Analyse rapport SmitfraudFix SVP

Bonjour Chimay8,

Merci pour ta réponse rapide.
Je suis complétement perdu !
J'ai posté hier n rapport d'analyse de HijackThis
Voila le liens sur commentcamarche: http://www.commentcamarche.net/forum/affich 5638076 analyse hijackthis#dernier
Ci dessous une copie: Merci encore de ton aide:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:24, on 13/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexibase Pro\exe\L-Express.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexibase Pro\exe\lexibase.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Grisoft\AVG Anti-Rootkit Free\avgarkt.exe
C:\Program Files\Grisoft\AVG Anti-Rootkit Free\RuJR8MUhBi.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Lexibase Express] "C:\Program Files\Lexibase Pro\tmpCfg\Lexibase Express.lnk"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a421c66f] rundll32.exe "C:\WINDOWS\system32\ewfvghpq.dll",b
O4 - HKLM\..\Run: [BMa712f5f3] Rundll32.exe "C:\WINDOWS\system32\uloghdac.dll",s
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.1-click.com/common/files/installer2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/default.aspx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Bonjour,

Merci à toi, d' y avoir jeter un coup d'œil !
Effectivement, si tu peux me diriger vers un expert, je suis preneur, car l'ordinateur va vraiment mal !
Comment vois tu , que je suis bien infecté ?
A+
Alex

sorry
merci ske69, on a posté en même temps...

Bonjour chimay8,

merci de ton analyse super rapide.
(Pour IE version 6, j'utulise Firefox, masi bon conseil, je vais tout même le mettre IE à la version 7).
Merci encore de ton aide,
Ci joint les rapports de 1/Hijackthis et 2/combofix

1/Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:40, on 15/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Lexibase Pro\exe\L-Express.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Lexibase Pro\exe\lexibase.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {68535A46-3110-4492-AD7D-7F3E91838325} - C:\WINDOWS\system32\tuvTJdEv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {DD4A65C7-61D7-445F-BCF1-5065F765EAF9} - C:\WINDOWS\system32\cbXNHArQ.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Lexibase Express] "C:\Program Files\Lexibase Pro\tmpCfg\Lexibase Express.lnk"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [a421c66f] rundll32.exe "C:\WINDOWS\system32\xsxhucvd.dll",b
O4 - HKLM\..\Run: [BMa712f5f3] Rundll32.exe "C:\WINDOWS\system32\gnqwalgv.dll",s
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Systray] rundll32.exe sockins32.dll,RunMain
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - http://www.1-click.com/common/files/installer2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cbXNHArQ - C:\WINDOWS\SYSTEM32\cbXNHArQ.dll
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Bonjour Ske69,

Merci de ton aide.
Ci joint le rapport de VirtumundoBeGone.exe suivi de Hijackthis.exe
Pour l'instant je n'ai plus de fenetre pop up du spyware et d'alerte de windows.
Quel est to diagnostic ?
Merci
Alex

[05/16/2008, 19:33:15] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrator\Desktop\desinfection_pc\VirtumundoBeGone.exe" )
[05/16/2008, 19:33:22] - Detected System Information:
[05/16/2008, 19:33:22] - Windows Version: 5.1.2600, Service Pack 3
[05/16/2008, 19:33:22] - Current Username: Administrator (Admin)
[05/16/2008, 19:33:22] - Windows is in NORMAL mode.
[05/16/2008, 19:33:22] - Searching for Browser Helper Objects:
[05/16/2008, 19:33:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/16/2008, 19:33:23] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/16/2008, 19:33:23] - BHO 3: {955BE0B8-BC85-4CAF-856E-8E0D8B610560} (BHO pour Compagnon Web Encarta)
[05/16/2008, 19:33:23] - BHO 4: {9C1EA472-8FC0-48C7-ADCD-F5706EAEEDCB} ()
[05/16/2008, 19:33:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 19:33:23] - Checking for HKLM\...\Winlogon\Notify\tuvTJdEv
[05/16/2008, 19:33:23] - Key not found: HKLM\...\Winlogon\Notify\tuvTJdEv, continuing.
[05/16/2008, 19:33:23] - BHO 5: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[05/16/2008, 19:33:23] - BHO 6: {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} (Microsoft copyright)
[05/16/2008, 19:33:23] - Finished Searching Browser Helper Objects
[05/16/2008, 19:33:23] - Finishing up...
[05/16/2008, 19:33:23] - Nothing found! Exiting...

[05/16/2008, 19:43:12] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrator\Desktop\VirtumundoBeGone.exe" )
[05/16/2008, 19:43:17] - Detected System Information:
[05/16/2008, 19:43:17] - Windows Version: 5.1.2600, Service Pack 3
[05/16/2008, 19:43:17] - Current Username: Administrator (Admin)
[05/16/2008, 19:43:17] - Windows is in NORMAL mode.
[05/16/2008, 19:43:17] - Searching for Browser Helper Objects:
[05/16/2008, 19:43:17] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/16/2008, 19:43:17] - BHO 2: {18206F6D-269C-45C5-B741-E10AF529094C} ()
[05/16/2008, 19:43:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/16/2008, 19:43:17] - Checking for HKLM\...\Winlogon\Notify\tuvTJdEv
[05/16/2008, 19:43:17] - Key not found: HKLM\...\Winlogon\Notify\tuvTJdEv, continuing.
[05/16/2008, 19:43:17] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/16/2008, 19:43:17] - BHO 4: {955BE0B8-BC85-4CAF-856E-8E0D8B610560} (BHO pour Compagnon Web Encarta)
[05/16/2008, 19:43:17] - BHO 5: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[05/16/2008, 19:43:17] - BHO 6: {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} (Microsoft copyright)
[05/16/2008, 19:43:17] - Finished Searching Browser Helper Objects
[05/16/2008, 19:43:18] - Finishing up...
[05/16/2008, 19:43:18] - Nothing found! Exiting...

--------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:01, on 16/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {18206F6D-269C-45C5-B741-E10AF529094C} - C:\WINDOWS\system32\tuvTJdEv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Lexibase Express] "C:\Program Files\Lexibase Pro\tmpCfg\Lexibase Express.lnk"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [a421c66f] rundll32.exe "C:\WINDOWS\system32\xsxhucvd.dll",b
O4 - HKLM\..\Run: [BMa712f5f3] Rundll32.exe "C:\WINDOWS\system32\gnqwalgv.dll",s
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - http://www.1-click.com/common/files/installer2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Re bonjour Ske69

Scan avec vundofix.exe effectué avec comme résultat : no files infected, donc pas besoin de Fix vundo.
Le résultat hajackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:46:22, on 17/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {18206F6D-269C-45C5-B741-E10AF529094C} - C:\WINDOWS\system32\tuvTJdEv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Lexibase Express] "C:\Program Files\Lexibase Pro\tmpCfg\Lexibase Express.lnk"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [a421c66f] rundll32.exe "C:\WINDOWS\system32\ynsnumia.dll",b
O4 - HKLM\..\Run: [BMa712f5f3] Rundll32.exe "C:\WINDOWS\system32\gnqwalgv.dll",s
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - http://www.1-click.com/common/files/installer2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Bonjour sKe69,

Merci pour les nouvelles instructions.
j'ai effectué MalwareByte's 2 fois (la première fois 16 objets infectés et la seconde 19). J'ai tout supprimé.
Ci dessous le rapport de log après le deuxième passage ! ainsi que de hijackthis.
C'est dingue, il y en a partout du trojan vundo !!!!

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 755

Type de recherche: Examen complet (C:\|)
Eléments examinés: 143659
Temps écoulé: 1 hour(s), 24 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMa712f5f3 (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{86B9E5D1-0A2A-4932-8FB0-5B453C937ECC}\RP9\A0006599.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\homepage.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo1.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo2.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo3.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo4.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo5.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo6.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promogif1.gif (Malware.Trace) -> No action taken.
C:\WINDOWS\promogif2.gif (Malware.Trace) -> No action taken.
C:\WINDOWS\promogif3.gif (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\gnqwalgv.dll (Trojan.Agent) -> No action taken.


celui de hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:57:56, on 17/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexibase Pro\exe\L-Express.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexibase Pro\exe\lexibase.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Lexibase Express] "C:\Program Files\Lexibase Pro\tmpCfg\Lexibase Express.lnk"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - http://www.1-click.com/common/files/installer2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Bonjour Ske69

Voivi les rapports de combofix et hijackthis:

ComboFix 08-05-15.2 - Administrator 2008-05-17 21:07:20.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1208 [GMT 8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\start.bat
C:\WINDOWS\system32\asmhpino.exe
C:\WINDOWS\system32\nkqqwhsg.exe
C:\WINDOWS\system32\sffwiidx.exe
C:\WINDOWS\system32\tfoodlst.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.

