trojan et rootkit toujours là?(Résolu)

tulipa

10 Avril 2008 15:41:09

Bonjour,

J'ai chopé un trojan et un rootkit. Après diverses procédures pour les éradiquer (avast , ad-aware, spybot, a-squared, ccleaner: tout ça en mode sans échec)j'aimerai savoir s'ils sont toujours là car je constate encore quelques bugs. Je vous poste un rapport Hijackthis. Merci d'avance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:00, on 10/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: targettedbanner.biz browser enhancer - {16B435F6-B6CE-4F24-A568-944B27ED919C} - C:\WINDOWS\system32\atgban.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\atgban.dll" DllStart
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} - http://ip.sponsoradulto.com/cab/4/fr/phoneaccess.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1673035d9b60d7bf0918/netzip/RdxIE6...
O16 - DPF: {65D17883-B4F8-4308-9E20-3D07457F2B7E} - http://barremagique.tiscali.fr/download/TiscaliBarreMag...
O16 - DPF: {74F6B963-B89B-44D4-AAD0-8EEDC4973314} - http://barremagique.tiscali.fr/download/TiscaliBarreMag...
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{72D42B34-B2B5-4A18-A44A-F610D049BB61}: NameServer = 192.168.1.1
O18 - Protocol: bw+0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe

--
End of file - 20564 bytes

Autres pages sur : trojan rootkit resolu

| Etre averti des réponses
| Alerter

Répondre à tulipa

tulipa

11 Avril 2008 08:19:36

Hou houuuuuuuuuu.Personne pour m'aider?

| Alerter

Répondre à tulipa

Egwene

11 Avril 2008 11:06:07

En effet, infection toujours présente

1) Affiche les fichiers et dossiers cachés …
Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
Ensuite, clique sur > Outils > Options des dossiers ...
clique sur l' onglet « Affichage » et ...
coche ---> Afficher les fichiers et dossiers cachés
décoche > Masquer les extensions des fichiers dont le type est connu
décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
« Appliquer » et « OK ».

2) Désactive toute protection résidente ( antivirus…) !
Déconnecte-toi d’internet, ferme tous les programmes en cours et laisse combofix travailler : ne fais donc pas autre chose en même temps !

Télécharge Combofix de sUBs
Sauvegarde le sur ton bureau et pas ailleurs !
Redémarre en mode sans échecs : aide ici >>>
http://forum.telecharger.01net.com/telecharger/virus_et...
/!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt

3) Copie/colle un nouveau rapport HiJackThis avec.

| Alerter

Répondre à Egwene

tulipa

11 Avril 2008 16:16:26

Merci Merrilym pour ton aide. Alors voici le rapport de Combofix:

ComboFix 08-04-10.9 - Propriétaire 2008-04-11 18:01:12.1 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\system32\atgban.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\winspool.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-11 to 2008-04-11 ))))))))))))))))))))))))))))))))))))
.

