~1\notepad.exe" -vt ndrv
    O4 - HKCU\..\Run: [Leceps] C:\WINDOWS\?ystem32\w?nspool.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Norton Internet Security.lnk = C:\Program Files\Norton Internet Security\nisfirst.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://secure.edhec.com/postauthI/epi.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.clickteam.com/vitalize3/vitalize.cab
    O20 - Winlogon Notify: awtttqo - C:\WINDOWS\SYSTEM32\awtttqo.dll
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPxySvc.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IPv6 Helper Driver - Unknown owner - C:\WINDOWS\System32\csass.exe (file missing)
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Unknown owner - C:\Program Files\Norton Internet Security\NISUM.EXE (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    O23 - Service: Windows Service Manager (WSM) - Unknown owner - C:\WINDOWS\System32\winsvc.exe (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 9397 bytes

    a b 8 Sécurité
    24 Novembre 2007 16:17:24

    Un peu de patience ?
    Bien infecté :/ 

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.

    Redémarre en mode sans échec

  • Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.
    24 Novembre 2007 17:36:55

    Merci,

    Rapport SDFIX:


    SDFix: Version 1.115

    Run by tom on 24/11/2007 at 17:16

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\SYSTEM32\NEWFIL~1.EXE - Deleted
    C:\WINDOWS\SYSTEM32\NEWSSGE.EXE - Deleted
    C:\WINDOWS\system32\TFTP2212 - Deleted



    Folder C:\Program Files\E404 Helper - Removed

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-24 17:24:32
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40]
    "ujdew"=hex:20,02,00,00,3c,be,89,f9,88,a4,01,ce,ec,90,54,ef,e6,91,2d,7d,7c,..
    "ljej40"=hex:5e,2c,c0,c3,53,cc,42,9b,9b,cd,3a,09,e8,33,f1,83,b0,e2,f4,6c,56,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg41]
    "ujdew"=hex:20,02,00,00,3c,be,89,f9,00,50,fb,e1,ec,90,54,ef,e6,91,2d,7d,7c,..
    "ljej40"=hex:5e,2c,c0,c3,53,cc,42,9b,9b,cd,3a,09,e8,33,f1,83,b0,e2,f4,6c,85,..

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
    "DisplayName"="Alcohol 120%"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
    "TracesProcessed"=dword:0000002b
    "TracesSuccessful"=dword:00000001

    scanning hidden files ...

    C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\01\10-{FA6CFA19-78C6-434D-25ED-23066FD4582B}-v1-{D2834F11-5CE1-42E2-8361-9FCC992BA754}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
    C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\13\13-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v13-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 984 bytes hidden from API
    C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\31\31-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v31-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1248 bytes hidden from API
    C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\32\32-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v32-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 984 bytes hidden from API
    C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\33\33-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v33-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1504 bytes hidden from API
    C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\34\34-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v34-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v34-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 984 bytes hidden from API
    C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\35\35-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v35-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1104 bytes hidden from API
    C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\36\36-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v36-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1160 bytes hidden from API
    C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\37\37-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v37-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1176 bytes hidden from API
    C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\38\38-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v38-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1384 bytes hidden from API
    C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\39\39-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v39-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1232 bytes hidden from API
    C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\40\40-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v40-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1736 bytes hidden from API
    C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\41\41-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v41-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1112 bytes hidden from API
    C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\42\42-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v42-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1232 bytes hidden from API
    C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\43\43-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v43-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1072 bytes hidden from API
    C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\44\44-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v44-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1408 bytes hidden from API
    C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\45\45-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v45-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 984 bytes hidden from API
    C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\46\46-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v46-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1416 bytes hidden from API
    C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\47\47-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v47-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v47-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1568 bytes hidden from API
    C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\48\48-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v48-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v48-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1152 bytes hidden from API

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 20


    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Wed 6 Aug 2003 193 A.SHR --- "C:\BOOT.BAK"
    Fri 20 Aug 2004 13,312 A..HR --- "C:\WINDOWS\system32\lsass.exe"
    Tue 6 Nov 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Tue 7 Dec 2004 258,352 A..H. --- "C:\Documents and Settings\tom\Bureau\Opendisc (D)\unicows.dll"
    Thu 15 Jan 2004 1,740 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\ccReg.reg"
    Mon 8 Sep 2003 1,740 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\ccReg_old.reg"
    Mon 8 Sep 2003 232,364 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\CommonClient_old.reg"
    Thu 15 Jan 2004 290,546 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\CommonClient.reg"
    Thu 15 Jan 2004 159,344 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\IAM.reg"
    Mon 8 Sep 2003 158,120 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\IAM_old.reg"
    Sat 21 Jun 2003 377,344 A..H. --- "C:\Program Files\Smart Projects\IsoBuster\Help\AHlp.exe"
    Wed 4 Apr 2001 28,738 A..HR --- "C:\Documents and Settings\tom\Bureau\windows XP\MSDE2000\SQLRESLD.DLL"

    Finished!

    RAPPORT HIJACK:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:32:09, on 24/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\MESSAG~1\Demon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\progra~1\softwin\bitdef~1\bdmcon.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\tom\LOCALS~1\Temp\Rar$EX00.031\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} - C:\WINDOWS\system32\awtttqo.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
    O4 - HKLM\..\Run: [IPv6 Helper Driver] csass.exe
    O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe
    O4 - HKLM\..\Run: [_BOOT_WIN32] C:\WINDOWS\System32\bootchk.exe
    O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKLM\..\RunServices: [IPv6 Helper Driver] csass.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Sra] "C:\DOCUME~1\tom\MESDOC~1\DOBE~1\notepad.exe" -vt ndrv
    O4 - HKCU\..\Run: [Leceps] C:\WINDOWS\?ystem32\w?nspool.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Norton Internet Security.lnk = C:\Program Files\Norton Internet Security\nisfirst.exe
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://secure.edhec.com/postauthI/epi.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.clickteam.com/vitalize3/vitalize.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O20 - Winlogon Notify: awtttqo - C:\WINDOWS\
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPxySvc.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IPv6 Helper Driver - Unknown owner - C:\WINDOWS\System32\csass.exe (file missing)
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Unknown owner - C:\Program Files\Norton Internet Security\NISUM.EXE (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    O23 - Service: Windows Service Manager (WSM) - Unknown owner - C:\WINDOWS\System32\winsvc.exe (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 9981 bytes
    25 Novembre 2007 12:20:33

