problème plusieurs virus (generic, purityscan...)

Bonjour,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

Double clique combofix.exe.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Voici voila:

ComboFix 07-11-19.3 - tom 2007-11-24 13:24:53.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.382 [GMT 1:00]
Running from: I:\ComboFix.exe
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\mxenyzkl.dll
C:\Documents and Settings\tom\Bureau\Find Spyware Remover.lnk
C:\Documents and Settings\tom\Bureau\Free Online Dating.lnk
C:\Documents and Settings\tom\Bureau\Go to Casino.lnk
C:\Documents and Settings\tom\Menu Démarrer\Programmes\Outerinfo
C:\Documents and Settings\tom\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\tom\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
C:\Documents and Settings\tom\Mes documents\DOBE~1
C:\Documents and Settings\tom\Mes documents\DOBE~1\?dobe\
C:\Documents and Settings\tom\Mes documents\DOBE~1\notepad.exe
C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\smss.exe
C:\Program Files\Ultimate Cleaner
C:\WINDOWS\avp.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\mgrs.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\drvbujr.dll
C:\WINDOWS\system32\gha.dll
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\tnrtmwuk
C:\WINDOWS\system32\tnrtmwuk\bg1.gif
C:\WINDOWS\system32\tnrtmwuk\bgtop.gif
C:\WINDOWS\system32\tnrtmwuk\bottom1.gif
C:\WINDOWS\system32\tnrtmwuk\essentials.gif
C:\WINDOWS\system32\tnrtmwuk\icon1.ico
C:\WINDOWS\system32\tnrtmwuk\install1.gif
C:\WINDOWS\system32\tnrtmwuk\left1.gif
C:\WINDOWS\system32\tnrtmwuk\li.gif
C:\WINDOWS\system32\tnrtmwuk\logo.gif
C:\WINDOWS\system32\tnrtmwuk\main.htm
C:\WINDOWS\system32\tnrtmwuk\mainframe.htm
C:\WINDOWS\system32\tnrtmwuk\reinstall1.gif
C:\WINDOWS\system32\tnrtmwuk\right1.gif
C:\WINDOWS\system32\tnrtmwuk\s1.htm
C:\WINDOWS\system32\tnrtmwuk\s2.htm
C:\WINDOWS\system32\tnrtmwuk\s3.htm
C:\WINDOWS\system32\tnrtmwuk\SMTop1.gif
C:\WINDOWS\system32\tnrtmwuk\SMTop2.gif
C:\WINDOWS\system32\tnrtmwuk\SMTop3.gif
C:\WINDOWS\system32\tnrtmwuk\SMTop4.gif
C:\WINDOWS\system32\tnrtmwuk\soft1_off.gif
C:\WINDOWS\system32\tnrtmwuk\soft1_off_ext.gif
C:\WINDOWS\system32\tnrtmwuk\soft1_on.gif
C:\WINDOWS\system32\tnrtmwuk\soft1_on_ext.gif
C:\WINDOWS\system32\tnrtmwuk\soft2_off.gif
C:\WINDOWS\system32\tnrtmwuk\soft2_off_ext.gif
C:\WINDOWS\system32\tnrtmwuk\soft2_on.gif
C:\WINDOWS\system32\tnrtmwuk\soft2_on_ext.gif
C:\WINDOWS\system32\tnrtmwuk\soft3_off.gif
C:\WINDOWS\system32\tnrtmwuk\soft3_off_ext.gif
C:\WINDOWS\system32\tnrtmwuk\soft3_on.gif
C:\WINDOWS\system32\tnrtmwuk\soft3_on_ext.gif
C:\WINDOWS\system32\tnrtmwuk\softbottom_off.gif
C:\WINDOWS\system32\tnrtmwuk\softbottom_on.gif
C:\WINDOWS\system32\tnrtmwuk\softleft_off.gif
C:\WINDOWS\system32\tnrtmwuk\softleft_on.gif
C:\WINDOWS\system32\tnrtmwuk\tnrtmwuk1.exe
C:\WINDOWS\system32\tnrtmwuk\tnrtmwuk2.exe
C:\WINDOWS\system32\tnrtmwuk\top1.gif
C:\WINDOWS\system32\tnrtmwuk\top2.gif
C:\WINDOWS\system32\tnrtmwuk\turnoff1.gif
C:\WINDOWS\system32\tnrtmwuk\turnon1.gif
C:\WINDOWS\system32\winnjy32.dll
C:\WINDOWS\system32\yycdd.ini
C:\WINDOWS\system32\yycdd.ini2
C:\WINDOWS\ystem3~1
C:\WINDOWS\ystem3~1\w?nspool.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-24 to 2007-11-24 ))))))))))))))))))))))))))))))))))))
.

