AVAST bizarre! pc infecté?

AVAST bizarre! pc infecté? - Sécurité - Virus

Recherche Recherche
Règles Règles
Aide Aide

TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !

Se connecter | Inscription

Voir les posts : Par défaut Tous Les bonnes notes Les notes insuffisantes

Mot : Pseudo : Filtrer
Bas de page
Auteur	Sujet : AVAST bizarre! pc infecté?

doudouzeb

Entraîne toi avant que la mort t'entraîne !
Profil : IDNaute

Plus d'informations

12-03-2008 à 11:46:10

Bonjour à tous et merci pour les précieuses aides que vous m'avez apporté précedemment rien quand lisant les posts d'autres âmes en détresse.
cet fois-ci c'est à mon tour.
avast ne fait que s'ouvrir pour me dire que trop d'envoi d'email est pas normal etc. il s'ouvre toute les 15s. je poste si dessous un rapport hijackthis. Est-ce un défaut d'avast ou un virus, trojan ou autres? merci par avance pour votre aide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:27, on 12/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O1 - Hosts: Copyright (c) 1993-1999 Microsoft Corp.
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EnigmaBHO - {5CFEE306-E014-48A4-876D-06FF09EBB0F3} - C:\Program Files\ADS Plugins\Enigma.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O2 - BHO: (no name) - {CEBAD55D-F114-A41E-9BE9-0DCBFD50DB56} - (no file)
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] C:\WINDOWS\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: bit.lnk = C:\SYSPREP\BIT\bit.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: bit.lnk = C:\SYSPREP\BIT\bit.exe (User 'Default user')
O4 - .DEFAULT User Startup: bit.lnk = C:\SYSPREP\BIT\bit.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] xdm119YYFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=htpp://www.unika.com
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocac [...] 0.0.15.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/21.13/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://doudouguillou.spaces.live.c [...] nPUpld.cab
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} - http://ip.sponsoradulto.com/cab/4/fr/phoneaccess.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/NET/Import/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://www.edipole.fr/kits/WebInstall.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://doudouzeb.spaces.live.com/P [...] nPUpld.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/install [...] btools.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/cl [...] .2.0.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8520DD5-1850-420F-9A81-8532AFF5BF88}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0A72B54-5B35-47B4-B4DF-9188094D7948}: NameServer = 192.168.1.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O24 - Desktop Component 0: (no name) - http://www.desktopmachine.com/pics [...] 0x1200.jpg

--
End of file - 9457 bytes

---------------
DOUDOUZEB! M&M.

Liens spon sorisés

Inscrivez-vous ou connectez-vous pour masquer ceci.

Angeldark

Profil : Helper

Plus d'informations

12-03-2008 à 13:41:18

Masquer

Bonjour,

Désactive tes protections résidentes (antivirus, Spybot...) !

Télécharge Combofix (sUBs) sur ton Bureau.
Double clique sur combofix.exe afin de le lancer.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF

doudouzeb

Entraîne toi avant que la mort t'entraîne !
Profil : IDNaute

Plus d'informations

12-03-2008 à 14:17:36

Masquer

voila le résultat!! j'y comprend pas grand chose ! lol

ComboFix 08-03-10.1 - GUILLOU STEVEN 2008-03-12 14:04:10.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.399 [GMT 1:00]
Endroit: C:\Documents and Settings\GUILLOU STEVEN\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\GUILLOU STEVEN\Application Data\SystemDoctor 2006 Free
C:\Documents and Settings\GUILLOU STEVEN\Application Data\SystemDoctor 2006 Free\Logs\update.log
C:\Documents and Settings\GUILLOU STEVEN\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\GUILLOU STEVEN\Application Data\WinAntiVirus Pro 2006\Logs\update.log
C:\Documents and Settings\GUILLOU STEVEN\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log
C:\Documents and Settings\GUILLOU STEVEN\Application Data\WinAntiVirus Pro 2006\Logs\winav.log
C:\Documents and Settings\GUILLOU STEVEN\Application Data\WinAntiVirus Pro 2006\PGE.dat
C:\Program Files\ADS Plugins
C:\Program Files\ADS Plugins\ContextHelper.xpi
C:\Program Files\ADS Plugins\Enigma.dll
C:\Program Files\ADS Plugins\uninstall.exe
C:\Program Files\Fichiers communs\winantivirus pro 2006
C:\Program Files\Fichiers communs\winantivirus pro 2006\err.log
C:\Program Files\mailskinner
C:\Program Files\mailskinner\OLSkinner.dll
C:\WA6P
C:\WINDOWS\bobsaver.exe
C:\WINDOWS\bobsaver.scr
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\msskinner
C:\WINDOWS\msskinner\msbackup.dat
C:\WINDOWS\pack.epk
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\svchost.ini
C:\WINDOWS\system32\del.bat
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll
C:\WINDOWS\system32\kavo1.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\phkurj_navtmp.dat
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\tavo.exe
C:\WINDOWS\system32\tavo1.dll
C:\WINDOWS\system32\tsweffsb.dat
C:\WINDOWS\system32\tsweffsb.exe
C:\WINDOWS\system32\tsweffsb_nav.dat
C:\WINDOWS\system32\tsweffsb_navps.dat
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\xpdx.sys
F:\Autorun.inf
G:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_FOPN
-------\LEGACY_NPF
-------\LEGACY_SYSLIBRARY
-------\FOPN
-------\NPF
-------\ntndis
-------\SysLibrary
-------\vspf
-------\vspf_hk
-------\xpdx

((((((((((((((((((((((((((((( Fichiers créés 2008-02-12 to 2008-03-12 ))))))))))))))))))))))))))))))))))))
.

2008-03-12 13:29 . 2003-07-15 09:59 <REP> d-------- C:\Documents and Settings\LE NOUY JOELLE\WINDOWS
2008-03-12 13:29 . 2003-07-15 10:13 <REP> d--h----- C:\Documents and Settings\LE NOUY JOELLE\Voisinage r‚seau
2008-03-12 13:29 . 2003-07-15 10:13 <REP> d--h----- C:\Documents and Settings\LE NOUY JOELLE\Voisinage d'impression
2008-03-12 13:29 . 2003-07-15 09:18 <REP> d--h----- C:\Documents and Settings\LE NOUY JOELLE\ModŠles
2008-03-12 13:29 . 2008-03-12 13:30 <REP> d---s---- C:\Documents and Settings\LE NOUY JOELLE\Mes documents
2008-03-12 13:29 . 2003-07-15 10:13 <REP> dr------- C:\Documents and Settings\LE NOUY JOELLE\Menu D‚marrer
2008-03-12 13:29 . 2008-03-12 13:29 <REP> d---s---- C:\Documents and Settings\LE NOUY JOELLE\Favoris
2008-03-12 13:29 . 2008-03-12 13:59 <REP> d-------- C:\Documents and Settings\LE NOUY JOELLE\Bureau
2008-03-12 13:29 . 2003-07-15 10:29 <REP> d-------- C:\Documents and Settings\LE NOUY JOELLE\Application Data\InterVideo
2008-03-12 13:29 . 2003-07-15 10:51 <REP> d-------- C:\Documents and Settings\LE NOUY JOELLE\Application Data\InterTrust
2008-03-12 11:33 . 2008-03-12 11:34 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-03-12 11:26 . 2008-03-12 11:26 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-03-12 11:26 . 2008-03-12 11:26 64,942 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-03-12 11:23 . 2008-03-12 11:26 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-12 11:22 . 2008-03-12 11:22 <REP> d-------- C:\WINDOWS\BricoPacks
2008-03-12 10:33 . 2008-03-12 10:33 <REP> d-------- C:\Program Files\BankPerfect
2008-03-12 10:18 . 2008-03-12 10:18 <REP> d-------- C:\Program Files\Alwil Software
2008-03-12 10:18 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-12 10:18 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-12 10:18 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-12 10:18 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-12 10:18 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-12 10:18 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-12 10:18 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-12 10:18 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-12 09:37 . 2007-07-09 14:19 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-03-12 09:19 . 2008-03-12 13:45 114,338 -r-hs---- C:\1i.com
2008-03-12 09:17 . 2008-03-11 07:57 115,658 -r-hs---- C:\ecn.com
2008-03-12 09:17 . 2007-01-05 12:31 49,152 -r-hs---- C:\RavMon.exe
2008-03-12 08:55 . 2008-03-12 08:55 <REP> d-------- C:\Program Files\7-Zip
2008-03-12 08:42 . 2008-03-12 08:42 <REP> d-------- C:\Program Files\CCleaner