    Ca a pas l'air très bon tout ça...
    a b 8 Sécurité
    25 Novembre 2007 21:11:23

    Refais un scan Combofix.
    26 Novembre 2007 11:16:08

    Voila:

    ComboFix 07-11-19.4 - tom 2007-11-26 11:05:03.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.167 [GMT 1:00]
    Running from: I:\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-10-26 to 2007-11-26 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-24 17:15 <REP> d-------- C:\WINDOWS\ERUNT
    2007-11-24 16:10 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2007-11-24 16:10 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2007-11-24 16:07 <REP> d-------- C:\Program Files\Kaspersky Lab
    2007-11-24 16:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-11-24 16:07 1,372,704 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-11-24 16:07 18,980 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2007-11-24 16:07 11,808 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-11-24 16:07 1,892 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2007-11-24 16:05 <REP> d-------- C:\kav
    2007-11-24 13:34 <REP> d-------- C:\WINDOWS\system32\tmp00007300
    2007-11-23 21:29 <REP> d-------- C:\WINDOWS\AU_Temp
    2007-11-23 19:32 <REP> d-------- C:\Documents and Settings\tom\Application Data\Grisoft
    2007-11-23 19:32 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-11-23 19:31 <REP> d-------- C:\Program Files\CCleaner
    2007-11-23 19:18 <REP> d-------- C:\Program Files\Panda Security
    2007-11-23 18:54 <REP> d-------- C:\Program Files\yjslojel
    2007-11-23 18:54 <REP> d-------- C:\Program Files\MalwareAlarm
    2007-11-23 18:54 <REP> d-------- C:\Program Files\Ezqdexjt
    2007-11-23 18:46 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2007-11-23 18:24 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
    2007-11-23 18:13 <REP> d-------- C:\Program Files\Sierra
    2007-11-23 18:12 <REP> d-------- C:\Documents and Settings\tom\Application Data\InstallShield
    2007-11-13 13:54 <REP> d-------- C:\Documents and Settings\tom\Application Data\Aventail
    2007-11-13 13:54 31,232 --a------ C:\WINDOWS\system32\drivers\odptdi.sys
    2007-11-01 19:24 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-11-01 11:34 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-10-31 20:42 <REP> d-------- C:\Program Files\Google
    2007-10-30 17:25 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
    2007-10-30 17:25 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
    2007-10-30 17:25 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
    2007-10-30 17:24 <REP> d-------- C:\Program Files\MSXML 4.0
    2007-10-29 07:44 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-28 21:45 <REP> d-------- C:\Documents and Settings\tom\Contacts
    2007-10-28 21:44 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-10-27 10:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-26 10:01 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-11-23 23:12 --------- d-----w C:\Program Files\Common Files
    2007-11-23 20:29 86,094 ----a-w C:\WINDOWS\BPMNT.dll
    2007-11-23 20:29 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
    2007-11-23 20:18 71,749 ----a-w C:\WINDOWS\HCExtOutput.dll
    2007-11-23 20:18 267,845 ----a-w C:\WINDOWS\tsc.exe
    2007-11-23 20:08 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
    2007-11-23 20:08 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
    2007-11-23 20:08 286,720 ----a-w C:\WINDOWS\PATCH.EXE
    2007-11-23 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-23 17:44 --------- d-----w C:\Program Files\eMule
    2007-11-23 17:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-28 20:44 --------- d-----w C:\Program Files\MSN Messenger
    2007-10-27 09:02 --------- d-----w C:\Documents and Settings\tom\Application Data\AVG7
    2007-10-25 16:56 8,510,976 ------w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-18 15:44 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
    2007-10-18 15:43 --------- d-----w C:\Program Files\NETGEAR
    2007-10-15 08:15 --------- d-----w C:\Program Files\Wanadoo
    2006-09-25 16:41 80,360 -c--a-w C:\Documents and Settings\tom\Application Data\GDIPFONTCACHEV1.DAT
    2003-09-07 22:59 32 -csha-w C:\WINDOWS\{CB9C41C3-0874-43CE-B1A5-29F69AC29F05}.dat
    2003-09-07 22:59 32 -csha-w C:\WINDOWS\system32\{58A878A1-56E5-41C1-B804-0FC17B50BA30}.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-24_13.36.52.26 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-11-23 17:21:35 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2007-11-24 16:10:48 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2007-11-23 17:21:48 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2007-11-24 16:11:01 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2007-11-23 17:21:49 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2007-11-24 16:11:02 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2007-11-23 17:21:50 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2007-11-24 16:11:04 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    - 2007-11-23 17:21:44 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    + 2007-11-24 16:10:58 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2007-11-23 17:21:27 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2007-11-24 16:10:39 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2007-11-23 17:21:27 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2007-11-24 16:10:39 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2007-11-23 17:21:59 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2007-11-24 16:11:10 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2007-11-23 17:21:39 5,025,792 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2007-11-24 16:10:52 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    - 2007-11-23 17:21:33 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2007-11-24 16:10:47 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2007-11-23 17:21:26 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2007-11-24 16:10:39 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2007-11-23 17:21:28 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2007-11-24 16:10:42 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2007-11-23 17:21:46 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2007-11-24 16:10:59 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    - 2007-11-23 17:21:47 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2007-11-24 16:11:00 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2007-11-23 17:21:47 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2007-11-24 16:11:00 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2007-11-23 17:21:29 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2007-11-24 16:10:44 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2007-11-23 17:21:30 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2007-11-24 16:10:45 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2007-11-23 17:21:31 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2007-11-24 16:10:45 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    - 2007-11-23 17:21:32 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2007-11-24 16:10:46 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    - 2007-11-23 17:21:29 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2007-11-24 16:10:43 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2007-11-23 17:22:02 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2007-11-24 16:11:14 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2007-11-23 17:22:01 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2007-11-24 16:11:13 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2007-11-23 17:21:25 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2007-11-24 16:10:36 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2007-11-23 17:22:00 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2007-11-24 16:11:12 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2007-11-23 17:22:02 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2007-11-24 16:11:14 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2007-11-23 17:21:26 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2007-11-24 16:10:38 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2007-11-23 17:21:25 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2007-11-24 16:10:37 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2007-11-23 17:21:26 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2007-11-24 16:10:37 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2007-11-23 17:21:55 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2007-11-24 16:11:06 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2007-11-23 17:21:35 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2007-11-24 16:10:49 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2007-11-23 17:21:56 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2007-11-24 16:11:07 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2007-11-23 17:21:51 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2007-11-24 16:11:04 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2007-11-23 17:21:28 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2007-11-24 16:10:41 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2007-11-23 17:21:45 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2007-11-24 16:10:59 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    - 2007-11-23 17:21:37 