2008-05-17 09:49 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-17 09:49 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-17 09:47 . 2008-05-17 13:45 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-17 09:47 . 2008-05-17 09:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-17 09:47 . 2008-05-17 09:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-17 01:11 . 2008-05-17 01:11 <DIR> d-------- C:\VundoFix Backups
2008-05-15 20:20 . 2008-05-15 20:20 <DIR> d-------- C:\_OTMoveIt
2008-05-15 17:53 . 2008-05-15 17:53 115,200 --a------ C:\WINDOWS\system32\yjrjvdgu.dll
2008-05-14 22:01 . 2008-05-17 21:32 2,471,968 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-14 22:01 . 2008-05-17 20:51 33,008 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-14 21:58 . 2008-05-14 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-14 21:57 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-05-14 21:57 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-05-14 21:57 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-05-14 21:57 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-05-14 21:57 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-05-14 21:57 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-05-14 21:57 . 2008-05-17 13:48 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-14 21:56 . 2008-05-17 08:43 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-05-14 21:56 . 2008-05-14 21:56 <DIR> d-------- C:\Program Files\Zone Labs
2008-05-14 21:56 . 2008-04-02 21:07 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-05-14 21:56 . 2008-05-17 21:28 358,383 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-05-14 21:47 . 2008-05-17 21:28 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-05-14 21:28 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-14 21:28 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-14 21:28 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-14 21:28 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-14 21:28 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-14 21:28 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-14 21:28 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-14 21:28 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-14 09:00 . 2008-05-14 09:00 123,392 --a------ C:\WINDOWS\system32\kajyjxle.dll
2008-05-13 20:54 . 2008-05-13 20:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-13 20:05 . 2008-05-13 20:05 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-13 20:00 . 2008-05-13 20:00 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-13 20:00 . 2008-04-14 05:42 294,912 -----c--- C:\WINDOWS\system32\DllCache\dlimport.exe
2008-05-13 19:50 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\[u]0[/u]02927_.tmp
2008-05-13 19:42 . 2007-01-18 20:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-05-13 08:05 . 2008-05-17 09:43 109,816 --a------ C:\WINDOWS\BMa712f5f3.xml
2008-05-12 19:44 . 2008-05-12 19:44 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-05-12 19:44 . 2008-05-12 19:44 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-05-12 19:41 . 2008-05-17 20:50 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-05-11 19:41 . 2008-05-11 19:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-11 19:41 . 2008-05-11 19:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-05-11 19:41 . 2007-05-30 20:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-11 12:38 . 2004-08-04 20:00 73,728 --a--c--- C:\WINDOWS\system32\DllCache\w3ext.dll
2008-05-11 12:38 . 2004-08-04 20:00 48,256 --a--c--- C:\WINDOWS\system32\DllCache\w32.dll
2008-05-11 12:38 . 2004-08-04 20:00 41,600 --a--c--- C:\WINDOWS\system32\DllCache\weitekp9.dll
2008-05-11 12:38 . 2004-08-04 20:00 31,232 --a--c--- C:\WINDOWS\system32\DllCache\weitekp9.sys
2008-05-11 12:38 . 2004-08-04 20:00 9,216 --a--c--- C:\WINDOWS\system32\DllCache\wamps51.dll
2008-05-11 12:38 . 2004-08-04 20:00 5,632 --a--c--- C:\WINDOWS\system32\DllCache\w3svapi.dll
2008-05-11 12:38 . 2004-08-04 20:00 4,608 --a--c--- C:\WINDOWS\system32\DllCache\w3ctrs51.dll
2008-05-11 12:36 . 2004-08-04 20:00 10,096,640 --a--c--- C:\WINDOWS\system32\DllCache\hwxcht.dll
2008-05-11 12:33 . 2008-05-11 12:33 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-11 12:33 . 2008-05-11 12:33 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-11 12:33 . 2008-05-11 12:33 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-11 12:33 . 2008-05-11 12:33 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-05-11 12:33 . 2008-05-11 12:33 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-11 12:33 . 2008-05-11 12:33 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-11 11:34 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-05-11 10:50 . 2008-05-17 21:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-11 10:50 . 2008-05-11 10:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-11 10:26 . 2008-05-14 21:34 4,540 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-10 17:14 . 2008-05-17 21:30 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-10 17:14 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-10 17:14 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-10 17:14 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-10 17:14 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-10 17:13 . 2008-05-17 19:08 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-10 17:13 . 2008-05-10 17:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-05-10 12:31 . 2008-05-10 12:31 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-09 23:03 . 2008-05-12 19:12 1,906 --a------ C:\WINDOWS\index.html
2008-05-09 23:02 . 2008-05-09 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-09 20:04 . 2007-01-18 10:24 26,496 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys
2008-05-09 20:03 . 2008-05-09 20:03 <DIR> d-------- C:\Program Files\Common Files\Research In Motion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 13:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-05-17 12:54 1,528,832 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-05-17 12:53 1,528,832 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-05-17 12:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-05-17 06:11 1,508,352 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-05-17 01:54 1,506,816 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-05-16 11:27 1,484,800 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-05-13 15:33 --------- d-----w C:\Program Files\eMule
2008-05-10 07:56 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-05-05 00:27 70,040 -c--a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-05-01 02:22 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-24 11:10 --------- d-----w C:\Program Files\Apple Software Update
2008-04-13 21:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-13 21:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-13 21:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-13 21:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-13 21:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-13 21:43 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-13 21:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-13 21:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-13 21:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-13 21:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-13 21:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-13 21:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-13 21:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-13 21:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 21:40 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 17:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 16:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 16:57 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 16:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 16:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 16:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 16:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 16:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 16:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 16:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 16:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 16:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 16:48 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 16:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 16:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 16:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 16:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 16:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 16:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 16:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 16:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 16:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 16:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 16:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 16:30 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 16:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 16:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 16:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 16:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 16:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 16:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 16:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 16:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 16:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 16:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 16:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 16:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 16:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 16:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 16:26 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 16:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 16:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 16:26 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 16:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 16:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 16:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 16:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 16:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 16:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 16:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 16:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 16:21 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 16:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 16:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 16:21 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 16:17 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 16:15 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
2008-04-13 16:14 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 16:14 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 16:14 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 16:14 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 16:13 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 16:13 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 16:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 16:13 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 16:11 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 16:11 42,112 ----a-w C:\WINDOWS\system32\drivers\imapi.sys
2008-04-13 16:09 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2008-04-13 16:09 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
2008-04-13 16:09 5,504 ----a-w C:\WINDOWS\system32\drivers\mstee.sys
2008-04-13 16:09 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys
2008-04-13 16:09 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys
2008-04-13 16:09 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-02-01 16:45 98304]
"Second Copy"="C:\Program Files\SecCopy\SecCopy.exe" [2006-04-18 12:59 2643456]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-01-14 11:00 339968]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-23 11:00 94208]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 19:18 98304]
"nwiz"="nwiz.exe" [2005-02-24 22:32 1495040 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 22:32 5537792]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-08 00:48 147514]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 18:50 139320]
"Lexibase Express"="C:\Program Files\Lexibase Pro\tmpCfg\Lexibase Express.lnk" [2005-10-20 20:53 1725]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44 61440]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 10:32 208952]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 08:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 13:21 61440]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 14:17 90112]
"SoundMan"="SOUNDMAN.EXE" [2005-05-03 18:43 90112 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-05-04 10:01 2805248 C:\WINDOWS\ALCWZRD.EXE]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 09:17 443968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Second Copy]
--a------ 2006-04-18 12:59 2643456 C:\Program Files\SecCopy\SecCopy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Second Copy 2000]
--a------ 2006-04-18 12:59 2643456 C:\Program Files\SecCopy\SecCopy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-04-12 13:23 341488 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe LM Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\EA SPORTS\\FIFA 07\\EA SPORTS\\FIFA 07\\fifa07.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17212:TCP"= 17212:TCP:BitComet 17212 TCP
"17212:UDP"= 17212:UDP:BitComet 17212 UDP

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2006-10-28 20:07]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2001-05-29 00:09]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ef35a4a-7f84-11dc-bfa9-0013d4934664}]
\Shell\AutoRun\command - G:\sysboot.scr
\Shell\open\Command - G:\sysboot.scr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76c0518a-4102-11da-bc88-0013d4934664}]
\Shell\AutoRun\command - Iexplores.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76c0518b-4102-11da-bc88-0013d4934664}]
\Shell\AutoRun\command - Iexplores.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 10:00:37 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-03-12 23:15:00 C:\WINDOWS\Tasks\Mozilla Firefox.job"
- C:\PROGRA~1\MOZILL~2\firefox.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 21:31:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FILELOCK.TMP 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Lexibase Pro\exe\hkey.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexibase Pro\exe\L-Express.exe
C:\Program Files\Lexibase Pro\exe\Lexibase.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-05-17 21:39:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-17 13:39:10
ComboFix2.txt 2008-05-15 15:38:42
ComboFix3.txt 2008-05-15 15:20:10
ComboFix4.txt 2008-05-15 12:54:22

Pre-Run: 8,740,139,008 bytes free
Post-Run: 8,721,068,032 bytes free

338 --- E O F --- 2008-05-13 00:39:47

ET

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:47, on 18/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexibase Pro\exe\L-Express.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexibase Pro\exe\lexibase.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Lexibase Express] "C:\Program Files\Lexibase Pro\tmpCfg\Lexibase Express.lnk"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - http://www.1-click.com/common/files/installer2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Re-re bonjour

Ci joint le log (entre temps j'ai mis IE à la version 7)
Merci encore de ton aide.
ALex

ComboFix 08-05-15.2 - Administrator 2008-05-18 19:33:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1000 [GMT 8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FILELOCK.TMP
C:\WINDOWS\BMa712f5f3.xml
C:\WINDOWS\pskt.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\WINDOWS\BMa712f5f3.xml

.
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.

