Connexion Windows update impossible

Nartesk Messages postés 12 Statut Membre -  
Nartesk Messages postés 12 Statut Membre -
Bonjour,

Sur un autre forum j'ai poster un message indiquant que je ne pouvais me connecter a windows update et que mon anti virus ne pouvais pas se mettre a jour.

Un membre de ce forum m'a conseiller de telecharger malawarbytes et hijackthis et de poster les resultats sur un forum susceptible de me dire quoi faire une fois les rapport obtenu.

J'ai deja lancer une fois malawarebytes et effacer les fichier trouver eet windows update s'est remis en route ainsi que la mise a jour d'ad aware

Par contre malawarebytes et mon antivurus (avast!) ne se mettent pas a jour

Voici donc le rapport de hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:58, on 25/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
D:\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\oodtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 547372 helper - {31F57AFD-3989-4A5B-A33E-6B6253DF8DD4} - C:\WINDOWS\system32\547372\547372.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: 571599 helper - {70C74A46-F2DA-4723-95E2-B597E0198669} - C:\WINDOWS\system32\571599\571599.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ImpulseNow.lnk = D:\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - D:\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

--
End of file - 7525 bytes

Merci de votre attention
Configuration: Windows XP
Firefox 3.5.3

2 réponses

  1. Cosmi10 Messages postés 930 Statut Membre 89
     
    bonjours,

    Téléchargez combofix.exe (de sUBs) sur le bureau :

    Important - Désactivez votre Antivirus et antispyware avant le scan avec Combofix :
    https://forum.pcastuces.com/default.asp

    ==> Fermez toutes les fenêtres actives,
    il peut y avoir un redémarrage du PC.
    Ne lancez« aucun programme tant que Combofix n’est pas fini. <==

    * Double-cliquez sur combofix.exe, cliquez sur OUI et validez par Entrée

    * Il vous sera demandé d’installer la console si elle n’est pas installer, cliquez sur OUI

    * Patientez ..

    * Le rapport apparaitra, affichez ce rapport dans votre prochaine réponse - C:\ Combofix.txt.

    ******** Affichez un nouveau rapport avec Hijakcthis **********
    0
  2. Nartesk Messages postés 12 Statut Membre
     
    Désoler pour le temps de reponse, voici les rapports combofix et hijackthis

    ComboFix 09-10-06.04 - Nat 07/10/2009 12:58.1.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1527 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Nat\Mes documents\Téléchargements\ComboFix.exe
    AV: avast! antivirus 4.8.1335 [VPS 091006-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Nat\Mes documents\cc_20090520_174728.reg
    c:\recycler\S-1-5-21-6585789467-0453728296-949804337-0005
    c:\windows\system32\xwr41105.dll
    c:\windows\system32\xwr59656.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-09-07 au 2009-10-07 ))))))))))))))))))))))))))))))))))))
    .

    2009-10-01 18:17 . 2009-10-01 18:17 -------- d-----w- c:\documents and settings\Nat\Local Settings\Application Data\Fallout3
    2009-10-01 18:05 . 2009-10-01 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
    2009-09-30 18:18 . 2009-09-30 18:18 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
    2009-09-25 16:27 . 2009-09-25 16:27 -------- d-----w- c:\program files\Trend Micro
    2009-09-25 11:01 . 2009-09-25 11:01 -------- d-----w- c:\documents and settings\Nat\Application Data\Malwarebytes
    2009-09-25 11:00 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-09-25 11:00 . 2009-09-25 11:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-09-25 11:00 . 2009-09-25 11:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-09-25 11:00 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-09-21 09:49 . 2009-09-25 11:44 15688 ----a-w- c:\windows\system32\lsdelete.exe
    2009-09-21 09:35 . 2009-09-25 11:44 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-09-21 09:34 . 2009-09-21 09:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-09-21 09:34 . 2009-09-21 09:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-09-21 09:34 . 2009-09-21 09:34 -------- d-----w- c:\program files\Lavasoft
    2009-09-20 18:19 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2009-09-20 18:18 . 2009-09-20 18:18 -------- d-----w- c:\program files\Panda Security
    2009-09-20 16:59 . 2009-09-20 16:59 -------- d-----w- C:\i386
    2009-09-20 15:57 . 2009-09-20 15:57 -------- d-----w- C:\BJPrinter
    2009-09-20 15:53 . 2009-09-20 15:53 -------- d-----w- c:\documents and settings\Nat\Application Data\DivX
    2009-09-20 15:41 . 2009-09-20 15:41 -------- d-----w- c:\documents and settings\All Users\Modèles
    2009-09-20 14:37 . 2009-09-20 14:37 -------- d-----w- c:\windows\system32\xlive
    2009-09-17 18:25 . 2009-09-17 18:25 -------- d-----w- c:\documents and settings\Nat\Application Data\Red Alert 3
    2009-09-08 16:53 . 2009-09-08 16:53 -------- d-----w- c:\program files\Fichiers communs\BioWare