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2007-11-24 16:10:50 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2007-11-23 17:21:36 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2007-11-24 16:10:50 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2007-11-23 17:21:37 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2007-11-24 16:10:51 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2007-11-23 17:21:57 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2007-11-24 16:11:08 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2007-11-23 17:21:52 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2007-11-24 16:11:05 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2007-11-23 17:21:58 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2007-11-24 16:11:09 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2007-11-23 17:21:53 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2007-11-24 16:11:05 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2007-11-23 17:21:54 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2007-11-24 16:11:06 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2007-11-23 17:21:34 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2007-11-24 16:10:47 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2007-11-23 17:21:38 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2007-11-24 16:10:52 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2007-11-23 17:22:00 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2007-11-24 16:11:11 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2007-11-23 17:21:40 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2007-11-24 16:10:53 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2007-11-23 17:21:41 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2007-11-24 16:10:54 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2007-11-23 17:21:42 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2007-11-24 16:10:55 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2007-11-23 17:21:43 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2007-11-24 16:10:56 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2007-11-23 17:21:57 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2007-11-24 16:11:08 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2007-11-24 16:37:57 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\31cb7cbc523cb21ac505b9560cab567f\Accessibility.ni.dll
    + 2007-11-24 16:38:30 888,832 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\7d8fb183693d62d99d872a734513f303\AspNetMMCExt.ni.dll
    + 2007-11-24 16:38:34 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\f0814fd866e6b64c5e43101965c6060a\CustomMarshalers.ni.dll
    + 2007-11-24 16:38:32 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\ee21691584f83a5822d97bb4f4bfc0b0\dfsvc.ni.exe
    + 2007-11-24 16:45:02 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\4edb73580c191007d320677e08033500\Microsoft.Build.Engine.ni.dll
    + 2007-11-24 16:45:12 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\7d37a7196354fdc1f9bc5f1f26dcd4db\Microsoft.Build.Framework.ni.dll
    + 2007-11-24 16:45:26 1,687,552 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\df4522c5ccc45e98618ca1a9c04d650a\Microsoft.Build.Tasks.ni.dll
    + 2007-11-24 16:45:28 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\041ad1bfc026e2d3327974c1f12c6d6b\Microsoft.Build.Utilities.ni.dll
    + 2007-11-24 16:45:47 1,720,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7ea1d2b18169a5d05d617efd8be90fe5\Microsoft.VisualBasic.ni.dll
    + 2007-11-24 16:22:42 11,304,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\a02c0fae2b5a793207cf5a74ca066bca\mscorlib.ni.dll
    + 2007-11-24 16:45:58 1,003,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\8b71ff9630ee6ab8fde50073e682e48f\System.Configuration.ni.dll
    + 2007-11-24 16:24:16 6,676,480 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\b6f5c054f651cff2ebe073738dd85800\System.Data.ni.dll
    + 2007-11-24 16:46:13 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\60ff83d0e536d2ddcd5a2d8f92ac7d16\System.Deployment.ni.dll
    + 2007-11-24 16:25:04 10,702,848 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\c3126143807ea23274fa4341c5e80ffd\System.Design.ni.dll
    + 2007-11-24 16:46:28 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\3d5fa418a1886d272c6d44ac271a606f\System.DirectoryServices.Protocols.ni.dll
    + 2007-11-24 16:46:24 1,216,512 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c4c6e3fd5788ac6103f0b3227a871cd4\System.DirectoryServices.ni.dll
    + 2007-11-24 16:25:11 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\62427df4640d1ea40ce54dcd8dadfc82\System.Drawing.Design.ni.dll
    + 2007-11-24 16:25:08 1,601,536 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\2e043f07f55890df1b70b8c2445aa3e4\System.Drawing.ni.dll
    + 2007-11-24 16:46:34 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f3da548e3019df7fe6e628832a38bae1\System.EnterpriseServices.ni.dll
    + 2007-11-24 16:46:33 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f3da548e3019df7fe6e628832a38bae1\System.EnterpriseServices.Wrapper.dll
    + 2007-11-24 16:46:42 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\e4da1db17aa9e4a3d8f988ddda872a87\System.Security.ni.dll
    + 2007-11-24 16:46:58 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\a06176c104a3aa019446bcf5c3cad9c4\System.Transactions.ni.dll
    + 2007-11-24 16:48:11 2,306,048 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\dbc0dfad9b4cb842bfdccd190f07ad47\System.Web.Mobile.ni.dll
    + 2007-11-24 16:48:13 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\af1dd4d759dd4d448a84079e5fe4e4b7\System.Web.RegularExpressions.ni.dll
    + 2007-11-24 16:48:24 1,941,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f1f90f9177aa25514b6ea35774de708f\System.Web.Services.ni.dll
    + 2007-11-24 16:47:54 12,185,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\f6e6b0393ee83f9a47f842d77ebdc9e6\System.Web.ni.dll
    + 2007-11-24 16:25:36 13,107,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a1e42d1d882700c6db37f34b9e4f487c\System.Windows.Forms.ni.dll
    + 2007-11-24 16:25:49 5,623,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\272c0c8e5012b9f027ccfd9af57eb3ad\System.Xml.ni.dll
    + 2007-11-24 16:23:51 8,130,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\c4e516d59c95c07ed09d592b2494087e\System.ni.dll
    + 2007-11-23 12:11:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    + 2007-11-24 16:16:00 5,177,344 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
    + 2007-11-24 16:16:00 16,384 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    + 2007-11-23 12:11:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2007-11-24 16:15:49 5,177,344 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
    + 2007-11-24 16:15:50 16,384 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
    - 2005-09-23 06:28:58 55,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
    + 2007-04-13 02:21:18 58,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
    - 2005-09-23 06:28:32 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
    + 2007-04-13 02:20:52 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
    - 2005-09-23 06:28:32 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
    + 2007-04-13 02:20:52 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
    - 2005-09-23 06:28:32 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
    + 2007-04-13 02:20:52 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
    - 2005-09-23 06:28:32 70,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
    + 2007-04-13 02:20:50 75,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
    - 2005-09-23 06:28:32 26,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
    + 2007-04-13 02:20:52 32,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
    - 2005-09-23 06:28:32 29,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    + 2007-04-13 02:20:52 33,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    - 2005-09-23 06:28:32 29,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2007-04-13 02:20:52 32,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    - 2005-09-23 06:28:32 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
    + 2007-04-13 02:20:52 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
    - 2005-09-23 06:28:56 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
    + 2007-04-13 02:21:16 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
    - 2005-09-23 06:28:38 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
    + 2007-04-13 02:20:58 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
    - 2005-09-23 06:28:56 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
    + 2007-04-13 02:21:16 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
    - 2005-09-23 06:28:56 224,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
    + 2007-04-13 02:21:16 228,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
    - 2005-09-23 06:28:56 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
    + 2007-04-13 02:21:16 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
    - 2005-09-23 06:28:48 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
    + 2007-04-13 02:21:10 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
    - 2005-09-23 06:28:48 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
    + 2007-04-13 02:21:10 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
    - 2005-09-23 06:28:48 745,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