2008-04-10 16:32 . 2008-04-10 16:32 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-04-10 16:32 . 2008-04-10 16:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-09 17:08 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-09 14:23 . 2008-04-10 16:32 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-04-07 20:17 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2008-04-07 20:17 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2008-04-07 20:17 . 2008-04-07 20:17 3,120 --a------ C:\WINDOWS\system32\118290.54
2008-04-07 20:17 . 2008-04-07 20:17 3,120 --a------ C:\WINDOWS\118294.78
2008-04-07 20:17 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-04-07 20:13 . 2008-04-07 20:13 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-07 17:03 . 2008-04-07 17:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-07 16:21 . 2008-04-09 17:10 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-07 16:20 . 2008-04-10 16:32 <REP> d-------- C:\WINDOWS\Internet Logs
2008-04-07 15:17 . 2008-04-07 15:34 <REP> d-------- C:\Downloads
2008-04-07 14:54 . 2008-04-07 14:54 <REP> d-------- C:\Program Files\CCleaner
2008-04-07 14:09 . 2008-04-07 14:09 <REP> d-------- C:\WINDOWS\system32\spol3
2008-04-07 14:09 . 2008-04-09 13:07 <REP> d-------- C:\WINDOWS\system32\Rtmp
2008-04-07 14:09 . 2008-04-07 14:09 <REP> d-------- C:\WINDOWS\system32\HBL
2008-04-07 14:09 . 2008-04-07 14:09 39,883 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe
2008-04-07 14:08 . 2008-04-07 14:09 <REP> d-------- C:\WINDOWS\system32\MId2
2008-04-07 14:08 . 2008-04-10 16:32 <REP> d-------- C:\WINDOWS\system32\bharebio01
2008-04-07 14:08 . 2008-04-07 14:08 <REP> d-------- C:\temp\wdlw14
2008-04-05 16:01 . 2008-04-05 16:01 <REP> d-------- C:\Program Files\iPod
2008-04-05 15:59 . 2008-04-05 16:00 <REP> d-------- C:\Program Files\QuickTime
2008-04-04 07:58 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-04 07:58 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-30 10:00 . 2008-03-30 10:00 2,568 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-21 14:13 . 2008-03-21 14:15 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\DivX
2008-03-21 14:12 . 2008-02-21 04:05 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-03-21 14:12 . 2008-02-21 04:05 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-03-21 14:12 . 2008-02-21 04:05 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-03-21 14:12 . 2008-02-21 04:05 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-03-21 14:12 . 2008-02-21 04:05 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 15:57 --------- d-----w C:\Program Files\Wanadoo
2008-04-11 08:49 --------- d-----w C:\Program Files\eMule
2008-04-10 14:32 --------- d-----w C:\Program Files\Micro Application
2008-04-10 14:30 --------- d-----w C:\Program Files\PC Inspector File Recovery
2008-04-10 14:30 --------- d-----w C:\Program Files\Google
2008-04-10 09:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-07 18:15 --------- d-----w C:\Program Files\Lavasoft
2008-04-07 14:37 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Lavasoft
2008-04-05 14:02 --------- d-----w C:\Program Files\iTunes
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 -c--a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-22 19:48 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Apple Computer
2008-03-21 12:12 --------- d-----w C:\Program Files\DivX
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 12:32 --------- d---a-w C:\Program Files\Fichiers communs\Adobe
2008-03-18 09:59 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\AdobeUM
2008-03-09 17:17 --------- d-----w C:\Program Files\PhotoFiltre Studio
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-27 12:53 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-27 12:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-27 12:38 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-26 17:29 --------- d-----w C:\Program Files\Windows Live
2008-02-26 17:27 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-22 16:10 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\NCH Swift Sound
2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-20 11:03 --------- d-----w C:\Program Files\Pando Networks
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2007-10-14 09:54 264,760 -c--a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2006-06-17 15:04 33,853 ----a-w C:\WINDOWS\Fonts\BRUSHSCI.zip
2006-06-17 14:01 11,942,912 -c--a-w C:\WINDOWS\Fonts\MegaFonts3.exe
2001-03-28 11:02 122,880 -c--a-w C:\WINDOWS\inf\Agfa\message.exe
2003-01-01 19:32 32 -csha-w C:\WINDOWS\{5D266292-3C9C-4B24-908F-60F0EABB3CA7}.dat
2004-01-10 10:58 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
2004-10-24 10:34 10,022 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2003-01-01 19:32 32 --sha-w C:\WINDOWS\system32\{341822E4-5E56-41AA-9824-4CA7B1C80AA1}.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-03 07:19 835654 C:\WINDOWS\system32\nview.dll]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2008-02-14 19:35 6051144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 00:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 15:07 114688]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 16:01 155648]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 05:42 212992]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 07:19 4640768]
"nwiz"="nwiz.exe" [2003-05-03 07:19 323584 C:\WINDOWS\system32\nwiz.exe]
"VTTimer"="VTTimer.exe" [2003-05-08 08:32 36864 C:\WINDOWS\system32\VTTimer.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 08:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-19 22:10 335872]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-12-20 10:42 35328]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 04:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 15:43 188416]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37 229437]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2005-05-23 09:57 90112]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52 3770024]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-25 14:48 185632]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 15:11:14 27136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Canon\\CSCLIB\\CDPROC.exe"=
"C:\\Program Files\\Canon\\CSCLIB\\CDPROCMN.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule
"4672:UDP"= 4672:UDP:emule
"57946:TCP"= 57946:TCP