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 09:20 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-12 07:51 --------- d-----w C:\Program Files\Picasa2
2008-03-12 07:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2005-03-01 18:56 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
2005-10-26 21:52 12,208 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2006-05-10 06:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-06-23 12:25 668672 582953780721ac5d38f98cab229ec7b9 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
2006-09-14 09:38 668672 b8b6f05885a6f42724e8d6bfede6bd3f C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll
2007-04-25 09:26 823808 47ddad237f60729dea2b9e0e2382b58f C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 15:14 824320 7201d19b81883b57d5ffe8ebb5a83e8b C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2006-09-14 09:40 663040 b1e994472f3574db141266f1aa905433 C:\WINDOWS\ie7\wininet.dll
2006-11-07 20:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 08:40 822784 2c138ab59e2ffa06e8952ae656e443c5 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 14:24 814592 cf5cd0ec3448831bf9d12c1833add1aa C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2007-12-07 03:08 824832 4fc90bece54fac81b0090b94e27bfb6b C:\WINDOWS\SoftwareDistribution\Download\07ae2e5edb64dd4f4ba47df3cec87b33\sp2gdr\wininet.dll
2007-12-07 02:42 825344 f4fd487241d3ac291046a22cebd2cf71 C:\WINDOWS\SoftwareDistribution\Download\07ae2e5edb64dd4f4ba47df3cec87b33\sp2qfe\wininet.dll
2007-06-27 14:24 814592 cf5cd0ec3448831bf9d12c1833add1aa C:\WINDOWS\system32\wininet.dll
2007-06-27 14:24 823808 2274862267d7445e7010d9af826e89c3 C:\WINDOWS\system32\dllcache\wininet.dll

2007-06-13 14:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 14:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 14:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-19 18:03 54424]
"1MJPMIG__"="C:\WINDOWS\IMEINPUTS.EXE" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"5T19I3B27A"= C:\WINDOWS\svchost.exe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
backup=C:\WINDOWS\pss\AOL 9.0 Icône AOL.lnkCommon Startup
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL Compagnon.lnk]
backup=C:\WINDOWS\pss\AOL Compagnon.lnkCommon Startup
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL Compagnon.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON SMART PANEL for Scanner.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON SMART PANEL for Scanner.lnk
backup=C:\WINDOWS\pss\EPSON SMART PANEL for Scanner.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^GUILLOU STEVEN^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
path=C:\Documents and Settings\GUILLOU STEVEN\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^GUILLOU STEVEN^Menu Démarrer^Programmes^Démarrage^StripSaver2.lnk]
backup=C:\WINDOWS\pss\StripSaver2.lnkStartup
path=C:\Documents and Settings\GUILLOU STEVEN\Menu Démarrer\Programmes\Démarrage\StripSaver2.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^GUILLOU STEVEN^Menu Démarrer^Programmes^Démarrage^Webshots.lnk]
backup=C:\WINDOWS\pss\Webshots.lnkStartup
path=C:\Documents and Settings\GUILLOU STEVEN\Menu Démarrer\Programmes\Démarrage\Webshots.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^GUILLOU STEVEN^Menu Démarrer^Programmes^Démarrage^[ mp3 - explorer ].lnk]
backup=C:\WINDOWS\pss\[ mp3 - explorer ].lnkStartup
path=C:\Documents and Settings\GUILLOU STEVEN\Menu Démarrer\Programmes\Démarrage\[ mp3 - explorer ].lnk
d-------- 2008-03-12 14:09 0 c:\WINDOWS\System32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-20 00:10 380928 C:\WINDOWS\system32\irprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bpznllox]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a------ 2008-02-20 15:15 816368 C:\Program Files\CCleaner\ccleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
--a------ 2003-02-24 07:50 851968 C:\WINDOWS\CMICNFG.CPL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-20 00:09 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-03-12 22:43 81920 C:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExtraFilmHemmaAgent]
C:\Program Files\Extrafilm FotoFacil\Agent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\function redirec]
--a------ 2002-08-30 13:00 331 c:\WINDOWS\System32\function redirect(){

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\h2i-stml-0]
C:\Program Files\h2i technologies\SimplyTouch (OpticalBar)\stml.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantTray]
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 15:48 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailSkinner]
c:\program files\mailskinner\mailskinner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo]
C:\PROGRA~1\MESSAG~1\StartMessager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-10-10 20:49 7286784 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-10-10 20:49 86016 C:\WINDOWS\System32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-10-10 20:49 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2003-12-04 11:34 406016 C:\WINDOWS\System32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-08-01 14:22 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-06-20 12:27 208941 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 19:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 12:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier.exe]
C:\Program Files\SuperCopier\SuperCopier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
--a------ 2005-03-14 00:37 1057280 C:\Program Files\SuperCopier2\SuperCopier2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDoctor 2006 Free]
C:\Program Files\SystemDoctor 2006 Free\sd2006.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tiscali]
C:\Kit Tiscali\Jumbo Tiscali.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-06-20 12:27 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall0001]
--a------ 2006-05-28 22:49 49152 C:\Program Files\Fichiers communs\Totem Shared\Uninstall0001\upd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwarjsqzxdp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\var strP]
--a------ 2002-08-30 13:00 331 c:\WINDOWS\System32\var strPort;

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\var strT]
--a------ 2002-08-30 13:00 331 c:\WINDOWS\System32\var strTemp;

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2000-12-22 06:51 53248 C:\Program Files\NavNT\vptray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
C:\Program Files\Save\Save.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-06-21 18:14 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UserAccess7"=2 (0x2)
"NVSvc"=2 (0x2)
"Norton AntiVirus Server"=2 (0x2)
"NMSAccess"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"IDriverT"=3 (0x3)
"DefWatch"=2 (0x2)
"Crypkey License"=2 (0x2)
"Crypdnlcce"=3 (0x3)
"WinWMServiceNow"=2 (0x2)
"usnjsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DivX Video Duplicator OLR"=C:\PROGRA~1\DIVXVI~1\BVRPOlr.exe /DivX Video Duplicator

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\messenger\\msmsgs.exe"=
"C:\\Program Files\\Guillemot\\tools\\giWebUpdater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\explorer.exe"=
"C:\\Program Files\\FileZilla\\FileZilla.exe"=
"C:\\Program Files\\JAlbum7.1\\JAlbumWin.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 22:41]
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 22:41]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10]
S3 HDJCtrl;Hercules DJ Control MP3 Service;C:\WINDOWS\system32\Drivers\HDJCtrl.sys [2005-07-29 15:06]
S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2005-08-15 11:43]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2004-09-17 21:04]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2004-09-17 21:05]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2004-09-17 21:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3623d59c-6b49-11dc-99c1-005070344e0c}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3623d5bc-6b49-11dc-99c1-005070344e0c}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e146f8d2-8f8b-11db-b376-005070344e0c}]
\Shell\AutoRun\command - N:\RavMon.exe
\Shell\explore\Command - N:\RavMon.exe -e
\Shell\open\Command - N:\RavMon.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-12 13:11:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2007-09-18 16:09:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 14:10:46
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-12 14:14:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-12 13:14:46
.
2008-03-12 10:34:53 --- E O F ---

---------------
DOUDOUZEB! M&M.

Angeldark

Profil : Helper

Plus d'informations

12-03-2008 à 15:27:08

Masquer

Reposte un rapport Hijackthis.

---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF

doudouzeb

Entraîne toi avant que la mort t'entraîne !
Profil : IDNaute

Plus d'informations

12-03-2008 à 15:55:48

Masquer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:54:42, on 12/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] C:\WINDOWS\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: bit.lnk = C:\SYSPREP\BIT\bit.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: bit.lnk = C:\SYSPREP\BIT\bit.exe (User 'Default user')
O4 - .DEFAULT User Startup: bit.lnk = C:\SYSPREP\BIT\bit.exe (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] xdm119YYFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=htpp://www.unika.com
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocac [...] 0.0.15.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/21.13/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://doudouguillou.spaces.live.c [...] nPUpld.cab
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} - http://ip.sponsoradulto.com/cab/4/fr/phoneaccess.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/NET/Import/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://www.edipole.fr/kits/WebInstall.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://doudouzeb.spaces.live.com/P [...] nPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/cl [...] .2.0.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8520DD5-1850-420F-9A81-8532AFF5BF88}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0A72B54-5B35-47B4-B4DF-9188094D7948}: NameServer = 192.168.1.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O24 - Desktop Component 0: (no name) - http://www.desktopmachine.com/pics [...] 0x1200.jpg

--
End of file - 8443 bytes