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-10-07 10:53 . 2008-07-28 15:43 -------- d-----w- c:\documents and settings\Nat\Application Data\uTorrent
    2009-10-07 10:18 . 2008-02-11 09:32 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 2
    2009-10-06 13:51 . 2009-05-23 15:45 -------- d-----w- c:\program files\Mozilla Thunderbird
    2009-10-01 18:05 . 2007-06-19 12:22 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-09-30 18:19 . 2007-06-22 12:03 -------- d-----w- c:\program files\DivX
    2009-09-25 12:02 . 2004-08-05 12:00 80748 ----a-w- c:\windows\system32\perfc00C.dat
    2009-09-25 12:02 . 2004-08-05 12:00 500900 ----a-w- c:\windows\system32\perfh00C.dat
    2009-09-20 15:32 . 2007-12-09 11:48 -------- d-----w- c:\documents and settings\Nat\Application Data\Apple Computer
    2009-09-20 15:04 . 2007-07-03 21:24 18624 ----a-w- c:\documents and settings\Nat\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-09-20 14:37 . 2009-08-13 20:24 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
    2009-09-20 14:37 . 2009-08-13 20:24 -------- d-----w- c:\program files\AGEIA Technologies
    2009-09-17 18:23 . 2007-08-07 12:11 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2009-09-04 15:32 . 2007-08-07 10:40 -------- d-----w- c:\documents and settings\Nat\Application Data\foobar2000
    2009-09-03 11:27 . 2009-03-29 17:36 103978 ----a-w- c:\windows\War3Unin.dat
    2009-08-27 21:05 . 2007-06-27 15:53 -------- d-----w- c:\documents and settings\Nat\Application Data\dvdcss
    2009-08-22 10:19 . 2009-08-22 10:19 -------- d-----w- c:\program files\NVIDIA Corporation
    2009-08-22 10:19 . 2009-08-22 10:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
    2009-08-18 15:23 . 2009-08-18 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
    2009-08-18 15:19 . 2009-08-18 15:19 -------- d-----w- c:\program files\Microsoft WSE
    2009-08-13 20:22 . 2009-08-13 20:22 -------- d-----w- c:\program files\MSBuild
    2009-08-13 20:19 . 2009-08-13 20:19 -------- d-----w- c:\program files\Reference Assemblies
    2009-08-05 09:00 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-07-29 04:35 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-07-29 04:35 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-07-20 07:34 . 2009-07-20 07:34 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
    2009-07-17 19:03 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-14 18:54 . 2009-08-22 10:19 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
    2009-07-14 18:54 . 2009-08-22 10:18 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
    2009-07-14 18:54 . 2009-08-22 10:18 1597690 ----a-w- c:\windows\system32\nvdata.bin
    2009-07-14 18:54 . 2008-05-28 09:07 485920 ----a-w- c:\windows\system32\nvudisp.exe
    2009-07-14 18:54 . 2007-12-04 23:41 868352 ----a-w- c:\windows\system32\nvapi.dll
    2009-07-14 18:54 . 2007-12-04 23:41 2002944 ----a-w- c:\windows\system32\nvcuda.dll
    2009-07-14 18:54 . 2007-12-04 23:41 151552 ----a-w- c:\windows\system32\nvcodins.dll
    2009-07-14 18:54 . 2007-12-04 23:41 151552 ----a-w- c:\windows\system32\nvcod.dll
    2009-07-14 18:54 . 2007-12-04 23:41 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
    2009-07-14 18:54 . 2007-04-19 11:26 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2009-07-14 18:54 . 2007-04-19 11:26 5842816 ----a-w- c:\windows\system32\nv4_disp.dll
    2009-07-14 15:17 . 2009-07-14 15:17 15308440 ----a-w- c:\windows\system32\xlive.dll
    2009-07-14 15:17 . 2009-07-14 15:17 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
    2009-07-14 11:34 . 2009-07-14 11:34 86016 ----a-w- c:\windows\system32\nvmctray.dll
    2009-07-14 11:34 . 2009-07-14 11:34 8085504 ----a-w- c:\windows\system32\nvdispsr.dll
    2009-07-14 11:34 . 2009-07-14 11:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll
    2009-07-14 11:34 . 2009-07-14 11:34 4640768 ----a-w- c:\windows\system32\nvgamesr.dll
    2009-07-14 11:34 . 2009-07-14 11:34 458752 ----a-w- c:\windows\system32\nvmccssr.dll
    2009-07-14 11:34 . 2009-07-14 11:34 3547136 ----a-w- c:\windows\system32\nvgames.dll
    2009-07-14 11:34 . 2009-07-14 11:34 2854912 ----a-w- c:\windows\system32\nvmoblsr.dll
    2009-07-14 11:34 . 2009-07-14 11:34 188416 ----a-w- c:\windows\system32\nvmccss.dll
    2009-07-14 11:34 . 2009-07-14 11:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe
    2009-07-14 11:34 . 2009-07-14 11:34 143360 ----a-w- c:\windows\system32\nvcolor.exe
    2009-07-14 11:34 . 2009-07-14 11:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll
    2009-07-14 11:34 . 2009-07-14 11:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll
    2009-07-14 11:34 . 2009-07-14 11:34 229376 ----a-w- c:\windows\system32\nvmccs.dll
    2009-07-13 21:43 . 2004-08-05 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-10 05:01 . 2008-05-28 09:07 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
    2007-06-27 14:18 . 2007-06-27 14:18 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-25 520024]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    TL-WN321G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2007-6-19 622592]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ ?????\0OODBS\0lsdelete

