Voila les rapports:
log.txt:
Logfile of random's system information tool (written by random/random)
Run by Fabien at 2008-09-10 16:12:17
Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (20%) free of 78 GB
Total RAM: 759 MB (35% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:13:12, on 10/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\ezSP_Px.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe
C:\Programmi\Windows Live\Mail\wlmail.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Windows Live Favorites\wlfsync.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\6992704de146fd04c2b287b390b5ce62\update\update.exe
C:\Documents and Settings\Fabien\Desktop\RSIT.exe
C:\Programmi\trend micro\Fabien.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://my.live.com/?wa=wsignin1.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O1 - Hosts: 172.18.18.10 srv0
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0BD44AB1-76A7-4E05-92F4-4B065FE72BD6} - C:\Programmi\Applications\iebt.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9213] command /c del "C:\Programmi\Applications\iebt.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8828] cmd /c del "C:\Programmi\Applications\iebt.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7642] command /c del "C:\Programmi\Applications\iebu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8481] cmd /c del "C:\Programmi\Applications\iebu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2583] command /c del "C:\Programmi\Applications\iebtmm.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9998] cmd /c del "C:\Programmi\Applications\iebtmm.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3635] command /c del "C:\Programmi\Applications\iebtu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1462] cmd /c del "C:\Programmi\Applications\iebtu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2057] command /c del "C:\Programmi\Applications\wcu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC948] cmd /c del "C:\Programmi\Applications\wcu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1241] command /c del "C:\Programmi\Applications\wcs.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC800] cmd /c del "C:\Programmi\Applications\wcs.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1279] command /c del "C:\Programmi\Applications\myd.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC653] cmd /c del "C:\Programmi\Applications\myd.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2001] command /c del "C:\Programmi\Applications\mym.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC121] cmd /c del "C:\Programmi\Applications\mym.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5465] command /c del "C:\Programmi\Applications\myp.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3658] cmd /c del "C:\Programmi\Applications\myp.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9777] command /c del "C:\Programmi\Applications\myv.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9427] cmd /c del "C:\Programmi\Applications\myv.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1674] command /c del "C:\Programmi\Applications\ot.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7500] cmd /c del "C:\Programmi\Applications\ot.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4996] command /c del "C:\Programmi\Applications\ts.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4350] cmd /c del "C:\Programmi\Applications\ts.ico"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [kueia] c:\documents and settings\fabien\impostazioni locali\dati applicazioni\kueia.exe kueia
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\RunOnce: [SpybotDeletingB2768] command /c del "C:\Programmi\Applications\iebt.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5365] cmd /c del "C:\Programmi\Applications\iebt.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3514] command /c del "C:\Programmi\Applications\iebu.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7816] cmd /c del "C:\Programmi\Applications\iebu.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3623] command /c del "C:\Programmi\Applications\iebtmm.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD18] cmd /c del "C:\Programmi\Applications\iebtmm.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9943] command /c del "C:\Programmi\Applications\iebtu.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4506] cmd /c del "C:\Programmi\Applications\iebtu.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8989] command /c del "C:\Programmi\Applications\wcu.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6135] cmd /c del "C:\Programmi\Applications\wcu.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2702] command /c del "C:\Programmi\Applications\wcs.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5962] cmd /c del "C:\Programmi\Applications\wcs.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3013] command /c del "C:\Programmi\Applications\myd.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2627] cmd /c del "C:\Programmi\Applications\myd.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1718] command /c del "C:\Programmi\Applications\mym.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4539] cmd /c del "C:\Programmi\Applications\mym.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5076] command /c del "C:\Programmi\Applications\myp.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1228] cmd /c del "C:\Programmi\Applications\myp.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5154] command /c del "C:\Programmi\Applications\myv.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8424] cmd /c del "C:\Programmi\Applications\myv.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB144] command /c del "C:\Programmi\Applications\ot.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7373] cmd /c del "C:\Programmi\Applications\ot.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6844] command /c del "C:\Programmi\Applications\ts.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7843] cmd /c del "C:\Programmi\Applications\ts.ico"
O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Programmi\Applications\wcs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Programmi\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c883aadc9fb74c1da6529ccb7959ec4d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Programmi\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c883aadc9fb74c1da6529ccb7959ec4d
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: CabBuilder -
http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) -
https://favorites.live.com/cab/ImportAx.cab?v=13,0,1609,00
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) -
https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {5CB26FF7-663A-471F-BDA2-15FE6CCA1B6F} (CTDx9 Control) -
http://62.94.141.90:90/admin/CTDx9.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} -
http://fichiers.touslesdrivers.com/...
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) -
http://secure.shared.live.com/...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) -
http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB134D82-9AE2-44E3-9127-6CB74A08BDDC}: Domain = iem.lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB134D82-9AE2-44E3-9127-6CB74A08BDDC}: NameServer = 172.18.18.10,80.10.246.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