ando P2P TCP Listening Port
"57946:UDP"= 57946:UDP

ando P2P UDP Listening Port
"58494:TCP"= 58494:TCP

ando P2P TCP Listening Port
"58494:UDP"= 58494:UDP

ando P2P UDP Listening Port

S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S2 OPTENET_FILTER;Control Parental;C:\Program Files\Controle Parental\bin\optproxy.exe [2006-03-02 19:10]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce5169fc-476f-11dc-91b8-000ea61ac5ca}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-22 18:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 18:03:41
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-11 18:04:41
ComboFix-quarantined-files.txt 2008-04-11 16:04:25
Pre-Run: 21,098,508,288 octets libres
Post-Run: 21,082,939,392 octets libres
.
2008-04-09 09:20:29 --- E O F ---

Et voilà le rapport Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:03, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} - http://ip.sponsoradulto.com/cab/4/fr/phoneaccess.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1673035d9b60d7bf0918/netzip/RdxIE6...
O16 - DPF: {65D17883-B4F8-4308-9E20-3D07457F2B7E} - http://barremagique.tiscali.fr/download/TiscaliBarreMag...
O16 - DPF: {74F6B963-B89B-44D4-AAD0-8EEDC4973314} - http://barremagique.tiscali.fr/download/TiscaliBarreMag...
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{72D42B34-B2B5-4A18-A44A-F610D049BB61}: NameServer = 192.168.1.1
O18 - Protocol: bw+0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe

--
End of file - 19682 bytes

| Alerter

Répondre à tulipa

Egwene

11 Avril 2008 16:40:47

Re,

Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

Télécharge et installe Antivir. (tuto)
Pourquoi changer ? Avast vs Antivir
Vérifie qu’il soit bien à jour ! Fais une analyse complète en mode sans échec, sauvegarde le rapport et poste le moi.

| Alerter

Répondre à Egwene

tulipa

11 Avril 2008 17:06:57

J'ai tout fait mais on me dit qu'antivir est périmé. Que dois-je faire?

| Alerter

Répondre à tulipa

Egwene

11 Avril 2008 17:11:45

Re,

Bon tant pis alors, garde avast!

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

AIDE : Tuto en images sur MBAM

| Alerter

Répondre à Egwene

tulipa

11 Avril 2008 21:29:39

Je n'ai pas réussi à enregistrer le rapport sur le bureau because c'est anglish! Alors voici ce que j'ai relevé:

Trojan.downloader : C:\windows\Fonts\BRUSHSCI.zip
rogue.antispymaster: C:\systemVolumeInformation\_restore
Trojan.downloader: HKEY_LOCAL_MACHINE\SOFTWARE.Xpre

Je poste également un nouveau rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:29:22, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} - http://ip.sponsoradulto.com/cab/4/fr/phoneaccess.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1673035d9b60d7bf0918/netzip/RdxIE6...
O16 - DPF: {65D17883-B4F8-4308-9E20-3D07457F2B7E} - http://barremagique.tiscali.fr/download/TiscaliBarreMag...
O16 - DPF: {74F6B963-B89B-44D4-AAD0-8EEDC4973314} - http://barremagique.tiscali.fr/download/TiscaliBarreMag...
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{72D42B34-B2B5-4A18-A44A-F610D049BB61}: NameServer = 192.168.1.1
O18 - Protocol: bw+0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe

--
End of file - 19663 bytes

| Alerter

Répondre à tulipa

Egwene

11 Avril 2008 22:39:57

Re,

Fais un scan en linge avec BitDefender, avec internet explorer ! Sauvegarde tes musiques et photos, il arrive que BitDefender les supprime

http://www.bitdefender.fr/
et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.