2008-05-17 09:49 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-17 09:49 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-17 09:47 . 2008-05-17 13:45 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-17 09:47 . 2008-05-17 09:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-17 09:47 . 2008-05-17 09:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-15 20:20 . 2008-05-15 20:20 <DIR> d-------- C:\_OTMoveIt
2008-05-15 17:53 . 2008-05-15 17:53 115,200 --a------ C:\WINDOWS\system32\yjrjvdgu.dll
2008-05-14 22:01 . 2008-05-18 19:42 2,787,360 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-14 22:01 . 2008-05-18 19:39 36,824 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-14 21:58 . 2008-05-14 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-14 21:57 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-05-14 21:57 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-05-14 21:57 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-05-14 21:57 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-05-14 21:57 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-05-14 21:57 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-05-14 21:57 . 2008-05-18 17:17 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-14 21:56 . 2008-05-17 08:43 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-05-14 21:56 . 2008-05-14 21:56 <DIR> d-------- C:\Program Files\Zone Labs
2008-05-14 21:56 . 2008-04-02 21:07 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-05-14 21:56 . 2008-05-18 19:41 358,383 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-05-14 21:47 . 2008-05-18 19:42 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-05-14 21:28 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-14 21:28 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-14 21:28 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-14 21:28 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-14 21:28 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-14 21:28 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-14 21:28 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-14 21:28 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-14 09:00 . 2008-05-14 09:00 123,392 --a------ C:\WINDOWS\system32\kajyjxle.dll
2008-05-13 20:54 . 2008-05-13 20:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-13 20:05 . 2008-05-13 20:05 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-13 20:00 . 2008-05-13 20:00 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-13 20:00 . 2008-04-14 05:42 294,912 -----c--- C:\WINDOWS\system32\DllCache\dlimport.exe
2008-05-13 19:50 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\[u]0[/u]02927_.tmp
2008-05-13 19:42 . 2007-01-18 20:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-05-12 19:44 . 2008-05-12 19:44 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-05-12 19:44 . 2008-05-12 19:44 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-05-12 19:41 . 2008-05-18 17:13 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-05-11 19:41 . 2008-05-11 19:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-11 19:41 . 2008-05-11 19:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-05-11 19:41 . 2007-05-30 20:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-11 12:38 . 2004-08-04 20:00 73,728 --a--c--- C:\WINDOWS\system32\DllCache\w3ext.dll
2008-05-11 12:38 . 2004-08-04 20:00 48,256 --a--c--- C:\WINDOWS\system32\DllCache\w32.dll
2008-05-11 12:38 . 2004-08-04 20:00 41,600 --a--c--- C:\WINDOWS\system32\DllCache\weitekp9.dll
2008-05-11 12:38 . 2004-08-04 20:00 31,232 --a--c--- C:\WINDOWS\system32\DllCache\weitekp9.sys
2008-05-11 12:38 . 2004-08-04 20:00 9,216 --a--c--- C:\WINDOWS\system32\DllCache\wamps51.dll
2008-05-11 12:38 . 2004-08-04 20:00 5,632 --a--c--- C:\WINDOWS\system32\DllCache\w3svapi.dll
2008-05-11 12:38 . 2004-08-04 20:00 4,608 --a--c--- C:\WINDOWS\system32\DllCache\w3ctrs51.dll
2008-05-11 12:36 . 2004-08-04 20:00 10,096,640 --a--c--- C:\WINDOWS\system32\DllCache\hwxcht.dll
2008-05-11 12:33 . 2008-05-11 12:33 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-11 12:33 . 2008-05-11 12:33 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-11 12:33 . 2008-05-11 12:33 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-11 12:33 . 2008-05-11 12:33 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-05-11 12:33 . 2008-05-11 12:33 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-11 12:33 . 2008-05-11 12:33 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-11 11:34 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-05-11 10:50 . 2008-05-18 19:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-11 10:50 . 2008-05-11 10:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-11 10:26 . 2008-05-14 21:34 4,540 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-10 17:14 . 2008-05-18 02:42 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-10 17:14 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-10 17:14 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-10 17:14 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-10 17:14 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-10 17:13 . 2008-05-17 19:08 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-10 17:13 . 2008-05-10 17:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-05-10 12:31 . 2008-05-10 12:31 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-09 23:03 . 2008-05-12 19:12 1,906 --a------ C:\WINDOWS\index.html
2008-05-09 23:02 . 2008-05-09 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-09 20:04 . 2007-01-18 10:24 26,496 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys
2008-05-09 20:03 . 2008-05-09 20:03 <DIR> d-------- C:\Program Files\Common Files\Research In Motion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 11:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-05-18 09:19 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-05-18 09:15 1,430,016 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-05-18 08:15 1,409,536 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-05-17 12:54 1,528,832 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-05-17 12:53 1,528,832 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-05-17 06:11 1,508,352 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-05-17 01:54 1,506,816 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-05-16 11:27 1,484,800 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-05-13 15:33 --------- d-----w C:\Program Files\eMule
2008-05-10 07:56 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-05-05 00:27 70,040 -c--a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-05-01 02:22 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-24 11:10 --------- d-----w C:\Program Files\Apple Software Update
2008-04-13 21:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-13 21:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-13 21:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-13 21:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-13 21:41 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-13 16:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 16:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 16:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 16:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 16:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 16:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 16:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 16:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 16:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 16:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 16:48 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 16:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 16:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 16:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 16:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 16:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 16:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 16:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 16:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 16:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 16:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 16:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 16:30 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 16:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 16:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 16:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 16:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 16:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 16:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 16:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 16:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 16:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 16:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 16:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 16:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 16:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 16:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 16:26 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 16:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 16:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 16:26 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 16:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 16:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 16:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 16:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 16:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 16:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 16:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 16:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 16:21 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 16:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 16:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 16:21 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 16:17 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 16:15 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
2008-04-13 16:14 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 16:14 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 16:14 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 16:14 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 16:13 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 16:13 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 16:11 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 16:11 42,112 ----a-w C:\WINDOWS\system32\drivers\imapi.sys
2008-04-13 16:09 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2008-04-13 16:09 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
2008-04-13 16:09 5,504 ----a-w C:\WINDOWS\system32\drivers\mstee.sys
2008-04-13 16:09 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys
2008-04-13 16:09 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys
2008-04-13 16:09 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys
2008-04-13 16:09 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
2008-04-13 16:09 384,768 ----a-w C:\WINDOWS\system32\drivers\update.sys
2008-04-13 16:09 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-13 16:09 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-13 16:08 71,168 ----a-w C:\WINDOWS\system32\drivers\dxg.sys
2008-04-13 16:04 163,584 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys
2008-04-13 16:03 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-13 16:03 129,792 ----a-w C:\WINDOWS\system32\drivers\fltmgr.sys
2008-04-13 16:02 66,048 ----a-w C:\WINDOWS\system32\drivers\udfs.sys
2008-04-13 16:02 30,848 ----a-w C:\WINDOWS\system32\drivers\npfs.sys
2008-04-13 16:02 196,224 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys
2008-04-13 16:02 19,072 ----a-w C:\WINDOWS\system32\drivers\msfs.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-17_21.34.52.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-17 13:25:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-18 11:40:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-13 21:41:50 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2008-04-13 21:41:50 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2008-04-13 21:41:52 33,792 -c--a-w C:\WINDOWS\ie7\custsat.dll