    + 2007-04-13 02:21:08 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
    - 2005-09-23 06:28:32 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
    + 2007-04-13 02:20:52 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
    - 2005-09-23 06:28:56 800,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2007-04-13 02:21:18 802,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    - 2005-09-23 06:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
    + 2007-04-13 02:21:16 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
    - 2005-09-23 06:28:56 326,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    + 2007-04-13 02:21:16 326,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    - 2005-09-23 06:28:56 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2007-04-13 02:21:16 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    - 2005-09-23 06:28:56 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
    + 2007-04-13 02:21:16 102,912 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
    - 2005-09-23 06:28:56 226,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
    + 2007-04-13 02:21:18 227,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
    - 2005-09-23 06:28:56 66,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    + 2007-04-13 02:21:18 68,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    - 2005-09-23 06:28:50 5,615,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2007-04-13 02:21:12 5,634,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    - 2005-09-23 06:28:56 96,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
    + 2007-04-13 02:21:16 99,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
    - 2005-09-23 06:28:56 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
    + 2007-04-13 02:21:18 15,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
    - 2005-09-23 06:28:50 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
    + 2007-04-13 02:21:12 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
    - 2005-09-23 06:28:56 377,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2007-04-13 02:21:18 382,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    - 2005-09-23 06:28:56 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
    + 2007-04-13 02:21:18 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
    - 2005-09-23 06:28:58 389,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
    + 2007-04-13 02:21:18 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
    - 2005-09-23 06:28:56 2,878,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
    + 2007-04-13 02:21:16 2,902,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
    - 2005-09-23 06:28:56 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
    + 2007-04-13 02:21:18 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
    - 2005-09-23 06:28:56 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
    + 2007-04-13 02:21:18 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
    - 2005-09-23 06:28:38 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
    + 2007-04-13 02:20:58 888,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
    - 2005-09-23 06:28:56 5,050,368 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
    + 2007-04-13 02:21:16 5,001,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
    - 2005-09-23 06:28:56 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
    + 2007-04-13 02:21:18 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
    - 2005-09-23 06:28:56 3,018,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
    + 2007-04-13 02:21:16 2,940,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
    - 2005-09-23 06:28:56 700,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
    + 2007-04-13 02:21:16 577,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
    - 2005-09-23 06:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
    + 2007-04-13 02:21:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
    - 2005-09-23 06:28:56 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
    + 2007-04-13 02:21:18 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
    - 2005-09-23 06:28:56 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
    + 2007-04-13 02:21:18 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
    - 2005-09-23 06:28:56 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
    + 2007-04-13 02:21:16 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
    - 2005-09-23 06:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
    + 2007-04-13 02:21:16 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
    - 2005-09-23 06:28:56 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
    + 2007-04-13 02:21:18 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
    - 2005-09-23 06:28:56 5,025,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2007-04-13 02:21:16 5,156,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    - 2005-09-23 06:28:56 5,316,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    + 2007-04-13 02:21:16 5,152,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    - 2005-09-23 06:28:56 2,035,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
    + 2007-04-13 02:21:16 2,027,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
    - 2005-09-23 06:29:06 1,140,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    + 2007-04-13 02:21:28 1,166,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    - 2005-09-23 06:28:30 1,306,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
    + 2007-04-13 02:20:50 1,330,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
    - 2005-09-23 06:28:32 298,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    + 2007-04-13 02:20:52 406,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    - 2005-05-18 16:29:48 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2007-11-24 15:36:20 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2005-05-18 16:29:48 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2007-11-24 15:36:20 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2005-05-18 16:29:48 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2007-11-24 15:36:20 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2007-04-28 15:51:02 110,360 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
    + 2007-06-27 16:31:58 186,640 ----a-w C:\WINDOWS\system32\drivers\klif.sys
    + 2007-04-04 13:58:26 24,344 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
    + 2007-06-28 11:50:52 22,457 ----a-w C:\WINDOWS\system32\drivers\klop.dat
    + 2007-06-28 11:51:48 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
    - 2005-09-23 06:28:52 270,848 ----a-w C:\WINDOWS\system32\mscoree.dll
    + 2007-04-13 02:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
    - 2007-11-23 17:23:57 62,344 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2007-11-24 16:11:38 62,344 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2007-11-23 17:23:57 75,266 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2007-11-24 16:11:38 75,266 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2007-11-23 17:23:57 401,064 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2007-11-24 16:11:38 401,064 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2007-11-23 17:23:57 468,072 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2007-11-24 16:11:38 468,072 ----a-w C:\WINDOWS\system32\perfh00C.dat
    - 2007-11-23 17:21:27 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2007-11-24 16:10:39 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    - 2007-11-23 17:21:27 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2007-11-24 16:10:39 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468}]
    C:\WINDOWS\system32\awtttqo.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-08 20:32]
    "Sra"="C:\DOCUME~1\tom\MESDOC~1\DOBE~1\notepad.exe" []
    "Leceps"="C:\WINDOWS\?ystem32\w?nspool.exe" [2002-08-30 12:00]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2003-04-24 15:53 C:\WINDOWS\SOUNDMAN.EXE]
    "EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 08:43]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-19 12:31]
    "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31]
    "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2002-06-07 11:34]
    "CleanEasyImg"="c:\apps\easydvd\cleanall.exe" []
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2003-07-15 14:36]
    "ccRegVfy"="C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2003-07-15 14:42]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-08-06 20:16]
    "Demon"="C:\PROGRA~1\MESSAG~1\Demon.exe" [2002-09-03 10:26]
    "KAZAA"="C:\Program Files\Kazaa\kazaa.exe" []
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-08-06 20:15]
    "NsUpdate"="C:\WINDOWS\NsUpdate.exe" []
    "IPv6 Helper Driver"="csass.exe" []
    "windows auto update"="" []
    "Microsoft Inet Xp.."="" []
    "windows automation"="" []
    "www.hidro.4t.com"="" []
    "BDMCon"="C:\progra~1\softwin\bitdef~1\bdmcon.exe" [2004-03-01 13:41]
    "BDNewsAgent"="C:\progra~1\softwin\bitdef~1\bdnagent.exe" [2004-07-28 22:40]
    "_BOOT_WIN32"="C:\WINDOWS\System32\bootchk.exe" []
    "hpfsched"="C:\WINDOWS\hpfsched.exe" [1998-09-23 22:42]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 18:19]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 18:57]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 18:51]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "IPv6 Helper Driver"="csass.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]