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "d:\\Starcraft\\StarCraft.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Hamachi\\hamachi.exe"=
    "d:\\TmNationsForever\\TmForever.exe"=
    "d:\\Team17\\Worms2\\frontend.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "d:\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Documents and Settings\\Nat\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
    "c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
    "c:\\Program Files\\Mozilla Firefox 3 Beta 2\\firefox.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "d:\\Program Files\\iTunes\\iTunes.exe"=
    "d:\\Electronic Arts\\EADM\\Core.exe"=
    "d:\\Mass Effect\\Binaries\\MassEffect.exe"=
    "d:\\Mass Effect\\MassEffectLauncher.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3778:TCP"= 3778:TCP:Hamachi1
    "8080:TCP"= 8080:TCP:Hamachi2
    "53:TCP"= 53:TCP:websrvx

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    "AllowInboundTimestampRequest"= 1 (0x1)
    "AllowInboundMaskRequest"= 1 (0x1)
    "AllowInboundRouterRequest"= 1 (0x1)
    "AllowOutboundDestinationUnreachable"= 1 (0x1)
    "AllowOutboundSourceQuench"= 1 (0x1)
    "AllowOutboundParameterProblem"= 1 (0x1)
    "AllowOutboundTimeExceeded"= 1 (0x1)
    "AllowRedirect"= 1 (0x1)
    "AllowOutboundPacketTooBig"= 1 (0x1)

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21/09/2009 11:35 64160]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [20/09/2009 20:19 28544]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/07/2009 12:24 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/07/2009 12:24 20560]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1028432]
    .
    Contenu du dossier 'Tâches planifiées'

    2009-09-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 11:43]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = http=localhost:7171
    uInternet Settings,ProxyOverride = *.local;<local>
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Nat\Application Data\Mozilla\Firefox\Profiles\mdw77iqm.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{6303086E-EE55-3D48-9B2F-2B093DDD92C9} - c:\windows\system32\xwr59656.dll
    BHO-{70C74A46-F2DA-4723-95E2-B597E0198669} - c:\windows\system32\571599\571599.dll
    AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
    AddRemove-InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C} - c:\program files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe
    AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-10-07 13:01
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-823518204-1563985344-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:49,e1,a9,0d,0e,24,84,01,2f,da,61,1f,34,f0,19,87,1d,d4,32,4b,c2,03,c6,
    44,cd,9e,fb,a9,92,d3,8e,a1,3f,41,d0,70,fb,b3,51,d6,e0,79,a2,4a,f8,63,ea,4f,\
    "??"=hex:9d,6d,62,c7,7e,94,d3,01,62,72,da,46,cb,d1,2f,38