+ 2008-04-13 21:41:54 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2008-04-13 21:41:54 205,312 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2008-04-13 21:41:54 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2008-04-13 21:41:56 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2008-04-13 21:42:24 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2008-04-13 21:41:56 143,360 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2008-04-13 21:41:56 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2004-08-04 12:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2008-04-13 21:41:56 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2008-04-13 21:42:24 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2008-04-13 21:41:56 251,904 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2008-04-13 21:41:56 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2008-04-13 21:41:56 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2008-04-13 21:42:24 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2008-04-13 21:41:56 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2008-04-13 21:41:56 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2008-04-13 21:41:58 15,872 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2008-04-13 21:41:58 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2008-04-13 21:42:28 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
+ 2008-04-13 21:42:00 3,066,880 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2008-04-13 21:42:00 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2008-04-13 13:56:28 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
+ 2004-08-04 12:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
+ 2008-04-13 21:42:02 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2008-04-13 21:42:02 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2008-04-13 21:42:04 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
+ 2008-04-13 21:42:04 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-08-13 10:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-13 10:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 09:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 09:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2008-04-13 21:42:10 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
+ 2008-04-13 21:42:10 619,520 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2008-04-13 21:42:10 851,968 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2008-04-13 21:42:10 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2008-04-13 21:42:10 666,112 -c--a-w C:\WINDOWS\ie7\wininet.dll
- 2008-04-13 21:41:50 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 10:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2008-04-13 21:41:50 99,840 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-08-13 10:39:00 123,904 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-08-13 10:39:20 71,680 -c----w C:\WINDOWS\system32\DllCache\admparse.dll
+ 2007-08-13 10:39:00 123,904 -c----w C:\WINDOWS\system32\DllCache\advpack.dll
+ 2006-09-23 05:12:50 1,022,976 -c----w C:\WINDOWS\system32\DllCache\browseui.dll
+ 2007-08-13 10:42:54 17,408 -c----w C:\WINDOWS\system32\DllCache\corpol.dll
- 2008-04-13 21:41:52 33,792 -c--a-w C:\WINDOWS\system32\DllCache\custsat.dll
+ 2007-08-13 10:54:10 33,792 -c--a-w C:\WINDOWS\system32\DllCache\custsat.dll
+ 2007-08-13 10:35:46 346,624 -c----w C:\WINDOWS\system32\DllCache\dxtmsft.dll
+ 2007-08-13 10:35:38 214,528 -c----w C:\WINDOWS\system32\DllCache\dxtrans.dll
+ 2007-08-13 10:54:10 131,584 -c----w C:\WINDOWS\system32\DllCache\extmgr.dll
+ 2007-08-13 10:18:02 60,416 -c----w C:\WINDOWS\system32\DllCache\hmmapi.dll
+ 2007-08-13 10:39:06 54,784 -c----w C:\WINDOWS\system32\DllCache\ie4uinit.exe
+ 2007-08-13 10:39:26 152,064 -c----w C:\WINDOWS\system32\DllCache\ieakeng.dll
+ 2007-08-13 10:39:54 229,376 -c----w C:\WINDOWS\system32\DllCache\ieaksie.dll
- 2004-08-04 12:00:00 221,184 -c--a-w C:\WINDOWS\system32\DllCache\ieakui.dll
+ 2007-08-13 09:56:54 161,792 -c--a-w C:\WINDOWS\system32\DllCache\ieakui.dll
+ 2007-08-13 10:39:50 382,976 -c----w C:\WINDOWS\system32\DllCache\iedkcs32.dll
+ 2007-08-13 10:44:02 69,120 -c----w C:\WINDOWS\system32\DllCache\iedw.exe
+ 2007-08-13 10:45:18 78,336 -c----w C:\WINDOWS\system32\DllCache\ieencode.dll
+ 2007-08-13 10:54:10 191,488 -c----w C:\WINDOWS\system32\DllCache\iepeers.dll
+ 2007-08-13 10:39:10 43,008 -c----w C:\WINDOWS\system32\DllCache\iernonce.dll
+ 2007-08-13 10:39:12 55,296 -c----w C:\WINDOWS\system32\DllCache\iesetup.dll
+ 2007-08-13 10:43:56 622,080 -c----w C:\WINDOWS\system32\DllCache\iexplore.exe
+ 2007-08-13 10:36:06 36,352 -c----w C:\WINDOWS\system32\DllCache\imgutil.dll
+ 2007-08-13 10:39:02 92,672 -c----w C:\WINDOWS\system32\DllCache\inseng.dll
+ 2007-08-13 10:38:04 491,520 -c----w C:\WINDOWS\system32\DllCache\jscript.dll
+ 2007-08-13 10:54:10 27,136 -c----w C:\WINDOWS\system32\DllCache\jsproxy.dll
+ 2007-08-13 10:44:18 40,960 -c----w C:\WINDOWS\system32\DllCache\licmgr10.dll
+ 2007-08-13 10:32:30 45,568 -c----w C:\WINDOWS\system32\DllCache\mshta.exe
+ 2007-08-13 10:54:12 3,578,368 -c----w C:\WINDOWS\system32\DllCache\mshtml.dll
+ 2007-08-13 10:54:10 475,648 -c----w C:\WINDOWS\system32\DllCache\mshtmled.dll
+ 2007-08-13 10:01:12 48,128 -c----w C:\WINDOWS\system32\DllCache\mshtmler.dll
- 2004-08-04 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\DllCache\msls31.dll
+ 2007-08-13 10:54:10 156,160 -c--a-w C:\WINDOWS\system32\DllCache\msls31.dll
+ 2007-08-13 10:44:26 192,000 -c----w C:\WINDOWS\system32\DllCache\msrating.dll
+ 2007-08-13 10:54:10 670,720 -c----w C:\WINDOWS\system32\DllCache\mstime.dll
+ 2007-08-13 10:44:06 101,376 -c----w C:\WINDOWS\system32\DllCache\occache.dll
+ 2007-08-13 10:36:12 44,544 -c----w C:\WINDOWS\system32\DllCache\pngfilt.dll
+ 2006-09-23 05:12:50 1,497,088 -c----w C:\WINDOWS\system32\DllCache\shdocvw.dll
+ 2006-09-23 05:12:50 474,112 -c----w C:\WINDOWS\system32\DllCache\shlwapi.dll
+ 2007-08-13 10:44:30 105,984 -c----w C:\WINDOWS\system32\DllCache\url.dll
+ 2007-08-13 10:54:10 1,162,240 -c----w C:\WINDOWS\system32\DllCache\urlmon.dll
+ 2007-08-13 10:54:10 413,696 -c----w C:\WINDOWS\system32\DllCache\vbscript.dll
+ 2007-08-13 10:54:10 765,952 -c----w C:\WINDOWS\system32\DllCache\VGX.dll
+ 2007-08-13 10:54:10 231,424 -c----w C:\WINDOWS\system32\DllCache\webcheck.dll
+ 2007-08-13 10:54:10 818,688 -c----w C:\WINDOWS\system32\DllCache\wininet.dll
- 2008-04-13 21:41:54 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-13 10:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-04-13 21:41:54 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-13 10:35:38 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-04-13 21:41:54 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-13 10:54:10 131,584 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-13 10:36:26 61,952 ------w C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 00:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
- 2008-04-13 21:42:24 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-08-13 10:39:06 54,784 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-04-13 21:41:56 143,360 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-08-13 10:39:26 152,064 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-04-13 21:41:56 216,576 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-08-13 10:39:54 229,376 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2004-08-04 12:00:00 221,184 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-08-13 09:56:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-02-12 08:10:12 2,451,312 ------w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-07-11 04:27:48 383,488 ------w C:\WINDOWS\system32\ieapfltr.dll
- 2008-04-13 21:41:56 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-08-13 10:39:50 382,976 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-08-13 10:54:10 6,049,280 ------w C:\WINDOWS\system32\ieframe.dll
- 2008-04-13 21:41:56 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-13 10:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-04-13 21:41:56 48,640 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-08-13 10:39:10 43,008 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-08-13 10:34:04 266,752 ------w C:\WINDOWS\system32\iertutil.dll
- 2008-04-13 21:41:56 62,976 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 10:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 10:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-13 10:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2008-04-13 21:41:56 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-13 10:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2008-04-13 21:41:56 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-13 10:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2008-04-13 21:41:58 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-13 10:54:10 27,136 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-04-13 21:41:58 22,016 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 10:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 10:54:10 458,752 ------w C:\WINDOWS\system32\msfeeds.dll
+ 2007-08-13 10:54:10 50,688 ------w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-13 10:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
- 2008-04-13 21:42:28 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2007-08-13 10:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2008-04-13 21:42:00 3,066,880 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-13 10:54:12 3,578,368 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-04-13 21:42:00 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-13 10:54:10 475,648 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-04-13 13:56:28 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-13 10:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2004-08-04 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2007-08-13 10:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2008-04-13 21:42:02 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-13 10:44:26 192,000 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-04-13 21:42:02 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-13 10:54:10 670,720 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2006-06-28 09:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 00:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
- 2008-04-13 21:42:04 96,256 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-08-13 10:44:06 101,376 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-04-13 21:42:04 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-13 10:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-04-13 21:42:10 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-08-13 10:44:30 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-04-13 21:42:10 619,520 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-13 10:54:10 1,162,240 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-04-13 21:42:10 276,480 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-13 10:54:10 231,424 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-13 10:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
- 2008-04-13 21:42:10 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-08-13 10:54:10 818,688 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-05-18 11:40:45 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_59c.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-02-01 16:45 98304]
"Second Copy"="C:\Program Files\SecCopy\SecCopy.exe" [2006-04-18 12:59 2643456]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-01-14 11:00 339968]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-23 11:00 94208]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 19:18 98304]
"nwiz"="nwiz.exe" [2005-02-24 22:32 1495040 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 22:32 5537792]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-08 00:48 147514]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 18:50 139320]
"Lexibase Express"="C:\Program Files\Lexibase Pro\tmpCfg\Lexibase Express.lnk" [2005-10-20 20:53 1725]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44 61440]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 10:32 208952]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 08:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 13:21 61440]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 14:17 90112]
"SoundMan"="SOUNDMAN.EXE" [2005-05-03 18:43 90112 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-05-04 10:01 2805248 C:\WINDOWS\ALCWZRD.EXE]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 09:17 443968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Second Copy]
--a------ 2006-04-18 12:59 2643456 C:\Program Files\SecCopy\SecCopy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Second Copy 2000]
--a------ 2006-04-18 12:59 2643456 C:\Program Files\SecCopy\SecCopy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-04-12 13:23 341488 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe LM Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\EA SPORTS\\FIFA 07\\EA SPORTS\\FIFA 07\\fifa07.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17212:TCP"= 17212:TCP:BitComet 17212 TCP
"17212:UDP"= 17212:UDP:BitComet 17212 UDP