    [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468}"= C:\WINDOWS\system32\awtttqo.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtttqo]
    C:\WINDOWS\system32\klogon.dll 2007-06-28 12:51 206088 C:\WINDOWS\system32\klogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

    R1 Odptdi;Odptdi;\??\C:\WINDOWS\system32\drivers\odptdi.sys
    R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys
    R2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS
    R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
    S2 IPv6 Helper Driver;IPv6 Helper Driver;"C:\WINDOWS\System32\csass.exe" -service
    S2 WSM;Windows Service Manager;"C:\WINDOWS\System32\winsvc.exe" -service
    S3 Fadpu16E;Fadpu16E;\??\C:\DOCUME~1\tom\LOCALS~1\Temp\Fadpu16E.sys
    S3 NetMate;CATC USB/Ethernet Link device driver;C:\WINDOWS\system32\DRIVERS\netmate2.sys
    S3 PID_0920;Labtec WebCam(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
    S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2003-09-20 21:00:43 C:\WINDOWS\Tasks\HDReg.job"
    - c:\Apps\HDReg\HDRegRem.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-26 11:09:06
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-26 11:10:23
    C:\ComboFix2.txt ... 2007-11-24 13:38
    .
    --- E O F ---
    26 Novembre 2007 17:13:54

    Est-ce que quelqu'un peut venir à mon secours ?
    a b 8 Sécurité
    26 Novembre 2007 17:53:16

    Un peu de patience ? :) 

    Télécharge Clean.zip (de Malekal),
    Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
    26 Novembre 2007 18:26:02

    Voici:

    26/11/2007 a 18:22:06,62

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\
    C:\WINDOWS\UnGins.exe FOUND

    *** Recherche des fichiers dans C:\WINDOWS\system32
    C:\WINDOWS\system32\mcrh.tmp FOUND
    "C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND

    *** Recherche des fichiers dans C:\Program Files
    "C:\Program Files\Fichiers communs\Totem Shared\" FOUND
    "C:\Program Files\MalwareAlarm\" FOUND
    "C:\Program Files\Viewpoint\" FOUND
    *** Fin du rapport !
    a b 8 Sécurité
    26 Novembre 2007 18:48:21

    Re,

    Redémarre en mode sans échec

    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 2 puis patiente.

    Redémarre normalement.

    Poste le rapport clean : C:\rapport_clean.txt
    26 Novembre 2007 19:38:11

    tadam !

    Script execute en mode sans echec
    Rapport clean par Malekal_morte - http://www.malekal.com
    Script execute en mode sans echec 26/11/2007 a 19:25:33,15

    Microsoft Windows XP [version 5.1.2600]

    *** Suppression des fichiers dans C:

    *** Suppression des fichiers dans C:\WINDOWS\
    tentative de suppression de C:\WINDOWS\UnGins.exe

    *** Suppression des fichiers dans C:\WINDOWS\system32
    tentative de suppression de C:\WINDOWS\system32\mcrh.tmp
    tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"

    *** Suppression des fichiers dans C:\Program Files
    tentative de suppression de "C:\Program Files\Fichiers communs\Totem Shared\"
    tentative de suppression de "C:\Program Files\MalwareAlarm\" - ATTENTION il est recommandé d'utiliser SmitFraudfix!
    tentative de suppression de "C:\Program Files\Viewpoint\"

    *** Suppression des clefs du registre effectuee..
    *** Fin du rapport !
    a b 8 Sécurité
    26 Novembre 2007 20:01:11

    Re,

    Télécharge Smitfraudfix (de S!ri).
    Enregistre-le sur ton bureau.
    Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
    Choisis l'Option 1 (Recherche)
    Poste le premier rapport ici.