2007-11-24 13:34 <REP> d-------- C:\WINDOWS\system32\tmp00007300
2007-11-23 21:29 <REP> d-------- C:\WINDOWS\AU_Temp
2007-11-23 21:05 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-23 19:32 <REP> d-------- C:\Documents and Settings\tom\Application Data\Grisoft
2007-11-23 19:32 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-23 19:31 <REP> d-------- C:\Program Files\CCleaner
2007-11-23 19:18 <REP> d-------- C:\Program Files\Panda Security
2007-11-23 18:56 <REP> d-------- C:\Program Files\E404 Helper
2007-11-23 18:56 10,240 --a------ C:\Program Files\spoolsv.exe
2007-11-23 18:54 <REP> d-------- C:\Program Files\yjslojel
2007-11-23 18:54 <REP> d-------- C:\Program Files\MalwareAlarm
2007-11-23 18:54 <REP> d-------- C:\Program Files\Ezqdexjt
2007-11-23 18:54 102,912 --a------ C:\WINDOWS\system32\drvbuj.dll
2007-11-23 18:54 34,304 --------- C:\WINDOWS\system32\awtttqo.dll
2007-11-23 18:46 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-23 18:24 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-11-23 18:13 <REP> d-------- C:\Program Files\Sierra
2007-11-23 18:12 <REP> d-------- C:\Documents and Settings\tom\Application Data\InstallShield
2007-11-13 13:54 <REP> d-------- C:\Documents and Settings\tom\Application Data\Aventail
2007-11-13 13:54 31,232 --a------ C:\WINDOWS\system32\drivers\odptdi.sys
2007-11-01 19:24 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-01 11:34 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-10-31 20:42 <REP> d-------- C:\Program Files\Google
2007-10-30 17:25 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-10-30 17:25 128,816 --a------ C:\WINDOWS\system32\TZLog.log
2007-10-30 17:25 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-10-30 17:25 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-10-30 17:24 <REP> d-------- C:\Program Files\MSXML 4.0
2007-10-29 07:44 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-28 21:45 <REP> d-------- C:\Documents and Settings\tom\Contacts
2007-10-28 21:44 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-10-28 11:54 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-10-28 11:54 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-10-28 11:54 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-10-28 11:54 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-10-27 10:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 12:35 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-11-23 23:12 --------- d-----w C:\Program Files\Common Files
2007-11-23 20:29 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-11-23 20:29 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-11-23 20:18 71,749 ----a-w C:\WINDOWS\HCExtOutput.dll
2007-11-23 20:18 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-11-23 20:08 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-11-23 20:08 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-11-23 20:08 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2007-11-23 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-23 17:44 --------- d-----w C:\Program Files\eMule
2007-11-23 17:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-28 20:44 --------- d-----w C:\Program Files\MSN Messenger
2007-10-27 09:02 --------- d-----w C:\Documents and Settings\tom\Application Data\AVG7
2007-10-25 16:56 8,510,976 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-18 15:44 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-10-18 15:43 --------- d-----w C:\Program Files\NETGEAR
2007-10-15 08:15 --------- d-----w C:\Program Files\Wanadoo
2006-09-25 16:41 80,360 -c--a-w C:\Documents and Settings\tom\Application Data\GDIPFONTCACHEV1.DAT
2003-09-07 22:59 32 -csha-w C:\WINDOWS\{CB9C41C3-0874-43CE-B1A5-29F69AC29F05}.dat
2003-09-07 22:59 32 -csha-w C:\WINDOWS\system32\{58A878A1-56E5-41C1-B804-0FC17B50BA30}.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468}]
2007-11-23 18:54 34304 --------- C:\WINDOWS\system32\awtttqo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
2007-11-23 18:56 18432 --a------ C:\Program Files\E404 Helper\e404.v6.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-08 20:32]
"Sra"="C:\DOCUME~1\tom\MESDOC~1\DOBE~1\notepad.exe" []
"Leceps"="C:\WINDOWS\?ystem32\w?nspool.exe" [2002-08-30 12:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 15:53 C:\WINDOWS\SOUNDMAN.EXE]
"EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 08:43]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-19 12:31]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31]
"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2002-06-07 11:34]
"CleanEasyImg"="c:\apps\easydvd\cleanall.exe" []
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2003-07-15 14:36]
"ccRegVfy"="C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2003-07-15 14:42]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-08-06 20:16]
"Demon"="C:\PROGRA~1\MESSAG~1\Demon.exe" [2002-09-03 10:26]
"KAZAA"="C:\Program Files\Kazaa\kazaa.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-08-06 20:15]
"NsUpdate"="C:\WINDOWS\NsUpdate.exe" []
"IPv6 Helper Driver"="csass.exe" []
"windows auto update"="" []
"Microsoft Inet Xp.."="" []
"windows automation"="" []
"www.hidro.4t.com"="" []
"BDMCon"="C:\progra~1\softwin\bitdef~1\bdmcon.exe" [2004-03-01 13:41]
"BDNewsAgent"="C:\progra~1\softwin\bitdef~1\bdnagent.exe" [2004-07-28 22:40]
"Windows Service Manager"="winsvc.exe" []
"_BOOT_WIN32"="C:\WINDOWS\System32\bootchk.exe" []
"hpfsched"="C:\WINDOWS\hpfsched.exe" [1998-09-23 22:42]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 18:19]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 18:57]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 18:51]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"IPv6 Helper Driver"="csass.exe" []
"Windows Service Manager"="winsvc.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468}"= C:\WINDOWS\system32\awtttqo.dll [2007-11-23 18:54 34304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtttqo]
awtttqo.dll 2007-11-23 18:54 34304 C:\WINDOWS\system32\awtttqo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcyy.dll

R1 Odptdi;Odptdi;\??\C:\WINDOWS\system32\drivers\odptdi.sys
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys
R2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
S2 IPv6 Helper Driver;IPv6 Helper Driver;"C:\WINDOWS\System32\csass.exe" -service
S2 WSM;Windows Service Manager;"C:\WINDOWS\System32\winsvc.exe" -service
S3 Fadpu16E;Fadpu16E;\??\C:\DOCUME~1\tom\LOCALS~1\Temp\Fadpu16E.sys
S3 NetMate;CATC USB/Ethernet Link device driver;C:\WINDOWS\system32\DRIVERS\netmate2.sys
S3 PID_0920;Labtec WebCam(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2003-09-20 21:00:43 C:\WINDOWS\Tasks\HDReg.job"
- c:\Apps\HDReg\HDRegRem.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 13:35:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-24 13:38:48
.
--- E O F ---

J'ai du ignorer deux messages car sinon il fermait...

J'ai toujours un downloader.purityscan.ee

Est-ce quelqu'un peut m'aider siouplait ?

Voici un nouveau scan hijack, merci pour votre aide:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:22:56, on 24/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\tom\LOCALS~1\Temp\Rar$EX00.984\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} - C:\WINDOWS\system32\awtttqo.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v6.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
O4 - HKLM\..\Run: [IPv6 Helper Driver] csass.exe
O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [Windows Service Manager] winsvc.exe
O4 - HKLM\..\Run: [_BOOT_WIN32] C:\WINDOWS\System32\bootchk.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [IPv6 Helper Driver] csass.exe
O4 - HKLM\..\RunServices: [Windows Service Manager] winsvc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sra] "C:\DOCUME~1\tom\MESDOC~1\DOBE~1\notepad.exe" -vt ndrv
O4 - HKCU\..\Run: [Leceps] C:\WINDOWS\?ystem32\w?nspool.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton Internet Security.lnk = C:\Program Files\Norton Internet Security\nisfirst.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://secure.edhec.com/postauthI/epi.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.clickteam.com/vitalize3/vitalize.cab
O20 - Winlogon Notify: awtttqo - C:\WINDOWS\SYSTEM32\awtttqo.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPxySvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IPv6 Helper Driver - Unknown owner - C:\WINDOWS\System32\csass.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Unknown owner - C:\Program Files\Norton Internet Security\NISUM.EXE (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: Windows Service Manager (WSM) - Unknown owner - C:\WINDOWS\System32\winsvc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 9397 bytes

Un peu de patience ?
Bien infecté  

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.

Redémarre en mode sans échec

Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.

Appuie sur Y pour commencer le processus de nettoyage.

Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

Appuie sur une touche pour redémarrer le PC.

Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.