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2006-10-28 20:07]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2001-05-29 00:09]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ef35a4a-7f84-11dc-bfa9-0013d4934664}]
\Shell\AutoRun\command - G:\sysboot.scr
\Shell\open\Command - G:\sysboot.scr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76c0518a-4102-11da-bc88-0013d4934664}]
\Shell\AutoRun\command - Iexplores.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76c0518b-4102-11da-bc88-0013d4934664}]
\Shell\AutoRun\command - Iexplores.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 10:00:37 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-03-12 23:15:00 C:\WINDOWS\Tasks\Mozilla Firefox.job"
- C:\PROGRA~1\MOZILL~2\firefox.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 19:43:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Lexibase Pro\exe\hkey.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexibase Pro\exe\L-Express.exe
C:\Program Files\Lexibase Pro\exe\Lexibase.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-05-18 19:49:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-18 11:49:38
ComboFix2.txt 2008-05-17 13:39:54
ComboFix3.txt 2008-05-15 15:38:42
ComboFix4.txt 2008-05-15 15:20:10
ComboFix5.txt 2008-05-15 12:54:22

Pre-Run: 8,893,984,768 bytes free
Post-Run: 8,874,041,344 bytes free

501 --- E O F --- 2008-05-13 00:39:47

Bonjour Ske69,

Ci dessous les rapports.
Le trojan Vundo est il encore présent dans l 'ordinateur ?
SDfix c'est pour quel spyware ?
Merci des tes réponses.
Alex


[b]SDFix: Version 1.183 [/b]
Run by Administrator on 19/05/2008 at 19:57

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default IE Settings

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\index.html - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 20:08:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion]
"IQ\ahß\x8d\x8f\x2013"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\hü]
"Í\x2039í\x2039T\x20acó`"=dword:00000001
"Í\x2039í\x2039\x201c\x008feQ"=dword:00000001
"\20\x90\20nÐc:y"=dword:00000001
"\26Y\1xÐc:y"=dword:00000001
"Òczz<h"=dword:00000000
"IQ\ahß\x8d\x8f\x2013"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ìü]
"Í\x2039í\x2039T\x20acó`"=dword:00000001
"Í\x2039í\x2039\x201c\x008feQ"=dword:00000001
"\20\x90\20nÐc:y"=dword:00000001
"\26Y\1xÐc:y"=dword:00000001
"Òczz<h"=dword:00000000
"IQ\ahß\x8d\x8f\x2013"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ñ
]
"Í\x2039í\x2039T\x20acó`"=dword:00000001
"Í\x2039í\x2039\x201c\x008feQ"=dword:00000001
"\20\x90\20nÐc:y"=dword:00000001
"\26Y\1xÐc:y"=dword:00000001
"Òczz<h"=dword:00000000
"IQ\ahß\x8d\x8f\x2013"=dword:00000001

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windowsr NetMeetingr"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:MSN Messenger 7.0"
"C:\\Program Files\\EA SPORTS\\FIFA 07\\EA SPORTS\\FIFA 07\\fifa07.exe"="C:\\Program Files\\EA SPORTS\\FIFA 07\\EA SPORTS\\FIFA 07\\fifa07.exe:*:Enabled:fifa07"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. The whole world can talk for free."

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon 14 Apr 2008 1,695,232 A.SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 3 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Sun 14 May 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 12 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7ede7ca9b366a34654f15a480636a50c\BIT1A.tmp"
Tue 13 May 2008 4,548,840 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc7d0f6ab3aa3bf7be4e2f411369f85d\BIT12.tmp"
Sat 17 May 2008 8,846,888 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f3bc302a068d0e8bd65970454d390696\BIT2E.tmp"
Tue 13 May 2008 24,758,792 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT2D.tmp"
Thu 1 Dec 2005 25,600 ...H. --- "C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\~WRL0005.tmp"

[b]Finished![/b]

******************************************************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:50, on 19/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\Program Files\Lexibase Pro\exe\L-Express.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Lexibase Pro\exe\lexibase.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Lexibase Express] "C:\Program Files\Lexibase Pro\tmpCfg\Lexibase Express.lnk"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Second Copy] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - http://www.1-click.com/common/files/installer2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Bonjour Ske69,

Ci dessous le rapport.
A propos, j'ai mis un clé USB hier, et mon antivirus à détecté un trojan ! Comment faire pour être sur qu il n y pas de menace pour mes autres disques amovibles ? Il y a til un soft que je peux utiliser pour scanner tout mes disques ?
Merci
Alex

Search Navipromo version 3.5.7 commencé le 20/05/2008 à 19:30:49,84

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Administrator"

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\startm~1\programs" ***


*** Recherche dossiers dans "C:\Documents and Settings\Administrator\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Administrator\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Administrator\startm~1\programs" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Administrator\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Administrator\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 20/05/2008 à 19:35:58,53 ***

Bonjour Ske69,

Désolé j'ai fait" delete "sur le trojan de ma clé, et donc pas eu le temps de noté le nom ! trop bête !

ci joint le log de dialhelp and Malwarebytes (A priori rien d'infecté dans mes disques USB ? ouf).
Merci encore pour ton aide.
Est ce clean maintenant ?
aLex


DiagHelp version v1.4 - http://www.malekal.com
excute le 24/05/2008 à 10:36:12,12


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->24/05/2008 10:36:11
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->24/05/2008 10:36:08
C:\WINDOWS\prefetch\WSCNTFY.EXE-1B24F5EB.pf -->24/05/2008 10:35:58
C:\WINDOWS\prefetch\WINZIP32.EXE-382A5A28.pf -->24/05/2008 10:34:22
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->24/05/2008 10:34:14
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->24/05/2008 10:25:31
C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf -->24/05/2008 10:24:04
C:\WINDOWS\prefetch\DFRGNTFS.EXE-269967DF.pf -->24/05/2008 09:29:08
C:\WINDOWS\prefetch\DEFRAG.EXE-273F131E.pf -->24/05/2008 09:29:06
C:\WINDOWS\prefetch\Layout.ini -->24/05/2008 09:28:55

C:\WINDOWS\System32\drivers\fidbox.dat -->24/05/2008 10:34:35
C:\WINDOWS\System32\drivers\fidbox.idx -->23/05/2008 22:46:31
C:\WINDOWS\System32\drivers\mbamcatchme.sys -->05/05/2008 20:46:36
C:\WINDOWS\System32\drivers\mbam.sys -->05/05/2008 20:46:32
C:\WINDOWS\System32\drivers\rdpwd.sys -->14/04/2008 05:43:24
C:\WINDOWS\System32\drivers\termdd.sys -->14/04/2008 05:43:22
C:\WINDOWS\System32\drivers\tdtcp.sys -->14/04/2008 05:43:22