    **Si le lien ne fonctionne pas, clique ici**
    26 Novembre 2007 20:31:55

    Voilou:

    SmitFraudFix v2.255

    Rapport fait à 20:30:13,59, 26/11/2007
    Executé à partir de C:\Documents and Settings\tom\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\MESSAG~1\Demon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\apps\ABoard\AOSD.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wscntfy.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\tom


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\tom\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\tom\Favoris


    »»»»»»»»»»»»»»»»»»»»»»»» Bureau


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1.0\\adialhk.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS



    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    a b 8 Sécurité
    26 Novembre 2007 20:57:58

    Reposte un rapport Hijackthis.
    26 Novembre 2007 21:07:18

    Re,

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:05:59, on 26/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\MESSAG~1\Demon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\apps\ABoard\AOSD.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\tom\Bureau\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} - C:\WINDOWS\system32\awtttqo.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
    O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IPv6 Helper Driver] csass.exe
    O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe
    O4 - HKLM\..\Run: [_BOOT_WIN32] C:\WINDOWS\System32\bootchk.exe
    O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKLM\..\RunServices: [IPv6 Helper Driver] csass.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Sra] "C:\DOCUME~1\tom\MESDOC~1\DOBE~1\notepad.exe" -vt ndrv
    O4 - HKCU\..\Run: [Leceps] C:\WINDOWS\?ystem32\w?nspool.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Norton Internet Security.lnk = C:\Program Files\Norton Internet Security\nisfirst.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://secure.edhec.com/postauthI/epi.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.clickteam.com/vitalize3/vitalize.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O20 - Winlogon Notify: awtttqo - C:\WINDOWS\
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPxySvc.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IPv6 Helper Driver - Unknown owner - C:\WINDOWS\System32\csass.exe (file missing)
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Unknown owner - C:\Program Files\Norton Internet Security\NISUM.EXE (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    O23 - Service: Windows Service Manager (WSM) - Unknown owner - C:\WINDOWS\System32\winsvc.exe (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 9532 bytes
    a b 8 Sécurité
    26 Novembre 2007 21:43:05

    Refais un scan Combofix, on attaque.
    26 Novembre 2007 21:55:10

    ComboFix 07-11-19.4 - tom 2007-11-26 21:49:03.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.308 [GMT 1:00]
    Running from: I:\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-10-26 to 2007-11-26 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-26 20:30 4,124 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-26 20:29 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-11-26 20:29 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-11-26 20:29 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-11-26 20:29 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-11-26 20:29 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-11-24 17:15 <REP> d-------- C:\WINDOWS\ERUNT
    2007-11-24 16:10 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2007-11-24 16:10 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2007-11-24 16:07 <REP> d-------- C:\Program Files\Kaspersky Lab
    2007-11-24 16:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-11-24 16:07 2,610,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-11-24 16:07 29,948 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2007-11-24 16:07 16,416 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-11-24 16:07 2,420 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2007-11-24 16:05 <REP> d-------- C:\kav
    2007-11-24 13:34 <REP> d-------- C:\WINDOWS\system32\tmp00007300
    2007-11-23 21:29 <REP> d-------- C:\WINDOWS\AU_Temp
    2007-11-23 19:32 <REP> d-------- C:\Documents and Settings\tom\Application Data\Grisoft
    2007-11-23 19:32 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-11-23 19:31 <REP> d-------- C:\Program Files\CCleaner
    2007-11-23 19:18 <REP> d-------- C:\Program Files\Panda Security
    2007-11-23 18:54 <REP> d-------- C:\Program Files\yjslojel
    2007-11-23 18:54 <REP> d-------- C:\Program Files\Ezqdexjt
    2007-11-23 18:46 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2007-11-23 18:24 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
    2007-11-23 18:13 <REP> d-------- C:\Program Files\Sierra
    2007-11-23 18:12 <REP> d-------- C:\Documents and Settings\tom\Application Data\InstallShield
    2007-11-13 13:54 <REP> d-------- C:\Documents and Settings\tom\Application Data\Aventail
    2007-11-13 13:54 31,232 --a------ C:\WINDOWS\system32\drivers\odptdi.sys
    2007-11-01 19:24 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-11-01 11:34 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-10-31 20:42 <REP> d-------- C:\Program Files\Google
    2007-10-30 17:25 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
    2007-10-30 17:25 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
    2007-10-30 17:25 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
    2007-10-30 17:24 <REP> d-------- C:\Program Files\MSXML 4.0
    2007-10-29 07:44 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-28 21:45 <REP> d-------- C:\Documents and Settings\tom\Contacts
    2007-10-28 21:44 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-10-28 11:54 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
    2007-10-28 11:54 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
    2007-10-28 11:54 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
    2007-10-28 11:54 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
    2007-10-27 10:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-26 18:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-11-23 23:12 --------- d-----w C:\Program Files\Common Files
    2007-11-23 20:29 86,094 ----a-w C:\WINDOWS\BPMNT.dll
    2007-11-23 20:29 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
    2007-11-23 20:18 71,749 ----a-w C:\WINDOWS\HCExtOutput.dll
    2007-11-23 20:18 267,845 ----a-w C:\WINDOWS\tsc.exe
    2007-11-23 20:08 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
    2007-11-23 20:08 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
    2007-11-23 20:08 286,720 ----a-w C:\WINDOWS\PATCH.EXE
    2007-11-23 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-23 17:44 --------- d-----w C:\Program Files\eMule
    2007-11-23 17:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-28 20:44 --------- d-----w C:\Program Files\MSN Messenger
    2007-10-27 09:02 --------- d-----w C:\Documents and Settings\tom\Application Data\AVG7
    2007-10-25 16:56 8,510,976 ------w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-18 15:44 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
    2007-10-18 15:43 --------- d-----w C:\Program Files\NETGEAR
    2007-10-15 08:15 --------- d-----w C:\Program Files\Wanadoo
    2006-09-25 16:41 80,360 -c--a-w C:\Documents and Settings\tom\Application Data\GDIPFONTCACHEV1.DAT
    2003-09-07 22:59 32 -csha-w C:\WINDOWS\{CB9C41C3-0874-43CE-B1A5-29F69AC29F05}.dat
    2003-09-07 22:59 32 -csha-w C:\WINDOWS\system32\{58A878A1-56E5-41C1-B804-0FC17B50BA30}.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2007-11-26_11.09.19,89 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-11-24 15:36:20 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2007-11-26 17:24:05 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2007-11-24 15:36:20 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2007-11-26 17:24:05 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2007-11-24 15:36:20 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2007-11-26 17:24:05 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468}]
    C:\WINDOWS\system32\awtttqo.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-08 20:32]
    "Sra"="C:\DOCUME~1\tom\MESDOC~1\DOBE~1\notepad.exe" []
    "Leceps"="C:\WINDOWS\?ystem32\w?nspool.exe" [2002-08-30 12:00]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2003-04-24 15:53 C:\WINDOWS\SOUNDMAN.EXE]
    "EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 08:43]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-19 12:31]
    "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31]
    "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2002-06-07 11:34]
    "CleanEasyImg"="c:\apps\easydvd\cleanall.exe" []
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2003-07-15 14:36]
    "ccRegVfy"="C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2003-07-15 14:42]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-08-06 20:16]
    "Demon"="C:\PROGRA~1\MESSAG~1\Demon.exe" [2002-09-03 10:26]
    "KAZAA"="C:\Program Files\Kazaa\kazaa.exe" []
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-08-06 20:15]
    "IPv6 Helper Driver"="csass.exe" []
    "windows auto update"="" []
    "Microsoft Inet Xp.."="" []
    "windows automation"="" []
    "www.hidro.4t.com"="" []
    "BDMCon"="C:\progra~1\softwin\bitdef~1\bdmcon.exe" [2004-03-01 13:41]
    "BDNewsAgent"="C:\progra~1\softwin\bitdef~1\bdnagent.exe" [2004-07-28 22:40]
    "_BOOT_WIN32"="C:\WINDOWS\System32\bootchk.exe" []
    "hpfsched"="C:\WINDOWS\hpfsched.exe" [1998-09-23 22:42]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 18:19]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 18:57]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 18:51]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "IPv6 Helper Driver"="csass.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]