    [HKEY_USERS\S-1-5-21-823518204-1563985344-839522115-1003\Software\SecuROM\License information*]
    "datasecu"=hex:a4,9f,2f,aa,05,e5,8a,f3,b7,09,7a,b6,3a,91,af,b9,19,e9,20,c4,85,
    4b,cc,c0,9f,a3,42,72,68,65,da,28,fe,15,06,db,6b,0c,70,43,70,e2,40,e9,d4,6e,\
    "rkeysecu"=hex:5f,be,3c,1d,dd,25,a8,39,a7,aa,ab,bd,b2,03,72,35

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG10.00.00.01WORKSTATION"="4B156DF657EDAD8B5E225E2ABC6B9A487E17F79392B4D8C357D372F4AB01C2F193C82ACA8391E5B35EF908EBCC9B3FB0ED5687890408886CA4DA4C7492FD8E41BC06BFB40E3D1B980C9F47F27550F4024CC802338C04E60DFCE6A2D7C436D780524DCA81ACEEF9D6B25080B17BD4818D440BB3C5A75F714B0D11CABC0B6C774AA1D5C7551A95511DE07EFC70ABE24B3A476D4E4DCF43CA6347A57F1332D767CF3D091C23949695B0EA526A4856AFE0008870E6AB064E3822DE26DF9F0C254752FA038F36E0C7DE6A6725D5A8CE5C736D80CD7714CF9125E94E466DFC6FF059A974164C2C42F6E8B531053754EB84FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B5558EDD5E5BE2F6E667C038D530D6EB34527743CDA2CBF3F0BAFE6A6A15FAA34BA157E934388C971F1F764EB93DC7759366C0E68EDA32AFC1E7B348CACD09A8B93E229C15B4BC321A6AFAC2C2AD0A4E345EA6408A4E97CDC6DBEF81BB682D33409F8269119AEFF1975E6C320F3C3BF03313C39E7409FE65DD98497A30AB347D4D14A5E9FC105C55B93AB20B738A1B3F035258E441C650E06B1776AA61124E1755635CCAF06C1DAF24AED54E876DCCF399D74689AAFA567C54C2D22049CA10E14F459B4F49B8AD2AFE6204142A6C541A6F59151AB1C8C0CC84FCDF79A6B7719438E77C4A2637EE3FF67090067CC49E9403FB6F33158C23346999416BFCEF4FBA0FE9BBA66BDA28BFBDE4EF62E167F816D45CA40ADD51F46DF6DEBDBD94BCE93356633A61C0C902CE08C2BC7B84F7162AEB87A6E4D45A1208248AC14EF61E65AF97DAFC8B14E088648E7FB4B6D1CE8AAA52828C20079B3864E9CBDD0C73C6CBB85DCEACCA132F2FCC8B8639907BF853C8144491A848BF0C3848C7C47C1E1C862737AF975734F8CA26C234D094F437CD8BC23595042F24958DC0144F364D39E82B39622C7FAEB41466F65C25E679FD3C4976B7194A93D93E425BBFF8659CEB25C6FAC002247D0E29D372C205BC04F545B0459DC52316A6D70721C9E2CCEBB7555198174F3BE2E40B0B7FA4E061577BF341502CE351170594E32225CE3EDC5175F4B026F24DE1CC207BEFACCEB2789EB4CFB621E427BD218AB0F0BAA62457A6E330E6246D77C28DAFE81A7E0AA2AFA35B0520AA5A8A73DC371DA3E5F37886D26858653962EA90A2E86B5330EEB70A841E5FB46AF9F7E64D79A7D378694DD9AA2910D3029CEE9EB95DEDFBCA018CD9EC982DA1F8217E0B3D94A92234584504B33355651088597DB880B0F1CDE34F34BCC6949A604D429429AFCB31523B9A7CA8F6764BE8369A08372EC71AA9E3C1F00A0D8E5421A1797E44560A26FD2C977D78C8943E05DAB2D87EA11B5EC6ED3AAE1C30E787ACE4EE"
    .
    Heure de fin: 2009-10-07 13:02
    ComboFix-quarantined-files.txt 2009-10-07 11:02

    Avant-CF: 13 566 701 568 octets libres
    Après-CF: 13 956 997 120 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

    224 --- E O F --- 2009-10-01 08:27

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:09:51, on 07/10/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    D:\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\WINDOWS\system32\oodtray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: ImpulseNow.lnk = D:\Stardock\Impulse\Now\ImpulseNow.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NMSAccessU - Unknown owner - D:\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
    0