C:\WINDOWS\System32\zllictbl.dat -->24/05/2008 08:57:02
C:\WINDOWS\System32\nvapps.xml -->24/05/2008 08:55:36
C:\WINDOWS\System32\vsconfig.xml -->24/05/2008 08:55:19
C:\WINDOWS\System32\wpa.dbl -->24/05/2008 08:53:55
C:\WINDOWS\System32\perfh009.dat -->17/05/2008 16:00:31
C:\WINDOWS\System32\perfc009.dat -->17/05/2008 16:00:31
C:\WINDOWS\System32\PerfStringBackup.INI -->17/05/2008 16:00:30
C:\WINDOWS\System32\clkcnt.txt -->16/05/2008 20:14:44
C:\WINDOWS\System32\yjrjvdgu.dll -->15/05/2008 17:53:24
C:\WINDOWS\System32\tmp.txt -->14/05/2008 21:34:11
C:\WINDOWS\System32\tmp.reg -->14/05/2008 21:34:11
C:\WINDOWS\System32\kajyjxle.dll -->14/05/2008 09:00:08
C:\WINDOWS\System32\spupdwxp.log -->13/05/2008 20:19:35
C:\WINDOWS\System32\FNTCACHE.DAT -->13/05/2008 20:18:19
C:\WINDOWS\System32\nscompat.tlb -->12/05/2008 19:44:34
C:\WINDOWS\System32\amcompat.tlb -->12/05/2008 19:44:34
C:\WINDOWS\System32\$winnt$.inf -->11/05/2008 12:39:41
C:\WINDOWS\System32\WindowsLogon.manifest -->11/05/2008 12:33:40
C:\WINDOWS\System32\logonui.exe.manifest -->11/05/2008 12:33:40
C:\WINDOWS\System32\wuaucpl.cpl.manifest -->11/05/2008 12:33:30
C:\WINDOWS\System32\sapi.cpl.manifest -->11/05/2008 12:33:30
C:\WINDOWS\System32\nwc.cpl.manifest -->11/05/2008 12:33:30
C:\WINDOWS\System32\ncpa.cpl.manifest -->11/05/2008 12:33:30
C:\WINDOWS\System32\cdplayer.exe.manifest -->11/05/2008 12:33:30
C:\WINDOWS\System32\emptyregdb.dat -->11/05/2008 12:32:04

C:\WINDOWS\QTFont.qfn -->24/05/2008 08:56:07
C:\WINDOWS\WindowsUpdate.log -->24/05/2008 08:55:32
C:\WINDOWS\0.log -->24/05/2008 08:54:51
C:\WINDOWS\wiadebug.log -->24/05/2008 08:54:45
C:\WINDOWS\wiaservc.log -->24/05/2008 08:54:41
C:\WINDOWS\bootstat.dat -->24/05/2008 08:53:52
C:\WINDOWS\SchedLgU.Txt -->23/05/2008 22:46:11
C:\WINDOWS\setupapi.log -->22/05/2008 08:38:11
C:\WINDOWS\randseed.rnd -->21/05/2008 19:56:15
C:\WINDOWS\NeroDigital.ini -->20/05/2008 21:39:23
C:\WINDOWS\tsoc.log -->19/05/2008 20:34:17
C:\WINDOWS\tabletoc.log -->19/05/2008 20:34:17
C:\WINDOWS\ocmsn.log -->19/05/2008 20:34:17
C:\WINDOWS\ntdtcsetup.log -->19/05/2008 20:34:17
C:\WINDOWS\KB947864-IE7.log -->19/05/2008 20:34:17

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1440
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x77c10000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x77a80000 0x95000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x754d0000 0x80000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
0x42c10000 0xd0000 7.00.6000.16640 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x42990000 0x45000 7.00.6000.16640 C:\WINDOWS\system32\iertutil.dll
0x76c30000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x74d90000 0x6b000 1.420.2600.5512 C:\WINDOWS\system32\USP10.dll
0x5d090000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76fd0000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x76b20000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL
0x37000000 0x13000 8.00.0000.0277 C:\WINDOWS\system32\EntApi.dll
0x7d1e0000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
0x42ef0000 0x5cd000 7.00.6000.16640 C:\WINDOWS\system32\ieframe.dll
0x42cf0000 0x127000 7.00.6000.16640 C:\WINDOWS\system32\urlmon.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x42e40000 0x3c000 7.00.6000.16640 C:\WINDOWS\system32\webcheck.dll
0x74980000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll
0x02470000 0x16d000 6.14.0010.10035 C:\WINDOWS\system32\nview.dll
0x00c80000 0x8000 C:\Program Files\Lexibase Pro\exe\hkey.dll
0x10000000 0x1b9000 2.00.0000.0008 C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll
0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Common Files\Ahead\lib\MFC71.DLL
0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Common Files\Ahead\lib\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Common Files\Ahead\lib\MSVCP71.dll
0x5d360000 0xe000 7.10.3077.0000 C:\WINDOWS\system32\MFC71ENU.DLL
0x00f50000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x019d0000 0xa000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.FRA
0x01c70000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x02330000 0xe000 7.00.0000.1333 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x79000000 0x45000 2.00.50727.0832 C:\WINDOWS\system32\MSCOREE.DLL
0x60610000 0x6000 2.00.50727.0042 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x79e70000 0x566000 2.00.50727.0832 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
0x32520000 0x12000 10.00.2609.0000 C:\Program Files\Microsoft Office\Office10\msohev.dll
0x16200000 0x6000 4.01.0000.0000 C:\Program Files\WinZip\WZSHLSTB.DLL
0x04be0000 0x557000 6.14.0010.7184 C:\WINDOWS\system32\nvcpl.dll
0x74c80000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll
0x05140000 0x73000 6.14.0010.10035 C:\WINDOWS\system32\nvshell.dll
0x03530000 0x14000 2.00.0004.0003 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
0x03550000 0x102000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL
0x036b0000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x03190000 0x15000 6.14.0010.7184 C:\WINDOWS\system32\nvwddi.dll
0x605f0000 0x7000 3.01.4001.5512 C:\WINDOWS\system32\MSISIP.DLL
0x7dfa0000 0x16000 5.07.0000.16599 C:\WINDOWS\system32\wshext.dll
0x365a0000 0x15000 10.00.2625.0000 C:\PROGRA~1\MICROS~1\Office10\MCPS.DLL

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 696
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x77c10000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x77a80000 0x95000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x76c30000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x74d90000 0x6b000 1.420.2600.5512 C:\WINDOWS\system32\USP10.dll
0x5d090000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll
0x74320000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x00940000 0x17000 3.525.1132.0000 C:\WINDOWS\system32\odbcint.dll
0x77050000 0xc5000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x76fd0000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll


Volume in drive C has no label.
Volume Serial Number is A421-C6C0

Directory of C:\WINDOWS\system32

14/04/2008 05:42 6 144 csrss.exe
1 File(s) 6 144 bytes
0 Dir(s) 7 952 556 032 bytes free

Contenu de Downloaded Program Files
Volume in drive C has no label.
Volume Serial Number is A421-C6C0

Directory of C:\WINDOWS\Downloaded Program Files

12/05/2008 19:40 <DIR> .
12/05/2008 19:40 <DIR> ..
12/05/2008 19:47 65 desktop.ini
25/07/2002 17:13 24 576 dwusplay.dll
25/07/2002 17:13 196 608 dwusplay.exe
11/04/2007 14:55 1 292 erma.inf
11/08/2005 15:30 417 792 isusweb.dll
18/11/1999 13:48 1 237 msaud.inf
18/11/1999 13:49 992 msaudio.inf
30/07/2007 19:24 295 muweb.inf
27/08/2005 13:30 5 065 swflash.inf
11/08/2004 02:22 3 036 wmv9dmo.inf
04/03/2005 12:11 2 371 wmvadvd.inf
11 File(s) 653 329 bytes

Total Files Listed:
11 File(s) 653 329 bytes
2 Dir(s) 7 952 519 168 bytes free

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:MSN Messenger 7.0"
"C:\\Program Files\\EA SPORTS\\FIFA 07\\EA SPORTS\\FIFA 07\\fifa07.exe"="C:\\Program Files\\EA SPORTS\\FIFA 07\\EA SPORTS\\FIFA 07\\fifa07.exe:*:Enabled:fifa07"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. The whole world can talk for free."

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 10:37:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion]
"IQ\ahß\x8d\x8f\x2013"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\hü]
"Í\x2039í\x2039T\x20acó`"=dword:00000001
"Í\x2039í\x2039\x201c\x008feQ"=dword:00000001
"\20\x90\20nÐc:y"=dword:00000001
"\26Y\1xÐc:y"=dword:00000001
"Òczz<h"=dword:00000000
"IQ\ahß\x8d\x8f\x2013"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ìü]
"Í\x2039í\x2039T\x20acó`"=dword:00000001
"Í\x2039í\x2039\x201c\x008feQ"=dword:00000001
"\20\x90\20nÐc:y"=dword:00000001
"\26Y\1xÐc:y"=dword:00000001
"Òczz<h"=dword:00000000
"IQ\ahß\x8d\x8f\x2013"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ñ
]
"Í\x2039í\x2039T\x20acó`"=dword:00000001
"Í\x2039í\x2039\x201c\x008feQ"=dword:00000001
"\20\x90\20nÐc:y"=dword:00000001
"\26Y\1xÐc:y"=dword:00000001
"Òczz<h"=dword:00000000
"IQ\ahß\x8d\x8f\x2013"=dword:00000001

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Error loading kernel support driver!
Make sure you are running this as Administrator.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Error loading kernel support driver!
Make sure you are running this as Administrator.