    [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468}"= C:\WINDOWS\system32\awtttqo.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtttqo]
    C:\WINDOWS\system32\klogon.dll 2007-06-28 12:51 206088 C:\WINDOWS\system32\klogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

    R1 Odptdi;Odptdi;\??\C:\WINDOWS\system32\drivers\odptdi.sys
    R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys
    R2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS
    R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
    S2 IPv6 Helper Driver;IPv6 Helper Driver;"C:\WINDOWS\System32\csass.exe" -service
    S2 WSM;Windows Service Manager;"C:\WINDOWS\System32\winsvc.exe" -service
    S3 Fadpu16E;Fadpu16E;\??\C:\DOCUME~1\tom\LOCALS~1\Temp\Fadpu16E.sys
    S3 NetMate;CATC USB/Ethernet Link device driver;C:\WINDOWS\system32\DRIVERS\netmate2.sys
    S3 PID_0920;Labtec WebCam(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
    S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2003-09-20 21:00:43 C:\WINDOWS\Tasks\HDReg.job"
    - c:\Apps\HDReg\HDRegRem.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-26 21:52:48
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-26 21:54:11
    C:\ComboFix2.txt ... 2007-11-26 11:10
    C:\ComboFix3.txt ... 2007-11-24 13:38
    .
    --- E O F ---
    a b 8 Sécurité
    27 Novembre 2007 19:06:12

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\awtttqo.dll
    C:\WINDOWS\System32\bootchk.exe

    Folder::
    C:\Program Files\yjslojel
    C:\Program Files\Ezqdexjt
    C:\Program Files\Kazaa

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sra"=-
    "Leceps"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "KAZAA"=-
    "IPv6 Helper Driver"=-
    "windows auto update"=-
    "Microsoft Inet Xp.."=-
    "windows automation"=-
    "www.hidro.4t.com"=-
    "_BOOT_WIN32"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "IPv6 Helper Driver"=-
    [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtttqo]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    28 Novembre 2007 14:03:54

    Voila !

    Je ne suis pas sûr que mes antivirus soient complétement désactivé, je les ai quittés et éteint .

    COMBOFIX

    ComboFix 07-11-19.4 - tom 2007-11-28 13:47:50.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.200 [GMT 1:00]
    Running from: C:\Documents and Settings\tom\Bureau\ComboFix.exe
    Command switches used :: I:\CFScript.txt
    * Created a new restore point