Merci,

Rapport SDFIX:


SDFix: Version 1.115

Run by tom on 24/11/2007 at 17:16

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\NEWFIL~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\NEWSSGE.EXE - Deleted
C:\WINDOWS\system32\TFTP2212 - Deleted



Folder C:\Program Files\E404 Helper - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 17:24:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40]
"ujdew"=hex:20,02,00,00,3c,be,89,f9,88,a4,01,ce,ec,90,54,ef,e6,91,2d,7d,7c,..
"ljej40"=hex:5e,2c,c0,c3,53,cc,42,9b,9b,cd,3a,09,e8,33,f1,83,b0,e2,f4,6c,56,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg41]
"ujdew"=hex:20,02,00,00,3c,be,89,f9,00,50,fb,e1,ec,90,54,ef,e6,91,2d,7d,7c,..
"ljej40"=hex:5e,2c,c0,c3,53,cc,42,9b,9b,cd,3a,09,e8,33,f1,83,b0,e2,f4,6c,85,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000002b
"TracesSuccessful"=dword:00000001

scanning hidden files ...

C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\01\10-{FA6CFA19-78C6-434D-25ED-23066FD4582B}-v1-{D2834F11-5CE1-42E2-8361-9FCC992BA754}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\13\13-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v13-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 984 bytes hidden from API
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\31\31-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v31-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1248 bytes hidden from API
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\32\32-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v32-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 984 bytes hidden from API
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\33\33-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v33-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1504 bytes hidden from API
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\34\34-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v34-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v34-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 984 bytes hidden from API
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\35\35-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v35-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1104 bytes hidden from API
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\36\36-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v36-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1160 bytes hidden from API
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\37\37-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v37-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1176 bytes hidden from API
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\38\38-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v38-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1384 bytes hidden from API
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\39\39-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v39-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1232 bytes hidden from API
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\40\40-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v40-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1736 bytes hidden from API
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\41\41-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v41-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1112 bytes hidden from API
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\42\42-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v42-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1232 bytes hidden from API
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\43\43-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v43-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1072 bytes hidden from API
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\44\44-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v44-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1408 bytes hidden from API
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\45\45-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v45-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 984 bytes hidden from API
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\46\46-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v46-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1416 bytes hidden from API
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\47\47-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v47-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v47-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1568 bytes hidden from API
C:\Documents and Settings\tom\Local Settings\Application Data\Microsoft\Messenger\fenx69@hotmail.com\SharingMetadata\superbubu@hotmail.fr\DFSR\Staging\CS{FA6CFA19-78C6-434D-25ED-23066FD4582B}\48\48-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v48-{321FA91E-6F08-473C-9B0E-94ABD28BFD61}-v48-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1152 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 20


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 6 Aug 2003 193 A.SHR --- "C:\BOOT.BAK"
Fri 20 Aug 2004 13,312 A..HR --- "C:\WINDOWS\system32\lsass.exe"
Tue 6 Nov 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 7 Dec 2004 258,352 A..H. --- "C:\Documents and Settings\tom\Bureau\Opendisc (D)\unicows.dll"
Thu 15 Jan 2004 1,740 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\ccReg.reg"
Mon 8 Sep 2003 1,740 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\ccReg_old.reg"
Mon 8 Sep 2003 232,364 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\CommonClient_old.reg"
Thu 15 Jan 2004 290,546 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\CommonClient.reg"
Thu 15 Jan 2004 159,344 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\IAM.reg"
Mon 8 Sep 2003 158,120 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\IAM_old.reg"
Sat 21 Jun 2003 377,344 A..H. --- "C:\Program Files\Smart Projects\IsoBuster\Help\AHlp.exe"
Wed 4 Apr 2001 28,738 A..HR --- "C:\Documents and Settings\tom\Bureau\windows XP\MSDE2000\SQLRESLD.DLL"

Finished!

RAPPORT HIJACK:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:32:09, on 24/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\QuickTime\qttask.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\tom\LOCALS~1\Temp\Rar$EX00.031\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} - C:\WINDOWS\system32\awtttqo.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
O4 - HKLM\..\Run: [IPv6 Helper Driver] csass.exe
O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [_BOOT_WIN32] C:\WINDOWS\System32\bootchk.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\RunServices: [IPv6 Helper Driver] csass.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sra] "C:\DOCUME~1\tom\MESDOC~1\DOBE~1\notepad.exe" -vt ndrv
O4 - HKCU\..\Run: [Leceps] C:\WINDOWS\?ystem32\w?nspool.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton Internet Security.lnk = C:\Program Files\Norton Internet Security\nisfirst.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://secure.edhec.com/postauthI/epi.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.clickteam.com/vitalize3/vitalize.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: awtttqo - C:\WINDOWS\
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPxySvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IPv6 Helper Driver - Unknown owner - C:\WINDOWS\System32\csass.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Unknown owner - C:\Program Files\Norton Internet Security\NISUM.EXE (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: Windows Service Manager (WSM) - Unknown owner - C:\WINDOWS\System32\winsvc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 9981 bytes

Ca a pas l'air très bon tout ça...

Refais un scan Combofix.

Voila:

ComboFix 07-11-19.4 - tom 2007-11-26 11:05:03.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.167 [GMT 1:00]
Running from: I:\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((( Fichiers créés 2007-10-26 to 2007-11-26 ))))))))))))))))))))))))))))))))))))
.