Tutorial en image : http://forum.pcastuces.com/sujet.asp?f=25&s=31584

Poste-moi le rapport en entier

Bonne nuit, à demain :hello:

| Alerter

Répondre à Egwene

tulipa

12 Avril 2008 07:39:42

Bonjour,

Voici le rapport de BitDefender:

BitDefender Online Scanner

Rapport d'analyse généré à: Sat, Apr 12, 2008 - 09:18:33

Voie d'analyse: A:\;C:\;D:\;E:\;F:\;

Statistiques

Temps

00:34:12

Fichiers

101418

Directoires

7713

Secteurs de boot

3

Archives

1492

Paquets programmes

8294

Résultats

Virus identifiés

6

Fichiers infectés

8

Fichiers suspects

0

Avertissements

0

Désinfectés

0

Fichiers effacés

8

Info sur les moteurs

Définition virus

1140627

Version des moteurs

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins

16

Archive des plugins

41

Unpack des plugins

7

E-mail plugins

6

Système plugins

5

Paramètres d'analyse

Première action

Désinfecté

Seconde Action

Supprimé

Heuristique

Oui

Acceptez les avertissements

Oui

Extensions analysées

exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions

Analyse d'emails

Oui

Analyse des Archives

Oui

Analyser paquets programmes

Oui

Analyse des fichiers

Oui

Analyse de boot

Oui

Fichier analysé

Statut

C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe=>(RAR Sfx o)=>327882R2FWJFW\nircmd.cfexe

Infecté par: Backdoor.Vb.XB

C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe=>(RAR Sfx o)=>327882R2FWJFW\nircmd.cfexe

Supprimé

C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe=>(RAR Sfx o)

Echec de la mise à jour

C:\hp\bin\Terminator.exe

Détecté avec: Application.Prockill.B

C:\hp\bin\Terminator.exe

Echec de la désinfection

C:\hp\bin\Terminator.exe

Supprimé

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP696\A0115775.dll

Détecté avec: Application.Vcatch.A

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP696\A0115775.dll

Echec de la désinfection

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP696\A0115775.dll

Supprimé

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP696\A0115776.dll

Détecté avec: Application.Vcatch.3.0

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP696\A0115776.dll

Echec de la désinfection

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP696\A0115776.dll

Supprimé

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP696\A0115777.dll

Détecté avec: Spyware.Commonsearch.Vcatch.A

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP696\A0115777.dll

Supprimé

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP703\A0116940.dll

Détecté avec: Adware.Trafficsol.S

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP703\A0116940.dll

Supprimé

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP705\A0117294.exe

Détecté avec: Application.Prockill.B

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP705\A0117294.exe

Echec de la désinfection

C:\System Volume Information\_restore{B772CEEF-217A-434D-A8B4-BC9BA573C7EE}\RP705\A0117294.exe

Supprimé

C:\WINDOWS\system32\HBL\HTgn1dll.exe=>(NSIS o)=>lzma_solid_nsis0003

Détecté avec: Adware.Trafficsol.S

C:\WINDOWS\system32\HBL\HTgn1dll.exe=>(NSIS o)=>lzma_solid_nsis0003

Supprimé

C:\WINDOWS\system32\HBL\HTgn1dll.exe=>(NSIS o)

Echec de la mise à jour

| Alerter

Répondre à tulipa

Egwene

12 Avril 2008 09:53:45

Re,

Poste un nouveau rapport hijackthis et dis-moi comment va le PC.

| Alerter

Répondre à Egwene

tulipa

13 Avril 2008 09:25:42

Bonjour,

Excuse-moi, je n'ai pas pu te répondre hier. Je te poste un nouveau rapport Hijackthis. Pour ce qui est du pc, je ne peux pas trop de répondre aujourd'hui car je n'étais pas dessus depuis la dernière analyse BitDefender. La seule chose que j'ai pu constater est que je n'arrive pas à me déconnecter d'Internet!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:05, on 13/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} - http://ip.sponsoradulto.com/cab/4/fr/phoneaccess.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1673035d9b60d7bf0918/netzip/RdxIE6...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {65D17883-B4F8-4308-9E20-3D07457F2B7E} - http://barremagique.tiscali.fr/download/TiscaliBarreMag...
O16 - DPF: {74F6B963-B89B-44D4-AAD0-8EEDC4973314} - http://barremagique.tiscali.fr/download/TiscaliBarreMag...
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{72D42B34-B2B5-4A18-A44A-F610D049BB61}: NameServer = 192.168.1.1
O18 - Protocol: bw+0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe

--
End of file - 19872 bytes

| Alerter

Répondre à tulipa

Egwene

13 Avril 2008 10:09:05

Re,

Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

Télécharge et installe Antivir. (tuto)
Pourquoi changer ? : Avast! vs Antivir
mais aussi:
14 antivirus au banc d'essai

Citation :

Antivir : le plus efficace des gratuits

Vérifie qu’il soit bien à jour ! Fais une analyse complète en mode sans échec, sauvegarde le rapport et poste le moi.

| Alerter

Répondre à Egwene

tulipa

13 Avril 2008 10:18:13

Re,

C'est ce que tu m'as demandé de faire avant hier, je t'ai répondu que j'avais eu un message me disant qu'Antivir était périmé. J'avais essayé de faire une mise à jour mais celle-ci était impossible. J'a

| Alerter

Répondre à tulipa

tulipa

13 Avril 2008 10:20:27

Excuse-moi, mauvaise manip. Je continue: Donc j'ai désinstallé Antivir et j'ai remis Avast. Je ne vais quand même pas redésinstaller Avast pour essayer de remettre Antivir!!!
As-tu vu quelque chose sur le rapport Hitjackthis?

| Alerter

Répondre à tulipa

Egwene

13 Avril 2008 10:21:39

Re,

Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.

| Alerter

Répondre à Egwene

tulipa

13 Avril 2008 14:58:18

C'est quoi ce rapport rikiki!

13/04/2008 a 16:48:11,07

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\ALCXMNTR.EXE FOUND

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !

| Alerter

Répondre à tulipa

Egwene

13 Avril 2008 17:37:04

Re,

~Redémarre l'ordinateur en mode sans échec (F8 au démarrage de l'ordinateur)
Aide

Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 2 puis patiente.

~Redémarre normalement
Poste le rapport clean qui se trouve en C:\rapport_clean.txt

+ poste un nouveau rapport hijackthis et dis-moi comment va le PC.

| Alerter

Répondre à Egwene

tulipa

13 Avril 2008 19:39:34

Je te poste ce message depuis un autre pc. L'analyse du nettoyage de disque de clean est en train de se faire, seulement je crois que c'est bloqué car cela fait un moment qu'il n'y a plus eu d'avancée. C'est à peu près à 90%. Que dois-je faire?

| Alerter

Répondre à tulipa

Egwene

13 Avril 2008 19:50:54

Re,

Patiente encore un peu, sinon je crois qu'il faudra redémarrer

| Alerter

Répondre à Egwene

tulipa

13 Avril 2008 19:56:18

Redémarrer et refaire la même manipulation ou non?

| Alerter

Répondre à tulipa

Egwene

13 Avril 2008 20:02:47

Redémarrer sans refaire la manip'.

Poste-moi un nouveau hijackthis.

Tu préfères garder Avast! ?

| Alerter

Répondre à Egwene

tulipa

13 Avril 2008 20:04:42

oui je préfère, c'est en français, ça me prend moins la tête.

| Alerter

Répondre à tulipa

Egwene

13 Avril 2008 20:09:28

Re,

OKi.

| Alerter

Répondre à Egwene

tulipa

13 Avril 2008 20:11:24

Voilà le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09:22, on 13/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
O16 - DPF: {5054F860-748D-4840-B7B4-DDDB428421AF} - http://ip.sponsoradulto.com/cab/4/fr/phoneaccess.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1673035d9b60d7bf0918/netzip/RdxIE6...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {65D17883-B4F8-4308-9E20-3D07457F2B7E} - http://barremagique.tiscali.fr/download/TiscaliBarreMag...
O16 - DPF: {74F6B963-B89B-44D4-AAD0-8EEDC4973314} - http://barremagique.tiscali.fr/download/TiscaliBarreMag...
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{72D42B34-B2B5-4A18-A44A-F610D049BB61}: NameServer = 192.168.1.1
O18 - Protocol: bw+0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {DE523CAD-9AE5-4BF5-A1B7-B18FB980D5DD} - C:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe

--
End of file - 20254 bytes

| Alerter

Répondre à tulipa

Egwene

13 Avril 2008 20:15:06

C’est OK, tu n’es plus infecté(e)

1) Télécharge ToolsCleaner sur ton bureau.
http://www.commentcamarche.net/telecharger/toolscleaner...

Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.

Clique sur Recherche et laisse le scan agir ...

Clique sur Suppression pour finaliser.

Tu peux, si tu le souhaites, te servir des Options facultatives.

Clique sur Quitter pour obtenir le rapport.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

2) Télécharge et installe Ccleaner :
http://www.01net.com/telecharger/windows/Utilitaire/net...

Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Clique sur l'onglet "Nettoyeur" puis sur "Lancer le Nettoyage".

Ensuite clique sur l'onglet Registre, clique sur "Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées". Il est inutile de faire des sauvegardes des clés. Répète l'opération autant de fois qu'il le faut jusqu'à qu'il ne trouve plus d'erreurs.

Tutorial ici : http://www.infos-du-net.com/forum/272336-7-ccleaner-und...
3)

Désactive ta restauration systeme

Réactive ta restauration systeme

Tutorial ici : http://www.infos-du-net.com/forum/272480-11-desactiver-...
********************************************************************************

Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer"

* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"

Ce serait sympa de rapporter ton infection sur > Malware-Complaints < pour faire condamner ses auteurs

- Règles du forum <- ici
- Poster un message <- ici ( par Malekal )

Pour t'enregistrer clique sur le bouton register ( en haut )
Si tu as plus de 13 ans choisis " I Agree to these terms and am over or exactly 13 years of age "
Si tu as moins de 13 ans choisis " I Agree to these terms and am under 13 years of age "

Tu auras une liste par type d'infection
Si ton infection n'est pas dans la liste crée un message dans Autres infections

a+ et bon surf :hello:

Quelques liens intéressants :

http://mickael.barroux.free.fr/securite/
http://www.malekal.com/
http://www.infos-du-net.com/forum/275481-11-dossier-pre...

| Alerter

Répondre à Egwene

tulipa

13 Avril 2008 20:25:22

Voilà le rapport TCleaner

-->- Recherche:

C:\Qoobox: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\Clean.zip: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\Propriétaire\Bureau\Clean.zip: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe: supprimé !
C:\Qoobox: supprimé !

Fichiers temporaires nettoyés !
Sauvegarde du registre crée !
Restauration annulée !

| Alerter

Répondre à tulipa

tulipa

13 Avril 2008 20:39:30

Merci beaucoup pour ton aide et ta patience. :hello:

| Alerter

Répondre à tulipa

Egwene

13 Avril 2008 22:51:54

Re,

De rien ce fut un plaisir !

Rapporte ton infection sur malware complain si ce n'est pas fait, c'est important

Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.

Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

Bonne continuation :hello:

| Alerter

Répondre à Egwene

tulipa

14 Avril 2008 11:07:41

Bonjour,

Je veux bien rapporter mon infection sur malware mais je ne sais pas par quel(s) virus j'ai été contaminée. Pourrais-tu me donner le(s) nom(s)?
Merci

| Alerter

Répondre à tulipa

Egwene

14 Avril 2008 12:05:32

Win32.TrafficSol.f groupe

| Alerter

Répondre à Egwene

Tom's guide dans le monde