    FILE
    C:\WINDOWS\system32\awtttqo.dll
    C:\WINDOWS\System32\bootchk.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Ezqdexjt
    C:\Program Files\yjslojel
    C:\Program Files\yjslojel\axermxyp.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-26 20:30 4,124 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-26 20:29 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-11-26 20:29 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-11-26 20:29 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-11-26 20:29 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-11-26 20:29 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-11-24 17:15 <REP> d-------- C:\WINDOWS\ERUNT
    2007-11-24 16:10 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2007-11-24 16:10 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2007-11-24 16:07 <REP> d-------- C:\Program Files\Kaspersky Lab
    2007-11-24 16:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-11-24 16:07 2,637,856 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-11-24 16:07 36,380 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2007-11-24 16:07 19,232 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-11-24 16:07 2,852 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2007-11-24 16:05 <REP> d-------- C:\kav
    2007-11-24 13:34 <REP> d-------- C:\WINDOWS\system32\tmp00007300
    2007-11-23 21:29 <REP> d-------- C:\WINDOWS\AU_Temp
    2007-11-23 19:32 <REP> d-------- C:\Documents and Settings\tom\Application Data\Grisoft
    2007-11-23 19:32 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-11-23 19:31 <REP> d-------- C:\Program Files\CCleaner
    2007-11-23 19:18 <REP> d-------- C:\Program Files\Panda Security
    2007-11-23 18:46 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2007-11-23 18:24 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
    2007-11-23 18:13 <REP> d-------- C:\Program Files\Sierra
    2007-11-23 18:12 <REP> d-------- C:\Documents and Settings\tom\Application Data\InstallShield
    2007-11-13 13:54 <REP> d-------- C:\Documents and Settings\tom\Application Data\Aventail
    2007-11-13 13:54 31,232 --a------ C:\WINDOWS\system32\drivers\odptdi.sys
    2007-11-01 19:24 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-11-01 11:34 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-10-31 20:42 <REP> d-------- C:\Program Files\Google
    2007-10-30 17:25 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
    2007-10-30 17:25 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
    2007-10-30 17:25 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
    2007-10-30 17:24 <REP> d-------- C:\Program Files\MSXML 4.0
    2007-10-29 07:44 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-28 21:45 <REP> d-------- C:\Documents and Settings\tom\Contacts
    2007-10-28 21:44 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-10-28 11:54 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
    2007-10-28 11:54 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
    2007-10-28 11:54 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
    2007-10-28 11:54 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-28 12:54 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-11-23 23:12 --------- d-----w C:\Program Files\Common Files
    2007-11-23 20:29 86,094 ----a-w C:\WINDOWS\BPMNT.dll
    2007-11-23 20:29 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
    2007-11-23 20:18 71,749 ----a-w C:\WINDOWS\HCExtOutput.dll
    2007-11-23 20:18 267,845 ----a-w C:\WINDOWS\tsc.exe
    2007-11-23 20:08 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
    2007-11-23 20:08 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
    2007-11-23 20:08 286,720 ----a-w C:\WINDOWS\PATCH.EXE
    2007-11-23 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-23 17:44 --------- d-----w C:\Program Files\eMule
    2007-11-23 17:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-28 20:44 --------- d-----w C:\Program Files\MSN Messenger
    2007-10-27 09:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
    2007-10-27 09:02 --------- d-----w C:\Documents and Settings\tom\Application Data\AVG7
    2007-10-18 15:44 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
    2007-10-18 15:43 --------- d-----w C:\Program Files\NETGEAR
    2007-10-15 08:15 --------- d-----w C:\Program Files\Wanadoo
    2006-09-25 16:41 80,360 -c--a-w C:\Documents and Settings\tom\Application Data\GDIPFONTCACHEV1.DAT
    2003-09-07 22:59 32 -csha-w C:\WINDOWS\{CB9C41C3-0874-43CE-B1A5-29F69AC29F05}.dat
    2003-09-07 22:59 32 -csha-w C:\WINDOWS\system32\{58A878A1-56E5-41C1-B804-0FC17B50BA30}.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2007-11-26_11.09.19,89 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-11-24 15:36:20 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2007-11-26 17:24:05 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2007-11-24 15:36:20 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2007-11-26 17:24:05 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2007-11-24 15:36:20 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2007-11-26 17:24:05 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-08 20:32]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2003-04-24 15:53 C:\WINDOWS\SOUNDMAN.EXE]
    "EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 08:43]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-19 12:31]
    "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31]
    "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2002-06-07 11:34]
    "CleanEasyImg"="c:\apps\easydvd\cleanall.exe" []
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2003-07-15 14:36]
    "ccRegVfy"="C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2003-07-15 14:42]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-08-06 20:16]
    "Demon"="C:\PROGRA~1\MESSAG~1\Demon.exe" [2002-09-03 10:26]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-08-06 20:15]
    "BDMCon"="C:\progra~1\softwin\bitdef~1\bdmcon.exe" [2004-03-01 13:41]
    "BDNewsAgent"="C:\progra~1\softwin\bitdef~1\bdnagent.exe" [2004-07-28 22:40]
    "hpfsched"="C:\WINDOWS\hpfsched.exe" [1998-09-23 22:42]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 18:19]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 18:57]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 18:51]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtttqo]
    C:\WINDOWS\system32\klogon.dll 2007-06-28 12:51 206088 C:\WINDOWS\system32\klogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

    R1 Odptdi;Odptdi;\??\C:\WINDOWS\system32\drivers\odptdi.sys
    R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys
    R2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS
    R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
    S2 IPv6 Helper Driver;IPv6 Helper Driver;"C:\WINDOWS\System32\csass.exe" -service
    S2 WSM;Windows Service Manager;"C:\WINDOWS\System32\winsvc.exe" -service
    S3 Fadpu16E;Fadpu16E;\??\C:\DOCUME~1\tom\LOCALS~1\Temp\Fadpu16E.sys
    S3 NetMate;CATC USB/Ethernet Link device driver;C:\WINDOWS\system32\DRIVERS\netmate2.sys
    S3 PID_0920;Labtec WebCam(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
    S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2003-09-20 21:00:43 C:\WINDOWS\Tasks\HDReg.job"
    - c:\Apps\HDReg\HDRegRem.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-28 13:55:26
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-28 13:58:11 - machine was rebooted
    C:\ComboFix2.txt ... 2007-11-26 21:54
    C:\ComboFix3.txt ... 2007-11-26 11:10
    .
    --- E O F ---


    HIJACKTHIS

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:00:04, on 28/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\MESSAG~1\Demon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\progra~1\softwin\bitdef~1\bdmcon.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Documents and Settings\tom\Bureau\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe
    O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Norton Internet Security.lnk = C:\Program Files\Norton Internet Security\nisfirst.exe
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://secure.edhec.com/postauthI/epi.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.clickteam.com/vitalize3/vitalize.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O20 - Winlogon Notify: awtttqo - C:\WINDOWS\
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPxySvc.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IPv6 Helper Driver - Unknown owner - C:\WINDOWS\System32\csass.exe (file missing)
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Unknown owner - C:\Program Files\Norton Internet Security\NISUM.EXE (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    O23 - Service: Windows Service Manager (WSM) - Unknown owner - C:\WINDOWS\System32\winsvc.exe (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 9268 bytes


    a b 8 Sécurité
    28 Novembre 2007 17:01:29

    C'est mieux ?
    28 Novembre 2007 17:07:29

    Bah je sais pas à toi de me le dire...
    28 Novembre 2007 17:11:23

    Moi je vois pas la différence pour l'instant... j'avais plus vraiment de soucis depuis hier.
    a b 8 Sécurité
    28 Novembre 2007 18:11:33

    Des questions ?
    29 Novembre 2007 13:00:39

    non pas de questions mais merci pour tout !
    a b 8 Sécurité
    29 Novembre 2007 18:20:09

    Bon surf.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS