Voila voila!
Logfile of HijackThis v1.99.1
Scan saved at 21:39:25, on 16/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
H:\Program Files\AntiVir PersonalEdition Classic\sched.exe
H:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
H:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
H:\Program Files\Google\Gmail Notifier\gnotify.exe
H:\program files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\VM_STI.EXE
H:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
H:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\RTHDCPL.EXE
H:\Program Files\FRAPS\FRAPS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
H:\Program Files\Gigaget\Gigaget.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
H:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - H:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers
communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\…\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] H:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\…\Run: [UnlockerAssistant] “H:\program files\Unlocker\UnlockerAssistant.exe” -H
O4 - HKLM\…\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\…\Run: [JeticoPFStartup] “H:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe”
O4 - HKLM\…\Run: [avgnt] “H:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM\…\Run: [DAEMON Tools] “H:\Program Files\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKLM\…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\…\Run: [Gigaget] “H:\Program Files\Gigaget\GigagetShell.exe” /s
O4 - HKLM\…\Run: [SpySweeper] “H:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe” /startintray
O4 - HKLM\…\Run: [nwiz] nwiz.exe /install
O4 - HKLM\…\Run: [itype] “C:\Program Files\Microsoft IntelliType Pro\itype.exe”
O4 - HKLM\…\Run: [IntelliPoint] “C:\Program Files\Microsoft IntelliPoint\ipoint.exe”
O4 - HKLM\…\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\…\Run: [Fraps] H:\Program Files\FRAPS\FRAPS.EXE
O4 - HKCU\…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Download All by Gigaget - H:\Program Files\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - H:\Program Files\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66}
- %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Messe…nt.cab50997.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
http://www.touslesdrivers.com/fichiers/har…on.cab?version=
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab50997.cab
O17 - HKLM\System\CCS\Services\Tcpip\…\{3A0F4C19-C137-4FFE-AF9A-562B2002F5BD}: NameServer =
212.27.54.252,212.27.53.252
O17 - HKLM\System\CS1\Services\Tcpip\…\{3A0F4C19-C137-4FFE-AF9A-562B2002F5BD}: NameServer =
212.27.54.252,212.27.53.252
O17 - HKLM\System\CS2\Services\Tcpip\…\{3A0F4C19-C137-4FFE-AF9A-562B2002F5BD}: NameServer =
212.27.54.252,212.27.53.252
O17 - HKLM\System\CS3\Services\Tcpip\…\{3A0F4C19-C137-4FFE-AF9A-562B2002F5BD}: NameServer =
212.27.54.252,212.27.53.252
O17 - HKLM\System\CS4\Services\Tcpip\…\{3A0F4C19-C137-4FFE-AF9A-562B2002F5BD}: NameServer =
212.27.54.252,212.27.53.252
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft
Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers
communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program
Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - H:\Program Files\AntiVir
PersonalEdition Classic\avguard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - H:\Program Files\Webroot\Spy
Sweeper\WRSSSDK.exe
Personnellement, je n’ai pas trouvé quelque chose de très louche…