2007-11-24 17:15 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-24 16:10 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-24 16:10 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-24 16:07 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-11-24 16:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-24 16:07 1,372,704 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-24 16:07 18,980 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-24 16:07 11,808 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-24 16:07 1,892 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-24 16:05 <REP> d-------- C:\kav
2007-11-24 13:34 <REP> d-------- C:\WINDOWS\system32\tmp00007300
2007-11-23 21:29 <REP> d-------- C:\WINDOWS\AU_Temp
2007-11-23 19:32 <REP> d-------- C:\Documents and Settings\tom\Application Data\Grisoft
2007-11-23 19:32 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-23 19:31 <REP> d-------- C:\Program Files\CCleaner
2007-11-23 19:18 <REP> d-------- C:\Program Files\Panda Security
2007-11-23 18:54 <REP> d-------- C:\Program Files\yjslojel
2007-11-23 18:54 <REP> d-------- C:\Program Files\MalwareAlarm
2007-11-23 18:54 <REP> d-------- C:\Program Files\Ezqdexjt
2007-11-23 18:46 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-23 18:24 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-11-23 18:13 <REP> d-------- C:\Program Files\Sierra
2007-11-23 18:12 <REP> d-------- C:\Documents and Settings\tom\Application Data\InstallShield
2007-11-13 13:54 <REP> d-------- C:\Documents and Settings\tom\Application Data\Aventail
2007-11-13 13:54 31,232 --a------ C:\WINDOWS\system32\drivers\odptdi.sys
2007-11-01 19:24 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-01 11:34 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-10-31 20:42 <REP> d-------- C:\Program Files\Google
2007-10-30 17:25 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-10-30 17:25 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-10-30 17:25 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-10-30 17:24 <REP> d-------- C:\Program Files\MSXML 4.0
2007-10-29 07:44 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-28 21:45 <REP> d-------- C:\Documents and Settings\tom\Contacts
2007-10-28 21:44 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-10-27 10:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-26 10:01 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-11-23 23:12 --------- d-----w C:\Program Files\Common Files
2007-11-23 20:29 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-11-23 20:29 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-11-23 20:18 71,749 ----a-w C:\WINDOWS\HCExtOutput.dll
2007-11-23 20:18 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-11-23 20:08 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-11-23 20:08 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-11-23 20:08 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2007-11-23 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-23 17:44 --------- d-----w C:\Program Files\eMule
2007-11-23 17:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-28 20:44 --------- d-----w C:\Program Files\MSN Messenger
2007-10-27 09:02 --------- d-----w C:\Documents and Settings\tom\Application Data\AVG7
2007-10-25 16:56 8,510,976 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-18 15:44 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-10-18 15:43 --------- d-----w C:\Program Files\NETGEAR
2007-10-15 08:15 --------- d-----w C:\Program Files\Wanadoo
2006-09-25 16:41 80,360 -c--a-w C:\Documents and Settings\tom\Application Data\GDIPFONTCACHEV1.DAT
2003-09-07 22:59 32 -csha-w C:\WINDOWS\{CB9C41C3-0874-43CE-B1A5-29F69AC29F05}.dat
2003-09-07 22:59 32 -csha-w C:\WINDOWS\system32\{58A878A1-56E5-41C1-B804-0FC17B50BA30}.dat
.

((((((((((((((((((((((((((((( snapshot@2007-11-24_13.36.52.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-23 17:21:35 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2007-11-24 16:10:48 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2007-11-23 17:21:48 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2007-11-24 16:11:01 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2007-11-23 17:21:49 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2007-11-24 16:11:02 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2007-11-23 17:21:50 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2007-11-24 16:11:04 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2007-11-23 17:21:44 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2007-11-24 16:10:58 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2007-11-23 17:21:27 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2007-11-24 16:10:39 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-11-23 17:21:27 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2007-11-24 16:10:39 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2007-11-23 17:21:59 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2007-11-24 16:11:10 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2007-11-23 17:21:39 5,025,792 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2007-11-24 16:10:52 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-11-23 17:21:33 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2007-11-24 16:10:47 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2007-11-23 17:21:26 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2007-11-24 16:10:39 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2007-11-23 17:21:28 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2007-11-24 16:10:42 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2007-11-23 17:21:46 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2007-11-24 16:10:59 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-11-23 17:21:47 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2007-11-24 16:11:00 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-11-23 17:21:47 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2007-11-24 16:11:00 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2007-11-23 17:21:29 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2007-11-24 16:10:44 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2007-11-23 17:21:30 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2007-11-24 16:10:45 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2007-11-23 17:21:31 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2007-11-24 16:10:45 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2007-11-23 17:21:32 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2007-11-24 16:10:46 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2007-11-23 17:21:29 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2007-11-24 16:10:43 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2007-11-23 17:22:02 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2007-11-24 16:11:14 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-11-23 17:22:01 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2007-11-24 16:11:13 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2007-11-23 17:21:25 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2007-11-24 16:10:36 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2007-11-23 17:22:00 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2007-11-24 16:11:12 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2007-11-23 17:22:02 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2007-11-24 16:11:14 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2007-11-23 17:21:26 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2007-11-24 16:10:38 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2007-11-23 17:21:25 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2007-11-24 16:10:37 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2007-11-23 17:21:26 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2007-11-24 16:10:37 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2007-11-23 17:21:55 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2007-11-24 16:11:06 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2007-11-23 17:21:35 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2007-11-24 16:10:49 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2007-11-23 17:21:56 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2007-11-24 16:11:07 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2007-11-23 17:21:51 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2007-11-24 16:11:04 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2007-11-23 17:21:28 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2007-11-24 16:10:41 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2007-11-23 17:21:45 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2007-11-24 16:10:59 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2007-11-23 17:21:37 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2007-11-24 16:10:50 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2007-11-23 17:21:36 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2007-11-24 16:10:50 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2007-11-23 17:21:37 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2007-11-24 16:10:51 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2007-11-23 17:21:57 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2007-11-24 16:11:08 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2007-11-23 17:21:52 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2007-11-24 16:11:05 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2007-11-23 17:21:58 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2007-11-24 16:11:09 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-11-23 17:21:53 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2007-11-24 16:11:05 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-11-23 17:21:54 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-11-24 16:11:06 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-11-23 17:21:34 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2007-11-24 16:10:47 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-11-23 17:21:38 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2007-11-24 16:10:52 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2007-11-23 17:22:00 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2007-11-24 16:11:11 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-11-23 17:21:40 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2007-11-24 16:10:53 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2007-11-23 17:21:41 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2007-11-24 16:10:54 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-11-23 17:21:42 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2007-11-24 16:10:55 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2007-11-23 17:21:43 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2007-11-24 16:10:56 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2007-11-23 17:21:57 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2007-11-24 16:11:08 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2007-11-24 16:37:57 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\31cb7cbc523cb21ac505b9560cab567f\Accessibility.ni.dll
+ 2007-11-24 16:38:30 888,832 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\7d8fb183693d62d99d872a734513f303\AspNetMMCExt.ni.dll
+ 2007-11-24 16:38:34 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\f0814fd866e6b64c5e43101965c6060a\CustomMarshalers.ni.dll
+ 2007-11-24 16:38:32 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\ee21691584f83a5822d97bb4f4bfc0b0\dfsvc.ni.exe
+ 2007-11-24 16:45:02 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\4edb73580c191007d320677e08033500\Microsoft.Build.Engine.ni.dll
+ 2007-11-24 16:45:12 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\7d37a7196354fdc1f9bc5f1f26dcd4db\Microsoft.Build.Framework.ni.dll
+ 2007-11-24 16:45:26 1,687,552 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\df4522c5ccc45e98618ca1a9c04d650a\Microsoft.Build.Tasks.ni.dll
+ 2007-11-24 16:45:28 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\041ad1bfc026e2d3327974c1f12c6d6b\Microsoft.Build.Utilities.ni.dll
+ 2007-11-24 16:45:47 1,720,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7ea1d2b18169a5d05d617efd8be90fe5\Microsoft.VisualBasic.ni.dll
+ 2007-11-24 16:22:42 11,304,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\a02c0fae2b5a793207cf5a74ca066bca\mscorlib.ni.dll
+ 2007-11-24 16:45:58 1,003,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\8b71ff9630ee6ab8fde50073e682e48f\System.Configuration.ni.dll
+ 2007-11-24 16:24:16 6,676,480 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\b6f5c054f651cff2ebe073738dd85800\System.Data.ni.dll
+ 2007-11-24 16:46:13 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\60ff83d0e536d2ddcd5a2d8f92ac7d16\System.Deployment.ni.dll
+ 2007-11-24 16:25:04 10,702,848 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\c3126143807ea23274fa4341c5e80ffd\System.Design.ni.dll
+ 2007-11-24 16:46:28 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\3d5fa418a1886d272c6d44ac271a606f\System.DirectoryServices.Protocols.ni.dll
+ 2007-11-24 16:46:24 1,216,512 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c4c6e3fd5788ac6103f0b3227a871cd4\System.DirectoryServices.ni.dll
+ 2007-11-24 16:25:11 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\62427df4640d1ea40ce54dcd8dadfc82\System.Drawing.Design.ni.dll
+ 2007-11-24 16:25:08 1,601,536 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\2e043f07f55890df1b70b8c2445aa3e4\System.Drawing.ni.dll
+ 2007-11-24 16:46:34 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f3da548e3019df7fe6e628832a38bae1\System.EnterpriseServices.ni.dll
+ 2007-11-24 16:46:33 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f3da548e3019df7fe6e628832a38bae1\System.EnterpriseServices.Wrapper.dll
+ 2007-11-24 16:46:42 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\e4da1db17aa9e4a3d8f988ddda872a87\System.Security.ni.dll
+ 2007-11-24 16:46:58 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\a06176c104a3aa019446bcf5c3cad9c4\System.Transactions.ni.dll
+ 2007-11-24 16:48:11 2,306,048 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\dbc0dfad9b4cb842bfdccd190f07ad47\System.Web.Mobile.ni.dll
+ 2007-11-24 16:48:13 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\af1dd4d759dd4d448a84079e5fe4e4b7\System.Web.RegularExpressions.ni.dll
+ 2007-11-24 16:48:24 1,941,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f1f90f9177aa25514b6ea35774de708f\System.Web.Services.ni.dll
+ 2007-11-24 16:47:54 12,185,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\f6e6b0393ee83f9a47f842d77ebdc9e6\System.Web.ni.dll
+ 2007-11-24 16:25:36 13,107,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a1e42d1d882700c6db37f34b9e4f487c\System.Windows.Forms.ni.dll
+ 2007-11-24 16:25:49 5,623,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\272c0c8e5012b9f027ccfd9af57eb3ad\System.Xml.ni.dll
+ 2007-11-24 16:23:51 8,130,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\c4e516d59c95c07ed09d592b2494087e\System.ni.dll
+ 2007-11-23 12:11:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-11-24 16:16:00 5,177,344 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2007-11-24 16:16:00 16,384 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-11-23 12:11:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-11-24 16:15:49 5,177,344 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2007-11-24 16:15:50 16,384 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2005-09-23 06:28:58 55,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2007-04-13 02:21:18 58,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
- 2005-09-23 06:28:32 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-04-13 02:20:52 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2005-09-23 06:28:32 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-04-13 02:20:52 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2005-09-23 06:28:32 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-04-13 02:20:52 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
- 2005-09-23 06:28:32 70,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2007-04-13 02:20:50 75,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2005-09-23 06:28:32 26,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2007-04-13 02:20:52 32,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2005-09-23 06:28:32 29,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2007-04-13 02:20:52 33,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
- 2005-09-23 06:28:32 29,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-04-13 02:20:52 32,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2005-09-23 06:28:32 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2007-04-13 02:20:52 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 06:28:56 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2007-04-13 02:21:16 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
- 2005-09-23 06:28:38 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2007-04-13 02:20:58 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2005-09-23 06:28:56 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2007-04-13 02:21:16 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 06:28:56 224,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2007-04-13 02:21:16 228,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2005-09-23 06:28:56 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2007-04-13 02:21:16 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 06:28:48 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2007-04-13 02:21:10 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
- 2005-09-23 06:28:48 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2007-04-13 02:21:10 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2005-09-23 06:28:48 745,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2007-04-13 02:21:08 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2005-09-23 06:28:32 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2007-04-13 02:20:52 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 06:28:56 800,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2007-04-13 02:21:18 802,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2005-09-23 06:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2007-04-13 02:21:16 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
- 2005-09-23 06:28:56 326,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2007-04-13 02:21:16 326,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2005-09-23 06:28:56 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2007-04-13 02:21:16 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2005-09-23 06:28:56 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2007-04-13 02:21:16 102,912 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
- 2005-09-23 06:28:56 226,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2007-04-13 02:21:18 227,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
- 2005-09-23 06:28:56 66,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2007-04-13 02:21:18 68,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- 2005-09-23 06:28:50 5,615,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2007-04-13 02:21:12 5,634,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2005-09-23 06:28:56 96,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2007-04-13 02:21:16 99,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
- 2005-09-23 06:28:56 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2007-04-13 02:21:18 15,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2005-09-23 06:28:50 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2007-04-13 02:21:12 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
- 2005-09-23 06:28:56 377,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2007-04-13 02:21:18 382,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2005-09-23 06:28:56 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2007-04-13 02:21:18 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2005-09-23 06:28:58 389,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2007-04-13 02:21:18 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 06:28:56 2,878,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2007-04-13 02:21:16 2,902,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
- 2005-09-23 06:28:56 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2007-04-13 02:21:18 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
- 2005-09-23 06:28:56 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-04-13 02:21:18 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
- 2005-09-23 06:28:38 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2007-04-13 02:20:58 888,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
- 2005-09-23 06:28:56 5,050,368 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2007-04-13 02:21:16 5,001,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2005-09-23 06:28:56 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2007-04-13 02:21:18 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
- 2005-09-23 06:28:56 3,018,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2007-04-13 02:21:16 2,940,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2005-09-23 06:28:56 700,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2007-04-13 02:21:16 577,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2005-09-23 06:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2007-04-13 02:21:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2005-09-23 06:28:56 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2007-04-13 02:21:18 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2005-09-23 06:28:56 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2007-04-13 02:21:18 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
- 2005-09-23 06:28:56 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2007-04-13 02:21:16 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
- 2005-09-23 06:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2007-04-13 02:21:16 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 06:28:56 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2007-04-13 02:21:18 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2005-09-23 06:28:56 5,025,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2007-04-13 02:21:16 5,156,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2005-09-23 06:28:56 5,316,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2007-04-13 02:21:16 5,152,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2005-09-23 06:28:56 2,035,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2007-04-13 02:21:16 2,027,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
- 2005-09-23 06:29:06 1,140,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2007-04-13 02:21:28 1,166,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- 2005-09-23 06:28:30 1,306,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2007-04-13 02:20:50 1,330,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
- 2005-09-23 06:28:32 298,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2007-04-13 02:20:52 406,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2005-05-18 16:29:48 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-24 15:36:20 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2005-05-18 16:29:48 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2007-11-24 15:36:20 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2005-05-18 16:29:48 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-24 15:36:20 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-04-28 15:51:02 110,360 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2007-06-27 16:31:58 186,640 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-04-04 13:58:26 24,344 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2007-06-28 11:50:52 22,457 ----a-w C:\WINDOWS\system32\drivers\klop.dat
+ 2007-06-28 11:51:48 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
- 2005-09-23 06:28:52 270,848 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2007-04-13 02:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
- 2007-11-23 17:23:57 62,344 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-24 16:11:38 62,344 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-23 17:23:57 75,266 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2007-11-24 16:11:38 75,266 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-11-23 17:23:57 401,064 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-24 16:11:38 401,064 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-11-23 17:23:57 468,072 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2007-11-24 16:11:38 468,072 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2007-11-23 17:21:27 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-11-24 16:10:39 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2007-11-23 17:21:27 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2007-11-24 16:10:39 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468}]
C:\WINDOWS\system32\awtttqo.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-08 20:32]
"Sra"="C:\DOCUME~1\tom\MESDOC~1\DOBE~1\notepad.exe" []
"Leceps"="C:\WINDOWS\?ystem32\w?nspool.exe" [2002-08-30 12:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 15:53 C:\WINDOWS\SOUNDMAN.EXE]
"EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 08:43]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-19 12:31]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31]
"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2002-06-07 11:34]
"CleanEasyImg"="c:\apps\easydvd\cleanall.exe" []
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2003-07-15 14:36]
"ccRegVfy"="C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2003-07-15 14:42]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-08-06 20:16]
"Demon"="C:\PROGRA~1\MESSAG~1\Demon.exe" [2002-09-03 10:26]
"KAZAA"="C:\Program Files\Kazaa\kazaa.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-08-06 20:15]
"NsUpdate"="C:\WINDOWS\NsUpdate.exe" []
"IPv6 Helper Driver"="csass.exe" []
"windows auto update"="" []
"Microsoft Inet Xp.."="" []
"windows automation"="" []
"www.hidro.4t.com"="" []
"BDMCon"="C:\progra~1\softwin\bitdef~1\bdmcon.exe" [2004-03-01 13:41]
"BDNewsAgent"="C:\progra~1\softwin\bitdef~1\bdnagent.exe" [2004-07-28 22:40]
"_BOOT_WIN32"="C:\WINDOWS\System32\bootchk.exe" []
"hpfsched"="C:\WINDOWS\hpfsched.exe" [1998-09-23 22:42]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 18:19]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 18:57]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 18:51]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"IPv6 Helper Driver"="csass.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468}"= C:\WINDOWS\system32\awtttqo.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtttqo]
C:\WINDOWS\system32\klogon.dll 2007-06-28 12:51 206088 C:\WINDOWS\system32\klogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

R1 Odptdi;Odptdi;\??\C:\WINDOWS\system32\drivers\odptdi.sys
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys
R2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
S2 IPv6 Helper Driver;IPv6 Helper Driver;"C:\WINDOWS\System32\csass.exe" -service
S2 WSM;Windows Service Manager;"C:\WINDOWS\System32\winsvc.exe" -service
S3 Fadpu16E;Fadpu16E;\??\C:\DOCUME~1\tom\LOCALS~1\Temp\Fadpu16E.sys
S3 NetMate;CATC USB/Ethernet Link device driver;C:\WINDOWS\system32\DRIVERS\netmate2.sys
S3 PID_0920;Labtec WebCam(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2003-09-20 21:00:43 C:\WINDOWS\Tasks\HDReg.job"
- c:\Apps\HDReg\HDRegRem.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-26 11:09:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-26 11:10:23
C:\ComboFix2.txt ... 2007-11-24 13:38
.
--- E O F ---

Est-ce que quelqu'un peut venir à mon secours ?

Un peu de patience ?  

Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.

Voici:

26/11/2007 a 18:22:06,62

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\UnGins.exe FOUND

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Fichiers communs\Totem Shared\" FOUND
"C:\Program Files\MalwareAlarm\" FOUND
"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !

Re,

Redémarre en mode sans échec

Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 2 puis patiente.

Redémarre normalement.

Poste le rapport clean : C:\rapport_clean.txt

tadam !

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 26/11/2007 a 19:25:33,15

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\UnGins.exe

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\mcrh.tmp
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"

*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Fichiers communs\Totem Shared\"
tentative de suppression de "C:\Program Files\MalwareAlarm\" - ATTENTION il est recommandé d'utiliser SmitFraudfix!
tentative de suppression de "C:\Program Files\Viewpoint\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !

Re,

Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.

**Si le lien ne fonctionne pas, clique ici**

Voilou:

SmitFraudFix v2.255

Rapport fait à 20:30:13,59, 26/11/2007
Executé à partir de C:\Documents and Settings\tom\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\QuickTime\qttask.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wscntfy.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\tom


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\tom\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\tom\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1.0\\adialhk.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Reposte un rapport Hijackthis.

Re,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:59, on 26/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\QuickTime\qttask.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\tom\Bureau\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} - C:\WINDOWS\system32\awtttqo.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IPv6 Helper Driver] csass.exe
O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [_BOOT_WIN32] C:\WINDOWS\System32\bootchk.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\RunServices: [IPv6 Helper Driver] csass.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sra] "C:\DOCUME~1\tom\MESDOC~1\DOBE~1\notepad.exe" -vt ndrv
O4 - HKCU\..\Run: [Leceps] C:\WINDOWS\?ystem32\w?nspool.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton Internet Security.lnk = C:\Program Files\Norton Internet Security\nisfirst.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://secure.edhec.com/postauthI/epi.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.clickteam.com/vitalize3/vitalize.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: awtttqo - C:\WINDOWS\
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPxySvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IPv6 Helper Driver - Unknown owner - C:\WINDOWS\System32\csass.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Unknown owner - C:\Program Files\Norton Internet Security\NISUM.EXE (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: Windows Service Manager (WSM) - Unknown owner - C:\WINDOWS\System32\winsvc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 9532 bytes

Refais un scan Combofix, on attaque.

ComboFix 07-11-19.4 - tom 2007-11-26 21:49:03.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.308 [GMT 1:00]
Running from: I:\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-10-26 to 2007-11-26 ))))))))))))))))))))))))))))))))))))
.

2007-11-26 20:30 4,124 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-26 20:29 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-26 20:29 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-26 20:29 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-26 20:29 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-26 20:29 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-24 17:15 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-24 16:10 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-24 16:10 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-24 16:07 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-11-24 16:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-24 16:07 2,610,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-24 16:07 29,948 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-24 16:07 16,416 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-24 16:07 2,420 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-24 16:05 <REP> d-------- C:\kav
2007-11-24 13:34 <REP> d-------- C:\WINDOWS\system32\tmp00007300
2007-11-23 21:29 <REP> d-------- C:\WINDOWS\AU_Temp
2007-11-23 19:32 <REP> d-------- C:\Documents and Settings\tom\Application Data\Grisoft
2007-11-23 19:32 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-23 19:31 <REP> d-------- C:\Program Files\CCleaner
2007-11-23 19:18 <REP> d-------- C:\Program Files\Panda Security
2007-11-23 18:54 <REP> d-------- C:\Program Files\yjslojel
2007-11-23 18:54 <REP> d-------- C:\Program Files\Ezqdexjt
2007-11-23 18:46 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-23 18:24 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-11-23 18:13 <REP> d-------- C:\Program Files\Sierra
2007-11-23 18:12 <REP> d-------- C:\Documents and Settings\tom\Application Data\InstallShield
2007-11-13 13:54 <REP> d-------- C:\Documents and Settings\tom\Application Data\Aventail
2007-11-13 13:54 31,232 --a------ C:\WINDOWS\system32\drivers\odptdi.sys
2007-11-01 19:24 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-01 11:34 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-10-31 20:42 <REP> d-------- C:\Program Files\Google
2007-10-30 17:25 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-10-30 17:25 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-10-30 17:25 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-10-30 17:24 <REP> d-------- C:\Program Files\MSXML 4.0
2007-10-29 07:44 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-28 21:45 <REP> d-------- C:\Documents and Settings\tom\Contacts
2007-10-28 21:44 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-10-28 11:54 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-10-28 11:54 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-10-28 11:54 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-10-28 11:54 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-10-27 10:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-26 18:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-11-23 23:12 --------- d-----w C:\Program Files\Common Files
2007-11-23 20:29 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-11-23 20:29 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-11-23 20:18 71,749 ----a-w C:\WINDOWS\HCExtOutput.dll
2007-11-23 20:18 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-11-23 20:08 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-11-23 20:08 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-11-23 20:08 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2007-11-23 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-23 17:44 --------- d-----w C:\Program Files\eMule
2007-11-23 17:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-28 20:44 --------- d-----w C:\Program Files\MSN Messenger
2007-10-27 09:02 --------- d-----w C:\Documents and Settings\tom\Application Data\AVG7
2007-10-25 16:56 8,510,976 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-18 15:44 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-10-18 15:43 --------- d-----w C:\Program Files\NETGEAR
2007-10-15 08:15 --------- d-----w C:\Program Files\Wanadoo
2006-09-25 16:41 80,360 -c--a-w C:\Documents and Settings\tom\Application Data\GDIPFONTCACHEV1.DAT
2003-09-07 22:59 32 -csha-w C:\WINDOWS\{CB9C41C3-0874-43CE-B1A5-29F69AC29F05}.dat
2003-09-07 22:59 32 -csha-w C:\WINDOWS\system32\{58A878A1-56E5-41C1-B804-0FC17B50BA30}.dat
.

((((((((((((((((((((((((((((( snapshot_2007-11-26_11.09.19,89 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-24 15:36:20 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-26 17:24:05 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-24 15:36:20 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2007-11-26 17:24:05 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-11-24 15:36:20 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-26 17:24:05 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468}]
C:\WINDOWS\system32\awtttqo.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-08 20:32]
"Sra"="C:\DOCUME~1\tom\MESDOC~1\DOBE~1\notepad.exe" []
"Leceps"="C:\WINDOWS\?ystem32\w?nspool.exe" [2002-08-30 12:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 15:53 C:\WINDOWS\SOUNDMAN.EXE]
"EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 08:43]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-19 12:31]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31]
"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2002-06-07 11:34]
"CleanEasyImg"="c:\apps\easydvd\cleanall.exe" []
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2003-07-15 14:36]
"ccRegVfy"="C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2003-07-15 14:42]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-08-06 20:16]
"Demon"="C:\PROGRA~1\MESSAG~1\Demon.exe" [2002-09-03 10:26]
"KAZAA"="C:\Program Files\Kazaa\kazaa.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-08-06 20:15]
"IPv6 Helper Driver"="csass.exe" []
"windows auto update"="" []
"Microsoft Inet Xp.."="" []
"windows automation"="" []
"www.hidro.4t.com"="" []
"BDMCon"="C:\progra~1\softwin\bitdef~1\bdmcon.exe" [2004-03-01 13:41]
"BDNewsAgent"="C:\progra~1\softwin\bitdef~1\bdnagent.exe" [2004-07-28 22:40]
"_BOOT_WIN32"="C:\WINDOWS\System32\bootchk.exe" []
"hpfsched"="C:\WINDOWS\hpfsched.exe" [1998-09-23 22:42]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 18:19]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 18:57]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 18:51]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"IPv6 Helper Driver"="csass.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468}"= C:\WINDOWS\system32\awtttqo.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtttqo]
C:\WINDOWS\system32\klogon.dll 2007-06-28 12:51 206088 C:\WINDOWS\system32\klogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

R1 Odptdi;Odptdi;\??\C:\WINDOWS\system32\drivers\odptdi.sys
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys
R2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
S2 IPv6 Helper Driver;IPv6 Helper Driver;"C:\WINDOWS\System32\csass.exe" -service
S2 WSM;Windows Service Manager;"C:\WINDOWS\System32\winsvc.exe" -service
S3 Fadpu16E;Fadpu16E;\??\C:\DOCUME~1\tom\LOCALS~1\Temp\Fadpu16E.sys
S3 NetMate;CATC USB/Ethernet Link device driver;C:\WINDOWS\system32\DRIVERS\netmate2.sys
S3 PID_0920;Labtec WebCam(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2003-09-20 21:00:43 C:\WINDOWS\Tasks\HDReg.job"
- c:\Apps\HDReg\HDRegRem.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-26 21:52:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-26 21:54:11
C:\ComboFix2.txt ... 2007-11-26 11:10
C:\ComboFix3.txt ... 2007-11-24 13:38
.
--- E O F ---

Re,

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

Voila !

Je ne suis pas sûr que mes antivirus soient complétement désactivé, je les ai quittés et éteint .

COMBOFIX

ComboFix 07-11-19.4 - tom 2007-11-28 13:47:50.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.200 [GMT 1:00]
Running from: C:\Documents and Settings\tom\Bureau\ComboFix.exe
Command switches used :: I:\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\awtttqo.dll
C:\WINDOWS\System32\bootchk.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Ezqdexjt
C:\Program Files\yjslojel
C:\Program Files\yjslojel\axermxyp.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))))))))
.

2007-11-26 20:30 4,124 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-26 20:29 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-26 20:29 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-26 20:29 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-26 20:29 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-26 20:29 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-24 17:15 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-24 16:10 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-24 16:10 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-24 16:07 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-11-24 16:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-24 16:07 2,637,856 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-24 16:07 36,380 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-24 16:07 19,232 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-24 16:07 2,852 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-24 16:05 <REP> d-------- C:\kav
2007-11-24 13:34 <REP> d-------- C:\WINDOWS\system32\tmp00007300
2007-11-23 21:29 <REP> d-------- C:\WINDOWS\AU_Temp
2007-11-23 19:32 <REP> d-------- C:\Documents and Settings\tom\Application Data\Grisoft
2007-11-23 19:32 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-23 19:31 <REP> d-------- C:\Program Files\CCleaner
2007-11-23 19:18 <REP> d-------- C:\Program Files\Panda Security
2007-11-23 18:46 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-23 18:24 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-11-23 18:13 <REP> d-------- C:\Program Files\Sierra
2007-11-23 18:12 <REP> d-------- C:\Documents and Settings\tom\Application Data\InstallShield
2007-11-13 13:54 <REP> d-------- C:\Documents and Settings\tom\Application Data\Aventail
2007-11-13 13:54 31,232 --a------ C:\WINDOWS\system32\drivers\odptdi.sys
2007-11-01 19:24 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-01 11:34 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-10-31 20:42 <REP> d-------- C:\Program Files\Google
2007-10-30 17:25 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-10-30 17:25 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-10-30 17:25 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-10-30 17:24 <REP> d-------- C:\Program Files\MSXML 4.0
2007-10-29 07:44 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-28 21:45 <REP> d-------- C:\Documents and Settings\tom\Contacts
2007-10-28 21:44 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-10-28 11:54 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-10-28 11:54 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-10-28 11:54 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-10-28 11:54 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 12:54 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-11-23 23:12 --------- d-----w C:\Program Files\Common Files
2007-11-23 20:29 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-11-23 20:29 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-11-23 20:18 71,749 ----a-w C:\WINDOWS\HCExtOutput.dll
2007-11-23 20:18 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-11-23 20:08 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-11-23 20:08 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-11-23 20:08 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2007-11-23 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-23 17:44 --------- d-----w C:\Program Files\eMule
2007-11-23 17:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-28 20:44 --------- d-----w C:\Program Files\MSN Messenger
2007-10-27 09:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-27 09:02 --------- d-----w C:\Documents and Settings\tom\Application Data\AVG7
2007-10-18 15:44 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-10-18 15:43 --------- d-----w C:\Program Files\NETGEAR
2007-10-15 08:15 --------- d-----w C:\Program Files\Wanadoo
2006-09-25 16:41 80,360 -c--a-w C:\Documents and Settings\tom\Application Data\GDIPFONTCACHEV1.DAT
2003-09-07 22:59 32 -csha-w C:\WINDOWS\{CB9C41C3-0874-43CE-B1A5-29F69AC29F05}.dat
2003-09-07 22:59 32 -csha-w C:\WINDOWS\system32\{58A878A1-56E5-41C1-B804-0FC17B50BA30}.dat
.

((((((((((((((((((((((((((((( snapshot_2007-11-26_11.09.19,89 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-24 15:36:20 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-26 17:24:05 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-24 15:36:20 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2007-11-26 17:24:05 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-11-24 15:36:20 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-26 17:24:05 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-08 20:32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 15:53 C:\WINDOWS\SOUNDMAN.EXE]
"EM_EXEC"="C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-28 08:43]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-19 12:31]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31]
"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2002-06-07 11:34]
"CleanEasyImg"="c:\apps\easydvd\cleanall.exe" []
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2003-07-15 14:36]
"ccRegVfy"="C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2003-07-15 14:42]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-08-06 20:16]
"Demon"="C:\PROGRA~1\MESSAG~1\Demon.exe" [2002-09-03 10:26]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-08-06 20:15]
"BDMCon"="C:\progra~1\softwin\bitdef~1\bdmcon.exe" [2004-03-01 13:41]
"BDNewsAgent"="C:\progra~1\softwin\bitdef~1\bdnagent.exe" [2004-07-28 22:40]
"hpfsched"="C:\WINDOWS\hpfsched.exe" [1998-09-23 22:42]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 18:19]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 18:57]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 18:51]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtttqo]
C:\WINDOWS\system32\klogon.dll 2007-06-28 12:51 206088 C:\WINDOWS\system32\klogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

R1 Odptdi;Odptdi;\??\C:\WINDOWS\system32\drivers\odptdi.sys
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys
R2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
S2 IPv6 Helper Driver;IPv6 Helper Driver;"C:\WINDOWS\System32\csass.exe" -service
S2 WSM;Windows Service Manager;"C:\WINDOWS\System32\winsvc.exe" -service
S3 Fadpu16E;Fadpu16E;\??\C:\DOCUME~1\tom\LOCALS~1\Temp\Fadpu16E.sys
S3 NetMate;CATC USB/Ethernet Link device driver;C:\WINDOWS\system32\DRIVERS\netmate2.sys
S3 PID_0920;Labtec WebCam(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2003-09-20 21:00:43 C:\WINDOWS\Tasks\HDReg.job"
- c:\Apps\HDReg\HDRegRem.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 13:55:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-28 13:58:11 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-26 21:54
C:\ComboFix3.txt ... 2007-11-26 11:10
.
--- E O F ---


HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:00:04, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\Program Files\QuickTime\qttask.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Documents and Settings\tom\Bureau\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] C:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton Internet Security.lnk = C:\Program Files\Norton Internet Security\nisfirst.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://secure.edhec.com/postauthI/epi.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.clickteam.com/vitalize3/vitalize.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: awtttqo - C:\WINDOWS\
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPxySvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IPv6 Helper Driver - Unknown owner - C:\WINDOWS\System32\csass.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Unknown owner - C:\Program Files\Norton Internet Security\NISUM.EXE (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: Windows Service Manager (WSM) - Unknown owner - C:\WINDOWS\System32\winsvc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 9268 bytes

C'est mieux ?

Bah je sais pas à toi de me le dire...

Moi je vois pas la différence pour l'instant... j'avais plus vraiment de soucis depuis hier.

Des questions ?

non pas de questions mais merci pour tout !

Bon surf.