Liste des programmes installes

3GP Video Converter 3
AC3File (remove only)
ACDSee Pro
ACDSee Standard (5.0) EN
Acrobat Professional (7.0.0) ML
Acrobat Professional (7.0.0) ML
Acrobat Update (7.0.1) ML
Acrobat Update (7.0.2) ML
Acrobat Update (7.0.3) ML
Adobe Bridge (1.0) EN
Adobe Common File (1.0) EN
Adobe Flash Player ActiveX
Adobe Stock Photos (1.0) EN
Analyseur et SDK MSXML 4.0 SP2
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.3
AutoUpdate
AVG Anti-Rootkit Free
AVG Anti-Spyware 7.5
BitComet 0.70
BlackBerry Device Software v4.5.0 pour smartphone BlackBerry 8100
Camera Access Library
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window DVC
Camera Window MC
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
Collection Microsoft Encarta 2006 DVD
ConvertXtoDVD 2.1.3.160
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Shrink 3.2
DxO Optics Pro import plugin
eMule
Enquête à Versailles: l'Athanor
FairUse Wizard 2
FIFA 07
FIFA 07
FTP Expert 3
GoldWave v5.14
Google Earth
Hewlett-Packard Multimedia Keyboard/Mouse Solution
Hewlett-Packard Multimedia Keyboard/Mouse Solution
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
InterVideo DeviceService
iPod for Windows 2005-10-12
iPod for Windows 2005-10-12
iPod for Windows 2006-01-10
iPod for Windows 2006-01-10
iPod for Windows 2006-06-28
iPod for Windows 2006-06-28
iTunes
J2SE Runtime Environment 5.0 Update 5
Java(TM) SE Runtime Environment 6 Update 1
KBD
L&H TTS3000 Français
LaCie Backup Software v1.5.2378
LaserJet 1020 series
Lexibase Pro French-English (5.1.1) ML
Lexibase Pro Thesaurus-English (5.1.1) ML
Lightroom
Macromedia Shockwave Player
Magic ISO Maker v5.4 (build 0247)
Malwarebytes' Anti-Malware
MapKing3DV7
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
MovieEdit Task
Mozilla Firefox (2.0.0.14)
Mozilla Thunderbird (1.5.0.7)
MPEG Encoder 3
MSN Messenger 7.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Navilog1 3.5.7
Nero 7 Demo
Nikon Message Center
NVIDIA Drivers
OrderReminder HP LaserJet 1020
Photoshop CS2 (9.0) EN
PhotoStitch
Picasa 2
PictureProject
PowerISO
PS2
QuickTime
RAW Image Task 2.2
Realtek High Definition Audio Driver
REALVIZ Stitcher 5.1
Second Copy (7.0)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Skype™ 3.6
Spyware Doctor 5.5
Ulead VideoStudio 11
Ultra QuickTime Converter 1.3.0
USB PC Camera Plus
Utilitaire de réinitialisation iPod
ViaMichelin Navigation
ViaMichelin Navigation
VideoLAN VLC media player 0.8.2
VideoStudio
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows XP Service Pack 3
WinRAR archiver
Winzip (8.1) EN
Yahoo! Toolbar
ZoneAlarm



Volume in drive C has no label.
Volume Serial Number is A421-C6C0

Directory of C:\Program Files

20/05/2008 19:29 <DIR> .
20/05/2008 19:29 <DIR> ..
06/07/2007 19:25 <DIR> AC3File
14/11/2005 21:33 <DIR> ACD Systems
16/04/2008 20:32 <DIR> Adobe
24/04/2008 19:10 <DIR> Apple Software Update
26/11/2005 11:07 <DIR> Audacity
03/06/2007 21:33 <DIR> AusLogics Disk Defrag
08/11/2006 19:07 <DIR> BitComet
31/03/2006 15:56 <DIR> Canon
27/10/2005 19:09 <DIR> Carrefour
10/05/2008 20:29 <DIR> Common Files
20/10/2005 08:29 <DIR> ComPlus Applications
21/02/2008 20:10 <DIR> DivX
22/04/2006 17:32 <DIR> DVD Shrink
09/10/2007 22:47 <DIR> DxO Labs
08/10/2006 12:49 <DIR> EA SPORTS
01/05/2006 10:39 <DIR> Elaborate Bytes
13/05/2008 23:33 <DIR> eMule
06/10/2007 15:51 <DIR> FairUse Wizard 2
03/09/2006 16:03 <DIR> GoldWave
15/12/2006 18:46 <DIR> Google
13/05/2008 19:42 <DIR> Grisoft
20/10/2005 08:50 <DIR> Hewlett-Packard
18/01/2007 19:22 <DIR> ImTOO
20/10/2005 08:35 <DIR> Intel
19/05/2008 20:33 <DIR> Internet Explorer
09/03/2008 19:04 <DIR> iPod
09/03/2008 19:05 <DIR> iTunes
24/06/2007 09:35 <DIR> Java
04/10/2006 19:27 <DIR> KiteFlight
27/01/2008 15:30 <DIR> LaCie
20/10/2005 20:54 <DIR> Lexibase Pro
03/09/2007 19:37 <DIR> MagicISO
17/05/2008 13:45 <DIR> Malwarebytes' Anti-Malware
27/02/2006 22:17 <DIR> MapAsia
04/10/2006 19:28 <DIR> MaxTV Live!
13/05/2008 20:06 <DIR> Messenger
19/02/2006 19:05 <DIR> Microsoft ActiveSync
12/04/2006 20:38 <DIR> Microsoft Encarta
20/10/2005 08:45 <DIR> Microsoft FrontPage
27/05/2006 10:48 <DIR> Microsoft Games
19/02/2006 19:05 <DIR> Microsoft Office
20/10/2005 08:45 <DIR> Microsoft Visual Studio
13/05/2008 20:05 <DIR> Movie Maker
24/05/2008 09:11 <DIR> Mozilla Firefox
01/05/2008 10:22 <DIR> Mozilla Thunderbird
20/10/2005 08:28 <DIR> MSN
20/10/2005 08:29 <DIR> MSN Gaming Zone
19/10/2005 22:51 <DIR> MSN Messenger
09/12/2006 17:22 <DIR> MSXML 4.0
21/05/2008 21:14 <DIR> Navilog1
13/04/2008 18:47 <DIR> Nemopolis
25/04/2006 11:40 <DIR> Nero
13/05/2008 20:00 <DIR> NetMeeting
19/10/2005 19:18 <DIR> Network Associates
08/07/2007 17:04 <DIR> Nikon
19/10/2005 19:13 <DIR> Online Services
13/05/2008 20:00 <DIR> Outlook Express
03/10/2007 21:35 <DIR> Picasa2
27/05/2007 18:09 <DIR> PowerISO
09/03/2008 19:03 <DIR> QuickTime
23/11/2005 19:20 <DIR> Realtek
03/06/2006 15:09 <DIR> REALVIZ
08/10/2007 21:12 <DIR> RegCleaner
20/11/2007 22:28 <DIR> SecCopy
18/10/2007 19:15 <DIR> Skype
17/05/2008 19:08 <DIR> Spyware Doctor
13/05/2008 20:54 <DIR> Trend Micro
10/05/2008 15:56 <DIR> Tweak-XP Pro 4
03/12/2007 20:20 <DIR> Ulead Systems
18/01/2007 19:20 <DIR> Ultra QuickTime Converter
18/01/2007 19:19 <DIR> Ultra QuickTime Converter v106
26/01/2006 23:18 <DIR> ViaMichelin
22/10/2005 17:46 <DIR> VideoLAN
20/11/2007 23:09 <DIR> Virtual Dub
12/01/2006 19:21 <DIR> Visicom Media
20/10/2006 19:39 <DIR> vso
04/09/2007 21:01 <DIR> Windows Media Components
13/05/2008 20:06 <DIR> Windows Media Player
13/05/2008 20:00 <DIR> Windows NT
19/02/2006 18:58 <DIR> WinRAR
22/10/2005 10:31 <DIR> WinZip
29/03/2008 17:33 <DIR> xerox
10/02/2007 14:33 <DIR> Xi
25/04/2006 11:28 <DIR> Yahoo!
14/05/2008 21:56 <DIR> Zone Labs
0 File(s) 0 bytes
87 Dir(s) 7 949 250 560 bytes free
Volume in drive C has no label.
Volume Serial Number is A421-C6C0

Directory of C:\Program Files\common files

10/05/2008 20:29 <DIR> .
10/05/2008 20:29 <DIR> ..
18/03/2006 10:54 <DIR> ACD Systems
06/09/2006 20:22 <DIR> Adobe
22/10/2005 10:45 <DIR> Adobe Systems Shared
25/04/2006 11:43 <DIR> Ahead
29/08/2007 22:59 <DIR> Apple
19/10/2005 19:18 <DIR> Cisco Systems
20/10/2005 08:45 <DIR> Designer
28/10/2006 20:04 <DIR> Download Manager
18/04/2006 19:04 <DIR> InstallShield
04/09/2007 21:02 <DIR> InterVideo
20/10/2005 19:35 <DIR> Java
04/09/2007 20:57 <DIR> Microsoft Shared
20/10/2005 08:30 <DIR> MSSoap
12/06/2007 21:52 <DIR> muvee Technologies
25/04/2006 10:39 <DIR> Nero
19/10/2005 19:17 <DIR> Network Associates
16/12/2007 20:39 <DIR> Nikon
20/10/2005 01:24 <DIR> ODBC
15/06/2007 19:13 <DIR> PACE Anti-Piracy
09/05/2008 20:03 <DIR> Research In Motion
20/10/2005 08:30 <DIR> Services
23/11/2007 23:36 <DIR> Skype
23/10/2005 10:07 <DIR> snpstd3
20/10/2005 01:24 <DIR> SpeechEngines
13/05/2008 20:00 <DIR> System
03/12/2007 20:21 <DIR> Ulead Systems
0 File(s) 0 bytes
28 Dir(s) 7 949 246 464 bytes free




c:\Documents and Settings\Administrator\Application Data\ezpinst.exe
c:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
c:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}\ARPPRODUCTICON.exe
c:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}\NewShortcut1_6DD9963C271A4A1482B04DC148C52E58_2.exe
c:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}\NewShortcut2_6DD9963C271A4A1482B04DC148C52E58_2.exe
c:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{5EA702F5-BB09-4AD6-B8DA-805C0936A504}\BlackBerry.exe
c:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{60F864A1-D1A9-4BFF-955E-892C965BAAC7}\Icon60F864A1.exe
c:\Documents and Settings\Administrator\Desktop\ComboFix.exe
c:\Documents and Settings\Administrator\Desktop\Navilog1.exe
c:\Documents and Settings\Administrator\Desktop\OTMoveIt2.exe
c:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe
c:\Documents and Settings\Administrator\Desktop\VirtumundoBeGone.exe
c:\Documents and Settings\Administrator\Desktop\VundoFix.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\avg-anti-rootkit_avg_anti-rootkit_1.1.0.42_anglais_34515.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\CleanUp452.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\ComboFix.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\HJTInstall.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\mbam-setup.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\Navilog1.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\VirtumundoBeGone.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\VundoFix.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\Aide_dial-a-fix.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\avg-anti-rootkit_avg_anti-rootkit_1.1.0.42_anglais_34515.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\Dacty6SU.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\HJTInstall.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\dial a fix\Dial-a-fix.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\dial a fix\secedit.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\404Fix.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\dumphive.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\exit.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\HostsChk.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\IEDFix.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\Process.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\restart.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\SmitfraudFix.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\SmiUpdate.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\swreg.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\swsc.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\swxcacls.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\UIFix.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\unzip.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\VACFix.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\VCCLSID.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\WS2Fix.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\SmitfraudFix\404Fix.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\SmitfraudFix\dumphive.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\SmitfraudFix\exit.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\SmitfraudFix\HostsChk.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\SmitfraudFix\IEDFix.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\SmitfraudFix\Process.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\SmitfraudFix\restart.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\SmitfraudFix\SmiUpdate.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\SmitfraudFix\swreg.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\SmitfraudFix\swsc.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\SmitfraudFix\swxcacls.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\SmitfraudFix\UIFix.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\SmitfraudFix\unzip.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\SmitfraudFix\VACFix.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\SmitfraudFix\VCCLSID.exe
c:\Documents and Settings\Administrator\Desktop\desinfection_pc\xp\SmitfraudFix\SmitfraudFix\WS2Fix.exe
c:\Documents and Settings\Administrator\Desktop\diaghelp\catchme.exe
c:\Documents and Settings\Administrator\Desktop\diaghelp\diff.exe
c:\Documents and Settings\Administrator\Desktop\diaghelp\dumphive.exe
c:\Documents and Settings\Administrator\Desktop\diaghelp\FilesInfoCmd.exe
c:\Documents and Settings\Administrator\Desktop\diaghelp\find2.exe
c:\Documents and Settings\Administrator\Desktop\diaghelp\Fport.exe
c:\Documents and Settings\Administrator\Desktop\diaghelp\grep.exe
c:\Documents and Settings\Administrator\Desktop\diaghelp\gzip.exe
c:\Documents and Settings\Administrator\Desktop\diaghelp\KProcCheck.exe
c:\Documents and Settings\Administrator\Desktop\diaghelp\LFiles.exe
c:\Documents and Settings\Administrator\Desktop\diaghelp\LISTDLLS.exe
c:\Documents and Settings\Administrator\Desktop\diaghelp\md5sums.exe
c:\Documents and Settings\Administrator\Desktop\diaghelp\pslist.exe
c:\Documents and Settings\Administrator\Desktop\diaghelp\sigcheck.exe
c:\Documents and Settings\Administrator\Desktop\diaghelp\streams.exe
c:\Documents and Settings\Administrator\Desktop\diaghelp\swreg.exe
c:\Documents and Settings\Administrator\Desktop\diaghelp\tar.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\catchme.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\cliptext.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\download.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\ERUNT.EXE
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\FixPath.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\grep.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\isadmin.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\LS.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\MD5File.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\Process.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\procs.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\psservice.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\RestartIt!.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\sc.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\sed.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\SF.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\shutdown.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\swreg.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\swsc.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\unzip.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\vfind.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\WINMSG.EXE
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\zip.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\Replace\regedit.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\Replace\W2K.exe
c:\Documents and Settings\Administrator\Desktop\SDFix\apps\Replace\XP.exe
c:\Documents and Settings\Administrator\Local Settings\Application Data\Apple\Apple Software Update\iTunesSetupAdmin.exe
c:\Documents and Settings\Administrator\Local Settings\Application Data\DxO_Labs\DxOAuthManager.exe_Url_4u2e0n3akhfnik3pjlaxazvdpty3d5ph
c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.1.9\iTunesSetupAdmin.exe
c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
c:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe
c:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z2xqeu7a.default\extensions\piclens@cooliris.com\components\PicLens.dll
c:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z2xqeu7a.default\extensions\piclens@cooliris.com\components\pixomatic.dll
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\CrashRpt.dll
c:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\dbghelp.dll
c:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\libeay32.dll
c:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\lng.dll
c:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\zlib.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_USER-C7B7F38EA1.tar.gz a l'adresse http://upload.malekal.com


Malwarebytes' Anti-Malware 1.12
Version de la base de données: 774

Type de recherche: Examen complet (C:\|D:\|E:\|L:\|)
Eléments examinés: 237620
Temps écoulé: 1 hour(s), 38 minute(s), 54 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

bonjour Ske69

ci joint les rapports:

C:\WINDOWS\System32\clkcnt.txt moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05302008_195156

et votre ordinateur est sain pour rav.exe

Alex

Bonjour Ske69,

Désolé pour la réponse tardive, mais j ai été bien occupé.
Toutes les actions on été faites.
Pare contre la clé O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime n'était pas la !
Sinon, j'ai plus aucun disque amovible, ou clé uSB, ou ipod qui démarre quand je les plugs ?!!
Alex

Bonjour Ske69,

Ok fait. Merci , merci encore de ton aide. Je pense que le PC est maintenant clean! C'est super.
Ca à été long ! Tu as été super efficace.
As tu une idée pour les disques amovibles ?
Alex

Bonjour Ske69,

J'étais en vacances. je voulais encore te remercier pour ton aide au cours du mois de juin.
Alex.

Bonjour Ske69,

J ai refait les scans, rien, les fichiers ne sont plus La. J'avais du les enlever la dernière fois. par contre le scan de https://www.bitdefender.fr/ a trouvé 1 fichier infecté qu'il a supprimé. Mais je ne trouve plus le rapport de log.
Alex

Bonjour Ske69,

Merci encore pour on aide au mois de juillet dernier.
AVG anti virus vient de trouver le le virus I.Worm/Netsky
J'ai posté un rapport auprés de rudyrital (http://www.commentcamarche.net/forum/affich 3085553 virus i worm netsky c?#2). Que faut il faire ?
Alex